2220 lines
115 KiB
HTML
2220 lines
115 KiB
HTML
|
||
<!DOCTYPE HTML>
|
||
<html lang="zh-hans" >
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
||
<title>3.4.2 使用 kubeconfig 文件配置跨集群认证 · Kubernetes Handbook</title>
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
||
<meta name="description" content="">
|
||
<meta name="generator" content="GitBook 3.2.2">
|
||
<meta name="author" content="Jimmy Song">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/style.css">
|
||
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-page-toc-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-image-captions/image-captions.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search-plus/search.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<meta name="HandheldFriendly" content="true"/>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
||
<meta name="apple-mobile-web-app-capable" content="yes">
|
||
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
||
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
||
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
||
|
||
|
||
<link rel="next" href="connecting-to-applications-port-forward.html" />
|
||
|
||
|
||
<link rel="prev" href="access-cluster.html" />
|
||
|
||
|
||
|
||
<link rel="shortcut icon" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
<link rel="bookmark" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
|
||
|
||
<style>
|
||
@media only screen and (max-width: 640px) {
|
||
.book-header .hidden-mobile {
|
||
display: none;
|
||
}
|
||
}
|
||
</style>
|
||
<script>
|
||
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
|
||
</script>
|
||
|
||
</head>
|
||
<body>
|
||
|
||
<div class="book">
|
||
<div class="book-summary">
|
||
|
||
|
||
<div id="book-search-input" role="search">
|
||
<input type="text" placeholder="输入并搜索" />
|
||
</div>
|
||
|
||
|
||
<nav role="navigation">
|
||
|
||
|
||
|
||
<ul class="summary">
|
||
|
||
|
||
|
||
|
||
<li>
|
||
<a href="https://jimmysong.io" target="_blank" class="custom-link">Home</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="chapter " data-level="1.1" data-path="../">
|
||
|
||
<a href="../">
|
||
|
||
|
||
序言
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.2" data-path="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
<a href="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
|
||
1. Kubernetes与云原生应用概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3" data-path="../concepts/">
|
||
|
||
<a href="../concepts/">
|
||
|
||
|
||
2. 概念原理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.1" data-path="../concepts/concepts.html">
|
||
|
||
<a href="../concepts/concepts.html">
|
||
|
||
|
||
2.1 设计理念
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2" data-path="../concepts/objects.html">
|
||
|
||
<a href="../concepts/objects.html">
|
||
|
||
|
||
2.2 Objects
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.2.1" data-path="../concepts/pod-overview.html">
|
||
|
||
<a href="../concepts/pod-overview.html">
|
||
|
||
|
||
2.2.1 Pod
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.2.1.1" data-path="../concepts/pod.html">
|
||
|
||
<a href="../concepts/pod.html">
|
||
|
||
|
||
2.2.1.1 Pod解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.2" data-path="../concepts/init-containers.html">
|
||
|
||
<a href="../concepts/init-containers.html">
|
||
|
||
|
||
2.2.1.2 Init容器
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.3" data-path="../concepts/pod-security-policy.html">
|
||
|
||
<a href="../concepts/pod-security-policy.html">
|
||
|
||
|
||
2.2.1.3 Pod安全策略
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.4" data-path="../concepts/pod-lifecycle.html">
|
||
|
||
<a href="../concepts/pod-lifecycle.html">
|
||
|
||
|
||
2.2.1.4 Pod的生命周期
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.2" data-path="../concepts/node.html">
|
||
|
||
<a href="../concepts/node.html">
|
||
|
||
|
||
2.2.2 Node
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.3" data-path="../concepts/namespace.html">
|
||
|
||
<a href="../concepts/namespace.html">
|
||
|
||
|
||
2.2.3 Namespace
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.4" data-path="../concepts/service.html">
|
||
|
||
<a href="../concepts/service.html">
|
||
|
||
|
||
2.2.4 Service
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.5" data-path="../concepts/volume.html">
|
||
|
||
<a href="../concepts/volume.html">
|
||
|
||
|
||
2.2.5 Volume和Persistent Volume
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.6" data-path="../concepts/deployment.html">
|
||
|
||
<a href="../concepts/deployment.html">
|
||
|
||
|
||
2.2.6 Deployment
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.7" data-path="../concepts/secret.html">
|
||
|
||
<a href="../concepts/secret.html">
|
||
|
||
|
||
2.2.7 Secret
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.8" data-path="../concepts/statefulset.html">
|
||
|
||
<a href="../concepts/statefulset.html">
|
||
|
||
|
||
2.2.8 StatefulSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.9" data-path="../concepts/daemonset.html">
|
||
|
||
<a href="../concepts/daemonset.html">
|
||
|
||
|
||
