二进制部署kubernetes v1.30.2集群 六、创建kubeconfig文件
创建kubeconfig文件
在k8s-master01节点执行
1、进入k8s配置文件目录
cd /data/k8s/conf
2、创建controller-manager服务kubeconfig文件
#在controller-manager.kubeconfig文件中配置集群、证书、apiserver地址和kubeconfig文件生成路径等。 kubectl config set-cluster kubernetes \ --certificate-authority=/data/k8s/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.110.20:9443 \ --kubeconfig=/data/k8s/conf/controller-manager.kubeconfig #在controller-manager.kubeconfig文件中配置controller-manager访问集群的凭据 kubectl config set-credentials system:kube-controller-manager \ --client-certificate=/data/k8s/ssl/controller-manager.pem \ --client-key=/data/k8s/ssl/controller-manager-key.pem \ --embed-certs=true \ --kubeconfig=/data/k8s/conf/controller-manager.kubeconfig #在controller-manager.kubeconfig文件中配置将集群信息和用户绑定在一个工作环境中 kubectl config set-context system:kube-controller-manager@kubernetes \ --cluster=kubernetes \ --user=system:kube-controller-manager \ --kubeconfig=/data/k8s/conf/controller-manager.kubeconfig #设置当前上下文为system:kube-controller-manager@kubernetes kubectl config use-context system:kube-controller-manager@kubernetes \ --kubeconfig=/data/k8s/conf/controller-manager.kubeconfig
3、创建scheduler服务kubeconfig文件
#在scheduler.kubeconfig文件中配置集群、证书、apiserver地址和kubeconfig文件生成路径等。 kubectl config set-cluster kubernetes \ --certificate-authority=/data/k8s/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.110.20:9443 \ --kubeconfig=/data/k8s/conf/scheduler.kubeconfig #在scheduler.kubeconfig文件中配置scheduler访问集群的凭据 kubectl config set-credentials system:kube-scheduler \ --client-certificate=/data/k8s/ssl/scheduler.pem \ --client-key=/data/k8s/ssl/scheduler-key.pem \ --embed-certs=true \ --kubeconfig=/data/k8s/conf/scheduler.kubeconfig #在scheduler.kubeconfig文件中配置将集群信息和用户绑定在一个工作环境中 kubectl config set-context system:kube-scheduler@kubernetes \ --cluster=kubernetes \ --user=system:kube-scheduler \ --kubeconfig=/data/k8s/conf/scheduler.kubeconfig #设置当前上下文为system:kube-scheduler@kubernetes kubectl config use-context system:kube-scheduler@kubernetes \ --kubeconfig=/data/k8s/conf/scheduler.kubeconfig
4、创建kube-proxy服务kubeconfig文件
#在kube-proxy.kubeconfig文件中配置集群、证书、apiserver地址和kubeconfig文件生成路径等。 kubectl config set-cluster kubernetes \ --certificate-authority=/data/k8s/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.110.20:9443 \ --kubeconfig=/data/k8s/conf/kube-proxy.kubeconfig #在kube-proxy.kubeconfig文件中配置kube-proxy访问集群的凭据 kubectl config set-credentials system:kube-proxy \ --client-certificate=/data/k8s/ssl/kube-proxy.pem \ --client-key=/data/k8s/ssl/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=/data/k8s/conf/kube-proxy.kubeconfig #在kube-proxy.kubeconfig文件中配置将集群信息和用户绑定在一个工作环境中 kubectl config set-context system:kube-proxy@kubernetes \ --cluster=kubernetes \ --user=system:kube-proxy \ --kubeconfig=/data/k8s/conf/kube-proxy.kubeconfig #设置当前上下文为kube-proxy@kubernetes kubectl config use-context system:kube-proxy@kubernetes \ --kubeconfig=/data/k8s/conf/kube-proxy.kubeconfig
5、创建kubelet服务kubeconfig文件,配置Bootstrap Token
生成token
BOOTSTRAP_TOKEN=`echo "$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ' | head -c 6).$(head -c 16 /dev/urandom | od -An -t x | tr -d ' '| head -c 16)"`
创建kubeconfig
#在kubelet.kubeconfig文件中配置集群、证书、apiserver地址和kubeconfig文件生成路径等。 kubectl config set-cluster kubernetes \ --certificate-authority=/data/k8s/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.110.20:9443 \ --kubeconfig=/data/k8s/conf/bootstrap-kubelet.kubeconfig #在kubelet.kubeconfig文件中配置kubelet访问集群的凭据 kubectl config set-credentials kubelet-bootstrap \ --token=${BOOTSTRAP_TOKEN} \ --kubeconfig=/data/k8s/conf/bootstrap-kubelet.kubeconfig #在kubelet.kubeconfig文件中配置将集群信息和用户绑定在一个工作环境中 kubectl config set-context kubelet-bootstrap@kubernetes \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=/data/k8s/conf/bootstrap-kubelet.kubeconfig #设置当前上下文为kubelet@kubernetes kubectl config use-context kubelet-bootstrap@kubernetes \ --kubeconfig=/data/k8s/conf/bootstrap-kubelet.kubeconfig
配置Bootstrap Token
cat > /data/k8s/conf/bootstrap-token.yaml <<EOF apiVersion: v1 kind: Secret metadata: name: bootstrap-token-${BOOTSTRAP_TOKEN:0:6} namespace: kube-system type: bootstrap.kubernetes.io/token stringData: token-id: ${BOOTSTRAP_TOKEN:0:6} token-secret: ${BOOTSTRAP_TOKEN:7:16} usage-bootstrap-authentication: "true" usage-bootstrap-signing: "true" auth-extra-groups: system:bootstrappers:worker,system:bootstrappers:ingress EOF
注意:后续授权kubelet自动申请、续订证书中的组名需要在auth-extra-groups中。
6、创建admin用户kubeconfig文件
#在admin.kubeconfig文件中配置集群、证书、apiserver地址和kubeconfig文件生成路径等。 kubectl config set-cluster kubernetes \ --certificate-authority=/data/k8s/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.110.20:9443 \ --kubeconfig=/data/k8s/conf/admin.kubeconfig #在admin.kubeconfig文件中配置admin访问集群的凭据 kubectl config set-credentials k8s-admin \ --client-certificate=/data/k8s/ssl/admin.pem \ --client-key=/data/k8s/ssl/admin-key.pem \ --embed-certs=true \ --kubeconfig=/data/k8s/conf/admin.kubeconfig #在admin.kubeconfig文件中配置将集群信息和用户绑定在一个工作环境中 kubectl config set-context k8s-admin@kubernetes \ --cluster=kubernetes \ --user=k8s-admin \ --kubeconfig=/data/k8s/conf/admin.kubeconfig #设置当前上下文为admin@kubernetes kubectl config use-context k8s-admin@kubernetes \ --kubeconfig=/data/k8s/conf/admin.kubeconfig
7、复制配置文件到其它节点
scp admin.kubeconfig k8s-master01:/root/.kube/config scp admin.kubeconfig k8s-master02:/root/.kube/config scp admin.kubeconfig k8s-master03:/root/.kube/config scp *.kubeconfig k8s-master02:/data/k8s/conf scp *.kubeconfig k8s-master03:/data/k8s/conf scp bootstrap-kubelet.kubeconfig kube-proxy.kubeconfig k8s-node01:/data/k8s/conf scp bootstrap-kubelet.kubeconfig kube-proxy.kubeconfig k8s-node02:/data/k8s/conf
浙公网安备 33010602011771号