kebernetes dashboard使用config和Token
阿新 • • 發佈:2018-11-09
安裝yaml:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml刪除yaml:
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yamlkubectl get pods -n kube-system
檢視使用已經安裝 [[email protected] ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-78fcdf6894-27npt 1/1 Running 1 9d coredns-78fcdf6894-mbg8n 1/1 Running 1 9d etcd-master 1/1 Running 1 9d kube-apiserver-master 1/1 Running 1 9d kube-controller-manager-master 1/1 Running 1 9d kube-flannel-ds-amd64-qdmsx 1/1 Running 0 9d kube-flannel-ds-amd64-rhb49 1/1 Running 6 9d kube-flannel-ds-amd64-sd6mr 1/1 Running 1 9d kube-proxy-g9n4d 1/1 Running 1 9d kube-proxy-wrqt8 1/1 Running 2 9d kube-proxy-x7vc2 1/1 Running 0 9d kube-scheduler-master 1/1 Running 1 9d kubernetes-dashboard-767dc7d4d-k4dbh 1/1 Running 0 2m 安裝成功
[[email protected] ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 9d kubernetes-dashboard ClusterIP 10.97.213.220 <none> 443/TCP 1m
使用打補丁的方式,給定一個埠
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
[[email protected] ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
service/kubernetes-dashboard patched
然後再次檢視:
[[email protected] ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 9d
kubernetes-dashboard NodePort 10.97.213.220 <none> 443:31198/TCP 7m然後可以在節點的任何ip都可以訪問web介面
https://192.168.68.10:31198
注意:認證的主使用者上有什麼許可權,這裡就有什麼許可權
[[email protected] ~]# cd .kube/
[[email protected] .kube]# ls
cache config http-cache
[[email protected] .kube]# cp config kubernetes-admin.conf
拷貝出來,直接上傳,發現無法登入
刪除dashboard
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
[[email protected] .kube]# kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" deleted
serviceaccount "kubernetes-dashboard" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
deployment.apps "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted######################################################
我們給dashboard單獨建立一個證書
[[email protected] .kube]# cd /etc/kubernetes/pki/
[[email protected] pki]# ls
apiserver.crt apiserver.key ca.crt front-proxy-ca.crt front-proxy-client.key jesse.key
apiserver-etcd-client.crt apiserver-kubelet-client.crt ca.key front-proxy-ca.key jesse.crt sa.key
apiserver-etcd-client.key apiserver-kubelet-client.key etcd front-proxy-client.crt jesse.csr sa.pub生成證書:
[[email protected] pki]# (umask 077; openssl genrsa -out dashboard.key 2048)
Generating RSA private key, 2048 bit long modulus
.................................................................................+++
..............+++
e is 65537 (0x10001)
建立證書籤署請求:
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=jesse/CN=dashboard"
dashboard如果有域名的話,一定寫域名
利用ca.crt和ca.key給剛剛建立的簽證
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
[[email protected] pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
Signature ok
subject=/O=jesse/CN=dashboard
Getting CA Private Key
簽署完成
我們現在將剛剛建立的私鑰和證書建立一個secret
kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
[[email protected] pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
secret/dashboard-cert created
檢視是否在系統中新增:
kubectl get secret -n kube-system
[[email protected] pki]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-9dtnk kubernetes.io/service-account-token 3 9d
bootstrap-signer-token-rcd26 kubernetes.io/service-account-token 3 9d
certificate-controller-token-6kxxj kubernetes.io/service-account-token 3 9d
clusterrole-aggregation-controller-token-6czpt kubernetes.io/service-account-token 3 9d
coredns-token-shzjx kubernetes.io/service-account-token 3 9d
cronjob-controller-token-d6rv2 kubernetes.io/service-account-token 3 9d
daemon-set-controller-token-vm2zh kubernetes.io/service-account-token 3 9d
dashboard-cert Opaque 2 1m #已經生效
default-token-svvdz kubernetes.io/service-account-token 3 9d
deployment-controller-token-tjkk6 kubernetes.io/service-account-token 3 9d
disruption-controller-token-k95r5 kubernetes.io/service-account-token 3 9d
endpoint-controller-token-t92ng kubernetes.io/service-account-token 3 9d
expand-controller-token-zhv94 kubernetes.io/service-account-token 3 9d
flannel-token-4m6lp kubernetes.io/service-account-token 3 9d
generic-garbage-collector-token-q44gt kubernetes.io/service-account-token 3 9d
horizontal-pod-autoscaler-token-7lr9r kubernetes.io/service-account-token 3 9d
job-controller-token-m2wtt kubernetes.io/service-account-token 3 9d
kube-proxy-token-t57kk kubernetes.io/service-account-token 3 9d
kubernetes-dashboard-key-holder Opaque 2 38m
namespace-controller-token-q52hc kubernetes.io/service-account-token 3 9d
node-controller-token-t4rhn kubernetes.io/service-account-token 3 9d
