kubernetes搭建八、在node上使用kubectl

1、kubectl 默认通过127.0.0.1:8080端口去访问apiserver，这个在前面apiserver的配置文件里有定义了。在master通过http访问apiserver，而在其他节点通过https来访问

在master上可以看到6443端口，用于集群接口https访问的

[root@k8s-master-101 ~]# netstat -tlunp | grep 6443
tcp        0      0 10.0.0.101:6443         0.0.0.0:*               LISTEN      12913/kube-apiserve

[root@k8s-master-101 ~]# kubectl -s 127.0.0.1:8080 get node  
NAME         STATUS   ROLES    AGE   VERSION
10.0.0.102   Ready    <none>   19d   v1.12.2
10.0.0.103   Ready    <none>   19d   v1.12.2

2、在master将kubectl和admin证书复制到node上

[root@k8s-master-101 ~]# scp /opt/kubernetes/bin/kubectl [email protected]:/usr/bin/
kubectl                                                                                   100%   55MB  18.2MB/s   00:03    
[root@k8s-master-101 ~]# scp /opt/kubernetes/bin/kubectl [email protected]:/usr/bin/
kubectl                                                                                   100%   55MB  54.6MB/s   00:01    
[root@k8s-master-101 ~]# scp /opt/kubernetes/ssl/admin*pem [email protected]:/root/
admin-key.pem                                                                             100% 1675    92.3KB/s   00:00    
admin.pem                                                                                 100% 1407   445.5KB/s   00:00    
[root@k8s-master-101 ~]# scp /opt/kubernetes/ssl/admin*pem [email protected]:/root/
admin-key.pem                                                                             100% 1675     1.2MB/s   00:00    
admin.pem

3、在两台node上都执行，配置证书访问https

#把ca证书也复制到root目录下
cp /opt/kubernetes/ssl/ca.pem ./

#设置集群项中名为kubernetes的apiserver地址和证书
kubectl config set-cluster kubernetes --server=https://10.0.0.101:6443 --certificate-authority=ca.pem

ls .kube/   会在.kube文件夹写生成config文件
[root@k8s-node1-102 ~]# ls .kube/ 
config
[root@k8s-node1-102 ~]# cat .kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /root/ca.pem
    server: https://10.0.0.101:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []

#设置用户项中cluster-admin用户证书认证字段
kubectl config set-credentials cluster-admin --certificate-authority=ca.pem --client-key=admin-key.pem --client-certificate=admin.pem  

#设置环境项中名为default的默认集群和用户
kubectl config set-context default --cluster=kubernetes --user=cluster-admin

#设置默认环境项为default
kubectl config use-context default

#最后测试一下
[root@k8s-node1-102 ~]# kubectl get node

NAME         STATUS   ROLES    AGE   VERSION
10.0.0.102   Ready    <none>   19d   v1.12.2
10.0.0.103   Ready    <none>   19d   v1.12.2

4、这时候配置文件指定了访问的master地址以及证书

[root@k8s-node1-102 ~]# cat .kube/config        
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /root/ca.pem
    server: https://10.0.0.101:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: cluster-admin
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: cluster-admin
  user:
    client-certificate: /root/admin.pem
    client-key: /root/admin-key.pem

kubernetes搭建 八、在node上使用kubectl

猜你喜欢

kubernetes搭建八、在node上使用kubectl