2.2.9 DaemonSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.10" data-path="../concepts/serviceaccount.html">
|
||
|
||
<a href="../concepts/serviceaccount.html">
|
||
|
||
|
||
2.2.10 ServiceAccount
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.11" data-path="../concepts/replicaset.html">
|
||
|
||
<a href="../concepts/replicaset.html">
|
||
|
||
|
||
2.2.11 ReplicationController和ReplicaSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.12" data-path="../concepts/job.html">
|
||
|
||
<a href="../concepts/job.html">
|
||
|
||
|
||
2.2.12 Job
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.13" data-path="../concepts/cronjob.html">
|
||
|
||
<a href="../concepts/cronjob.html">
|
||
|
||
|
||
2.2.13 CronJob
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.14" data-path="../concepts/ingress.html">
|
||
|
||
<a href="../concepts/ingress.html">
|
||
|
||
|
||
2.2.14 Ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.15" data-path="../concepts/configmap.html">
|
||
|
||
<a href="../concepts/configmap.html">
|
||
|
||
|
||
2.2.15 ConfigMap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.16" data-path="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
<a href="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
|
||
2.2.16 Horizontal Pod Autoscaling
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.17" data-path="../concepts/label.html">
|
||
|
||
<a href="../concepts/label.html">
|
||
|
||
|
||
2.2.17 Label
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.18" data-path="../concepts/garbage-collection.html">
|
||
|
||
<a href="../concepts/garbage-collection.html">
|
||
|
||
|
||
2.2.18 垃圾收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.19" data-path="../concepts/network-policy.html">
|
||
|
||
<a href="../concepts/network-policy.html">
|
||
|
||
|
||
2.2.19 NetworkPolicy
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4" data-path="./">
|
||
|
||
<a href="./">
|
||
|
||
|
||
3. 用户指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.1" data-path="resource-configuration.html">
|
||
|
||
<a href="resource-configuration.html">
|
||
|
||
|
||
3.1 资源对象配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.1.1" data-path="configure-liveness-readiness-probes.html">
|
||
|
||
<a href="configure-liveness-readiness-probes.html">
|
||
|
||
|
||
3.1.1 配置Pod的liveness和readiness探针
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.2" data-path="configure-pod-service-account.html">
|
||
|
||
<a href="configure-pod-service-account.html">
|
||
|
||
|
||
3.1.2 配置Pod的Service Account
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.3" data-path="secret-configuration.html">
|
||
|
||
<a href="secret-configuration.html">
|
||
|
||
|
||
3.1.3 Secret配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.4" data-path="resource-quota-management.html">
|
||
|
||
<a href="resource-quota-management.html">
|
||
|
||
|
||
3.2.3 管理namespace中的资源配额
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.2" data-path="command-usage.html">
|
||
|
||
<a href="command-usage.html">
|
||
|
||
|
||
3.2 命令使用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.2.1" data-path="using-kubectl.html">
|
||
|
||
<a href="using-kubectl.html">
|
||
|
||
|
||
3.2.1 使用kubectl
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.2.2" data-path="docker-cli-to-kubectl.html">
|
||
|
||
<a href="docker-cli-to-kubectl.html">
|
||
|
||
|
||
3.2.2 docker用户过度到kubectl命令行指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3" data-path="cluster-security-management.html">
|
||
|
||
<a href="cluster-security-management.html">
|
||
|
||
|
||
3.3 集群安全性管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.3.1" data-path="managing-tls-in-a-cluster.html">
|
||
|
||
<a href="managing-tls-in-a-cluster.html">
|
||
|
||
|
||
3.3.1 管理集群中的TLS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.2" data-path="kubelet-authentication-authorization.html">
|
||
|
||
<a href="kubelet-authentication-authorization.html">
|
||
|
||
|
||
3.3.2 kubelet的认证授权
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.3" data-path="tls-bootstrapping.html">
|
||
|
||
<a href="tls-bootstrapping.html">
|
||
|
||
|
||
3.3.3 TLS bootstrap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.4" data-path="kubectl-user-authentication-authorization.html">
|
||
|
||
<a href="kubectl-user-authentication-authorization.html">
|
||
|
||
|
||
3.3.4 kubectl的用户认证授权
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.5" data-path="rbac.html">
|
||
|
||
<a href="rbac.html">
|
||
|
||
|
||
3.3.5 RBAC——基于角色的访问控制
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.6" data-path="ip-masq-agent.html">
|
||
|
||
<a href="ip-masq-agent.html">
|
||
|
||
|
||
3.3.6 IP伪装代理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4" data-path="access-kubernetes-cluster.html">
|
||
|
||
<a href="access-kubernetes-cluster.html">
|
||
|
||
|
||
3.4 访问 Kubernetes 集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.4.1" data-path="access-cluster.html">
|
||
|
||
<a href="access-cluster.html">
|
||
|
||
|
||
3.4.1 访问集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter active" data-level="1.4.4.2" data-path="authenticate-across-clusters-kubeconfig.html">
|
||
|
||
