美文网首页Kubernetes
Kubernetes | 生成 kubeconfig 文件

Kubernetes | 生成 kubeconfig 文件

作者: 奶茶不要奶不要茶 | 来源:发表于2022-06-08 15:06 被阅读0次
Kubernetes 集群管理员 kubeconfig
APISERVER=https://192.168.3.201:6443

kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config set-credentials kubernetes-admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config set-context kubernetes-admin \
--cluster=kubernetes \
--user=kubernetes-admin \
--kubeconfig=kubernetes-admin.kubeconfig

kubectl config use-context kubernetes-admin --kubeconfig=kubernetes-admin.kubeconfig
Controller-manager 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-controller-manager.kubeconfig

kubectl config set-credentials system:kube-controller-manager \
--client-certificate=kube-controller-manager.pem \
--client-key=kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
     
kubectl config set-context system:kube-controller-manager \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
     
kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
Scheduler 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler \
--client-certificate=kube-scheduler.pem \
--client-key=kube-scheduler-key.pem \
--embed-certs=true \
--kubeconfig=kube-scheduler.kubeconfig
     
kubectl config set-context system:kube-scheduler \
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=kube-scheduler.kubeconfig
     
kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
Kubelet 组件 Bootstrap kubeconfig
APISERVER=https://192.168.3.201:6443
TOKEN=$(awk -F',' '{print $1}' token.csv)
kubectl config set-cluster kubelet-bootstrap \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=bootstrap.kubeconfig

kubectl config set-credentials kubelet-bootstrap \
--token=${TOKEN} \
--kubeconfig=bootstrap.kubeconfig

kubectl config set-context kubelet-bootstrap \
--cluster=kubelet-bootstrap \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig

kubectl config use-context kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig
Kube-proxy 组件 kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials system:kube-proxy \
--client-certificate=kube-proxy.pem \
--client-key=kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-context system:kube-proxy \
--cluster=kubernetes \
--user=system:kube-proxy \
--kubeconfig=kube-proxy.kubeconfig

kubectl config use-context system:kube-proxy --kubeconfig=kube-proxy.kubeconfig
APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--namespace=default \
--server=${APISERVER} \
--kubeconfig=dev.kubeconfig

kubectl config set-credentials dev \
--client-certificate=dev.pem \
--client-key=dev-key.pem \
--embed-certs=true \
--kubeconfig=dev.kubeconfig

kubectl config set-context dev \
--cluster=kubernetes \
--user=dev \
--kubeconfig=dev.kubeconfig

kubectl config use-context dev --kubeconfig=dev.kubeconfig
创建拥有单个命名空间(namespace)权限的用户
cat > dev-csr.json <<EOF
{
  "CN": "dev",
  "key": {
    "algo": "ecdsa",
    "size": 256
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "system:masters",
      "OU": "Kubernetes"
    }
  ]
}
EOF
# 生成 dev 用户的证书
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes dev-csr.json | cfssljson -bare dev

APISERVER=https://192.168.3.201:6443
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=${APISERVER} \
--kubeconfig=dev.kubeconfig

kubectl config set-credentials dev \
--client-certificate=dev.pem \
--client-key=dev-key.pem \
--namespace=dev \
--embed-certs=true \
--kubeconfig=dev.kubeconfig

kubectl config set-context dev \
--cluster=kubernetes \
--namespace=dev \
--user=dev \
--kubeconfig=dev.kubeconfig

# 生成 dev 用户的 kubeconfig 文件
kubectl config use-context dev --kubeconfig=dev.kubeconfig

# 将 dev 用户绑定到 dev 命名空间(namespace)
kubectl create rolebinding dev-admin --clusterrole=cluster-admin --user=dev --namespace=dev

相关文章

网友评论

    本文标题:Kubernetes | 生成 kubeconfig 文件

    本文链接:https://www.haomeiwen.com/subject/bfxymrtx.html