k8s中集群配置文件config生成
本文是在已有集群的基础上进行重新配置kubelet实现的
kubectl:使用 ca.pem、admin-key.pem、admin.pem;
cd k8s-cert/
vi admin-csr.json
----------
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
--------------
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
# ~~~~~生成
# admin.csr admin-csr.json admin-key.pem admin.pem
# ~~~~~~~
# 将admin证书放在ssl中
cp admin* /opt/kubernetes/ssl/
# 下载 kubectl
cd k8s
tar -xzvf kubernetes-client-linux-amd64.tar.gz
cp kubernetes/client/bin/kube* /usr/bin/
chmod a+x /usr/bin/kube*
# 创建 kubectl kubeconfig 文件
export KUBE_APISERVER="https://10.0.3.239:6443"
kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER}
kubectl config set-credentials admin \
--client-certificate=/opt/kubernetes/ssl/admin.pem \
--embed-certs=true \
--client-key=/opt/kubernetes/ssl/admin-key.pem
kubectl config set-context kubernetes \
--cluster=kubernetes \
--user=admin
kubectl config use-context kubernetes
可查看到~/.kube/config文件。
下载k8s客户版kubectl,下载地址:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md#client-binaries