zoukankan      html  css  js  c++  java
  • 二、kubectl在客户端使用

    客户端使用kubectl访问
    由于默认使用的Http访问,在master中访问是连接的http://127.0.0.1:8080地址,客户端只能通过10.16.8.156:6443访问,需要配置https

    1、生成证书

    [root@k8s-master01 k8s]# pwd
    /root/k8s/tls/k8s
    [root@k8s-master01 k8s]# cat admin-csr.json 
    {
      "CN": "admin",
      "hosts": [],
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names": [
        {
          "C": "CN",
          "L": "HuBei",
          "ST": "WuHan",
          "O": "system:masters",
          "OU": "System"
        }
      ]
    }
    #下面的CA证书在前面部署master自签证书时已经生成了
    [root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
    2019/11/07 16:59:08 [INFO] generate received request
    2019/11/07 16:59:08 [INFO] received CSR
    2019/11/07 16:59:08 [INFO] generating key: rsa-2048
    2019/11/07 16:59:08 [INFO] encoded CSR
    2019/11/07 16:59:08 [INFO] signed certificate with serial number 615183675351926100941011275121168596608133541272
    2019/11/07 16:59:08 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
    websites. For more information see the Baseline Requirements for the Issuance and Management
    of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
    specifically, section 10.2.3 ("Information Requirements").
    [root@k8s-master01 k8s]# ls admin*pem
    admin-key.pem  admin.pem

    2、拷贝证书和kubelet命令到客户端主机

    [root@k8s-master01 k8s]# scp admin*.pem 10.16.8.161:/root/
    [root@k8s-master01 k8s]# scp ca.pem 10.16.8.161:/root/  
    [root@k8s-master01 k8s]# scp /opt/kubernetes/bin/kubectl 10.16.8.161:/usr/local/bin/

    3、在客户端主机上配置

    [root@etcd01 ~]#  ifconfig ens32 |grep "inet "
            inet 10.16.8.161  netmask 255.255.255.0  broadcast 10.16.8.255
    [root@etcd01 ~]# ls *.pem
    admin-key.pem  admin.pem  ca.pem
    [root@etcd01 ~]# kubectl config set-cluster kubernetes 
    --server=https://10.16.8.156:6443 
    --certificate-authority=ca.pem 
    --embed-certs=true 
    --kubeconfig=config      
    Cluster "kubernetes" set.
    
    [root@etcd01 ~]# kubectl config set-credentials cluster-admin 
    --certificate-authority=ca.pem 
    --client-key=admin-key.pem 
    --client-certificate=admin.pem 
    --embed-certs=true 
    --kubeconfig=config
    User "cluster-admin" set.
    
    [root@etcd01 ~]# kubectl config set-context default --cluster=kubernetes --user=cluster-admin --kubeconfig=config
    Context "default" created.
    
    [root@etcd01 ~]# kubectl config use-context default --kubeconfig=config
    Switched to context "default".
    [root@etcd01 ~]# ls config
    config
    [root@etcd01 ~]# mv config .kube/
    [root@etcd01 ~]# ll .kube
    总用量 8
    -rw------- 1 root root 6241 11月  7 17:16 config

    3、测试连接

    [root@etcd01 ~]# kubectl get node
    NAME STATUS ROLES AGE VERSION
    k8s-node01 Ready <none> 2d5h v1.16.0
    k8s-node02 Ready <none> 2d5h v1.16.0
    k8s-node03 Ready <none> 2d5h v1.16.0
  • 相关阅读:
    Python-操作符与基本数据类型
    初识Python
    HDU 1166 敌兵布阵(线段树求sum)
    HDU 1754 I Hate It(线段树求max)
    HDU 1176 免费馅饼
    HDU 1466 计算直线的交点数
    HDU 1506 Largest Rectangle in a Histogram(最大矩形面积)
    AYOJ 单词接龙(搜索)
    AYOJ 传球游戏(递推)
    AYOJ 方格取数(多进程DP)
  • 原文地址:https://www.cnblogs.com/xw115428/p/11956538.html
Copyright © 2011-2022 走看看