k8s实践1:kubectl config 命令
夏锐藻
1.结合kubectl部署,加强了解kubectl config命令
kubectl config命令,生成集群信息,集群用户和用户权限并把这些内容写入kubectl读取的配置文件
部署kubectl时执行的kubectl config命令,见下
[root@k8s-master admin]# source /opt/k8s/bin/environment.sh# 设置集群参数
[root@k8s-master admin]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kubectl.kubeconfig
#设置客户端认证参数
[root@k8s-master admin]# kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kubectl.kubeconfig
#设置上下文参数,包含集群名称和访问集群的用户名字
[root@k8s-master admin]# kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=kubectl.kubeconfig
#使用默认上下文
[root@k8s-master admin]# kubectl config use-context kubernetes --kubeconfig=kubectl.kubeconfig
Switched to context "kubernetes".2.
kubectl config set-cluster
参考命令,见下:
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kubectl.kubeconfig
命令帮助,见下:
kubectl config set-cluster -h
Sets a cluster entry in kubeconfig.
Specifying a name that already exists will merge new fields on top of existing
values for those fields.
Examples:
# Set only the server field on the e2e cluster entry without touching other
values.
kubectl config set-cluster e2e --server=https://1.2.3.4
# Embed certificate authority data for the e2e cluster entry
kubectl config set-cluster e2e
--certificate-authority=~/.kube/e2e/kubernetes.ca.crt
# Disable cert checking for the dev cluster entry
kubectl config set-cluster e2e --insecure-skip-tls-verify=true
Options:
--embed-certs=false: embed-certs for the cluster entry in kubeconfig
Usage:
kubectl config set-cluster NAME [--server=server]
[--certificate-authority=path/to/certificate/authority]
[--insecure-skip-tls-verify=true] [options]
Use "kubectl options" for a list of global command-line options (applies to all
commands).参数说明:
kubernetes ##集群名字
--certificate-authority=/etc/kubernetes/cert/ca.pem ##集群证书颁发ca
--embed-certs=true --server=${KUBE_APISERVER} ##集群服务ip
--kubeconfig=kubectl.kubeconfig ##把命令生成的信息内容写入kubeconfig,并且同时写入kubectl.kubeconfig文件3.
kubectl config set-credentials
参考命令,见下:
kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kubectl.kubeconfig命令帮助,见下:
[root@k8s-master1 admin]# kubectl config set-credentials -h
Sets a user entry in kubeconfig
Specifying a name that already exists will merge new fields on top of existing
values.
Client-certificate flags:
--client-certificate=certfile --client-key=keyfile
Bearer token flags:
--token=bearer_token
Basic auth flags:
--username=basic_user --password=basic_password
Bearer token and basic auth are mutually exclusive.
Examples:
# Set only the "client-key" field on the "cluster-admin"
# entry, without touching other values:
kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key
# Set basic auth for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --username=admin
--password=uXFGweU9l35qcif
# Embed client certificate data in the "cluster-admin" entry
kubectl config set-credentials cluster-admin
--client-certificate=~/.kube/admin.crt --embed-certs=true
# Enable the Google Compute Platform auth provider for the "cluster-admin"
entry
kubectl config set-credentials cluster-admin --auth-provider=gcp
# Enable the OpenID Connect auth provider for the "cluster-admin" entry with
additional args
kubectl config set-credentials cluster-admin --auth-provider=oidc
--auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
# Remove the "client-secret" config value for the OpenID Connect auth provider
for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=oidc
--auth-provider-arg=client-secret-
Options:
--auth-provider='': Auth provider for the user entry in kubeconfig
--auth-provider-arg=[]: 'key=value' arguments for the auth provider
--embed-certs=false: Embed client cert/key for the user entry in
kubeconfig
Usage:
kubectl config set-credentials NAME [--client-certificate=path/to/certfile]
[--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user]
[--password=basic_password] [--auth-provider=provider_name]
[--auth-provider-arg=key=value] [options]
Use "kubectl options" for a list of global command-line options (applies to all
commands).参数说明:
admin ##用户名
--client-certificate=admin.pem ##用到的证书
--client-key=admin-key.pem ##用到的私钥
--embed-certs=true ##把client端的证书和私钥写入kubeconfig文件4.
