使用postman访问k8s api

创建Service Account账号，这是用来给运行在Pod里的进程用的，或者用postman调用也是一样。

[root@k8s-node1 ~]# kubectl create sa admin
serviceaccount/admin created

获取Token

[root@k8s-node1 ~]# kubectl get sa admin -ojson
{
    "apiVersion": "v1",
    "kind": "ServiceAccount",
    "metadata": {
        "creationTimestamp": "2021-12-31T14:08:33Z",
        "name": "admin",
        "namespace": "default",
        "resourceVersion": "531295",
        "selflink": "/api/v1/namespaces/default/serviceaccounts/admin",
        "uid": "0c663c2b-cfb6-419a-91f8-1c84671f9d3f"
    },
    "secrets": [
        {
            "name": "admin-token-kll46"
        }
    ]
}
[root@k8s-node1 ~]# kubectl describe secret admin-token-kll46
Name:         admin-token-kll46
Namespace:    default
Labels:       
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 0c663c2b-cfb6-419a-91f8-1c84671f9d3f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkRXQVJ4SjVxMjliMHp0WU1uZlBsNHVhQUxnU0ZCMnZaUDZNVHdSbVNWbVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFkbWluLXRva2VuLWtsbDQ2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGM2NjNjMmItY2ZiNi00MTlhLTkxZjgtMWM4NDY3MWY5ZDNmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWRtaW4ifQ.d7xXtvFm2eSvE-h_iTqFAIylEqfXnAUX5o4V49DoDbWnfkRhmIMYXlVIYAvs4G_bsjan1MzGxfVc6wFsZBhoJkrreHupz-zYhL9Ls1bjuPOYTGH1q25V_ECDl71SrYlpqIaH2XxB-G-xap1toBI0UiWQoH4PBNl672l5sWbD6DMjXr4OYkX8i710Rxb--xJ9rEBECYewPD48mItQorpgat8hP1csjQs0q__bFnFp3HeMHw65OopFbtbIypbhIooootzbksm092h5t7CLP_mECVvgof3JdtegY3r2EU3-ryr_zzOT3LtOCqB_hMX5RRAad-vrVBuMvm7x9r7phVAXGw

给Service Account绑定角色权限为cluster-admin，可以对任何资源执行任何操作

[root@k8s-node1 ~]# kubectl create rolebinding apiadmin --clusterrole cluster-admin --serviceaccount default:admin
rolebinding.rbac.authorization.k8s.io/apiadmin created

给postman设置一个全局变量apiserverToken，token为刚才上面describe secret打印出来的token。

将postman的ssl验证设置为off

接下来输入需要访问的api地址，Authorization里面选择 Bearer Token，token输入刚才创建的变量名，就能够成功访问k8s的api 了