Kubernetes 应用要求

1 Kubernetes 的集群地址

  • 集群填写的是 K8S 的集群地址。
  • 直接访问集群地址页面可以显示如下信息(如: https://172.16.8.8:8443),一般是 master 节点的 8443 端口。
  1. {
  2. "kind": "Status",
  3. "apiVersion": "v1",
  4. "metadata": {
  5. },
  6. "status": "Failure",
  7. "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  8. "reason": "Forbidden",
  9. "details": {
  10. },
  11. "code": 403
  12. }

2 获取 Token 方法

  • 下面以 ko-admin 为例,如果你的系统中没有此账户可以使用其他有权限的账户或者新建。
  1. kubectl get secret -n kube-system
  1. > kubectl get secret -n kube-system
  2. NAME TYPE DATA AGE
  3. attachdetach-controller-token-qss79 kubernetes.io/service-account-token 3 44m
  4. bootstrap-signer-token-ftqb6 kubernetes.io/service-account-token 3 44m
  5. bootstrap-token-abcdef bootstrap.kubernetes.io/token 5 44m
  6. certificate-controller-token-gm8mf kubernetes.io/service-account-token 3 44m
  7. clusterrole-aggregation-controller-token-92v9j kubernetes.io/service-account-token 3 44m
  8. coredns-token-mjpwp kubernetes.io/service-account-token 3 44m
  9. cronjob-controller-token-bjdn5 kubernetes.io/service-account-token 3 44m
  10. daemon-set-controller-token-6wljg kubernetes.io/service-account-token 3 44m
  11. default-token-9pl84 kubernetes.io/service-account-token 3 44m
  12. deployment-controller-token-wbpq6 kubernetes.io/service-account-token 3 44m
  13. disruption-controller-token-9mrbr kubernetes.io/service-account-token 3 44m
  14. endpoint-controller-token-hmgw5 kubernetes.io/service-account-token 3 44m
  15. endpointslice-controller-token-pbnkw kubernetes.io/service-account-token 3 44m
  16. endpointslicemirroring-controller-token-zkc6z kubernetes.io/service-account-token 3 44m
  17. expand-controller-token-btlqv kubernetes.io/service-account-token 3 44m
  18. flannel-token-qc6kw kubernetes.io/service-account-token 3 42m
  19. generic-garbage-collector-token-j8c7c kubernetes.io/service-account-token 3 44m
  20. horizontal-pod-autoscaler-token-v9d49 kubernetes.io/service-account-token 3 44m
  21. job-controller-token-9pldd kubernetes.io/service-account-token 3 44m
  22. ko-admin-token-kprl9 kubernetes.io/service-account-token 3 40m
  23. kube-proxy-token-9pfd2 kubernetes.io/service-account-token 3 44m
  24. metrics-server-token-cmdpk kubernetes.io/service-account-token 3 41m
  25. namespace-controller-token-k94nh kubernetes.io/service-account-token 3 44m
  26. nfs-client-provisioner-token-pb5qx kubernetes.io/service-account-token 3 28m
  27. nginx-ingress-serviceaccount-token-vk8tm kubernetes.io/service-account-token 3 41m
  28. node-controller-token-v5k59 kubernetes.io/service-account-token 3 44m
  29. persistent-volume-binder-token-jfgm7 kubernetes.io/service-account-token 3 44m
  30. pod-garbage-collector-token-7lptd kubernetes.io/service-account-token 3 44m
  31. pv-protection-controller-token-fpqqm kubernetes.io/service-account-token 3 44m
  32. pvc-protection-controller-token-wcrmp kubernetes.io/service-account-token 3 44m
  33. replicaset-controller-token-9g9s7 kubernetes.io/service-account-token 3 44m
  34. replication-controller-token-xg4fq kubernetes.io/service-account-token 3 44m
  35. resourcequota-controller-token-lskn4 kubernetes.io/service-account-token 3 44m
  36. root-ca-cert-publisher-token-sdt67 kubernetes.io/service-account-token 3 44m
  37. service-account-controller-token-2xr8k kubernetes.io/service-account-token 3 44m
  38. service-controller-token-9dghl kubernetes.io/service-account-token 3 44m
  39. statefulset-controller-token-wqm5v kubernetes.io/service-account-token 3 44m
  40. token-cleaner-token-gv552 kubernetes.io/service-account-token 3 44m
  41. ttl-controller-token-cgqcd kubernetes.io/service-account-token 3 44m
  1. kubectl describe secret ko-admin-token-kprl9 -n kube-system
  1. > kubectl describe secret ko-admin-token-kprl9 -n kube-system
  2. Name: ko-admin-token-kprl9
  3. Namespace: kube-system
  4. Labels: <none>
  5. Annotations: kubernetes.io/service-account.name: ko-admin
  6. kubernetes.io/service-account.uid: 8be05ad6-83ce-483b-9324-7c3f041c6da1
  7. Type: kubernetes.io/service-account-token
  8. Data
  9. ====
  10. ca.crt: 1038 bytes
  11. namespace: 11 bytes
  12. token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImlCVkhHTlhHem9idXNtYmtsaVpDZXRESVFMSHRFNUdsOFJWOXc0MnRZTG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvsA50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmAxbmV0ZXMuaW8vc6VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrby1hZG1pbi10b2tlbi1rcHJsOSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2AxdmljZS1hY2NvdW50Lm5hbQAiOiJrby1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFiQ291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiZTA1YWQ2LTgzY2UtNDgzYi05MzI0LTdjM2YwNDFjNmRhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprby1hZG1pbiJ9.qP04Yd6sTf5IDbQ_9lF_VdoyBEN5UCBmp1P7tvv9Fn9ibZFOGsupXjzbxCMhu3HhkGSE1pUuu1NNmcJUCUb_pFi5x5Bvo2xkF1_SfQACo40kzrUQ9ATTX8wuDzpiNw9sjf-_1l7rwnseOC4WJYNQIOs9i9FOeyRPYbKvkwsysJBVCq_XkoqvZt9xPp-LtsMUdWKHhLKUkBBM5F1NpVyahSrrsgH2lRuNsGALGb0FGIwYfMWN6KaHim2eeOaH4nqnVJ0WGCVJNx9-_PJQXfFWZtnceF_IiTUGwC7fqrA7T-5vOafPvG7c6PgjPzgMyEo4ade1bRV3fM98gHs_5v-oVw

上面 token: 后面的内容就是我们需要的 token,把这个内容填写到 JumpServer 账号列表中即可。