k8s-學習筆記12-許可權體系
阿新 • • 發佈:2021-01-07
kuceconfig管理員賬戶
在python呼叫api時,需要使用這份config,最高許可權
cat > admin-csr.json <<EOF { "CN": "admin", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "hangzhou", "ST": "hangzhou", "O": "system:masters", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client admin-csr.json | cfssljson -bare admin
# 設定叢集引數 kubectl config set-cluster kubernetes \ --server=https://192.168.18.56:6443 \ --certificate-authority=/opt/kubernetes/server/bin/cert/ca.pem \ --embed-certs=true \ --kubeconfig=admin.kubeconfig # 設定客戶端認證引數 kubectl config set-credentials cluster-admin \ --certificate-authority=/opt/kubernetes/server/bin/cert/ca.pem \ --embed-certs=true \ --client-key=/opt/kubernetes/server/bin/cert/admin-key.pem \ --client-certificate=/opt/kubernetes/server/bin/cert/admin.pem \ --kubeconfig=admin.kubeconfig # 設定上下文引數 kubectl config set-context default \ --cluster=kubernetes \ --user=cluster-admin \ --kubeconfig=admin.kubeconfig # 設定預設上下文 kubectl config use-context default --kubeconfig=admin.kubeconfig