persistent-volume-binder-token-4wjnc kubernetes.io/service-account-token 3 9d
pod-garbage-collector-token-p9csq kubernetes.io/service-account-token 3 9d
pv-protection-controller-token-9xz9s kubernetes.io/service-account-token 3 9d
pvc-protection-controller-token-ptq5x kubernetes.io/service-account-token 3 9d
replicaset-controller-token-k9bnc kubernetes.io/service-account-token 3 9d
replication-controller-token-4v225 kubernetes.io/service-account-token 3 9d
resourcequota-controller-token-g4k4r kubernetes.io/service-account-token 3 9d
service-account-controller-token-s99cb kubernetes.io/service-account-token 3 9d
service-controller-token-ljtdf kubernetes.io/service-account-token 3 9d
statefulset-controller-token-zb4rp kubernetes.io/service-account-token 3 9d
token-cleaner-token-x8vd6 kubernetes.io/service-account-token 3 9d
ttl-controller-token-tvdfx kubernetes.io/service-account-token 3 9d
繼續建立:
[[email protected] pki]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created使用Token認證的方式
[[email protected] pki]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[[email protected] pki]# kubectl get sa -n kube-system
NAME SECRETS AGE
attachdetach-controller 1 9d
bootstrap-signer 1 9d
certificate-controller 1 9d
clusterrole-aggregation-controller 1 9d
coredns 1 9d
cronjob-controller 1 9d
daemon-set-controller 1 9d
dashboard-admin 1 49s #成功
default 1 9d
deployment-controller 1 9d
disruption-controller 1 9d
endpoint-controller 1 9d
expand-controller 1 9d
flannel 1 9d
generic-garbage-collector 1 9d
horizontal-pod-autoscaler 1 9d
job-controller 1 9d
kube-proxy 1 9d
kubernetes-dashboard 1 16m
namespace-controller 1 9d
node-controller 1 9d
persistent-volume-binder 1 9d
pod-garbage-collector 1 9d
pv-protection-controller 1 9d
pvc-protection-controller 1 9d
replicaset-controller 1 9d
replication-controller 1 9d
resourcequota-controller 1 9d
service-account-controller 1 9d
service-controller 1 9d
statefulset-controller 1 9d
token-cleaner 1 9d
ttl-controller 1 9d
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[[email protected] pki]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
[[email protected] pki]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-9dtnk kubernetes.io/service-account-token 3 10d
bootstrap-signer-token-rcd26 kubernetes.io/service-account-token 3 10d
certificate-controller-token-6kxxj kubernetes.io/service-account-token 3 10d
clusterrole-aggregation-controller-token-6czpt kubernetes.io/service-account-token 3 10d
coredns-token-shzjx kubernetes.io/service-account-token 3 10d
cronjob-controller-token-d6rv2 kubernetes.io/service-account-token 3 10d
daemon-set-controller-token-vm2zh kubernetes.io/service-account-token 3 10d
dashboard-admin-token-8bnk8 kubernetes.io/service-account-token 3 8m #建立成功
dashboard-cert Opaque 2 30m
default-token-svvdz kubernetes.io/service-account-token 3 10d
deployment-controller-token-tjkk6 kubernetes.io/service-account-token 3 10d
disruption-controller-token-k95r5 kubernetes.io/service-account-token 3 10d
endpoint-controller-token-t92ng kubernetes.io/service-account-token 3 10d
expand-controller-token-zhv94 kubernetes.io/service-account-token 3 10d
flannel-token-4m6lp kubernetes.io/service-account-token 3 9d
generic-garbage-collector-token-q44gt kubernetes.io/service-account-token 3 10d
horizontal-pod-autoscaler-token-7lr9r kubernetes.io/service-account-token 3 10d
job-controller-token-m2wtt kubernetes.io/service-account-token 3 10d
kube-proxy-token-t57kk kubernetes.io/service-account-token 3 10d
kubernetes-dashboard-certs Opaque 0 24m
kubernetes-dashboard-key-holder Opaque 2 1h
kubernetes-dashboard-token-qf87c kubernetes.io/service-account-token 3 24m
namespace-controller-token-q52hc kubernetes.io/service-account-token 3 10d
node-controller-token-t4rhn kubernetes.io/service-account-token 3 10d
persistent-volume-binder-token-4wjnc kubernetes.io/service-account-token 3 10d
pod-garbage-collector-token-p9csq kubernetes.io/service-account-token 3 10d
pv-protection-controller-token-9xz9s kubernetes.io/service-account-token 3 10d
pvc-protection-controller-token-ptq5x kubernetes.io/service-account-token 3 10d
replicaset-controller-token-k9bnc kubernetes.io/service-account-token 3 10d
replication-controller-token-4v225 kubernetes.io/service-account-token 3 10d
resourcequota-controller-token-g4k4r kubernetes.io/service-account-token 3 10d
service-account-controller-token-s99cb kubernetes.io/service-account-token 3 10d
service-controller-token-ljtdf kubernetes.io/service-account-token 3 10d
statefulset-controller-token-zb4rp kubernetes.io/service-account-token 3 10d
token-cleaner-token-x8vd6 kubernetes.io/service-account-token 3 10d
