|NO.Z.00057|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V10|3台Server|——|kube-master|bootstrap_secret|

一、TLS BootStrapping配置

### --- 创建bootstrap：在k8s-master01创建bootstrap

~~~     # 注意，如果不是高可用集群，
~~~     192.168.1.11:8443改为master01的地址，8443改为apiserver的端口，默认是6443

### --- 在k8s-master01创建bootstrap

[root@k8s-master01 ~]# cd /root/k8s-ha-install/bootstrap

### --- 创建kubernetes.cluster

[root@k8s-master01 bootstrap]# kubectl config set-cluster kubernetes     --certificate-authority=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.11:6443     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
strap-token-user     --token=c8ad9c.2e4d610cf3e7426e --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
kubectl config set-context tls-bootstrap-token-user@kubernetes     --cluster=kubernetes     --user=tls-bootstrap-token-user     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
kubectl config use-context tls-bootstrap-token-user@kubernetes     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果：
Cluster "kubernetes" set.

### --- 创建user:tls-bootstrap-token-user

[root@k8s-master01 bootstrap]# kubectl config set-credentials tls-bootstrap-token-user     --token=c8ad9c.2e4d610cf3e7426e --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果：
User "tls-bootstrap-token-user" set.

### --- 创建context

[root@k8s-master01 bootstrap]# kubectl config set-context tls-bootstrap-token-user@kubernetes     --cluster=kubernetes     --user=tls-bootstrap-token-user     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果：
Context "tls-bootstrap-token-user@kubernetes" created.

### --- 创建context

[root@k8s-master01 bootstrap]# kubectl config use-context tls-bootstrap-token-user@kubernetes     --kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig
~~~     输出结果：
Switched to context "tls-bootstrap-token-user@kubernetes".

二、注意事项

### --- 注意事项

~~~     如果要修改bootstrap.secret.yaml的token-id和token-secret，
~~~     需要保证下图红圈内的字符串一致的，并且位数是一样的。
~~~     还要保证上个命令的黄色字体：c8ad9c.2e4d610cf3e7426e与你修改的字符串要一致

三、创建bootstrap.secret

### --- 创建bootstrap.sercret

[root@k8s-master01 bootstrap]# mkdir -p /root/.kube ; cp /etc/kubernetes/admin.kubeconfig /root/.kube/config
[root@k8s-master01 bootstrap]#  kubectl create -f bootstrap.secret.yaml 
~~~     输出结果：
secret/bootstrap-token-c8ad9c created
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
clusterrolebinding.rbac.authorization.k8s.io/node-autoapprove-bootstrap created
clusterrolebinding.rbac.authorization.k8s.io/node-autoapprove-certificate-rotation created
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart

——W.S.Landor

posted on 2022-03-29 13:32 yanqi_vip 阅读(48) 评论(0) 收藏举报

刷新页面返回顶部

|NO.Z.00057|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V10|3台Server|——|kube-master|bootstrap_secret|

导航

公告