想直接调用https的,没有token就会
[root@k8s-master1 ~]# curl https://10.1.234.100:6443/api/v1/namespaces/default/pods --insecure
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"",
"reason": "Forbidden",
"details": {
"kind": "pods"
},
"code": 403
加token 访问401,被拒绝
curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1a3JfUFhsNm45UU94QXV5ZElQNXlmOXZaZ0s1N2wxZjZsa0RiQXhSTncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1tbmg4NCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAyYWZmZmIyLTE0OWItNDQxNC05YmEwLWEzN2NlMWI4M2NhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.u9a5TZxUKmsGx2UYYiQjEE730Jga7XZJo0F3RV_l6GDDygUmwvDHxxKwEJTjMkbBIgWpNwNJARpILzCJXU9HzfXuM80ksdalzurP8GiE7ukZ1aazPxUvQB0qaBx3g0jKcIZo2qsNTXayyL_GeXP9XTS634o18ekARBA5mI1Z2LHlgmk8zeewGy5DNVvWogWVGPu8SRCeHDMZg9HeK6xHxUeeAUrTpg_2VbWApoaoh9CYlT7IairqHcKtC6SCcMx8DoNPPd9M7MWBFV60swQ9Wi5M1l1RaQXSOX13w_aOlPSBGG_HXRxPY9QQ9YmbHvlLC7bZhh_X8Za0JOPwVoEm6Q.aMzef7qssxhFCkKHYFX99XBCkA_lnpKQhBvWPJ_AEsg89HUJ9cgYs2M7VRQJ2KcsG1BndSW0Ne-yLdsXFGDMaIRF58Rz02V99ViqAH8W86UZqcgARlw6DbYtpyHx2LZp4_HbrOy0xHJXGOx0FzwbCNJR5TE5LAZWx2Q5WowuxzdIhpkr15tn9UTZB0i2VXyANG3D6xyf1M67ojav59eC04qWu3ZuFC2GgngHGbZ1qnP55UnFTHWdFtHAzU5qAX7jrWJAOBdSPXwoxC9XTIBoL2umQk2XQN-OsBnQ_saXXLPe2cdpKdoboJCZgcUfO-5D94KO-5P8wNVhGWubNutvug' https://10.1.234.100:6443/api
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "Unauthorized",
"reason": "Unauthorized",
"code": 401
查看权限
[root@k8s-master1 ~]# kubectl get clusterrole cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2021-03-02T16:08:01Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin
resourceVersion: "45"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-admin
uid: f58d218f-447e-4e04-9161-89c094782480
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
可能这个用户的权限问题,创建admin 用户测试
#创建用户
kubectl create serviceaccount admin -n kube-system
#用户授权
kubectl create clusterrolebinding admin --clusterrole=cluster-admin --serviceaccount=kube-system:admin
#查看token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/admin/{print $1}')
[root@k8s-master1 ~]# curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1a3JfUFhsNm45UU94QXV5ZElQNXlmOXZaZ0s1N2wxZjZsa0RiQXhSTncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1tbmg4NCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAyYWZmZmIyLTE0OWItNDQxNC05YmEwLWEzN2NlMWI4M2NhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.u9a5TZxUKmsGx2UYYiQjEE730Jga7XZJo0F3RV_l6GDDygUmwvDHxxKwEJTjMkbBIgWpNwNJARpILzCJXU9HzfXuM80ksdalzurP8GiE7ukZ1aazPxUvQB0qaBx3g0jKcIZo2qsNTXayyL_GeXP9XTS634o18ekARBA5mI1Z2LHlgmk8zeewGy5DNVvWogWVGPu8SRCeHDMZg9HeK6xHxUeeAUrTpg_2VbWApoaoh9CYlT7IairqHcKtC6SCcMx8DoNPPd9M7MWBFV60swQ9Wi5M1l1RaQXSOX13w_aOlPSBGG_HXRxPY9QQ9YmbHvlLC7bZhh_X8Za0JOPwVoEm6Q" -k https://10.1.234.100:6443/api/v1/namespaces/default/pods
{
"kind": "PodList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces/default/pods",
"resourceVersion": "323430"
},
"items": []