版权声明:知识就是为了传播! https://blog.csdn.net/weixin_36171533/article/details/82726464
安装yaml:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
删除yaml:
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl get pods -n kube-system
查看使用已经安装
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-78fcdf6894-27npt 1/1 Running 1 9d
coredns-78fcdf6894-mbg8n 1/1 Running 1 9d
etcd-master 1/1 Running 1 9d
kube-apiserver-master 1/1 Running 1 9d
kube-controller-manager-master 1/1 Running 1 9d
kube-flannel-ds-amd64-qdmsx 1/1 Running 0 9d
kube-flannel-ds-amd64-rhb49 1/1 Running 6 9d
kube-flannel-ds-amd64-sd6mr 1/1 Running 1 9d
kube-proxy-g9n4d 1/1 Running 1 9d
kube-proxy-wrqt8 1/1 Running 2 9d
kube-proxy-x7vc2 1/1 Running 0 9d
kube-scheduler-master 1/1 Running 1 9d
kubernetes-dashboard-767dc7d4d-k4dbh 1/1 Running 0 2m
安装成功
[root@master ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 9d
kubernetes-dashboard ClusterIP 10.97.213.220 <none> 443/TCP 1m
使用打补丁的方式,给定一个端口
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
[root@master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
service/kubernetes-dashboard patched
然后再次查看:
[root@master ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 9d
kubernetes-dashboard NodePort 10.97.213.220 <none> 443:31198/TCP 7m
然后可以在节点的任何ip都可以访问web界面
https://192.168.68.10:31198
注意:认证的主用户上有什么权限,这里就有什么权限
[root@master ~]# cd .kube/
[root@master .kube]# ls
cache config http-cache
[root@master .kube]# cp config kubernetes-admin.conf
拷贝出来,直接上传,发现无法登录
删除dashboard
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
[root@master .kube]# kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" deleted
serviceaccount "kubernetes-dashboard" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
deployment.apps "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
######################################################
我们给dashboard单独创建一个证书
[root@master .kube]# cd /etc/kubernetes/pki/
[root@master pki]# ls
apiserver.crt apiserver.key ca.crt front-proxy-ca.crt front-proxy-client.key jesse.key
apiserver-etcd-client.crt apiserver-kubelet-client.crt ca.key front-proxy-ca.key jesse.crt sa.key
apiserver-etcd-client.key apiserver-kubelet-client.key etcd front-proxy-client.crt jesse.csr sa.pub
生成证书:
[root@master pki]# (umask 077; openssl genrsa -out dashboard.key 2048)
Generating RSA private key, 2048 bit long modulus
.................................................................................+++
..............+++
e is 65537 (0x10001)
建立证书签署请求:
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=jesse/CN=dashboard"
dashboard如果有域名的话,一定写域名
利用ca.crt和ca.key给刚刚创建的签证
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
[root@master pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
Signature ok
subject=/O=jesse/CN=dashboard
Getting CA Private Key
签署完成
我们现在将刚刚创建的私钥和证书创建一个secret
kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
[root@master pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
secret/dashboard-cert created
查看是否在系统中添加:
kubectl get secret -n kube-system
[root@master pki]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-9dtnk kubernetes.io/service-account-token 3 9d
bootstrap-signer-token-rcd26 kubernetes.io/service-account-token 3 9d
certificate-controller-token-6kxxj kubernetes.io/service-account-token 3 9d
clusterrole-aggregation-controller-token-6czpt kubernetes.io/service-account-token 3 9d
coredns-token-shzjx kubernetes.io/service-account-token 3 9d
cronjob-controller-token-d6rv2 kubernetes.io/service-account-token 3 9d
daemon-set-controller-token-vm2zh kubernetes.io/service-account-token 3 9d
dashboard-cert Opaque 2 1m #已经生效
default-token-svvdz kubernetes.io/service-account-token 3 9d
deployment-controller-token-tjkk6 kubernetes.io/service-account-token 3 9d
disruption-controller-token-k95r5 kubernetes.io/service-account-token 3 9d
endpoint-controller-token-t92ng kubernetes.io/service-account-token 3 9d
expand-controller-token-zhv94 kubernetes.io/service-account-token 3 9d
flannel-token-4m6lp kubernetes.io/service-account-token 3 9d
generic-garbage-collector-token-q44gt kubernetes.io/service-account-token 3 9d
horizontal-pod-autoscaler-token-7lr9r kubernetes.io/service-account-token 3 9d
job-controller-token-m2wtt kubernetes.io/service-account-token 3 9d
kube-proxy-token-t57kk kubernetes.io/service-account-token 3 9d
kubernetes-dashboard-key-holder Opaque 2 38m
namespace-controller-token-q52hc kubernetes.io/service-account-token 3 9d
node-controller-token-t4rhn kubernetes.io/service-account-token 3 9d
persistent-volume-binder-token-4wjnc kubernetes.io/service-account-token 3 9d