<a href="authenticate-across-clusters-kubeconfig.html">
|
||
|
||
|
||
3.4.2 使用 kubeconfig 文件配置跨集群认证
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4.3" data-path="connecting-to-applications-port-forward.html">
|
||
|
||
<a href="connecting-to-applications-port-forward.html">
|
||
|
||
|
||
3.4.3 通过端口转发访问集群中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4.4" data-path="service-access-application-cluster.html">
|
||
|
||
<a href="service-access-application-cluster.html">
|
||
|
||
|
||
3.4.4 使用 service 访问群集中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5" data-path="application-development-deployment-flow.html">
|
||
|
||
<a href="application-development-deployment-flow.html">
|
||
|
||
|
||
3.5 在kubernetes中开发部署应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.5.1" data-path="deploy-applications-in-kubernetes.html">
|
||
|
||
<a href="deploy-applications-in-kubernetes.html">
|
||
|
||
|
||
3.5.1 适用于kubernetes的应用开发部署流程
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5.2" data-path="migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
<a href="migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
|
||
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5.3" data-path="using-statefulset.html">
|
||
|
||
<a href="using-statefulset.html">
|
||
|
||
|
||
3.5.3 使用StatefulSet部署用状态应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5" data-path="../practice/">
|
||
|
||
<a href="../practice/">
|
||
|
||
|
||
4. 最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.1" data-path="../practice/install-kbernetes1.6-on-centos.html">
|
||
|
||
<a href="../practice/install-kbernetes1.6-on-centos.html">
|
||
|
||
|
||
4.1 在CentOS上部署kubernetes1.6集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.1.1" data-path="../practice/create-tls-and-secret-key.html">
|
||
|
||
<a href="../practice/create-tls-and-secret-key.html">
|
||
|
||
|
||
4.1.1 创建TLS证书和秘钥
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.2" data-path="../practice/create-kubeconfig.html">
|
||
|
||
<a href="../practice/create-kubeconfig.html">
|
||
|
||
|
||
4.1.2 创建kubeconfig文件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.3" data-path="../practice/etcd-cluster-installation.html">
|
||
|
||
<a href="../practice/etcd-cluster-installation.html">
|
||
|
||
|
||
4.1.3 创建高可用etcd集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.4" data-path="../practice/kubectl-installation.html">
|
||
|
||
<a href="../practice/kubectl-installation.html">
|
||
|
||
|
||
4.1.4 安装kubectl命令行工具
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.5" data-path="../practice/master-installation.html">
|
||
|
||
<a href="../practice/master-installation.html">
|
||
|
||
|
||
4.1.5 部署master节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.6" data-path="../practice/node-installation.html">
|
||
|
||
<a href="../practice/node-installation.html">
|
||
|
||
|
||
4.1.6 部署node节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.7" data-path="../practice/kubedns-addon-installation.html">
|
||
|
||
<a href="../practice/kubedns-addon-installation.html">
|
||
|
||
|
||
4.1.7 安装kubedns插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.8" data-path="../practice/dashboard-addon-installation.html">
|
||
|
||
<a href="../practice/dashboard-addon-installation.html">
|
||
|
||
|
||
4.1.8 安装dashboard插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.9" data-path="../practice/heapster-addon-installation.html">
|
||
|
||
<a href="../practice/heapster-addon-installation.html">
|
||
|
||
|
||
4.1.9 安装heapster插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.10" data-path="../practice/efk-addon-installation.html">
|
||
|
||
<a href="../practice/efk-addon-installation.html">
|
||
|
||
|
||
4.1.10 安装EFK插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2" data-path="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
<a href="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
|
||
4.2 服务发现与负载均衡
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.2.1" data-path="../practice/traefik-ingress-installation.html">
|
||
|
||
<a href="../practice/traefik-ingress-installation.html">
|
||
|
||
|
||
4.2.1 安装Traefik ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.2" data-path="../practice/distributed-load-test.html">
|
||
|
||
<a href="../practice/distributed-load-test.html">
|
||
|
||
|
||
4.2.2 分布式负载测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.3" data-path="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
<a href="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
|
||
4.2.3 网络和集群性能测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.4" data-path="../practice/edge-node-configuration.html">
|
||
|
||
<a href="../practice/edge-node-configuration.html">
|
||
|
||
|
||
4.2.4 边缘节点配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.5" data-path="../practice/nginx-ingress-installation.html">
|
||
|
||
<a href="../practice/nginx-ingress-installation.html">
|
||
|
||
|
||
4.2.5 安装Nginx ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3" data-path="../practice/operation.html">
|
||
|
||
<a href="../practice/operation.html">
|
||
|
||
|
||
4.3 运维管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.3.1" data-path="../practice/service-rolling-update.html">
