一、生成管理员证书
cat > admin-csr.json <<EOF { "CN": "admin", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "system:masters", "OU": "System" } ] } EOF
执行
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
二、创建kubeconfig文件
# 设置集群参数 kubectl config set-cluster kubernetes --server=https://192.168.124.61:6443 --certificate-authority=ca.pem --embed-certs=true --kubeconfig=config # 设置上下文参数 kubectl config set-context default --cluster=kubernetes --user=cluster-admin --kubeconfig=config # 设置客户端认证参数 kubectl config set-credentials cluster-admin --certificate-authority=ca.pem --embed-certs=true --client-key=admin-key.pem --client-certificate=admin.pem --kubeconfig=config # 设置默认上下文 kubectl config use-context default --kubeconfig=config
设置客户端认证参数时
--certificate-authority=ca.pem ##添加管理员权限,没有这一段则为普通用户
碰到这样的错误时:
Error: failed to apply manifests: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
在/etc/profile末尾增加
export KUBECONFIG=/root/pki/config
添加完后执行
source /etc/profile