pod-garbage-collector-token-p9csq kubernetes.io/service-account-token 3 9d
pv-protection-controller-token-9xz9s kubernetes.io/service-account-token 3 9d
pvc-protection-controller-token-ptq5x kubernetes.io/service-account-token 3 9d
replicaset-controller-token-k9bnc kubernetes.io/service-account-token 3 9d
replication-controller-token-4v225 kubernetes.io/service-account-token 3 9d
resourcequota-controller-token-g4k4r kubernetes.io/service-account-token 3 9d
service-account-controller-token-s99cb kubernetes.io/service-account-token 3 9d
service-controller-token-ljtdf kubernetes.io/service-account-token 3 9d
statefulset-controller-token-zb4rp kubernetes.io/service-account-token 3 9d
token-cleaner-token-x8vd6 kubernetes.io/service-account-token 3 9d
ttl-controller-token-tvdfx kubernetes.io/service-account-token 3 9d
继续创建:
[root@master pki]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
使用Token认证的方式
[root@master pki]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master pki]# kubectl get sa -n kube-system
NAME SECRETS AGE
attachdetach-controller 1 9d
bootstrap-signer 1 9d
certificate-controller 1 9d
clusterrole-aggregation-controller 1 9d
coredns 1 9d
cronjob-controller 1 9d
daemon-set-controller 1 9d
dashboard-admin 1 49s #成功
default 1 9d
deployment-controller 1 9d
disruption-controller 1 9d
endpoint-controller 1 9d
expand-controller 1 9d
flannel 1 9d
generic-garbage-collector 1 9d
horizontal-pod-autoscaler 1 9d
job-controller 1 9d
kube-proxy 1 9d
kubernetes-dashboard 1 16m
namespace-controller 1 9d
node-controller 1 9d
persistent-volume-binder 1 9d
pod-garbage-collector 1 9d
pv-protection-controller 1 9d
pvc-protection-controller 1 9d
replicaset-controller 1 9d
replication-controller 1 9d
resourcequota-controller 1 9d
service-account-controller 1 9d
service-controller 1 9d
statefulset-controller 1 9d
token-cleaner 1 9d
ttl-controller 1 9d
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master pki]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
[root@master pki]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-9dtnk kubernetes.io/service-account-token 3 10d
bootstrap-signer-token-rcd26 kubernetes.io/service-account-token 3 10d
certificate-controller-token-6kxxj kubernetes.io/service-account-token 3 10d
clusterrole-aggregation-controller-token-6czpt kubernetes.io/service-account-token 3 10d
coredns-token-shzjx kubernetes.io/service-account-token 3 10d
cronjob-controller-token-d6rv2 kubernetes.io/service-account-token 3 10d
daemon-set-controller-token-vm2zh kubernetes.io/service-account-token 3 10d
dashboard-admin-token-8bnk8 kubernetes.io/service-account-token 3 8m #创建成功
dashboard-cert Opaque 2 30m
default-token-svvdz kubernetes.io/service-account-token 3 10d
deployment-controller-token-tjkk6 kubernetes.io/service-account-token 3 10d
disruption-controller-token-k95r5 kubernetes.io/service-account-token 3 10d
endpoint-controller-token-t92ng kubernetes.io/service-account-token 3 10d
expand-controller-token-zhv94 kubernetes.io/service-account-token 3 10d
flannel-token-4m6lp kubernetes.io/service-account-token 3 9d
generic-garbage-collector-token-q44gt kubernetes.io/service-account-token 3 10d
horizontal-pod-autoscaler-token-7lr9r kubernetes.io/service-account-token 3 10d
job-controller-token-m2wtt kubernetes.io/service-account-token 3 10d
kube-proxy-token-t57kk kubernetes.io/service-account-token 3 10d
kubernetes-dashboard-certs Opaque 0 24m
kubernetes-dashboard-key-holder Opaque 2 1h
kubernetes-dashboard-token-qf87c kubernetes.io/service-account-token 3 24m
namespace-controller-token-q52hc kubernetes.io/service-account-token 3 10d
node-controller-token-t4rhn kubernetes.io/service-account-token 3 10d
persistent-volume-binder-token-4wjnc kubernetes.io/service-account-token 3 10d
pod-garbage-collector-token-p9csq kubernetes.io/service-account-token 3 10d
pv-protection-controller-token-9xz9s kubernetes.io/service-account-token 3 10d
pvc-protection-controller-token-ptq5x kubernetes.io/service-account-token 3 10d
replicaset-controller-token-k9bnc kubernetes.io/service-account-token 3 10d
replication-controller-token-4v225 kubernetes.io/service-account-token 3 10d
resourcequota-controller-token-g4k4r kubernetes.io/service-account-token 3 10d
service-account-controller-token-s99cb kubernetes.io/service-account-token 3 10d
service-controller-token-ljtdf kubernetes.io/service-account-token 3 10d
statefulset-controller-token-zb4rp kubernetes.io/service-account-token 3 10d
token-cleaner-token-x8vd6 kubernetes.io/service-account-token 3 10d
