mirror of
https://codeup.aliyun.com/64f7d6b8ce01efaafef1e678/coal/coal.git
synced 2026-01-25 07:46:40 +08:00
完善k8s文件
This commit is contained in:
46
k8s/init/genconfig.sh
Normal file
46
k8s/init/genconfig.sh
Normal file
@@ -0,0 +1,46 @@
|
||||
# The script returns a kubeconfig for the ServiceAccount given
|
||||
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
|
||||
|
||||
# Cosmetics for the created config
|
||||
clusterName='kubernetes'
|
||||
# your server address goes here get it via `kubectl cluster-info`
|
||||
server='https://192.168.0.119:6443'
|
||||
# the Namespace and ServiceAccount name that is used for the config
|
||||
namespace='coal'
|
||||
serviceAccount='ci'
|
||||
|
||||
# The following automation does not work from Kubernetes 1.24 and up.
|
||||
# You might need to
|
||||
# define a Secret, reference the ServiceAccount there and set the secretName by hand!
|
||||
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount for details
|
||||
secretName=ci
|
||||
|
||||
######################
|
||||
# actual script starts
|
||||
set -o errexit
|
||||
|
||||
|
||||
ca=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.ca\.crt}')
|
||||
token=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.token}' | base64 --decode)
|
||||
|
||||
echo "
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: ${clusterName}
|
||||
cluster:
|
||||
certificate-authority-data: ${ca}
|
||||
server: ${server}
|
||||
contexts:
|
||||
- name: ${serviceAccount}@${clusterName}
|
||||
context:
|
||||
cluster: ${clusterName}
|
||||
namespace: ${namespace}
|
||||
user: ${serviceAccount}
|
||||
users:
|
||||
- name: ${serviceAccount}
|
||||
user:
|
||||
token: ${token}
|
||||
current-context: ${serviceAccount}@${clusterName}
|
||||
"
|
||||
33
k8s/init/sa.yaml
Normal file
33
k8s/init/sa.yaml
Normal file
@@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
namespace: coal
|
||||
name: ci
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
namespace: coal
|
||||
name: ci
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: ci
|
||||
type: kubernetes.io/service-account-token
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ci-rb
|
||||
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ci
|
||||
namespace: coal
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: edit
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
Reference in New Issue
Block a user