AWS EKS KubeSphere 安装 nocalhost

kubectl apply -f - <<EOF
# 创建一个ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ${SERVICE_ACCOUNT_NAME}
  namespace: default  # 根据需要更改命名空间
---

# 创建具有 cluster-admin 权限的 ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: nocalhost-cluster-admin
  namespace: default  # 与 Service Account 相同的命名空间
subjects:
  - kind: ServiceAccount
    name: ${SERVICE_ACCOUNT_NAME}
    namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: ${NOCALHOST_SECRET}
  annotations:
    kubernetes.io/service-account.name: ${SERVICE_ACCOUNT_NAME}
  EOF

export SERVICE_ACCOUNT_TOKEN=$(kubectl get secret ${NOCALHOST_SECRET} -o jsonpath="{.data.token}" | base64 -d)

export SERVICE_ACCOUNT_CACERT=$(kubectl get secret ${NOCALHOST_SECRET} -o jsonpath="{.data.ca\.crt}")

export API_SERVER=$(kubectl config view --minify -o jsonpath="{.clusters[0].cluster.server}")

echo "SERVICE_ACCOUNT_TOKEN: ${SERVICE_ACCOUNT_TOKEN}"
echo "SERVICE_ACCOUNT_CACERT: ${SERVICE_ACCOUNT_CACERT}"
echo "API_SERVER: ${API_SERVER}"

cat <<EOF > ~/.kube/config-nocalhost
apiVersion: v1
kind: Config
clusters:
- cluster:
    server: ${API_SERVER}
    certificate-authority-data: ${SERVICE_ACCOUNT_CACERT}
  name: nocalhost-cluster
contexts:
- context:
    cluster: nocalhost-cluster
    user: nocalhost-user
  name: nocalhost-context
current-context: nocalhost-context
users:
- name: nocalhost-user
  user:
    token: ${SERVICE_ACCOUNT_TOKEN}
EOF