static-token文件如下
cncamp-token,cncamp,1000,"group1,group2,group3"
用户token user uid group
mkdir /etc/kubernetes/auth -p
cp static-token /etc/kubernetes/auth
修改kube-apiserver.yaml
- --token-auth-file=/etc/kubernetes/auth/static-token
volume下添加 将配置文件挂载进来 有上方引用
- mountPath: /etc/kubernetes/auth
name: auth-files
readOnly: true
volumes下添加
- hostPath:
path: /etc/kubernetes/auth
type: DirectoryOrCreate
name: auth-files
查看
curl https://43.252.228.249:6443/api/v1/namespaces/default -H "Authorization: Bearer cncamp-token" -k