KubernetesAPI接口啓用注意事項

1.API授權訪問

admin沒有足夠的權限，需要給admin選擇一個合適的clusterrole.將admin這個user與clusterrole:cluster-admin bind到一起。
命令如下：
#kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --clusterrole=cluster-admin --user=admin
返回：clusterrolebinding.rbac.authorization.k8s.io "login-on-dashboard-with-cluster-admin" created
確認命令：
# kubectl get clusterrolebinding/login-on-dashboard-with-cluster-admin -o yaml
返回：
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: 2018-04-26T06:22:23Z
  name: login-on-dashboard-with-cluster-admin
  resourceVersion: "3649"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/login-on-dashboard-with-cluster-admin
  uid: 2e85e277-491a-11e8-8665-000c2989f32f
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: admin

2.查看令牌

新版本訪問系統頁面需要令牌。
命令如下：
#kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
返回：
Name:         admin-user-token-7xnn4
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=bb669eea-4916-11e8-8665-000c2989f32f

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTd4bm40Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYjY2OWVlYS00OTE2LTExZTgtODY2NS0wMDBjMjk4OWYzMmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.iJ1QZ1JLwjI7DF0mrBpgUFSftOX-vd0Mk_6mXrMrjYPFiQo6lDHP-sO3Jyun02Y9lJTr2zNPW74bTF1fu0JuoStWsa3vj4QA4Aylv_wLpnMLuWDMGvpwL1xcZrwZgLwMnmcUyWjpmW6vEYZPQ-xhBPTZgyaVtL7KyN0PE8JBU1krTW4Fh-nuEbgCF8rQ2E_REbt0EqUAPNKaKRz00vWTglAVN-vIR5tgz7-xAZJmlayw2jyVBNRVEByfQS8YWYN6g6iDJecEGFFpXbyXltTtgMK6WPar81YUgpEWyVAKtzm41Rd7ITVxaoj1NExQlYklG9UOxURXHptSbi0av-P2AQ
ca.crt:     1346 bytes

3.刪除用戶

終端命令操作刪除用戶：
# curl -i -k -XDELETE https://192.168.1.183:6443/api/v1/namespaces/test —basic -u admin:test1234
註釋：test是對應的用戶名，-u後面是用戶名密碼