kube-dns查看token
serviceaccounts (aka 'sa')
查看账号
#查看所有账号
[root@docker176 kubernetes]# kubectl -n kube-system get sa
NAME SECRETS AGE
calico-cni-plugin 1 2d
calico-policy-controller 1 2d
default 1 124d
heapster 1 55d
kube-dns 1 2d
# 查看指定账号
kubectl -n kube-system get sa kube-dns
取得secrets
kubectl -n kube-system get sa kube-dns -o yaml 取得secrets
[root@docker176 ~]# kubectl -n kube-system get sa kube-dns -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2019-04-12T12:32:49Z
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: kube-dns
namespace: kube-system
resourceVersion: "16174692"
selfLink: /api/v1/namespaces/kube-system/serviceaccounts/kube-dns
uid: 1557807a-5d1f-11e9-9df3-000c2938862c
secrets:
- name: kube-dns-token-rst6j
secrets值为kube-dns-token-rst6j
取得token
kubectl get secrets kube-dns-token-rst6j -n kube-system -oyaml
[root@docker176 kubernetes]# kubectl get secrets kube-dns-token-rst6j -n kube-system -oyaml
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYekNDQWtlZ0F3SUJBZ0lKQU1jc1NWdStDcEkxTUEwR0NTcUdTSWIzRFFFQkN3VUFNQ1F4SWpBZ0JnTlYKQkFNTUdURTVNaTR4TmpndU1UUXVNVGMxUURFMU5UVXdNemt3TWpVd0hoY05NVGt3TkRFeU1ETXhOekExV2hjTgpNamt3TkRBNU1ETXhOekExV2pBa01TSXdJQVlEVlFRRERCa3hPVEl1TVRZNExqRTBMakUzTlVBeE5UVTFNRE01Ck1ESTFNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJNaGJNSmN2NGgrZVBBa3IKbFF0dW9ZSlZLZTZqTEFVM1VvRENIRlkxTndSQ1p2Zit2ZEh5NVMxZWJOdGxOak4vdjgvWlpLRllEMG5qWDl3NQpKMWJpK3NhWnh2Y3gza28wdzN3OXo1WTlvRGNQMDNSVE85U2o3VXd1M3JBa3E2UGRVdzBIbGV0RWcyYURjcjQyCmR3U0g2ZTI1L2NlbEQ3ZUN0WDJZdk0xRHFBcllTcFpmNjJVZC9idmpqd05Hc2JxVjBBY0toN09Gckp1U0hFbGoKMVQyT2FoR3V5TW1GWk5hWG5lZ0lYR2pWems1NnZpdEsxRUhoUG05VnA5MHFFK0VSNk1yMS9FSTVReG1XdHJsYQpQcm1MaGhPaEd0WTRjTUNReEVvZGpIQkdFNEtNU2lBNVZPUExYNkZJR0RJVHVRbVhjSGNTV2JlWmR5aEYraitMCm9jUC9tUUlEQVFBQm80R1RNSUdRTUIwR0ExVWREZ1FXQkJRZ0srZk9TT3p0elB0MWFKSlBaL2pYYllpT3pUQlUKQmdOVkhTTUVUVEJMZ0JRZ0srZk9TT3p0elB0MWFKSlBaL2pYYllpT3phRW9wQ1l3SkRFaU1DQUdBMVVFQXd3WgpNVGt5TGpFMk9DNHhOQzR4TnpWQU1UVTFOVEF6T1RBeU5ZSUpBTWNzU1Z1K0NwSTFNQXdHQTFVZEV3UUZNQU1CCkFmOHdDd1lEVlIwUEJBUURBZ0VHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBd1FFNEM3Mkk0MlNLSkg0ZnIKU0QvNnpwQXZUT3p0VjVPZUkyWWZSQ0t6NitObll1OHdCbE1xYTJUaS8yMnZ0U2JHVUdsRFROenhvVWdJbW5McwpOMjkzRXgxRUFaVUE2THJ2WWM3MnRlYS9SekVzaG5ROFBTQ2VPTXlndFJvVVdENU9YZmxsU2o3cTFWdy9zL3VOCmtMa1RYMjhGQ2VKeDhXTG5vSFZXUmN1eHRUWW1Ec1VKOWgzaGNrVHIwYXFSV0NMYldudHoyNW5IdG1LZmNqa2QKa3pwQkJsMzRJRDE2S3BOTWNIZnAydXFKQUhHd1NHdnVIN0tYWmxkcXo1QyswVkZPcFk4VThVYi9LS0tCS2tYRAo3YXFSSFhEdkxYdHMyM0N4cXJFOHI0ZzcyV3BWL01WbUN0WHl5Z0NMYjVUTFMwYU85MjZmaUt4dWFtNEw4VWNCCllFZEYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
namespace: a3ViZS1zeXN0ZW0=
