来自AI助手的总结
介绍ServiceAccount与Token Secret的创建、管理和查看方法
一、ServiceAccount增删改查
1.1 增
方式一:通过 kubectl 命令直接创建
# 创建名为zq的ServiceAccount
[root@k8s-master01 ~]# k create sa zq
方式二:通过 YAML 文件创建
# 编写yaml文件
vim serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-sa
namespace: default # 可选,默认为 default
# 应用
kubectl apply -f serviceaccount.yaml
1.2 删
1、 删除 SA(默认删除关联的 Secret)
[root@k8s-master01 ~]# k delete sa zq
2、强制删除 SA 及其依赖资源(谨慎使用)
[root@k8s-master01 ~]# k delete sa zq --cascade=foreground
1.3 改
1、添加标签
[root@k8s-master01 ~]# kubectl label sa zq env=prod
2、添加注解(Annotation)
[root@k8s-master01 ~]# kubectl annotate serviceaccount zq description="用于生产环境的SA"
拓展-手动关联 Secret(1.24+ 版本)
如果需要为 SA 绑定长期有效的 Token,需手动创建 Secret 并关联:
# 定义manual-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: my-sa-secret
annotations:
kubernetes.io/service-account.name: zq
type: kubernetes.io/service-account-token
# 应用
kubectl apply -f manual-secret.yaml
1.4 查
1、查看所有 SA
[root@k8s-master01 ~]# kg sa -A
2、查看指定SA的详细信息
[root@k8s-master01 ~]# k describe sa zq
Name: zq
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: <none>
Tokens: <none>
Events: <none>
3、查看SA关联的Secret(仅 1.24 之前版本自动生成)
[root@k8s-master01 ~]# kg secrets | grep zq
二、使用Secret存储ServiceAccount Token
1、定义zq-token-secret.yaml
[root@k8s-master01 ~]# vim zq-token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: zq-token-secret
annotations:
kubernetes.io/service-account.name: zq
type: kubernetes.io/service-account-token
2、创建secret
[root@k8s-master01 ~]# kaf zq-token-secret.yaml
3、查看生成的Token
[root@k8s-master01 ~]# kg secret zq-token-secret
NAME TYPE DATA AGE
zq-token-secret kubernetes.io/service-account-token 3 98s
[root@k8s-master01 ~]# k describe secret zq-token-secret
Name: zq-token-secret
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: zq
kubernetes.io/service-account.uid: 0024e7bb-fe29-4d95-a5c4-72300f271481
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1107 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdxMWhLWkVpd0t3ZVpNNmdNNmhJdkdOaldfVzA0MTJySm84ZkpMbFhvLVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InpxLXRva2VuLXNlY3JldCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ6cSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAwMjRlN2JiLWZlMjktNGQ5NS1hNWM0LTcyMzAwZjI3MTQ4MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OnpxIn0.PxiDjkNTRticLwqsMwFtLFT2lSmGzgzAe2MWpq_HGEnN3kCKMjIzvFQnGvoXcMEOQiDOtJz5zsAgjOUWZ_vTAWTYv5cbPzWvz1-bMhECXEmmGX0LpGqRGefGuYPhYzDViyEQvm4XIQayTXkQ6H7uuyLzIXsNDxT2CjLokATExerrLRDVfF_vEEIlHw-QgYXg91nim11VmJnMf_oczIgt9aJEHQvp4kNLUO3X35520aEF5OY-jmMNowfzSSdeb2vpu9uJKPvSMeFeshoI_5_1XsAGUtuAa05E7QS47grr4SglX0UXJ5RyBV79IPbFUAKOT9ocfi87XlPiuviCsgsMjg
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容