pod内curl访问apiserver

2023-04-24  本文已影响0人  wwq2020

创建testpod.yaml,内容如下

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: demo
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - list
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: demo
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: demo
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: demo
subjects:
  - kind: ServiceAccount
    name: demo
---
apiVersion: v1
kind: Pod
metadata:
  name: demo
spec:
  serviceAccount: demo
  terminationGracePeriodSeconds: 1
  containers:
  - image: alpine
    imagePullPolicy: IfNotPresent
    command:
      - sleep
      - "3600"
    name: app
  restartPolicy: Always

进入pod

kubectl exec -it -n default demo -- sh

安装curl

sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
apk add curl

测试访问apiserver

token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
curl  --cacert  /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $token" https://${KUBERNETES_SERVICE_HOST}:443/api/v1/namespaces/default/pods
上一篇 下一篇

猜你喜欢

热点阅读