结合
kubernetes1.2部署
添加k8s认证鉴权部分
[root@localhost home]# vi /etc/kubernetes/apiserver
#KUBE_API_ARGS=" --basic_auth_file=/root/token_auth_file"
#KUBE_API_ARGS=""
#KUBE_API_ARGS="--insecure-port=0 --secure-port=443 --basic_auth_file=/home/basic_auth_file"
#KUBE_API_ARGS="--authorization-mode=AlwaysDeny --basic_auth_file=/home/basic_auth_file"
#KUBE_API_ARGS="--secure-port=443 --basic_auth_file=/home/basic_auth_file"
#KUBE_API_ARGS="--secure-port=443 --authorization-mode=ABAC --authorization-policy-file=/home/policy_file.jsonl --basic_auth_file=/home/basic_auth_file"
KUBE_API_ARGS="--insecure-port=0 --basic_auth_file=/home/basic_auth_file"
要删除https_proxy代理
[root@localhost home]# kubectl get rc,deployment,nodes,pod,service,endpoints,ing -o wide --server="https://192.168.25.10:6443" --username="admin" --password="admin" --insecure-skip-tls-verify=true
鉴权
[root@localhost home]# cat policy_file.jsonl
{"user":"admin"}
{"user":"test", "resource": "pods", "readonly": true}
==========================
magnum
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
#KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0 --insecure-port=8080"
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0 --insecure-port=0 --basic_auth_file=/etc/kubernetes/basic_auth_file"
# The port on the local server to listen on.
# KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL=""
# Add your own!
#Uncomment the following line to disable Load Balancer feature
KUBE_API_ARGS="--runtime_config=api/all=true"
#Uncomment the following line to enable Load Balancer feature
#KUBE_API_ARGS="--runtime_config=api/all=true --cloud_config=/etc/sysconfig/kube_openstack_config --cloud_provider=openstack"