Kubernetes - 基于serviceAccount生成kubeconfig(AWS)

2023-11-13
```Bash
apiVersion: v1
kind: ServiceAccount
metadata:
  name: zadig
  namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  name: zadig
  annotations:
    kubernetes.io/service-account.name: "zadig"
type: kubernetes.io/service-account-token

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: zadig
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: zadig
  namespace: default
```Bash
#!/bin/bash
sa_name="zadig"
cluster_name="bigdata-ai"
config_file="/tmp/config"
rm ${config_file}

kubectl apply -f rbac.yaml
sleep 3
KUBE_TOKEN=$(kubectl describe secret ${sa_name} | grep 'token:' | awk '{print $2}')
KUBE_SERVER=$(kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " ")
KUBE_CA=$(kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}')
echo $KUBE_CA
kubectl --kubeconfig=${config_file} config set-cluster ${cluster_name} --server=$KUBE_SERVER --certificate-authority=$(echo $KUBE_CA)
kubectl --kubeconfig=${config_file} config set-credentials zadig --token=$KUBE_TOKEN
kubectl --kubeconfig=${config_file} config set-context ${sa_name} --cluster=${cluster_name} --user=${sa_name}
kubectl --kubeconfig=${config_file} config use-context ${sa_name}
sed -i 's/certificate-authority/certificate-authority-data/g' ${config_file}


标题:Kubernetes - 基于serviceAccount生成kubeconfig(AWS)
地址:https://blog.njqhome.com:8443/articles/2023/11/13/1699857181949.html