|
||
|
||
<a href="../practice/service-rolling-update.html">
|
||
|
||
|
||
4.3.1 服务滚动升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.2" data-path="../practice/app-log-collection.html">
|
||
|
||
<a href="../practice/app-log-collection.html">
|
||
|
||
|
||
4.3.2 应用日志收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.3" data-path="../practice/configuration-best-practice.html">
|
||
|
||
<a href="../practice/configuration-best-practice.html">
|
||
|
||
|
||
4.3.3 配置最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.4" data-path="../practice/monitor.html">
|
||
|
||
<a href="../practice/monitor.html">
|
||
|
||
|
||
4.3.4 集群及应用监控
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.5" data-path="../practice/data-persistence-problem.html">
|
||
|
||
<a href="../practice/data-persistence-problem.html">
|
||
|
||
|
||
4.3.6 数据持久化问题
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.6" data-path="../practice/manage-compute-resources-container.html">
|
||
|
||
<a href="../practice/manage-compute-resources-container.html">
|
||
|
||
|
||
4.3.7 管理容器的计算资源
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.7" data-path="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
<a href="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
|
||
4.3.8 使用Prometheus监控kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.8" data-path="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
<a href="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
|
||
4.3.9 使用Heapster获取集群和对象的metric数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.9" data-path="../practice/manually-upgrade.html">
|
||
|
||
<a href="../practice/manually-upgrade.html">
|
||
|
||
|
||
4.3.10 手动集群升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4" data-path="../practice/storage.html">
|
||
|
||
<a href="../practice/storage.html">
|
||
|
||
|
||
4.4 存储管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.1" data-path="../practice/glusterfs.html">
|
||
|
||
<a href="../practice/glusterfs.html">
|
||
|
||
|
||
4.4.1 GlusterFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.1.1" data-path="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
|
||
4.4.1.1 使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4.1.2" data-path="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
<a href="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
|
||
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4.2" data-path="../practice/cephfs.html">
|
||
|
||
<a href="../practice/cephfs.html">
|
||
|
||
|
||
4.4.2 CephFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.2.1" data-path="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
|
||
4.4.2.1 使用Ceph做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.5" data-path="../practice/services-management-tool.html">
|
||
|
||
<a href="../practice/services-management-tool.html">
|
||
|
||
|
||
4.5 服务编排管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.5.1" data-path="../practice/helm.html">
|
||
|
||
<a href="../practice/helm.html">
|
||
|
||
|
||
4.5.1 使用Helm管理kubernetes应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.5.2" data-path="../practice/create-private-charts-repo.html">
|
||
|
||
<a href="../practice/create-private-charts-repo.html">
|
||
|
||
|
||
4.5.2 构建私有Chart仓库
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.6" data-path="../practice/ci-cd.html">
|
||
|
||
<a href="../practice/ci-cd.html">
|
||
|
||
|
||
4.6 持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.6.1" data-path="../practice/jenkins-ci-cd.html">
|
||
|
||
<a href="../practice/jenkins-ci-cd.html">
|
||
|
||
|
||
4.6.1 使用Jenkins进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.6.2" data-path="../practice/drone-ci-cd.html">
|
||
|
||
<a href="../practice/drone-ci-cd.html">
|
||
|
||
|
||
4.6.2 使用Drone进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6" data-path="../usecases/">
|
||
|
||
<a href="../usecases/">
|
||
|
||
|
||
5. 领域应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.1" data-path="../usecases/microservices.html">
|
||
|
||
<a href="../usecases/microservices.html">
|
||
|
||
|
||
5.1 微服务架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.1.1" data-path="../usecases/service-discovery-in-microservices.html">
|
||
|
||
<a href="../usecases/service-discovery-in-microservices.html">
|
||
|
||
|
||
5.1.1 微服务中的服务发现
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2" data-path="../usecases/service-mesh.html">
|
||
|
||
<a href="../usecases/service-mesh.html">
|
||
|
||
|
||
5.2 Service Mesh 服务网格
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.1" data-path="../usecases/istio.html">
|
||
|
||
<a href="../usecases/istio.html">
|
||
|
||
|
||
5.1.1 Istio
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.1.1" data-path="../usecases/istio-installation.html">
|
||
|
||
<a href="../usecases/istio-installation.html">
|
||
|
||
|
||
5.1.1.1 安装istio
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2.1.2" data-path="../usecases/configuring-request-routing.html">
|
||
|
||
<a href="../usecases/configuring-request-routing.html">
|
||
|
||
|
||
5.1.1.2 配置请求的路由规则
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2.2" data-path="../usecases/linkerd.html">
