全域性 Kubernetes 設定

我們在這裡可以配置 k8s 叢集引數。

上游繫結到 k8s 服務,以及叢集閘道器繫結 k8s,都需要先在這裡進行配置。

下面我們來配置一個 k8s 叢集。

首先點選 Add Kubernetes Cluster 按鈕。

給 k8s 叢集起個名字。填寫好 k8s 叢集的主機名和埠資訊,以及是否驗證,和 token 後點選建立。

k8s叢集配置建立成功。

我們連線 k8s 需要以下許可權:

  1. namespace的讀取許可權: get, list, watch
  2. service的讀取許可權: get, list, watch
  3. endpoint的讀取許可權: get, list, watch
  4. pod的讀取許可權: get, list, watch

k8s使用 token 來鑑權並獲取許可權,下面我們介紹如何得到一個擁有以上 k8s 許可權的 token 。

建立 token.yaml 檔案

apiVersion: v1
kind: ServiceAccount
metadata:
  name: openresty-edge-serviceaccount
  namespace: default

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: openresty-edge-clusterrole
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
      - services
      - endpoints
      - pods
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: openresty-edge-clusterrole-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: openresty-edge-clusterrole
subjects:
  - kind: ServiceAccount
    name: openresty-edge-serviceaccount
    namespace: default

執行以下命令獲取token

$ kubectl apply -f token.yml
$ kubectl describe secret $(kubectl get secret | grep openresty-edge-serviceaccount | awk '{print $1}') | grep "token: " | awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6InJOZkJvNWItMDhYOXBfUGw2czBleWxNWXZBWi1KOXFqQ05GdjVCWUdpc3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50LXRva2VuLTdkMjk5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjkzZTI0MzAtNGFjMi00Y2ZjLWExYzktNzEyZjMxZmM4ZTUzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6b3BlbnJlc3R5LWVkZ2Utc2VydmljZWFjY291bnQifQ.I0x3A0Z1Oe_WQVKtCooYqas6JcQbvSxd0sFpFLecLT4vACDFyB3TsxAoVg1WPIzIue-VXoWUSij9Fa-RCHM_5k_mbY9nyuaJDjq8ziMZdlOHHRcgoACcCjUIK_2-o0D8PaNpHs5X3JZYmbQTXMMjs81Sd0sNsSJ2XIvhwN4Qkg9FCngFxPf_xBWYUh8EbMALde53GyB3LgKwgXu_538skCvoH2SGWXCr6oYc7W1wngHrrmy7Wzq_NlTlL-hQtEz9ST8Rik1zHbItrfQpgmW4d2UOrZ6IL91ZpKDGNS4gNt7pJ8opEvMascg92O28H9Y9kAIgJtOZFBHSQl10DADHBw