24.kubernetes(k8s)笔记认证、授权与准入控制(四) RBAC访问控制 kubernetes运维容器

RBAC 访问控制 ServiceAccount 前言: 在上一节已经介绍过RBAC 通过绑定授权Users Accounts 得到不同作用域权限
这节对Serviceaccount进行绑定授权因为sa权限是针对Pod的权限命令行无法直接验证所以借助dashbaortd来验证

首先在help中可以看到有对serviceaccount的绑定

[root@k8s-master authfiles]# kubectl create rolebinding --help ... Usage: kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] [options]

示例1:部署DashBoard验证ServiceAccount权限

DashBoard官网URL

https://kubernetes.io/zh/docs...

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml[root@k8s-master authfiles]# kubectl get pod -n kubernetes-dashboard NAMEREADYSTATUSRESTARTSAGE dashboard-metrics-scraper-79c5968bdc-28h7g1/1Running084s kubernetes-dashboard-9f9799597-qj8jv1/1Running084s[root@k8s-master authfiles]# kubectl get svc -n kubernetes-dashboard NAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGE dashboard-metrics-scraperClusterIP10.98.196.1308000/TCP91s kubernetes-dashboardClusterIP10.99.133.20443/TCP93s

测试环境这里使用比较简单的暴露方式修改配置文件直接暴露DashBoard端口

[root@k8s-master authfiles]# vim recommended.yaml kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 externalIPs:#使用外部IP 暴露https - 192.168.54.171 selector: k8s-app: kubernetes-dashboard

重新应用生效

[root@k8s-master authfiles]# kubectl apply -frecommended.yaml[root@k8s-master authfiles]# kubectl get svc -n kubernetes-dashboard NAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGE dashboard-metrics-scraperClusterIP10.98.196.1308000/TCP5m7s kubernetes-dashboardClusterIP10.99.133.20192.168.54.171443/TCP5m9s

打开浏览器输入之前修改的地址

24.kubernetes(k8s)笔记认证、授权与准入控制(四) RBAC访问控制

文章图片

这里登录用到的token 就Serviceaccount token对Serviceaccount的授权不同决定了dashboard的操作权限

示例2:创建serviceaccount 绑定admin 并验证权限,作用域为名称空间

User --> Rolebindig -->ClusterRole:权限降级，serviceaccount dev-admin对名称空间dev拥有完全权限
创建 serviceaccount

[root@k8s-master PodControl]# kubectl create serviceaccount dev-admin -n dev serviceaccount/dev-admin created

对serviceaccount通过 rolebinding 绑定admin

[root@k8s-master PodControl]# kubectl createrolebinding dev-admin-n dev --clusterrole=admin--serviceaccount=dev:dev-admin rolebinding.rbac.authorization.k8s.io/dev-admin created [root@k8s-master PodControl]# kubectl get sa -n rolebinding No resources found in rolebinding namespace. [root@k8s-master PodControl]# kubectl get rolebinding-n dev NAMEROLEAGE dev-adminClusterRole/admin10s