|
||
|
||
<a href="../usecases/linkerd.html">
|
||
|
||
|
||
5.1.2 Linkerd
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.2.1" data-path="../usecases/linkerd-user-guide.html">
|
||
|
||
<a href="../usecases/linkerd-user-guide.html">
|
||
|
||
|
||
5.1.2.1 Linkerd 使用指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.3" data-path="../usecases/big-data.html">
|
||
|
||
<a href="../usecases/big-data.html">
|
||
|
||
|
||
5.2 大数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.3.1" data-path="../usecases/spark-standalone-on-kubernetes.html">
|
||
|
||
<a href="../usecases/spark-standalone-on-kubernetes.html">
|
||
|
||
|
||
5.2.1 Spark standalone on Kubernetes
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.3.2" data-path="../usecases/running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
<a href="../usecases/running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
|
||
5.2.2 运行支持kubernetes原生调度的Spark程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.4" data-path="../usecases/serverless.html">
|
||
|
||
<a href="../usecases/serverless.html">
|
||
|
||
|
||
5.3 Serverless架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.5" data-path="../usecases/edge-computing.html">
|
||
|
||
<a href="../usecases/edge-computing.html">
|
||
|
||
|
||
5.4 边缘计算
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7" data-path="../develop/">
|
||
|
||
<a href="../develop/">
|
||
|
||
|
||
6. 开发指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.7.1" data-path="../develop/developing-environment.html">
|
||
|
||
<a href="../develop/developing-environment.html">
|
||
|
||
|
||
6.1 开发环境搭建
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.2" data-path="../develop/testing.html">
|
||
|
||
<a href="../develop/testing.html">
|
||
|
||
|
||
6.2 单元测试和集成测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.3" data-path="../develop/client-go-sample.html">
|
||
|
||
<a href="../develop/client-go-sample.html">
|
||
|
||
|
||
6.3 client-go示例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.4" data-path="../develop/contribute.html">
|
||
|
||
<a href="../develop/contribute.html">
|
||
|
||
|
||
6.4 社区贡献
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.5" data-path="../develop/minikube.html">
|
||
|
||
<a href="../develop/minikube.html">
|
||
|
||
|
||
6.5 Minikube
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8" data-path="../appendix/">
|
||
|
||
<a href="../appendix/">
|
||
|
||
|
||
7. 附录
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.8.1" data-path="../appendix/docker-best-practice.html">
|
||
|
||
<a href="../appendix/docker-best-practice.html">
|
||
|
||
|
||
7.1 Docker最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.2" data-path="../appendix/issues.html">
|
||
|
||
<a href="../appendix/issues.html">
|
||
|
||
|
||
7.2 问题记录
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.3" data-path="../appendix/tricks.html">
|
||
|
||
<a href="../appendix/tricks.html">
|
||
|
||
|
||
7.3 使用技巧
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.4" data-path="../appendix/debug-kubernetes-services.html">
|
||
|
||
<a href="../appendix/debug-kubernetes-services.html">
|
||
|
||
|
||
7.4 kubernetes中的应用故障排查
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.5" data-path="../appendix/material-share.html">
|
||
|
||
<a href="../appendix/material-share.html">
|
||
|
||
|
||
7.5 Kubernetes相关资讯和情报链接
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
<li>
|
||
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
||
本书使用 GitBook 发布
|
||
</a>
|
||
</li>
|
||
</ul>
|
||
|
||
|
||
</nav>
|
||
|
||
|
||
</div>
|
||
|
||
<div class="book-body">
|
||
|
||
<div class="body-inner">
|
||
|
||
|
||
|
||
<div class="book-header" role="navigation">
|
||
|
||
|
||
<!-- Title -->
|
||
<h1>
|
||
<i class="fa fa-circle-o-notch fa-spin"></i>
|
||
<a href=".." >3.4.2 使用 kubeconfig 文件配置跨集群认证</a>
|
||
</h1>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="page-wrapper" tabindex="-1" role="main">
|
||
<div class="page-inner">
|
||
|
||
<div class="search-plus" id="book-search-results">
|
||
<div class="search-noresults">
|
||
|
||
<section class="normal markdown-section">
|
||
|
||
<h1 id="使用-kubeconfig-文件配置跨集群认证">使用 kubeconfig 文件配置跨集群认证</h1>
|
||
<p>Kubernetes 的认证方式对于不同的人来说可能有所不同。</p>
|
||
<ul>
|
||
<li>运行 kubelet 可能有一种认证方式(即证书)。</li>
|
||
<li>用户可能有不同的认证方式(即令牌)。</li>
|
||
<li>管理员可能具有他们为个人用户提供的证书列表。</li>
|
||
<li>我们可能有多个集群,并希望在同一个地方将其全部定义——这样用户就能使用自己的证书并重用相同的全局配置。</li>
|
||
</ul>
|
||
<p>所以为了能够让用户轻松地在多个集群之间切换,对于多个用户的情况下,我们将其定义在了一个 kubeconfig 文件中。</p>
|
||
<p>此文件包含一系列与昵称相关联的身份验证机制和集群连接信息。它还引入了一个(用户)认证信息元组和一个被称为上下文的与昵称相关联的集群连接信息的概念。</p>
|
||
<p>如果明确指定,则允许使用多个 kubeconfig 文件。在运行时,它们与命令行中指定的覆盖选项一起加载并合并(参见下面的 <a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#loading-and-merging-rules" target="_blank">规则</a>)。</p>
|
||
<h2 id="相关讨论">相关讨论</h2>
|
||
<p><a href="http://issue.k8s.io/1755" target="_blank">http://issue.k8s.io/1755</a></p>
|
||
<h2 id="kubeconfig-文件的组成">Kubeconfig 文件的组成</h2>
|
||
<h3 id="kubeconifg-文件示例">Kubeconifg 文件示例</h3>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">current-context:</span> federal-context
|
||
<span class="hljs-attr">apiVersion:</span> v1
