|NO.Z.00033|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V11|5台Server|——|kubernetes-master|bootstrap_secret|

一、TLS BootStrapping配置
### --- 创建bootstrap:在k8s-master01创建bootstrap

~~~     # 注意,如果不是高可用集群,192.168.1.20:8443改为master01的地址,
~~~     # 8443改为apiserver的端口,默认是6443
### --- 在k8s-master01创建bootstrap

[root@k8s-master01 ~]# cd /root/k8s-ha-install/bootstrap
### --- 创建kubernetes.cluster

[root@k8s-master01 bootstrap]# kubectl config set-cluster kubernetes     --certificate-authority=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.20:8443     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果:
Cluster "kubernetes" set.
### --- 创建user:tls-bootstrap-token-user

[root@k8s-master01 bootstrap]# kubectl config set-credentials tls-bootstrap-token-user     --token=c8ad9c.2e4d610cf3e7426e --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果:
User "tls-bootstrap-token-user" set.
### --- 创建context

[root@k8s-master01 bootstrap]# kubectl config set-context tls-bootstrap-token-user@kubernetes     --cluster=kubernetes     --user=tls-bootstrap-token-user     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果:
Context "tls-bootstrap-token-user@kubernetes" created.
### --- 创建context

[root@k8s-master01 bootstrap]# kubectl config use-context tls-bootstrap-token-user@kubernetes     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果:
Switched to context "tls-bootstrap-token-user@kubernetes".
二、注意事项
### --- 注意事项

~~~     如果要修改bootstrap.secret.yaml的token-id和token-secret,
~~~     需要保证下图红圈内的字符串一致的,并且位数是一样的。
~~~     还要保证上个命令的黄色字体:c8ad9c.2e4d610cf3e7426e与你修改的字符串要一致
三、创建bootstrap.secret
### --- 创建bootstrap.sercret

[root@k8s-master01 bootstrap]# mkdir -p /root/.kube ; cp /etc/kubernetes/admin.kubeconfig /root/.kube/config
[root@k8s-master01 bootstrap]# kubectl create -f bootstrap.secret.yaml
~~~     输出结果:
secret/bootstrap-token-c8ad9c created
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
clusterrolebinding.rbac.authorization.k8s.io/node-autoapprove-bootstrap created
clusterrolebinding.rbac.authorization.k8s.io/node-autoapprove-certificate-rotation created
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created
 
 
 
 
 
 
 
 
 
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
                                                                                                                                                   ——W.S.Landor
 

 

posted on 2022-03-29 13:18  yanqi_vip  阅读(109)  评论(0)    收藏  举报

导航