apiVersion: v1
kind: Secret
metadata:
name: cao
namespace: qq
annotations:
kubernetes.io/service-account.name: cao
type: kubernetes.io/service-account-token
编写yaml文件如上图,并apply到k8s。
kubectl get secret cao --namespace qq -o jsonpath="{.data.token}" | base64 --decode
获取到的就是token。
创建serviceAccount
kubectl create serviceaccount [service-account-name]
通过yaml文件创建ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: example-clusterrolebinding
subjects:
- kind: ServiceAccount
name: example-serviceaccount
namespace: example-namespace
roleRef:
kind: ClusterRole
name: example-clusterrole
apiGroup: rbac.authorization.k8s.io