spring:通过servicecomport访问k8s资源

rjee0c15  于 2021-06-30  发布在  Java
关注(0)|答案(0)|浏览(206)

我想用限制权限(list/watch/get,configmaps/services)访问pod,所以我为pod创建了一个servicecomport。
当我使用默认配置时

Config config = new ConfigBuilder().withMasterUrl("http://127.0.0.1:8080")
                .build();

好像我用默认的serviceaccount访问了k8s
当我使用serviceaccount secret时

Config config = new ConfigBuilder().withMasterUrl("http://127.0.0.1:8000")
                .withTrustCerts(true)
                .withOauthToken(token)//get from minikube dashboard secret token
                .build();

角色配置


# kubectl get roles fullname -o yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1beta1","kind":"Role","metadata":{"annotations":{},"labels":{"chart":"chart","release":"release"},"name":"fullname","namespace":"default"},"rules":[{"apiGroups":[""],"resources":["configmaps","services"],"verbs":["watch","list","get"]}]}
  creationTimestamp: "2020-12-21T01:47:46Z"
  labels:
    chart: chart
    release: release
  managedFields:
  - apiVersion: rbac.authorization.k8s.io/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubectl.kubernetes.io/last-applied-configuration: {}
        f:labels:
          .: {}
          f:chart: {}
          f:release: {}
      f:rules: {}
    manager: kubectl-client-side-apply
    operation: Update
    time: "2020-12-21T02:34:19Z"
  name: fullname
  namespace: default
  resourceVersion: "44766"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/roles/fullname
  uid: 81cfe685-f629-400d-828a-7869847249d4
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - services
  verbs:
  - watch
  - list
  - get

当我调用函数时

public static String getCRD(){
        return kubernetesClient.customResourceDefinitions().list().toString();
    }

我仍然可以得到结果
那么,我如何才能访问k8s的权利权限有限的服务帐户

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题