Create a file on node node kubeconfig

#! / bin / bash
#by love19791126 [email protected]
# kubeconfig file created on node node deployed in the master node
#kubeconfig for node Node kuber-proxy and to communicate with the cluster do kubelet certification
# vim / etc / profile
# PATH = $ PATH: / opt / kubernetes / bin

# source /etc/profile

chmod + x-proxy kubelet kubectl apiserver kubeadm controller manager Scheduler
cp proxy kubelet kubectl apiserver kubeadm controller manager Scheduler / opt / kubernetes / bin /

# Set the token
# manually generated CA is very troublesome, only suitable for a small machine, each time when the need to bind Node IP visas, as the machine increases will bring a lot of inconvenience, hence the use of TLS Bootstrapping approach to authorization by the apiserver automatically qualified Node sends a certificate authorized to join the cluster.
# Kubelet approach is started, a request to transmit kuber-apiserver TLS Bootstrapping, while kube-apiserver verify kubelet request token with the same set, as if automatically generated Kuberlet certificates and keys.
# First generation BOOTSTRAP_TOKEN, and establish the bootstrap.conf kubeconfig
Export BOOTSTRAP_TOKEN = $ (head 16 -C / dev / urandom | -An -tx OD | TR -d '')
CAT> << token.csv the EOF
$ {} BOOTSTRAP_TOKEN , kubelet-Bootstrap, 10001, "System: kubelet-Bootstrap"
EOF

# Set api access entry
export KUBE_APISERVER = "https://192.168.1.251:6443"

#设置集群参数
kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server="${KUBE_APISERVER}" --kubeconfig=bootstrap.kubeconfig

# Set the client authentication parameters
kubectl config set-credentials kubelet-bootstrap --token = $ {BOOTSTRAP_TOKEN} --kubeconfig = bootstrap.kubeconfig

# Set context parameters
kubectl config set-context default --cluster = kubernetes --user = kubelet-bootstrap --kubeconfig = bootstrap.kubeconfig

# Set the default context
kubectl config use-context default --kubeconfig = bootstrap.kubeconfig

#设置kube-proxy kubeconfig文件
kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kube-proxy.kubeconfig

#设置kube-proxy证书
kubectl config set-credentials kube-proxy --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig

# Set kube-proxy context
kubectl config set-context default --cluster = kubernetes --user = kube-proxy --kubeconfig = kube-proxy.kubeconfig

# Set the default context kube-proxy
kubectl config use-context default --kubeconfig = kube-proxy.kubeconfig