1、准备二进制包
[root@linux-node1 ~]# cd /usr/local/src/kubernetes/client/bin
[root@linux-node1 bin]# cp kubectl /opt/kubernetes/bin/
2、创建admin证书签名请求
[root@linux-node1 bin]# cd /usr/local/src/ssl/
[root@linux-node1 ssl]# vim admin-csr.json
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
3、生成admin证书和私钥
[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem
> -ca-key=/opt/kubernetes/ssl/ca-key.pem
> -config=/opt/kubernetes/ssl/ca-config.json
> -profile=kubernetes admin-csr.json | cfssljson -bare admin
[root@linux-node1 ssl]# cp admin*.pem /opt/kubernetes/ssl/
4、设置集群参数
[root@linux-node1 ssl]# kubectl config set-cluster kubernetes
> --certificate-authority=/opt/kubernetes/ssl/ca.pem
> --embed-certs=true
> --server=https://192.168.43.21:6443
Cluster "kubernetes" set.
5、设置客户端认证参数
[root@linux-node1 ssl]# kubectl config set-credentials admin
> --client-certificate=/opt/kubernetes/ssl/admin.pem
> --embed-certs=true
> --client-key=/opt/kubernetes/ssl/admin-key.pem
User "admin" set.
6、设置上下文参数
[root@linux-node1 ssl]# kubectl config set-context kubernetes
> --cluster=kubernetes
> --user=admin
Context "kubernetes" created.
7、设置默认上下文
[root@linux-node1 ssl]# kubectl config use-context kubernetes
Switched to context "kubernetes".
8、使用kubectl工具
[root@linux-node1 ssl]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}