从Kubernetes内的容器访问Kubernetes API
从Kubernetes内的容器访问Kubernetes API
提问于 2017-05-25 14:14:23
- 我在一个小型“集群”上发射了一个吊舱:
Yaml:
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: orchestration
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: orchestration
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: orchestration
roleRef:
kind: ClusterRole
name: orchestration
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: orchestration
namespace: default
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orchestration-master
spec:
replicas: 1
template:
metadata:
labels:
app: orchestration
spec:
serviceAccountName: orchestration
containers:
- name: orchestration
image: joan38/orchestration:latest
ports:
- name: ui
containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: orchestration-ui
spec:
type: NodePort
selector:
app: orchestration
ports:
- name: http
protocol: TCP
port: 80
nodePort: 31010
targetPort: 8080- 连接到吊舱:
kubectl exec -ti --namespace default myContainer bash - 查询API:
curl -k https://kubernetes.default.svc.cluster.local/api/v1 - 导致
Unauthorized
为什么?我该怎么做?
回答 1
Stack Overflow用户
回答已采纳
发布于 2017-05-25 14:58:24
服务帐户的凭据在/var/run/secrets/kubernetes.io/serviceaccount上挂载。
curl https://kubernetes.default.svc.cluster.local/api/v1 \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)"页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/44182766
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号