|
||
<span class="hljs-attr">clusters:</span>
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> api-version:</span> v1
|
||
<span class="hljs-attr"> server:</span> http://cow.org:<span class="hljs-number">8080</span>
|
||
<span class="hljs-attr"> name:</span> cow-cluster
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> certificate-authority:</span> path/to/my/cafile
|
||
<span class="hljs-attr"> server:</span> https://horse.org:<span class="hljs-number">4443</span>
|
||
<span class="hljs-attr"> name:</span> horse-cluster
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> insecure-skip-tls-verify:</span> <span class="hljs-literal">true</span>
|
||
<span class="hljs-attr"> server:</span> https://pig.org:<span class="hljs-number">443</span>
|
||
<span class="hljs-attr"> name:</span> pig-cluster
|
||
<span class="hljs-attr">contexts:</span>
|
||
<span class="hljs-attr">- context:</span>
|
||
<span class="hljs-attr"> cluster:</span> horse-cluster
|
||
<span class="hljs-attr"> namespace:</span> chisel-ns
|
||
<span class="hljs-attr"> user:</span> green-user
|
||
<span class="hljs-attr"> name:</span> federal-context
|
||
<span class="hljs-attr">- context:</span>
|
||
<span class="hljs-attr"> cluster:</span> pig-cluster
|
||
<span class="hljs-attr"> namespace:</span> saw-ns
|
||
<span class="hljs-attr"> user:</span> black-user
|
||
<span class="hljs-attr"> name:</span> queen-anne-context
|
||
<span class="hljs-attr">kind:</span> Config
|
||
<span class="hljs-attr">preferences:</span>
|
||
<span class="hljs-attr"> colors:</span> <span class="hljs-literal">true</span>
|
||
<span class="hljs-attr">users:</span>
|
||
<span class="hljs-attr">- name:</span> blue-user
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> token:</span> blue-token
|
||
<span class="hljs-attr">- name:</span> green-user
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> client-certificate:</span> path/to/my/client/cert
|
||
<span class="hljs-attr"> client-key:</span> path/to/my/client/key
|
||
</code></pre>
|
||
<h3 id="各个组件的拆解释意">各个组件的拆解/释意</h3>
|
||
<h4 id="cluster">Cluster</h4>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">clusters:</span>
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> certificate-authority:</span> path/to/my/cafile
|
||
<span class="hljs-attr"> server:</span> https://horse.org:<span class="hljs-number">4443</span>
|
||
<span class="hljs-attr"> name:</span> horse-cluster
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> insecure-skip-tls-verify:</span> <span class="hljs-literal">true</span>
|
||
<span class="hljs-attr"> server:</span> https://pig.org:<span class="hljs-number">443</span>
|
||
<span class="hljs-attr"> name:</span> pig-cluster
|
||
</code></pre>
|
||
<p><code>cluster</code> 中包含 kubernetes 集群的端点数据,包括 kubernetes apiserver 的完整 url 以及集群的证书颁发机构或者当集群的服务证书未被系统信任的证书颁发机构签名时,设置<code>insecure-skip-tls-verify: true</code>。</p>
|
||
<p><code>cluster</code> 的名称(昵称)作为该 kubeconfig 文件中的集群字典的 key。 您可以使用 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-set-cluster-em-" target="_blank"><code>kubectl config set-cluster</code></a> 添加或修改 <code>cluster</code> 条目。</p>
|
||
<h4 id="user">user</h4>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">users:</span>
|
||
<span class="hljs-attr">- name:</span> blue-user
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> token:</span> blue-token
|
||
<span class="hljs-attr">- name:</span> green-user
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> client-certificate:</span> path/to/my/client/cert
|
||
<span class="hljs-attr"> client-key:</span> path/to/my/client/key
|
||
</code></pre>
|
||
<p><code>user</code> 定义用于向 kubernetes 集群进行身份验证的客户端凭据。在加载/合并 kubeconfig 之后,<code>user</code> 将有一个名称(昵称)作为用户条目列表中的 key。 可用凭证有 <code>client-certificate</code>、<code>client-key</code>、<code>token</code> 和 <code>username/password</code>。 <code>username/password</code> 和 <code>token</code> 是二者只能选择一个,但 client-certificate 和 client-key 可以分别与它们组合。</p>
|
||
<p>您可以使用 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-set-credentials-em-" target="_blank"><code>kubectl config set-credentials</code></a> 添加或者修改 <code>user</code> 条目。</p>
|
||
<h4 id="context">context</h4>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">contexts:</span>
|
||
<span class="hljs-attr">- context:</span>
|
||
<span class="hljs-attr"> cluster:</span> horse-cluster
|
||
<span class="hljs-attr"> namespace:</span> chisel-ns
|
||
<span class="hljs-attr"> user:</span> green-user
|
||
<span class="hljs-attr"> name:</span> federal-context
|
||
</code></pre>
|
||
<p><code>context</code> 定义了一个命名的 <a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#cluster" target="_blank"><code>cluster</code></a>、<a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#user" target="_blank"><code>user</code></a>、<a href="https://kubernetes.io/docs/user-guide/namespaces" target="_blank"><code>namespace</code></a> 元组,用于使用提供的认证信息和命名空间将请求发送到指定的集群。 三个都是可选的;仅使用 <code>cluster</code>、<code>user</code>、<code>namespace</code> 之一指定上下文,或指定 none。 未指定的值或在加载的 kubeconfig 中没有相应条目的命名值(例如,如果为上述 kubeconfig 文件指定了 <code>pink-user</code> 的上下文)将被替换为默认值。 有关覆盖/合并行为,请参阅下面的 <a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#loading-and-merging" target="_blank">加载和合并规则</a>。</p>
