我在 CAPI 集群上创建一个空服务帐户
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
使用 kubectl create 和 kubectl apply。
kubectl 创建
$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2024-01-24T15:11:24Z"
name: build-robot
namespace: default
resourceVersion: "7337504"
uid: e2414d28-d897-4099-ac5d-699c89835615
secrets:
- name: build-robot-token-77p6d
kubectl 应用
$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"build-robot","namespace":"default"}}
creationTimestamp: "2024-01-24T15:10:55Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:secrets:
.: {}
k:{"name":"build-robot-token-8rqgq"}: {}
manager: kube-controller-manager
operation: Update
time: "2024-01-24T15:10:55Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
manager: kubectl-client-side-apply
operation: Update
time: "2024-01-24T15:10:55Z"
name: build-robot
namespace: default
resourceVersion: "7337399"
uid: 0bac2513-844f-4526-b374-3642bdf26838
secrets:
- name: build-robot-token-8rqgq
“kubectl apply”服务帐户通过
kube-controller-manager
获得托管字段(秘密),而“kubectl create”服务帐户则不受托管。我不明白这个。
我用吊舱尝试了同样的实验。两种情况下的所有托管字段都是相同的(除了我期望不同的字段,例如
last-applied-configuration
)。
kubectl create 命令的“save-config”默认值为 false,因此不会显示对象的配置。要查看对象的配置,请将“save-config”传递为 true for kubectl create for ex:
kubectl create sa build-robot --save-config=true
“save-config”的更多详细信息参见 k8s 文档
创建对象后,您可以使用“managementFields”查看对象配置