Service Account是运行pods用到的帐号,默认是default。如果apiserver启动配置--admission-control=ServiceAccount,Service Account就要生成Token才能启动pods或者连接apiserver进行操作。下面讲讲如何把默认Service Account(default)生成Token。

1,生成serviceaccount.key

openssl genrsa -out ./serviceaccount.key

2,配置并重启controller-manager

vi /etc/kubernetes/controller-manager

KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=./serviceaccount.key"

3,创建secret.json

{

    "kind": "Secret",

    "apiVersion": "v1",

    "metadata": {

        "name": "default-secret",

        "annotations": {

            "kubernetes.io/service-account.name": "default"

        }

    },

    "type": "kubernetes.io/service-account-token"

}
kubectl create -f ./secret.json

kubectl describe secret default-secret

执行上面命令生成secret/default-secret

4,Token生成成功

kubectl describe secret/default-secret

Name:         default-secret

Namespace:    default

Labels:       <none>

Annotations:  kubernetes.io/service-account.name=default

              kubernetes.io/service-account.uid=0267460c-2902-11e8-a221-00163e088d17

Type:  kubernetes.io/service-account-token

Data

====

namespace:  7 bytes

token:      eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtc2VjcmV0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMjY3NDYwYy0yOTAyLTExZTgtYTIyMS0wMDE2M2UwODhkMTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWZhdWx0In0.UCRU7OnKMC1oaY4vRntWmsKBQasEKBDoGzxNdGdTGqhcO0JV-kOEXjms1h80vvtxPj7930LPkpvXOYnwiST1Z73zf4z7DrKlAYuF-TKwWncJyKbYwskS4nONeAzxpzWJO7YTGnQPZHOwORQ3UMtW5_G12vrB4t43Cig15-6wRLDU4S_evkUh4lQeesAf1Uncy4SuNxHbLdiA1UfFWOf9xNd1BuPpKZ4jOrUQ9El1dYEHdpXrDgV5s6Wp2GWpWtZnb1R-HEtlISAgqwi5tA_ZvQiS0oKFzacxaSzwKOzla4hhkY5B9W8Y62_g5AuMqCff5fDils8HyQE-M7qpNoFbSg

Token与Service Account关联成功

# kubectl get Serviceaccount

NAME      SECRETS   AGE

default   1         24d

这配置可以解决创建rc或pod时报错,Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account

最新文章

  1. mysql深入浅出的笔记(存储过程一)
  2. 遍历 Input检测是否有重复的值
  3. Hibernate缓存(转)
  4. Reflector 已经out了,试试ILSpy
  5. HTML5学习之文档结构和语义(一)
  6. Git command line
  7. 学习js之类的使用
  8. MEF初体验之五:Lazy Exports
  9. i2c总线的oled12864屏的u8x8运用总结
  10. 17_8_9 Spring 注入
  11. java位移运算符3 转
  12. Django学习开发--笔记一(从零开始)
  13. 意外的php之学习笔记
  14. 恢复oracle数据从delete
  15. sql注入工具:sqlmap命令
  16. scrapy框架初级
  17. 寻找二叉树中的最低公共祖先结点----LCA(Lowest Common Ancestor )问题(递归)
  18. Properties集合概述与存和取
  19. 对团队项目的NABCD的分析
  20. CentOS7.2安装python2.7.12

热门文章

  1. 『Python CoolBook』C扩展库_其四_结构体操作与Capsule
  2. linux搭建node环境
  3. learning makefile var
  4. python-模块2
  5. 错误:Bean property &#39;sessionFactory&#39; is not writable or has an invalid setter method.
  6. Linux下实现ssh免密认证
  7. 福大软工 &#183; 第十一次作业 - Alpha 事后诸葛亮(团队)
  8. Android stdio 报错 error invoking main method
  9. 阶段01Java基础day16集合框架02
  10. jQuery开发API参考