|
||
<p>您可以使用 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-set-context-em-" target="_blank"><code>kubectl config set-context</code></a> 添加或修改上下文条目。</p>
|
||
<h4 id="current-context">current-context</h4>
|
||
<pre><code class="lang-Yaml"><span class="hljs-attr">current-context:</span> federal-context
|
||
</code></pre>
|
||
<p><code>current-context</code> is the nickname or 'key' for the cluster,user,namespace tuple that kubectl will use by default when loading config from this file. You can override any of the values in kubectl from the commandline, by passing <code>--context=CONTEXT</code>, <code>--cluster=CLUSTER</code>, <code>--user=USER</code>, and/or <code>--namespace=NAMESPACE</code> respectively. You can change the <code>current-context</code> with <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-use-context-em-" target="_blank"><code>kubectl config use-context</code></a>.</p>
|
||
<p><code>current-context</code> 是昵称或者说是作为 <code>cluster</code>、<code>user</code>、<code>namespace</code> 元组的 ”key“,当 kubectl 从该文件中加载配置的时候会被默认使用。您可以在 kubectl 命令行里覆盖这些值,通过分别传入 <code>—context=CONTEXT</code>、 <code>—cluster=CLUSTER</code>、<code>--user=USER</code> 和 <code>--namespace=NAMESPACE</code> 。</p>
|
||
<p>您可以使用 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-use-context-em-" target="_blank"><code>kubectl config use-context</code></a> 更改 <code>current-context</code>。</p>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">apiVersion:</span> v1
|
||
<span class="hljs-attr">kind:</span> Config
|
||
<span class="hljs-attr">preferences:</span>
|
||
<span class="hljs-attr"> colors:</span> <span class="hljs-literal">true</span>
|
||
</code></pre>
|
||
<h4 id="杂项">杂项</h4>
|
||
<p><code>apiVersion</code> 和 <code>kind</code> 标识客户端解析器的版本和模式,不应手动编辑。 <code>preferences</code> 指定可选(和当前未使用)的 kubectl 首选项。</p>
|
||
<h2 id="查看-kubeconfig-文件">查看 kubeconfig 文件</h2>
|
||
<p><code>kubectl config view</code> 命令可以展示当前的 kubeconfig 设置。默认将为您展示所有的 kubeconfig 设置;您可以通过传入 <code>—minify</code> 参数,将视图过滤到与 <code>current-context</code> 有关的配额设置。有关其他选项,请参阅 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#-em-view-em-" target="_blank"><code>kubectl config view</code></a>。</p>
|
||
<h2 id="构建您自己的-kubeconfig-文件">构建您自己的 kubeconfig 文件</h2>
|
||
<p>您可以使用上文 <a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#example-kubeconfig-file" target="_blank">示例 kubeconfig 文件</a> 作为</p>
|
||
<p><strong>注意:</strong> 如果您是通过 <code>kube-up.sh</code> 脚本部署的 kubernetes 集群,不需要自己创建 kubeconfig 文件——该脚本已经为您创建过了。</p>
|
||
<p>{:.note}</p>
|
||
<p>当 api server 启动的时候使用了 <code>—token-auth-file=tokens.csv</code> 选项时,上述文件将会与 <a href="https://kubernetes.io/docs/admin/kube-apiserver/" target="_blank">API server</a> 相关联,<code>tokens.csv</code> 文件看起来会像这个样子:</p>
|
||
<pre><code>blue-user,blue-user,1
|
||
mister-red,mister-red,2
|
||
</code></pre><p><strong>注意:</strong> 启动 API server 时有很多 <a href="https://kubernetes.io/docs/admin/kube-apiserver/" target="_blank">可用选项</a>。请您一定要确保理解您使用的选项。</p>
|
||
<p>上述示例 kubeconfig 文件提供了 <code>green-user</code> 的客户端凭证。因为用户的 <code>current-user</code> 是 <code>green-user</code> ,任何该 API server 的客户端使用该示例 kubeconfig 文件时都可以成功登录。同样,我们可以通过修改 <code>current-context</code> 的值以 <code>blue-user</code> 的身份操作。</p>
|
||
<p>在上面的示例中,<code>green-user</code> 通过提供凭据登录,<code>blue-user</code> 使用的是 token。使用 <code>kubectl config set-credentials</code> 指定登录信息。想了解更多信息,请访问 "<a href="https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig.md#commands-for-the-example-file" target="_blank">示例文件相关操作命令</a>"。</p>
|
||
<h2 id="加载和合并规则">加载和合并规则</h2>
|
||
<p>加载和合并 kubeconfig 文件的规则很简单,但有很多。最终的配置按照以下顺序构建:</p>
|
||
<ol>
|
||
<li><p>从磁盘中获取 kubeconfig。这将通过以下层次结构和合并规则完成:</p>
|
||
<p>如果设置了 <code>CommandLineLocation</code> (<code>kubeconfig</code> 命令行参数的值),将会只使用该文件,而不会进行合并。该参数在一条命令中只允许指定一次。</p>
|
||
<p>或者,如果设置了 <code>EnvVarLocation</code> (<code>$KUBECONFIG</code> 的值),其将会被作为应合并的文件列表,并根据以下规则合并文件。空文件名被忽略。非串行内容的文件将产生错误。设置特定值或 map key 的第一个文件将优先使用,并且值或 map key 也永远不会更改。 这意味着设置 CurrentContext 的第一个文件将保留其上下文。 这也意味着如果两个文件同时指定一个 <code>red-user</code>,那么将只使用第一个文件中的 <code>red-user</code> 的值。 即使第二个文件的 <code>red-user</code> 中有非冲突条目也被丢弃。</p>
|
||
<p>另外,使用 Home 目录位置(<code>~/.kube/config</code>)将不会合并。</p>
|
||
</li>
|
||
<li><p>根据此链中的第一个命中确定要使用的上下文</p>
|
||
<ol>
|
||
<li>命令行参数——<code>context</code> 命令行选项的值</li>
|
||
<li>来自合并后的 <code>kubeconfig</code> 文件的 <code>current-context</code></li>
|
||
<li>在这个阶段允许空</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>确定要使用的群集信息和用户。此时,我们可能有也可能没有上下文。他们是基于这个链中的第一次命中。 (运行两次,一次为用户,一次为集群)</p>
|
||
<ol>
|
||
<li>命令行参数——<code>user</code> 指定用户,<code>cluster</code> 指定集群名称</li>
|
||
<li>如果上下文存在,则使用上下文的值</li>
|
||
<li>允许空</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>确定要使用的实际群集信息。此时,我们可能有也可能没有集群信息。根据链条构建每个集群信息(第一次命中胜出):</p>
|
||
<ol>
|
||
<li>命令行参数——<code>server</code>,<code>api-version</code>,<code>certificate-authority</code> 和 <code>insecure-skip-tls-verify</code></li>
|
||
<li>如果存在集群信息,并且存在该属性的值,请使用它。</li>
|
||
<li>如果没有服务器位置,则产生错误。</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>确定要使用的实际用户信息。用户使用与集群信息相同的规则构建,除非,您的每个用户只能使用一种认证技术。</p>
|
||
<ol>
|
||
