一起来学k8s 14.kubernetes config

kubernetes config

环境

192.168.48.101 master01
192.168.48.201 node01
192.168.48.202 node02

查看config文件

[root@master01 ~]# kubectl config  view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

创建新用户

在原来集群基础上创建新的登录用户

配置证书

证书目录/etc/kubernetes/pki/

[root@master01 ~]# cd /etc/kubernetes/pki/

[root@master01 pki]# ls
apiserver.crt              apiserver.key                 ca.crt  front-proxy-ca.crt      front-proxy-client.key
apiserver-etcd-client.crt  apiserver-kubelet-client.crt  ca.key  front-proxy-ca.key      sa.key
apiserver-etcd-client.key  apiserver-kubelet-client.key  etcd    front-proxy-client.crt  sa.pub

[root@master01 pki]# openssl genrsa -out tk8s.key 2048
Generating RSA private key, 2048 bit long modulus
..................+++
......................................................+++
e is 65537 (0x10001)
[root@master01 pki]# openssl req -new -out tk8s.csr -key tk8s.key -subj "/CN=tk8s"
[root@master01 pki]# openssl x509 -req -in tk8s.csr -out tk8s.crt -signkey tk8s.key  -CA ca.crt  -CAkey ca.key -CAcreateserial -days 365
Signature ok
subject=/CN=tk8s
Getting Private key
Getting CA Private Key
[root@master01 pki]# ls
apiserver.crt              apiserver.key                 ca.crt  etcd                front-proxy-client.crt  tk8s.csr  sa.pub
apiserver-etcd-client.crt  apiserver-kubelet-client.crt  ca.key  front-proxy-ca.crt  front-proxy-client.key  tk8s.key
apiserver-etcd-client.key  apiserver-kubelet-client.key  ca.srl  front-proxy-ca.key  tk8s.crt              sa.key

建立k8s用户

[root@master01 pki]# kubectl config set-credentials tk8s --client-certificate=tk8s.crt --client-key=tk8s.key  --embed-certs=true
User "tk8s" set.
[root@master01 pki]# kubectl config  view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: tk8s
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

创建k8s上下文

[root@master01 pki]# kubectl config  set-context  tk8s@kubernetes --cluster=kubernetes  --user=tk8s 
Context "tk8s@kubernetes" created.
[root@master01 pki]# kubectl config  view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
- context:
    cluster: kubernetes
    user: tk8s
  name: tk8s@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: tk8s
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

切换上下文

[root@master01 ~]# kubectl config  use-context  tk8s@kubernetes 
Switched to context "tk8s@kubernetes".

[root@master01 ~]# kubectl config  view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
- context:
    cluster: kubernetes
    user: tk8s
  name: tk8s@kubernetes
current-context: tk8s@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: tk8s
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

创建新的集群

[root@master01 ~]# kubectl config set-cluster k8s --certificate-authority=/etc/kubernetes/pki/ca.crt  --server="https://192.168.48.101:6443" --embed-certs=true
Cluster "k8s" set.
[root@master01 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: k8s
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.48.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
- context:
    cluster: kubernetes
    user: tk8s
  name: tk8s@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: tk8s
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值