ttl-controller-token-tvdfx kubernetes.io/service-account-token 3 10d檢視一下Token資訊:
kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system
[[email protected] pki]# kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system
Name: dashboard-admin-token-8bnk8
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=dashboard-admin
kubernetes.io/service-account.uid=1fe0b1f6-b830-11e8-9195-000c29f33006
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOGJuazgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMWZlMGIxZjYtYjgzMC0xMWU4LTkxOTUtMDAwYzI5ZjMzMDA2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.eqXuTpMrkGj88HoxH4P5Ou0sponWDIE6Sw3c_zpJpcpCji54Vo3YHSQaspX2GoYX9t-WIMtGMXdqX4KE7AjKHqTwf3SDBvt9PZUOpH98QMnmg9q_9Bnd9sPpq5OOWAEXZpwWJYi_hK6gd61H1r2T5uau_TyDelsmZ0WP0AjSGVR39xuIcMzUIj4BONgyVBcU2cI0tR4svTJoICPWTO7pxGblZgON0iDISiXRua2kOeVymuOM7e5HpUutltn704AELjBLJck-zFjSGwz4WcnGBAa8H2-akNkjzl-vjog7mLef1He7AOCzUR49tUwPBYV5eeuCTAk3vSH-W7CCDORNoA
ca.crt: 1025 bytes
namespace: 11 bytes
[[email protected] pki]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10d
kubernetes-dashboard ClusterIP 10.108.38.237 <none> 443/TCP 28m
重新生成埠:
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
[[email protected] pki]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10d
kubernetes-dashboard NodePort 10.108.38.237 <none> 443:31619/TCP 30m
kubeconfig登入
建立證書流程:
設定個許可權小一些的,只能對名稱空間有管理許可權
在def-ns-admin中建立
kubectl create serviceaccount def-ns-admin -n default
[[email protected] pki]# kubectl create serviceaccount def-ns-admin -n default
serviceaccount/def-ns-admin created
kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
[[email protected] pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created
獲取secret:
[[email protected] pki]# kubectl get secret
NAME TYPE DATA AGE
def-ns-admin-token-87t8n kubernetes.io/service-account-token 3 4m
default-token-2xnhm kubernetes.io/service-account-token 3 7d
[[email protected] pki]# kubectl describe secret def-ns-admin-token-87t8n
Name: def-ns-admin-token-87t8n
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name=def-ns-admin
kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
使用上面的Token登入的話只能管理namespace名稱空間
可以使用上面token 令牌登入,但是許可權不多。
##############################
##############################
使用配置檔案登入
cd /etc/kubernetes/pki
kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf
建立一個叢集:
[[email protected] pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf
Cluster "kubernetes" set.
檢視:
[[email protected] pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
設定使用者賬戶:
kubectl get secret
[[email protected] pki]# kubectl get secret
NAME TYPE DATA AGE
def-ns-admin-token-87t8n kubernetes.io/service-account-token 3 36m
default-token-2xnhm kubernetes.io/service-account-token 3 7d
[[email protected] pki]# kubectl describe secret def-ns-admin-token-87t8n
Name: def-ns-admin-token-87t8n
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name=def-ns-admin
kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)
[[email protected] pki]# DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)
[[email protected] pki]#
[[email protected] pki]# echo $DEF_NS_ADMIN_TOKEN
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
kubectl config set-credentials def-ns-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=/root/def-ns-admin.conf
[[email protected] pki]# kubectl config set-credentials def-ns-admin --token=$DES_NS_ADMIN_TOKEN --kubeconfig=/root/def-ns-admin.conf
User "def-ns-admin" set.
kubectl config view --kubeconfig=/root/def-ns-admin.conf
kubectl config set-context [email protected] --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf
[[email protected] pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernets
user: def-ns-admin
name: [email protected]
current-context: ""
kind: Config
preferences: {}
users:
- name: def-ns-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA
[[email protected] pki]# kubectl config set-context [email protected] --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf
Context "[email protected]" created.
切換使用者:
kubectl config use-context [email protected] --kubeconfig=/root/def-ns-admin.conf
[[email protected] pki]# kubectl config use-context [email protected] --kubeconfig=/root/def-ns-admin.conf
Switched to context "[email protected]".
檢視是否生效:
[[email protected] pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernets
user: def-ns-admin
name: [email protected]
current-context: [email protected]
kind: Config
preferences: {}
users:
- name: def-ns-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA
已經生效
將上面的資訊儲存成.conf的檔案或者將/root/def-ns-admin.conf 檔案拷貝出來就可以直接使用配置檔案登入