k8s版本：v1.24.4

1. 创建serviceaccount

# 默认在default命名空间，可以加 -n 指定命名空间
kubectl create serviceaccount test01

2. 查看账户信息

# 可以加-n 命名空间过滤
kubectl get serviceaccount test01 -o yaml

3. 绑定角色

# 注意命名空间
kubectl create clusterrolebinding test01 --clusterrole=cluster-admin --serviceaccount=default:test01

生成token

# 这种方式创建是临时的
kubectl create token test01
eyJhbGciOiJSUzI1NiIsImtpZCI6InQxRnlkblZVNmJWVGQ4UUFMckN1V1dwcUYtRzQtS1JqUTZFeHpVTEh2OFkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjYxODU2Njc0LCJpYXQiOjE2NjE4NTMwNzQsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6InRlc3QwMSIsInVpZCI6IjdiNDk0NzQ1LWQ3MjQtNDQxOS05MTEwLTUwODAwMTliNDlmMyJ9fSwibmJmIjoxNjYxODUzMDc0LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp0ZXN0MDEifQ.WeOv5SZE_0cP3jP1yxxXFrP7oTl_KlCeW2WLqGl12M6WmE1vaQqNp1fKAF42AduV2hwvGrRmFpEV2Gz_d-RjtNY34EI8aqbKUeQcxHrNu8CxcZyOCfsrUSVMc-Jt115H9FYIbD5kMv33ArQiBOM21MgX_bvusqJ3ioMo1FkJTxQuDpjY146yyO2z_aRQjSCVNc3dnW9nmMBs8HjZZaXPpB9DC7FU0zNXUbdnAFXaq2-zPo88NSVwrXBBaWlsHt2ppz_0madmNxqL356EWg1uAhaUsTfG6NbWmxcyIXhEVeZHqmbVgiCFAoYTVdk7lQL3fX51W6rLeSWm7y-snwPfUg

可以加上 --duration 参数设置时间 kubectl create token account -h查看具体命令

kubectl create token account --duration 8760h

# 测试apiserver是否可连接

curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InQxRnlkblZVNmJWVGQ4UUFMckN1V1dwcUYtRQtS1JqUTZFeHpVTEh2OFkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjYxODU2Njc0LCJpYXQiOjE2NjE4NTMwNzQsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6InRlc3QwMSIsInVpZCI6IjdiNDk0NzQ1LWQ3MjQtNDQxOS05MTEwLTUwODAwMTliNDlmMyJ9fSwibmJmIjoxNjYxODUzMDc0LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp0ZXN0MDEifQ.WeOv5SZE_0cP3jP1yxxXFrP7oTl_KlCeW2WLqGl12M6WmE1vaQqNp1fKAF42AduV2hwvGrRmFpEV2Gz_d-RjtNY34EI8aqbKUeQcxHrNu8CxcZyOCfsrUSVMc-Jt115H9FYIbD5kMv33ArQiBOM21MgX_bvusqJ3ioMo1FkJTxQuDpjY146yyO2z_aRQjSCVNc3dnW9nmMBs8HjZZaXPpB9DC7FU0zNXUbdnAFXaq2-zPo88NSVwrXBBaWlsHt2ppz_0madmNxqL356EWg1uAhaUsTfG6NbWmxcyIXhEVeZHqmbVgiCFAoYTVdk7lQL3fX51W6rLeSWm7y-snwPfUg" https://10.168.2.100:6443/api/ -k

> 如果调用报401重新生成token多试几次，偶尔会不行，暂时不知道为什么

![image.png](https://s2.51cto.com/images/20220830/1661872345737232.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
QQ学习交流群