查看serviceaccount中secrets的token

[root@k8s-master PodControl]# kubectl get secrets -n dev NAMETYPEDATAAGE admin-token-42gb9kubernetes.io/service-account-token35d6h default-token-m5b9rkubernetes.io/service-account-token35d6h dev-admin-token-zbt9zkubernetes.io/service-account-token326s [root@k8s-master PodControl]# kubectl get secrets dev-admin-token-zbt9z -n dev-o yaml apiVersion: v1 data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXlPREUzTkRJeE1Gb1hEVE14TURZeU5qRTNOREl4TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXdRCm1DSkowR3VJRGR6WmE4WEFKSXk3QlJVR0JUMG9JMGxWdVdjM1BEMjV3aHIxTUJSeVVydTB1MG43bUtWUVR6YlkKMEc4VVNIendTblg1MU9vTXBVNVl3SEs2V0dMZ0o2Z2RDZmpBWTZ2MTJlN3krcnZqT0tZbnM2bGpVZjJNbmFJTApuckN5MS91NTZMbmgxd0NIMVhrTEVDUDUzOU1GYW1Za1JHeGVTOUZabEZjZ0x2SnA0M1ZYOVY0SVdRZXVtSGQ5CjFhYktWZWkvNDFxYmJ2eURVN2w0bDdrbFVtTFVUR0RsWXBmMUdQVS9KYW9tNFFMUmFFdDJjc1ljTlo4SjN5YVkKR3ZPbG9HTTE1MFJzeDR2TDhEV09xWmNVVWcvdVh1aktnMU1mV1JyRDlLdnFLMVFkUDkySUUrbDZuWFVLWTM0cgp2b0RDbU9jTDhKMG5QeWpieWYwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPd2kyd3JVYnV2Vm1iaVYycm5uTHR6MGhzZ2NNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCQ0ZrRVU0Z3lvdURzNGhHMHBqZGxySlJrRHcxa0tnMUpWOG0zQ3FjS1VLbUpCVVQ5SAo5UjhMYVUycy82eVM1elgzVlNkVU5nRjFWL2hwalVKNmJTdWQ5WGZubWJ3OGxIS1V1Y1VTSVdVOWErVEdUdmtuCkRxSThGY0M4Z0tzdFVBd2FneGRSd2ozS0V5N0hTQWNiTVhqS0ZTZEFsUTJRcTdDRzh2TFhpbHVySGhFRWJyenEKdW5idVZqSjgwZ0lXZWVvMjNIa0Fiak9pVGlTb2tOMkFvR3lHVzllUzNiTUxTSmdNSHpMdFg4MHVXd1M3NWpjMwoybU1yWWU1OW56R0lSMnlZMnp4a21tajZET0xvTVFLeUpscVBDMmZHS3lBdjBONzlRS0FHbDdKamJYell2YVYyCmVnV3RDazBGSG5mYWg5RnUrL1A4cE50WThhZ1NsdW5lZUhrTAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== namespace: ZGV2token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqaDRia3BGTWtNeFYwRnRabXhQVG14c1YzWmhZM2xJUm5aaVJqbGFVbmhGU1hkSFNuUkdjMjFhZFVVaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWlhZaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sWTNKbGRDNXVZVzFsSWpvaVpHVjJMV0ZrYldsdUxYUnZhMlZ1TFhwaWREbDZJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1Ym1GdFpTSTZJbVJsZGkxaFpHMXBiaUlzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJamczTXpRNFltRXdMV1F4TlRBdE5HSTNPQzA0WlRneUxXWTFZekUwTkdSak1qazNaU0lzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pYWTZaR1YyTFdGa2JXbHVJbjAubEFhWjhoWjNUc0JJakpBbEc0a24wb084bjhISmNJRWIwZTR0NS1Fa2YyMGlTZHdxalRubTM3Z0FkajhicGtucW1YZHRhY0dQajhPSmxLSGFGUHJmM19uQnhNa0NTWHBzblZwVTdqUGhHN19XYmZLcEdPbHRMWERQeFdwQVNqeWp1aXlkcGFnWURiQnBXTnRJVGJ2eDFWaGVLTHlYNjB3V0QxeGdZS1d4R2Q4Njc3YllsLU5WLXNuNTNEQVNyck9rcG1aZDJqMDhCMmpoNlNrWnJiblc3NU1MYjg3YVI3VGg0ZEpWbmtiVTlySDFLUFRZdVd6Y1pOUnBnV1VyN2NJTDUxcG43Z2VpeUZJaTJBOXlmVXpJaDRGRWhqOTVqWVdId0J1akQ3T3M1ZlZIYWdyT2lIU1RkM01udmlyUHltNG5Ya3Q2UmR0bS1EUUpad2lFT1VnWUdR ...

