116 lines
2.5 KiB
Bash
Executable File
116 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# 定义变量
|
||
NAMESPACE="my-namespace"
|
||
SERVICE_ACCOUNT="my-sa"
|
||
|
||
# YAML 内容(确保 Deployment 明确使用 ServiceAccount)
|
||
all_resources_yaml='
|
||
apiVersion: v1
|
||
kind: Namespace
|
||
metadata:
|
||
name: '"$NAMESPACE"'
|
||
|
||
---
|
||
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: '"$SERVICE_ACCOUNT"'
|
||
namespace: '"$NAMESPACE"'
|
||
|
||
---
|
||
|
||
apiVersion: v1
|
||
kind: Service
|
||
metadata:
|
||
name: my-mysql-service
|
||
namespace: '"$NAMESPACE"'
|
||
spec:
|
||
type: NodePort
|
||
selector:
|
||
app: mysql
|
||
ports:
|
||
- protocol: TCP
|
||
port: 3306
|
||
targetPort: 3306
|
||
nodePort: 30060
|
||
|
||
---
|
||
|
||
apiVersion: apps/v1
|
||
kind: Deployment
|
||
metadata:
|
||
name: mysql-deployment
|
||
namespace: '"$NAMESPACE"'
|
||
spec:
|
||
replicas: 1
|
||
selector:
|
||
matchLabels:
|
||
app: mysql
|
||
template:
|
||
metadata:
|
||
labels:
|
||
app: mysql
|
||
spec:
|
||
serviceAccountName: '"$SERVICE_ACCOUNT"' # 关键:强制 Pod 使用该 ServiceAccount
|
||
containers:
|
||
- name: mysql
|
||
image: mysql:8.0
|
||
env:
|
||
- name: MYSQL_ROOT_PASSWORD
|
||
value: "123456"
|
||
resources:
|
||
limits:
|
||
cpu: "300m"
|
||
memory: "512Mi"
|
||
'
|
||
|
||
# 创建资源函数
|
||
create_resources() {
|
||
echo "$all_resources_yaml" | kubectl apply -f -
|
||
if [ $? -ne 0 ]; then
|
||
echo "资源创建失败"
|
||
exit 1
|
||
fi
|
||
# 新增:等待 Secret 生成(最多 10 秒)
|
||
echo "等待 ServiceAccount 的 Secret 生成..."
|
||
for i in {1..10}; do
|
||
local secret_name=$(kubectl get serviceaccount "$SERVICE_ACCOUNT" -n "$NAMESPACE" -o jsonpath='{.secrets[0].name}' 2>/dev/null)
|
||
if [ -n "$secret_name" ]; then
|
||
break
|
||
fi
|
||
sleep 1
|
||
done
|
||
}
|
||
|
||
# 删除资源函数
|
||
delete_resources() {
|
||
echo "$all_resources_yaml" | kubectl delete -f -
|
||
if [ $? -ne 0 ]; then
|
||
echo "资源创建失败"
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
# 获取 Token 函数(优化错误提示)
|
||
get_service_account_token() {
|
||
local secret_name=$(kubectl get serviceaccount "$SERVICE_ACCOUNT" -n "$NAMESPACE" -o jsonpath='{.secrets[0].name}' 2>/dev/null)
|
||
if [ -z "$secret_name" ]; then
|
||
echo "错误:ServiceAccount 的 Secret 未生成,请检查 Pod 是否正常运行"
|
||
exit 1
|
||
fi
|
||
local token=$(kubectl get secret -n "$NAMESPACE" "$secret_name" -o jsonpath='{.data.token}' | base64 -d)
|
||
echo "ApiToken: $token"
|
||
}
|
||
|
||
# 执行流程
|
||
create_resources
|
||
#echo "资源创建完成"
|
||
#kubectl get all -n "$NAMESPACE"
|
||
|
||
#echo "正在获取 ServiceAccount 的 Token..."
|
||
#get_service_account_token
|
||
|
||
|
||
#delete_resources |