Kubelet使用安全认证连接Apiserver,可以用Token或证书连接。配置步骤如下。
1,生成Token命令
head -c 16 /dev/urandom | od -An -t x | tr -d ' '
2,生成TLS证书
需要三个文件 ca.crt kubeadmin.crt kubeadmin.key
生成证书命令请参考http://www.cnblogs.com/birdstudio/p/7660068.html
3,配置Kubelet
KUBELET_ARGS="--bootstrap-kubeconfig=./kubeconfig"
kubeconfig文件
apiVersion: v1 kind: Config preferences: {} clusters: - name: local cluster: server: https://39.108.97.109:6443 certificate-authority: /root/kubernetes/ca.crt users: - name: kubelet-bootstrap user: token: 863f4582d6f5eb82a59089c971b785c3 name: kubeadmin user: client-certificate: /root/kubernetes/kubeadmin.crt client-key: /root/kubernetes/kubeadmin.key contexts: - name: dev-frontend context: cluster: local user: kubeadmin current-context: dev-frontend
参考资料