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbExYTjVjM1JsYlNJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZqY21WMExtNWhiV1VpT2lKcmRXSmxMV1J1Y3kxMGIydGxiaTF5YzNRMmFpSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSnJkV0psTFdSdWN5SXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqRTFOVGM0TURkaExUVmtNV1l0TVRGbE9TMDVaR1l6TFRBd01HTXlPVE00T0RZeVl5SXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHByZFdKbExYTjVjM1JsYlRwcmRXSmxMV1J1Y3lKOS5qSEFVNmEycEE0WWFKWDBDajJDMGZLR3RvUE8wdjRFLUpMN1A4eDA5amhTc3hvMTVYdEMtcS1zRWRVT1N6NE9ZYTl3TzNaWjRNZkNTak5DSnUxVGJsaml1REprMmZvUFdJb0hsTXZBUFY3ME5PVnY0Um1BdEpxZ0l1ZXF2LW1hRVFkb2lZN2syZW9BOFZIaHBVWGVmY3Q2TUE0WUplUjlpNkZtRzNzb2RjdWo5blU5TlhBeXhhbzV3U2RZMlBlWEtaQVZFS3pMZXRjb3YxSmZFSEZpNDFjc0dkbjEwRmdZUlNWVTE5ZlNWUzVDOGwzMGE1cXlCWVRCS3o1U1M0SjdUMFprQ0lPRDdaV3RMTnNMLXNHTThhRE12V1VwUW51d3ZQX3ZpcmFpR1cxU2xVLUVmc29jT1RjajVKRXctWEZXUzRtcklaNXM0T3BwNUhZSFU1Z2d2LVE=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: kube-dns
kubernetes.io/service-account.uid: 1557807a-5d1f-11e9-9df3-000c2938862c
creationTimestamp: 2019-04-12T12:32:49Z
name: kube-dns-token-rst6j
namespace: kube-system
resourceVersion: "16174691"
selfLink: /api/v1/namespaces/kube-system/secrets/kube-dns-token-rst6j
uid: 155b7304-5d1f-11e9-9df3-000c2938862c
type: kubernetes.io/service-account-token
取得token并解码
取得token并解码
kubectl get secret kube-dns-token-rst6j -n kube-system -o jsonpath={".data.token"}
[root@docker176 kubernetes]# kubectl get secret kube-dns-token-rst6j -n kube-system -o jsonpath={".data.token"}
ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbExYTjVjM1JsYlNJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZqY21WMExtNWhiV1VpT2lKcmRXSmxMV1J1Y3kxMGIydGxiaTF5YzNRMmFpSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSnJkV0psTFdSdWN5SXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqRTFOVGM0TURkaExUVmtNV1l0TVRGbE9TMDVaR1l6TFRBd01HTXlPVE00T0RZeVl5SXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHByZFdKbExYTjVjM1JsYlRwcmRXSmxMV1J1Y3lKOS5qSEFVNmEycEE0WWFKWDBDajJDMGZLR3RvUE8wdjRFLUpMN1A4eDA5amhTc3hvMTVYdEMtcS1zRWRVT1N6NE9ZYTl3TzNaWjRNZkNTak5DSnUxVGJsaml1REprMmZvUFdJb0hsTXZBUFY3ME5PVnY0Um1BdEpxZ0l1ZXF2LW1hRVFkb2lZN2syZW9BOFZIaHBVWGVmY3Q2TUE0WUplUjlpNkZtRzNzb2RjdWo5blU5TlhBeXhhbzV3U2RZMlBlWEtaQVZFS3pMZXRjb3YxSmZFSEZpNDFjc0dkbjEwRmdZUlNWVTE5ZlNWUzVDOGwzMGE1cXlCWVRCS3o1U1M0SjdUMFprQ0lPRDdaV3RMTnNMLXNHTThhRE12V1VwUW51d3ZQX3ZpcmFpR1cxU2xVLUVmc29jT1RjajVKRXctWEZXUzRtcklaNXM0T3BwNUhZSFU1Z2d2LVE=
tokne转码
kubectl get secret kube-dns-token-rst6j -n kube-system -o jsonpath={".data.token"}| base64 -d
[root@docker176 kubernetes]# kubectl get secret kube-dns-token-rst6j -n kube-system -o jsonpath={".data.token"}| base64 -d
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlLWRucy10b2tlbi1yc3Q2aiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlLWRucyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjE1NTc4MDdhLTVkMWYtMTFlOS05ZGYzLTAwMGMyOTM4ODYyYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlLWRucyJ9.jHAU6a2pA4YaJX0Cj2C0fKGtoPO0v4E-JL7P8x09jhSsxo15XtC-q-sEdUOSz4OYa9wO3ZZ4MfCSjNCJu1TbljiuDJk2foPWIoHlMvAPV70NOVv4RmAtJqgIueqv-maEQdoiY7k2eoA8VHhpUXefct6MA4YJeR9i6FmG3sodcuj9nU9NXAyxao5wSdY2PeXKZAVEKzLetcov1JfEHFi41csGdn10FgYRSVU19fSVS5C8l30a5qyBYTBKz5SS4J7T0ZkCIOD7ZWtLNsL-sGM8aDMvWUpQnuwvP_viraiGW1SlU-EfsocOTcj5JEw-XFWS4mrIZ5s4Opp5HYHU5ggv-Q