JumpServer添加访问k8s集群

发表于 更新于 分类于 阅读次数: 本文字数: 316 阅读时长 ≈ 1 分钟

Jumpserver中添加k8s,方便直接从Jumpserver管理k8s集群

一、k8s准备

1.创建对象ClusterRole

此对象定义具体权限

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: jmsClusterRole
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch

2.创建对象ServiceAccount

此对象为创建用户,并自动生成Secret对象,即token

1
2
3
4
5
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jms-serviceaccount
  namespace: kube-system

3.创建对象ClusterRoleBinding

此对象将ClusterRole定义的权限赋给ServiceAccount

1
2
3
4
5
6
7
8
9
10
11
12
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jms-bind-jmsClusterRole
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jmsClusterRole
subjects:
- kind: ServiceAccount
  name: jms-serviceaccount
  namespace: kube-system

4.获取token值

此步骤也可参考Jumpserver官网:https://docs.jumpserver.org/zh/master/admin-guide/app/kubernetes/

1
2
3
4
5
执行:
export POD_NAME=`kubectl get secret -n kube-system|grep jms|awk '{print $1}'`
kubectl describe secret ${POD_NAME} -n kube-system|grep 'token:'
输出:
token:      it-is-example-token-pZCI6IlB0MUR2dEdtRW5lN19nQWg1WWdWN2o5U1FicTA2dDYtT2VfMk1ScTd0RG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJqbXMtc2VydmljZWFjY291bnQtdG9rZW4tcnB3d2giLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiam1zLXNlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGZkYjIwOWUtMTgyYi00M2JmLTgyNDctZTAwN2VkOWI1ZTY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmptcy1zZXJ2aWNlYWNjb3VudCJ9.o8N_m_QtpLOj5OHxvlnepzqypmx8xfE63_GQnzbSfy4deGR1WY0UElxLZcWrajhzHIOP2cBkzVF-X4K6sZoixV1tI0qevHC-gu2v-VZkzv0h-lwbJfMWNV9fiF2alZ9VCVSIXXUBRJ49Wd6ecn8N5_BAIXZ3rLePYxhJA9t_Vlx8l_8stE-AXn9W5IRRy6bzFCpJqR0Mua8BDvv8UJMPT7PPFp3bmBdTNuFOlwpoUNHNtKERGpN19N9Zg05bNaHZwphABOK2mlHDwERAJ3JDFrC1bztUZCYgxXhDQnCG_EJE54SpoMNVvvRgyTw5BJAZYizEmM2_ljytCgdAEznD5g

二、配置Jumpserver

1.创建K8S协议系统账户,“令牌”输入框填入上文获取到的token

![输入token]

2.应用管理-kubernetes中创建应用

注:“集群”中填写jms能够访问到的集群地址,此处填写TKE提供的内网ip地址
![输入集群地址]

3.赋权后即可访问k8s集群信息,测试

1
kubectl get nodes