ttl-controller-token-tvdfx kubernetes.io/service-account-token 3 10d
查看一下Token信息:
kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system
[root@master pki]# kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system
Name: dashboard-admin-token-8bnk8
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=dashboard-admin
kubernetes.io/service-account.uid=1fe0b1f6-b830-11e8-9195-000c29f33006
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOGJuazgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMWZlMGIxZjYtYjgzMC0xMWU4LTkxOTUtMDAwYzI5ZjMzMDA2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.eqXuTpMrkGj88HoxH4P5Ou0sponWDIE6Sw3c_zpJpcpCji54Vo3YHSQaspX2GoYX9t-WIMtGMXdqX4KE7AjKHqTwf3SDBvt9PZUOpH98QMnmg9q_9Bnd9sPpq5OOWAEXZpwWJYi_hK6gd61H1r2T5uau_TyDelsmZ0WP0AjSGVR39xuIcMzUIj4BONgyVBcU2cI0tR4svTJoICPWTO7pxGblZgON0iDISiXRua2kOeVymuOM7e5HpUutltn704AELjBLJck-zFjSGwz4WcnGBAa8H2-akNkjzl-vjog7mLef1He7AOCzUR49tUwPBYV5eeuCTAk3vSH-W7CCDORNoA
ca.crt: 1025 bytes
namespace: 11 bytes
[root@master pki]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10d
kubernetes-dashboard ClusterIP 10.108.38.237 <none> 443/TCP 28m
重新生成端口:
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
[root@master pki]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10d
kubernetes-dashboard NodePort 10.108.38.237 <none> 443:31619/TCP 30m
kubeconfig登录
创建证书流程:
设置个权限小一些的,只能对名称空间有管理权限
在def-ns-admin中创建
kubectl create serviceaccount def-ns-admin -n default
[root@master pki]# kubectl create serviceaccount def-ns-admin -n default
serviceaccount/def-ns-admin created
kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
[root@master pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created
获取secret:
[root@master pki]# kubectl get secret
NAME TYPE DATA AGE
def-ns-admin-token-87t8n kubernetes.io/service-account-token 3 4m
default-token-2xnhm kubernetes.io/service-account-token 3 7d
[root@master pki]# kubectl describe secret def-ns-admin-token-87t8n
Name: def-ns-admin-token-87t8n
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name=def-ns-admin
kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
使用上面的Token登录的话只能管理namespace命名空间
可以使用上面token 令牌登录,但是权限不多。
##############################
##############################
使用配置文件登录
cd /etc/kubernetes/pki
kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf
创建一个集群:
[root@master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf
Cluster "kubernetes" set.
查看:
[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
设置用户账户:
kubectl get secret
[root@master pki]# kubectl get secret
NAME TYPE DATA AGE
def-ns-admin-token-87t8n kubernetes.io/service-account-token 3 36m
default-token-2xnhm kubernetes.io/service-account-token 3 7d
[root@master pki]# kubectl describe secret def-ns-admin-token-87t8n
Name: def-ns-admin-token-87t8n
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name=def-ns-admin
kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)
[root@master pki]# DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)
[root@master pki]#
[root@master pki]# echo $DEF_NS_ADMIN_TOKEN
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA
kubectl config set-credentials def-ns-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=/root/def-ns-admin.conf
[root@master pki]# kubectl config set-credentials def-ns-admin --token=$DES_NS_ADMIN_TOKEN --kubeconfig=/root/def-ns-admin.conf
User "def-ns-admin" set.
kubectl config view --kubeconfig=/root/def-ns-admin.conf
kubectl config set-context def-ns-admin@kubernetes --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf
[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernets
user: def-ns-admin
name: def-ns-admin@kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: def-ns-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA
[root@master pki]# kubectl config set-context def-ns-admin@kubernetes --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf
Context "def-ns-admin@kubernetes" created.
切换用户:
kubectl config use-context def-ns-admin@kubernetes --kubeconfig=/root/def-ns-admin.conf
[root@master pki]# kubectl config use-context def-ns-admin@kubernetes --kubeconfig=/root/def-ns-admin.conf
Switched to context "def-ns-admin@kubernetes".
查看是否生效:
[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://192.168.146.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernets
user: def-ns-admin
name: def-ns-admin@kubernetes
current-context: def-ns-admin@kubernetes
kind: Config
preferences: {}
users:
- name: def-ns-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA
已经生效
将上面的信息保存成.conf的文件或者将/root/def-ns-admin.conf 文件拷贝出来就可以直接使用配置文件登录