复制上面的token 并通过base64 -d进行解密

[root@k8s-master PodControl]# echo ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqaDRia3BGTWtNeFYwRnRabXhQVG14c1YzWmhZM2xJUm5aaVJqbGFVbmhGU1hkSFNuUkdjMjFhZFVVaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWlhZaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sWTNKbGRDNXVZVzFsSWpvaVpHVjJMV0ZrYldsdUxYUnZhMlZ1TFhwaWREbDZJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1Ym1GdFpTSTZJbVJsZGkxaFpHMXBiaUlzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJamczTXpRNFltRXdMV1F4TlRBdE5HSTNPQzA0WlRneUxXWTFZekUwTkdSak1qazNaU0lzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pYWTZaR1YyTFdGa2JXbHVJbjAubEFhWjhoWjNUc0JJakpBbEc0a24wb084bjhISmNJRWIwZTR0NS1Fa2YyMGlTZHdxalRubTM3Z0FkajhicGtucW1YZHRhY0dQajhPSmxLSGFGUHJmM19uQnhNa0NTWHBzblZwVTdqUGhHN19XYmZLcEdPbHRMWERQeFdwQVNqeWp1aXlkcGFnWURiQnBXTnRJVGJ2eDFWaGVLTHlYNjB3V0QxeGdZS1d4R2Q4Njc3YllsLU5WLXNuNTNEQVNyck9rcG1aZDJqMDhCMmpoNlNrWnJiblc3NU1MYjg3YVI3VGg0ZEpWbmtiVTlySDFLUFRZdVd6Y1pOUnBnV1VyN2NJTDUxcG43Z2VpeUZJaTJBOXlmVXpJaDRGRWhqOTVqWVdId0J1akQ3T3M1ZlZIYWdyT2lIU1RkM01udmlyUHltNG5Ya3Q2UmR0bS1EUUpad2lFT1VnWUdR | base64 -deyJhbGciOiJSUzI1NiIsImtpZCI6Ijh4bkpFMkMxV0FtZmxPTmxsV3ZhY3lIRnZiRjlaUnhFSXdHSnRGc21adUUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZXYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiZGV2LWFkbWluLXRva2VuLXpidDl6Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRldi1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijg3MzQ4YmEwLWQxNTAtNGI3OC04ZTgyLWY1YzE0NGRjMjk3ZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZXY6ZGV2LWFkbWluIn0.lAaZ8hZ3TsBIjJAlG4kn0oO8n8HJcIEb0e4t5-Ekf20iSdwqjTnm37gAdj8bpknqmXdtacGPj8OJlKHaFPrf3_nBxMkCSXpsnVpU7jPhG7_WbfKpGOltLXDPxWpASjyjuiydpagYDbBpWNtITbvx1VheKLyX60wWD1xgYKWxGd8677bYl-NV-sn53DASrrOkpmZd2j08B2jh6SkZrbnW75MLb87aR7Th4dJVnkbU9rH1KPTYuWzcZNRpgWUr7cIL51pn7geiyFIi2A9yfUzIh4FEhj95jYWHwBujD7Os5fVHagrOiHSTd3MnvirPym4nXkt6Rdtm-DQJZwiEOUgYGQ[root@k8s-master PodControl]#

权限验证只对dev 和defualt 名称空间有权限

文章图片

示例3:创建serviceaccount绑定cluster-admin

拥有超级管理员权限作用域为集群级别资源
创建serviceaccount

[root@k8s-master PodControl]# kubectl create serviceaccount cluster-admin -n kubernetes-dashboard serviceaccount/cluster-admin created#创建clusterrolebinding 绑定cluster-admin集群级别资源不需要指定名称空间 [root@k8s-master PodControl]# kubectl create clusterrolebinding sa-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:cluster-admin clusterrolebinding.rbac.authorization.k8s.io/sa-cluster-admin created[root@k8s-master PodControl]# kubectl get secrets -n kubernetes-dashboard NAMETYPEDATAAGE cluster-admin-token-nq8jqkubernetes.io/service-account-token329s default-token-5rlqdkubernetes.io/service-account-token363m kubernetes-dashboard-certsOpaque063m kubernetes-dashboard-csrfOpaque163m kubernetes-dashboard-key-holderOpaque263m kubernetes-dashboard-token-kdc57kubernetes.io/service-account-token363m [root@k8s-master PodControl]# kubectl get secrets cluster-admin-token-nq8jq -n kubernetes-dashboard -o yaml apiVersion: v1 data: ... token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqaDRia3BGTWtNeFYwRnRabXhQVG14c1YzWmhZM2xJUm5aaVJqbGFVbmhGU1hkSFNuUkdjMjFhZFVVaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGNtNWxkR1Z6TFdSaGMyaGliMkZ5WkNJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZqY21WMExtNWhiV1VpT2lKamJIVnpkR1Z5TFdGa2JXbHVMWFJ2YTJWdUxXNXhPR3B4SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW1Oc2RYTjBaWEl0WVdSdGFXNGlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzUxYVdRaU9pSm1OR0ZoWTJGak1DMDRPV1kzTFRRd05UTXRPRE0yTnkwMU5ETXlZakEzTUdNMllXSWlMQ0p6ZFdJaU9pSnplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YTNWaVpYSnVaWFJsY3kxa1lYTm9ZbTloY21RNlkyeDFjM1JsY2kxaFpHMXBiaUo5LmV5Nmk5UUJGVzlRSGVKbkk0Zy14VG1pT1I2ZjJSdEVUR2JRbF9rbG5iV1psZFFLbFNhejFxX2NFbUJlSnNFRThQdTAyYnR1OU54LTBNSnNfMGRoTzA3NTJrUDRMemhFdTRMUzNueDYyQ3NBNWtoZDF6eWdQSC16NUlrd01XTmNZemFQMW1ZR2pmV2J3OTYyTEdwdnY4aU1rRy04OEpsSFpSOVEtci15aERfMzJVNHpVUm1XbEpyNUlUbHl4b0Z6XzE4LVhWbThpYUd1VlBrcEZ1Tm1ld2NIM0J5ZXJyRmFTSWZTV1NQM0NNRk5iMlVaUUlKYW9rMVFUN0todFZGZlZUbm1PelA4Qk52cVRhSktvQXlKNGZLcnhHOHVzZ1FmSzJuS2NiRGc2bFZFdFpsck9HQllRTFZpWEVIMmlkazlGaXVBTXRWSHpUbUFMSU5lNHUtcF82QQ==...

