k8s集群部署五(创建Node节点kubeconfig文件)

原创
2019/02/19 11:31
阅读数 677

在Master上面进行以下操作

先下载kubectl工具,放在/opt/kubernetes/bin中,下载地址https://github.com/zq2599/blog_demos/blob/master/k8s_tools/kubectl/linux/kubectl.zip

kubectl是kubernetes的客户端工具。

将其赋予可执行权限

chmod 755 kubectl

创建 TLS Bootstrapping Token,执行以下命令

export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF

查看该token

# cat token.csv 
3fdae91637503dc355c1f09ca38fd147,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

创建kubelet kubeconfig,创建kubeapi的对外访问参数,该IP地址为master的IP

export KUBE_APISERVER="https://172.18.98.48:6443"

cd /opt/kubernetes/ssl     (以下设置操作不要更改目录)

设置集群参数

kubectl config set-cluster kubernetes \
  --certificate-authority=./ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=bootstrap.kubeconfig

查看证书信息

# cat bootstrap.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []

查看token

# echo ${BOOTSTRAP_TOKEN}
3fdae91637503dc355c1f09ca38fd147

设置客户端认证参数

kubectl config set-credentials kubelet-bootstrap \
  --token=${BOOTSTRAP_TOKEN} \
  --kubeconfig=bootstrap.kubeconfig

# cat bootstrap.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users:
- name: kubelet-bootstrap
  user:
    as-user-extra: {}
    token: 3fdae91637503dc355c1f09ca38fd147

可以看到token被设置进去了

设置上下文参数

kubectl config set-context default \
  --cluster=kubernetes \
  --user=kubelet-bootstrap \
  --kubeconfig=bootstrap.kubeconfig

# cat bootstrap.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubelet-bootstrap
  name: default
current-context: ""
kind: Config
preferences: {}
users:
- name: kubelet-bootstrap
  user:
    as-user-extra: {}
    token: 3fdae91637503dc355c1f09ca38fd147

我们可以看到context被设置进去了

设置默认上下文

kubectl config use-context default --kubeconfig=bootstrap.kubeconfig

# cat bootstrap.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubelet-bootstrap
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kubelet-bootstrap
  user:
    as-user-extra: {}
    token: 3fdae91637503dc355c1f09ca38fd147

current-context被设置成了default

创建kube-proxy kubeconfig文件

kubectl config set-cluster kubernetes \
  --certificate-authority=./ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-proxy.kubeconfig

# cat kube-proxy.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []

我们看到kube-proxy.kubeconfig跟bootstrap.kubeconfig是差不多的

将之前存储证书文件的kube-proxy.pem,kube-proxy-key.pem拷入到/opt/kubernetes/ssl

给kube-proxy设置证书

kubectl config set-credentials kube-proxy \
  --client-certificate=./kube-proxy.pem \
  --client-key=./kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig

再来看一下kube-proxy.kubeconfig文件

# cat kube-proxy.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVVzNuTnpycG9uN1JDL1h6ekVVNkFPUGxyRUxRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQXpNak13TUZvWERUSTBNREl4TkRBek1qTXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBemFETzRlM04zbmVtRmZ5UXhnZlkKb2tvUTU4VDc5UmNHNEpDbjNpNHp3WFd1djhqdFVIUDlsMlFWSXlqeUFhQVZ6cktBd2swVFBBb2w4ZHFZM3BsdAoxUGlETWVQVy8yUTZUZkZIMHMva3hlYUxwMXdhWUtBYzJpMmR4RitldXFQUFlSaHIwYjl0dlE3djJLRU5LZ3BSClUzUjhLalB0SWQwdGpZbGt4VXgwSUhWcnFLaXVXYVpRNnhWa0paY0FKSlJNVHlpYnRUQWRjejhQOHl3cnBQaDQKQ2RWdHNPeUUzbTgwNUNGUWdDV2s2ZUNFWDFwczZKNWNDdVhpbWFOcXoya1hyZWt2em9abzVEQlNUaFE2M3VjOApwekJCemlNdWZ6SEFMNW1NTGkybXhtK3NuUnB1NWtZalJRa1BrOWxHTjBFMkRTendNdFp2eGJKbkhlWmQ5bUFTClVRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVYXNicGR5L2tPbkJDVjV0cEpUVlpPSURkYllZd0h3WURWUjBqQkJnd0ZvQVVhc2JwZHkvawpPbkJDVjV0cEpUVlpPSURkYllZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdmswc1Mwb0ZsaFQxeDJoRW5RCjVrcHVLUXI3R1BJNlUwNE1wbDg1cE1mWEg0bmdVbzAxbC8xbFJuaTg5MlhSNkhEZnBzcEwvb3p6ejFVY1ZzZFUKenNBZHVkRXR1aDJ1Vm1mNmk2aXVSMWZKeDJkQjE1dHhCeDd6cGpKSFNlTDZ3VjI4STc5WVNRby9XQVZOUVZuMQpaTEFsSm5NYS91VGZRWC9HSEp5ZHIwWWFpelEzWnFXTjZhZ3hGMEwwM0M0RHJaVUpYR0J1cFRoWGkwR1k1YXczClRpMS8vUXlXYnRUdDlTeklJYzFRbDl6VEFRUEdVU0JaWTBYWVJaRGIzR0FxMzdZS3piblhxdHlub25BTlBwM1UKRFJiVU8yRDNmSUZnUWlPK0NEV3MyWTQzWlRnaTN5cnFpM3NBOUx6dmsvOUpKNDg3S0V0V1RwTFpDSnhoall0aApPeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.18.98.48:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users:
- name: kube-proxy
  user:
    as-user-extra: {}
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lVWXJMMUxEK09hOUtQbHZpd1E4TUd0RnBlemVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURJeE5UQTJNREl3TUZvWERUSTVNREl4TWpBMk1ESXdNRm93YkRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUm93R0FZRFZRUURFeEZ6ZVhOMFpXMDZhM1ZpClpTMXdjbTk0ZVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2wyNURFRzBwTEYKbzhpa3BOY01pTG5YZFVRenQwWFRiVGFpejlmS1lXNkc4UGJEaXN5NzBYOHh2czRJb29lV0V3N0c0ajRvNkprUApNS1g3RU94VWNPTGRHdktRcE1lRmtheXBGWXMxWEZwbytLNG80VjdGeHZlZngzRmhnM2pvTXN5Z0syTkI1UXpnCjh3TGdpMWh6aXFFYjhNdkx1elc0dXBjYVhpT05oZENMaEIydHIyQnI0YW1NeVJEdEdJNzhjQThqR3hTb0oxaXMKaE9KR2hWNTJFUmxPZFErYlZCZUd2a0hSMlBkajVVUWFnU1d0S2pBN3RJQjI1Ly9YaUs1SWo4U05ZeE8wSEJjdgpFeHZ2LzZySWdtRlp5bVh2bWpiUEdRekgwNG1zRkdtNlpNZDY2YXRoTkhFY0lZUE8zT0lIQjY3bXVPek8rRWhUCk4rUTlwdnMrNlJNQ0F3RUFBYU4vTUgwd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0cKQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCUS8zd1hGQlVpUQpDUDhQeUJ2WEJFZmErS2lURURBZkJnTlZIU01FR0RBV2dCUnF4dWwzTCtRNmNFSlhtMmtsTlZrNGdOMXRoakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhkL0dsZ050SzdUb2FsVnRGU1hnVDlCRGswU09YTG0vckY1NnRnMEcKS3VvcjJKaStUL2pvSDRQVEdLb1Vpd3E3S0k5amFUdFhWVmpVdnk0SzFjNVJOb0szQjJhdzB2NVI5ZEo4NmhONQo4SFZ0ZUFVSEUvU0Exeld2dCtFelI2eG5mRy9ucE9tS2NMYTVVZC9wb1VuVTZjMGlLdTRHSlBSRXlaK3dmclJCCjNxTFhyY05Ib2ZsdTNnOStCYlgzV1diOU1WVDBCbmkxajI0c1JvanliTjc0YXAybXExU01mVWVRcU9PeW9TVXcKcm1yVCt1K1RaZDZQQ29JZ1V4QW1BQTRMZ3dZZzBjSDdnbDZHQVV0OGI2WnZCb3VSUVNnOE9wQnYxZFIxekNkRQo1K1d4Rk13enk4aHlGTFkxS3V0TFgrK3hiUGUzOG0xMnlrWlRzQkgvdStCWmpRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBcVhia01RYlNrc1dqeUtTazF3eUl1ZGQxUkRPM1JkTnROcUxQMThwaGJvYnc5c09LCnpMdlJmekcremdpaWg1WVREc2JpUGlqb21ROHdwZnNRN0ZSdzR0MGE4cENreDRXUnJLa1ZpelZjV21qNHJpamgKWHNYRzk1L0hjV0dEZU9neXpLQXJZMEhsRE9EekF1Q0xXSE9Lb1J2d3k4dTdOYmk2bHhwZUk0MkYwSXVFSGEydgpZR3ZocVl6SkVPMFlqdnh3RHlNYkZLZ25XS3lFNGthRlhuWVJHVTUxRDV0VUY0YStRZEhZOTJQbFJCcUJKYTBxCk1EdTBnSGJuLzllSXJraVB4STFqRTdRY0Z5OFRHKy8vcXNpQ1lWbktaZSthTnM4WkRNZlRpYXdVYWJwa3gzcnAKcTJFMGNSd2hnODdjNGdjSHJ1YTQ3TTc0U0ZNMzVEMm0rejdwRXdJREFRQUJBb0lCQVFDWG9xelpPYk9lWlg4QwpnR0NIbE0yYkRUSC9EdytGU1lSR0NUVlZiOS95MklneEpoUEMwcVRJM2FoUUQrWHUwTmpJdGltbldVK1g5Y0dnCkk2R205bi8wWDhoSEdDcDU1Z2pOcUphQWRBVHBXVmg3N2xTTFN3bVlkYjR1dEFUQ1lYTmpLa2Jva0FQMm5DcVcKZm5ueGNhR3dPNklobVhFd3h0VWZkQmFjVlh4UmQ3QTZPaVg2R21qY0ZhQzNWdjJiSC8zYTMzUWNkRkRmZWlPRgo0eEdKWVcvWlQ1aFJua2tSbjVhYXZOVE15ZVZySFhDd0Z5aU0ydDJ3TzVxb0Npd05qWVhZV2dOa2Q3bnRuTnB1CmNzOWFDY1NRSUJKakFtRWhpK3Y5NzIyeTlub3FiTnRRMC9kaU5BcVhIbENTam40UXFkQ1JMVUx2TThUNWRXeXIKM2F4QWtPUGhBb0dCQU1WUG9OOHczRFJVT091ZW91NlEwckxUb2d4emxvTXY3bW9FWEg1clVlRzJoWmhMSUpEcwpHcXZxTVVMdkVKazh5aE1tUlRDSmUweTQ4MlBJNkZ0Z2JUd3F1WjFDQkZmNTJrMG1uMGlhVXgvZUd3Wnh6NUlRCjdBNndybzVlWkVtTWhGS2NTVEV1ZC92NTQ0aUxNdEJYc2lkZzltUC9mVll0dXZzaWVPVFNlNkxaQW9HQkFOdmUKM1R6SHVQR3RUcVB5N3NYckVmcGZHQzk3N3pFZkF3eUJIRUkvbGRKYXVuZDNQak9aTDBrcjA1eVpqOFEvenZFaApPTVhlT3dVNE83b05GNHhuRzhXMHhZUW16TGRWMmhPK3l6cURnRlN1N3BxNjZHeUFkUVBma0NUQ0VtRmRPb1FpCmxyRnV2a0xIMXJMbDhtZHU1QVg3blkvWm91SHlxcFNhSHEvSGtKL0xBb0dBZHZJdDlONnJvUkEwMERYdDJ3dUwKT1NyRHdlWGNrbkZPdExLMFg3R3F4dnNWUmwzajMvbTFpblhBQkszQnY5OFpvcm1yZERzdERXOWhxb0h2TVViTQpFejFlY0NMZ0kza0gxUUszZXprdGEwU2wzaGkySFVQK1NrelFyaHJSTWxWM1g2Vy9xZHB0a29WdVdWNHczOUErCkllY2VJZUpmV0podzQveEFEUkdtWHVFQ2dZRUFnM3FUNWNLdzc2UnBRRlVIUDhkQUt1NHVza1owVkhWdEIwODEKck5BRk1aTWJxbERlRzFEaEcrcGZVbWZwdHJ0SmJwd2xMUDJsWVl1cys2YlVqQnNrV21ldExVZGVaOHVvNnVITworYUNsWHY1MHBJWmNjbldtZzdodW8reUJ2VU5ZdUtkT1liQU5paldpUjd5RjVpQkRydWcxNGsyTXYzeXpVTVdRCjBDQ1FkVjBDZ1lFQXJmajB3VllpbE1KN3k0MDk1YXhLODhjcXp4K0pFdnFjS0xpWVZEQ3NTMGZxMmRmNlVtdVIKTzYwY0VyT0FTNEc3dFpPSDVlSXBXYXd1VHhjVlJMSExEaitrNWFCUnFXSmZrZ2NBb1JGUW9EQVd2UXhWaG10Zwp2MDZSeFczN3hsVDZnTEdveU9xK21CMTdVOEp2UXd5aEc0WlFoY05kUkQyUVlHTWQ4TFFWT29RPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

设置上下文

kubectl config set-context default \
  --cluster=kubernetes \
  --user=kube-proxy \
  --kubeconfig=kube-proxy.kubeconfig

设置默认上下文

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

可以将以上所有命令存入到kubeconfig.sh,放在/opt/kubernetes/ssl

设置可执行权限chmod 755 kubeconfig.sh

展开阅读全文
加载中

作者的其它热门文章

打赏
0
0 收藏
分享
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部