kubectl config set-context
参考命令,见下:
kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=kubectl.kubeconfig命令帮助,见下:
[root@k8s-master1 admin]# kubectl config set-context -h
Sets a context entry in kubeconfig
Specifying a name that already exists will merge new fields on top of existing
values for those fields.
Examples:
# Set the user field on the gce context entry without touching other values
kubectl config set-context gce --user=cluster-admin
Usage:
kubectl config set-context NAME [--cluster=cluster_nickname]
[--user=user_nickname] [--namespace=namespace] [options]
Use "kubectl options" for a list of global command-line options (applies to all
commands).参数说明:
kubernetes ##context名字
--cluster=kubernetes ##集群名字
--user=admin ##访问集群的用户名字5.
kubectl config use-context
参考命令见下:
kubectl config use-context kubernetes --kubeconfig=kubectl.kubeconfig命令帮助,见下:
[root@k8s-master1 admin]# kubectl config use-context -h
Sets the current-context in a kubeconfig file
Aliases:
use-context, use
Examples:
# Use the context for the minikube cluster
kubectl config use-context minikube
Usage:
kubectl config use-context CONTEXT_NAME [options]
Use "kubectl options" for a list of global command-line options (applies to all
commands).参数说明:
kubernetes ##使用的context名字6.清空以前的配置
清空前的情况:
[root@k8s-master1 admin]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.32.127:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
[root@k8s-master1 admin]#清空:
[root@k8s-master1 admin]# kubectl config delete-context kubernetes
warning: this removed your active context, use "kubectl config use-context" to select a different one
deleted context kubernetes from /root/.kube/config
[root@k8s-master1 admin]# kubectl config delete-cluster kubernetes
deleted cluster kubernetes from /root/.kube/config
[root@k8s-master1 admin]#
[root@k8s-master1 admin]# kubectl config unset current-context
Property "current-context" unset.
[root@k8s-master1 .kube]# rm -rf config再执行kubectl config view
[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s-master1 .kube]#7.重新执行命令
# 设置集群参数
[root@k8s-master1 .kube]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=https://192.168.32.127:8443 --kubeconfig=config
Cluster "kubernetes" set.注意:
--server=https=//192.168.32.127:8443 ##这里我使用了真实地址
--kubeconfig=config ##我就是.kube目录下,所以直接生成config文件[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https=//192.168.32.127:8443
name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s-master1 .kube]##对比:执行完成这条命令后,集群信息和用到的证书已经写入
#设置客户端认证参数
[root@k8s-master1 .kube]# kubectl config set-credentials admin --client-certificate=/root/k8s/key/admin/admin.pem --client-key=/root/k8s/key/admin/admin-key.pem --embed-certs=true --kubeconfig=config
User "admin" set.[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https=//192.168.32.127:8443
name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
[root@k8s-master1 .kube]##对比:执行完成这条命令后,用户信息和所用的证书和私钥已经写入
#设置上下文参数
[root@k8s-master1 .kube]# kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=config
Context "kubernetes" created.
[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https=//192.168.32.127:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED[root@k8s-master1 .kube]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
kubernetes kubernetes admin
[root@k8s-master1 .kube]##对比:context已经写入
#使用上下文参数
[root@k8s-master1 .kube]# kubectl config use-context kubernetes --kubeconfig=config
Switched to context "kubernetes".
[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https=//192.168.32.127:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED[root@k8s-master1 .kube]# kubectl config current-context
kubernetes#对比:注意current-context: kubernetes,已经使用.
转载于:https://blog.51cto.com/goome/2357820
类似资料: