rootsongjc
/
kubernetes-handbook
mirror of https://github.com/rootsongjc/kubernetes-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

优化格式方便直接复制脚本

pull/43/head
Jimmy Song 2017-08-31 14:19:36 +08:00
parent 43bdc9077e
commit 65f2ff044d
1 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
practice/create-kubeconfig.md
View File

@ -33,31 +33,35 @@ EOF
4. 重新 approve kubelet 的 csr 请求;
``` bash
$cp token.csv /etc/kubernetes/
cp token.csv /etc/kubernetes/
```
## 创建 kubelet bootstrapping kubeconfig 文件
``` bash
$ cd /etc/kubernetes
$ export KUBE_APISERVER="https://172.20.0.113:6443"
$ # 设置集群参数
$ kubectl config set-cluster kubernetes \
cd /etc/kubernetes
export KUBE_APISERVER="https://172.20.0.113:6443"
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=bootstrap.kubeconfig
$ # 设置客户端认证参数
$ kubectl config set-credentials kubelet-bootstrap \
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=bootstrap.kubeconfig
$ # 设置上下文参数
$ kubectl config set-context default \
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig
$ # 设置默认上下文
$ kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
```
+ `--embed-certs``true` 时表示将 `certificate-authority` 证书写入到生成的 `bootstrap.kubeconfig` 文件中;
@ -67,26 +71,26 @@ $ kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
## 创建 kube-proxy kubeconfig 文件
``` bash
$ export KUBE_APISERVER="https://172.20.0.113:6443"
$ # 设置集群参数
$ kubectl config set-cluster kubernetes \
export KUBE_APISERVER="https://172.20.0.113:6443"
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-proxy.kubeconfig
$ # 设置客户端认证参数
$ kubectl config set-credentials kube-proxy \
# 设置客户端认证参数
kubectl config set-credentials kube-proxy \
--client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \
--client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig
$ # 设置上下文参数
$ kubectl config set-context default \
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
$ # 设置默认上下文
$ kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
```
+ 设置集群参数和客户端认证参数时 `--embed-certs` 都为 `true`,这会将 `certificate-authority`、`client-certificate` 和 `client-key` 指向的证书文件内容写入到生成的 `kube-proxy.kubeconfig` 文件中;
@ -98,7 +102,7 @@ $ kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
将两个 kubeconfig 文件分发到所有 Node 机器的 `/etc/kubernetes/` 目录
``` bash
$ cp bootstrap.kubeconfig kube-proxy.kubeconfig /etc/kubernetes/
cp bootstrap.kubeconfig kube-proxy.kubeconfig /etc/kubernetes/
```
## 参考