美文网首页Kubernetes
Kubernetes | 生成 kubeconfig 文件

Kubernetes | 生成 kubeconfig 文件

作者: 奶茶不要奶不要茶 | 来源:发表于2022-06-08 15:06 被阅读0次
Kubernetes 集群管理员 kubeconfig
APISERVER=https://192.168.3.201:6443

kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config set-credentials kubernetes-admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config set-context kubernetes-admin \
--cluster=kubernetes \
--user=kubernetes-admin \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config use-context kubernetes-admin --kubeconfig=kubernetes-admin.kubeconfig
Controller-manager 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-controller-manager.kubeconfig

kubectl config set-credentials system:kube-controller-manager \
--client-certificate=kube-controller-manager.pem \
--client-key=kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
     
kubectl config set-context system:kube-controller-manager \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
     
kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
Scheduler 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler \
--client-certificate=kube-scheduler.pem \
--client-key=kube-scheduler-key.pem \
--embed-certs=true \
--kubeconfig=kube-scheduler.kubeconfig
     
kubectl config set-context system:kube-scheduler \
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=kube-scheduler.kubeconfig
     
kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
Kubelet 组件 Bootstrap kubeconfig
APISERVER=https://192.168.3.201:6443
TOKEN=$(awk -F',' '{print $1}' token.csv)
kubectl config set-cluster kubelet-bootstrap \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=bootstrap.kubeconfig

kubectl config set-credentials kubelet-bootstrap \
--token=${TOKEN} \
--kubeconfig=bootstrap.kubeconfig

kubectl config set-context kubelet-bootstrap \
--cluster=kubelet-bootstrap \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig

kubectl config use-context kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig
Kube-proxy 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials system:kube-proxy \
--client-certificate=kube-proxy.pem \
--client-key=kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-context system:kube-proxy \
--cluster=kubernetes \
--user=system:kube-proxy \
--kubeconfig=kube-proxy.kubeconfig

kubectl config use-context system:kube-proxy --kubeconfig=kube-proxy.kubeconfig

APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--namespace=default \
--server=${APISERVER} \
--kubeconfig=dev.kubeconfig

kubectl config set-credentials dev \
--client-certificate=dev.pem \
--client-key=dev-key.pem \
--embed-certs=true \
--kubeconfig=dev.kubeconfig

kubectl config set-context dev \
--cluster=kubernetes \
--user=dev \
--kubeconfig=dev.kubeconfig

kubectl config use-context dev --kubeconfig=dev.kubeconfig
创建拥有单个命名空间(namespace)权限的用户
cat > dev-csr.json <<EOF
{
  "CN": "dev",
  "key": {
    "algo": "ecdsa",
    "size": 256
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "system:masters",
      "OU": "Kubernetes"
    }
  ]
}
EOF
# 生成 dev 用户的证书
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes dev-csr.json | cfssljson -bare dev

APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=dev.kubeconfig

kubectl config set-credentials dev \
--client-certificate=dev.pem \
--client-key=dev-key.pem \
--namespace=dev \
--embed-certs=true \
--kubeconfig=dev.kubeconfig

kubectl config set-context dev \
--cluster=kubernetes \
--namespace=dev \
--user=dev \
--kubeconfig=dev.kubeconfig

# 生成 dev 用户的 kubeconfig 文件
kubectl config use-context dev --kubeconfig=dev.kubeconfig

# 将 dev 用户绑定到 dev 命名空间(namespace)
kubectl create rolebinding dev-admin --clusterrole=cluster-admin --user=dev --namespace=dev

相关文章

网友评论

    本文标题:Kubernetes | 生成 kubeconfig 文件

    本文链接:https://www.haomeiwen.com/subject/bfxymrtx.html

    延伸阅读

    深度阅读

    • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

    栏目导航

    热点阅读

    Kubernetes

    关于我们|服务条款|联系我们|Kubernetes | 生成 kubeconfig 文件|投稿指南|网站地图|RSS订阅|排版工具|手机版

    提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

    Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

    备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

    本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

    所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!