使用base64对token解密

[root@k8s-master PodControl]# echo ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqaDRia3BGTWtNeFYwRnRabXhQVG14c1YzWmhZM2xJUm5aaVJqbGFVbmhGU1hkSFNuUkdjMjFhZFVVaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGNtNWxkR1Z6TFdSaGMyaGliMkZ5WkNJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZqY21WMExtNWhiV1VpT2lKamJIVnpkR1Z5TFdGa2JXbHVMWFJ2YTJWdUxXNXhPR3B4SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW1Oc2RYTjBaWEl0WVdSdGFXNGlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzUxYVdRaU9pSm1OR0ZoWTJGak1DMDRPV1kzTFRRd05UTXRPRE0yTnkwMU5ETXlZakEzTUdNMllXSWlMQ0p6ZFdJaU9pSnplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YTNWaVpYSnVaWFJsY3kxa1lYTm9ZbTloY21RNlkyeDFjM1JsY2kxaFpHMXBiaUo5LmV5Nmk5UUJGVzlRSGVKbkk0Zy14VG1pT1I2ZjJSdEVUR2JRbF9rbG5iV1psZFFLbFNhejFxX2NFbUJlSnNFRThQdTAyYnR1OU54LTBNSnNfMGRoTzA3NTJrUDRMemhFdTRMUzNueDYyQ3NBNWtoZDF6eWdQSC16NUlrd01XTmNZemFQMW1ZR2pmV2J3OTYyTEdwdnY4aU1rRy04OEpsSFpSOVEtci15aERfMzJVNHpVUm1XbEpyNUlUbHl4b0Z6XzE4LVhWbThpYUd1VlBrcEZ1Tm1ld2NIM0J5ZXJyRmFTSWZTV1NQM0NNRk5iMlVaUUlKYW9rMVFUN0todFZGZlZUbm1PelA4Qk52cVRhSktvQXlKNGZLcnhHOHVzZ1FmSzJuS2NiRGc2bFZFdFpsck9HQllRTFZpWEVIMmlkazlGaXVBTXRWSHpUbUFMSU5lNHUtcF82QQ== |base64 -deyJhbGciOiJSUzI1NiIsImtpZCI6Ijh4bkpFMkMxV0FtZmxPTmxsV3ZhY3lIRnZiRjlaUnhFSXdHSnRGc21adUUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjbHVzdGVyLWFkbWluLXRva2VuLW5xOGpxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNsdXN0ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmNGFhY2FjMC04OWY3LTQwNTMtODM2Ny01NDMyYjA3MGM2YWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6Y2x1c3Rlci1hZG1pbiJ9.ey6i9QBFW9QHeJnI4g-xTmiOR6f2RtETGbQl_klnbWZldQKlSaz1q_cEmBeJsEE8Pu02btu9Nx-0MJs_0dhO0752kP4LzhEu4LS3nx62CsA5khd1zygPH-z5IkwMWNcYzaP1mYGjfWbw962LGpvv8iMkG-88JlHZR9Q-r-yhD_32U4zURmWlJr5ITlyxoFz_18-XVm8iaGuVPkpFuNmewcH3ByerrFaSIfSWSP3CMFNb2UZQIJaok1QT7KhtVFfVTnmOzP8BNvqTaJKoAyJ4fKrxG8usgQfK2nKcbDg6lVEtZlrOGBYQLViXEH2idk9FiuAMtVHzTmALINe4u-p_6A[root@k8s-master PodControl]#