参考的官网 文档
0.在k8s集群中,需要开启api相关参数
[root@shenhl]# KUBE_API_ARGS="--service-node-port-range=30000-32767 --enable-swagger-ui=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/log/k8s/audit.log --event-ttl=1h"
1.查看 kubectl api-versions
[root@szy-trust-master shenhl]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.istio.io/v1alpha1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
config.istio.io/v1alpha2
events.k8s.io/v1beta1
extensions/v1beta1
networking.istio.io/v1alpha3
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
rbac.istio.io/v1alpha1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
2: 创建用户,并给于cluster-admin角色
apiVersion: v1
kind: ServiceAccount
metadata:
name: ecdataapi
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ecdataapi
subjects:
- kind: ServiceAccount
name: ecdataapi
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
选择,Namespaces为kube-system,然后选择右上角:create,将上面yml信息copy进去,创建。
3:创建成功后,可以查看创建的用户的token,可以拿着token来访问api
4:拿到token后,可以通过postman来调试,访问api
5:
{
"paths": [
"/apis",
"/apis/",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1beta1",
"/healthz",
"/healthz/etcd",
"/healthz/ping",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/metrics",
"/swagger-2.0.0.json",
"/swagger-2.0.0.pb-v1",
"/swagger-2.0.0.pb-v1.gz",
"/swagger.json",
"/swaggerapi",
"/version"
]
}
