我创建了一个 serviceaccount 并为该服务帐户创建了一个 kubeconfig,但是当我运行 kubectl --kubeconfig=sa.kubeconfig get nodes or get pods 我首先收到错误:> error:You must be logged in to the server (Unauthorized).
现在我收到了消息error: the server doesn't have a resource type "svc"
。
这是创建sa、role和rolebinding的yaml文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: default-user
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: default-user
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: default-user
subjects:
- namespace: default
kind: ServiceAccount
name: default-user
然后,我为服务帐户创建了 kubeconfig 文件。
# your server name goes here
server=https://<server.hcp.westeurope.azmk8s.io:443>
# the name of the secret containing the service account token goes here
name=<default-user-token>
ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64)
echo "
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
cluster:
certificate-authority-data: ${ca}
server: ${server}
contexts:
- name: default-context
context:
cluster: default-cluster
namespace: default
user: default-user
current-context: default-context
users:
- name: default-user
user:
token: ${token}
" > sa.kubeconfig
有人看到我做错了吗?