<li>负载优先级为1)命令行标志 2)来自 kubeconfig 的用户字段</li>
|
||
<li>命令行标志是:<code>client-certificate</code>、<code>client-key</code>、<code>username</code>、<code>password</code> 和 <code>token</code></li>
|
||
<li>如果有两种冲突的技术,则失败。</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>对于任何仍然缺少的信息,将使用默认值,并可能会提示验证信息</p>
|
||
</li>
|
||
<li><p>Kubeconfig 文件中的所有文件引用都相对于 kubeconfig 文件本身的位置进行解析。当命令行上显示文件引用时,它们将相对于当前工作目录进行解析。当路径保存在 <code>~/.kube/config</code> 中时,相对路径使用相对存储,绝对路径使用绝对存储。</p>
|
||
</li>
|
||
</ol>
|
||
<p>Kubeconfig 文件中的任何路径都相对于 kubeconfig 文件本身的位置进行解析。</p>
|
||
<h2 id="使用-kubectl-config-subcommand-操作-kubeconfig">使用 <code>kubectl config <subcommand></code> 操作 kubeconfig</h2>
|
||
<p><code>kubectl config</code> 有一些列的子命令可以帮助我们更方便的操作 kubeconfig 文件。</p>
|
||
<p>请参阅 <a href="https://kubernetes.io/docs/user-guide/kubectl/%7B%7Bpage.version%7D%7D/#config" target="_blank">kubectl/kubectl_config</a>。</p>
|
||
<h3 id="example">Example</h3>
|
||
<pre><code class="lang-bash">$ kubectl config <span class="hljs-built_in">set</span>-credentials myself --username=admin --password=secret
|
||
$ kubectl config <span class="hljs-built_in">set</span>-cluster <span class="hljs-built_in">local</span>-server --server=http://localhost:8080
|
||
$ kubectl config <span class="hljs-built_in">set</span>-context default-context --cluster=<span class="hljs-built_in">local</span>-server --user=myself
|
||
$ kubectl config use-context default-context
|
||
$ kubectl config <span class="hljs-built_in">set</span> contexts.default-context.namespace the-right-prefix
|
||
$ kubectl config view
|
||
</code></pre>
|
||
<p>产生如下输出:</p>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">apiVersion:</span> v1
|
||
<span class="hljs-attr">clusters:</span>
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> server:</span> http://localhost:<span class="hljs-number">8080</span>
|
||
<span class="hljs-attr"> name:</span> local-server
|
||
<span class="hljs-attr">contexts:</span>
|
||
<span class="hljs-attr">- context:</span>
|
||
<span class="hljs-attr"> cluster:</span> local-server
|
||
<span class="hljs-attr"> namespace:</span> the-right-prefix
|
||
<span class="hljs-attr"> user:</span> myself
|
||
<span class="hljs-attr"> name:</span> default-context
|
||
<span class="hljs-attr">current-context:</span> default-context
|
||
<span class="hljs-attr">kind:</span> Config
|
||
<span class="hljs-attr">preferences:</span> {}
|
||
<span class="hljs-attr">users:</span>
|
||
<span class="hljs-attr">- name:</span> myself
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> password:</span> secret
|
||
<span class="hljs-attr"> username:</span> admin
|
||
</code></pre>
|
||
<p>Kubeconfig 文件会像这样子:</p>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">apiVersion:</span> v1
|
||
<span class="hljs-attr">clusters:</span>
|
||
<span class="hljs-attr">- cluster:</span>
|
||
<span class="hljs-attr"> server:</span> http://localhost:<span class="hljs-number">8080</span>
|
||
<span class="hljs-attr"> name:</span> local-server
|
||
<span class="hljs-attr">contexts:</span>
|
||
<span class="hljs-attr">- context:</span>
|
||
<span class="hljs-attr"> cluster:</span> local-server
|
||
<span class="hljs-attr"> namespace:</span> the-right-prefix
|
||
<span class="hljs-attr"> user:</span> myself
|
||
<span class="hljs-attr"> name:</span> default-context
|
||
<span class="hljs-attr">current-context:</span> default-context
|
||
<span class="hljs-attr">kind:</span> Config
|
||
<span class="hljs-attr">preferences:</span> {}
|
||
<span class="hljs-attr">users:</span>
|
||
<span class="hljs-attr">- name:</span> myself
|
||
<span class="hljs-attr"> user:</span>
|
||
<span class="hljs-attr"> password:</span> secret
|
||
<span class="hljs-attr"> username:</span> admin
|
||
</code></pre>
|
||
<h4 id="示例文件相关操作命令">示例文件相关操作命令</h4>
|
||
<pre><code class="lang-Bash">$ kubectl config <span class="hljs-built_in">set</span> preferences.colors <span class="hljs-literal">true</span>
|
||
$ kubectl config <span class="hljs-built_in">set</span>-cluster cow-cluster --server=http://cow.org:8080 --api-version=v1
|
||
$ kubectl config <span class="hljs-built_in">set</span>-cluster horse-cluster --server=https://horse.org:4443 --certificate-authority=path/to/my/cafile
|
||
$ kubectl config <span class="hljs-built_in">set</span>-cluster pig-cluster --server=https://pig.org:443 --insecure-skip-tls-verify=<span class="hljs-literal">true</span>
|
||
$ kubectl config <span class="hljs-built_in">set</span>-credentials blue-user --token=blue-token
|
||
$ kubectl config <span class="hljs-built_in">set</span>-credentials green-user --client-certificate=path/to/my/client/cert --client-key=path/to/my/client/key
|
||
$ kubectl config <span class="hljs-built_in">set</span>-context queen-anne-context --cluster=pig-cluster --user=black-user --namespace=saw-ns
|
||
$ kubectl config <span class="hljs-built_in">set</span>-context federal-context --cluster=horse-cluster --user=green-user --namespace=chisel-ns
|
||
$ kubectl config use-context federal-context
|
||
</code></pre>
|
||
<h3 id="最后将它们捆绑在一起">最后将它们捆绑在一起</h3>
|
||
<p>所以,将这一切绑在一起,快速创建自己的 kubeconfig 文件:</p>
|
||
<ul>
|
||
<li>仔细看一下,了解您的 api-server 的启动方式:在设计 kubeconfig 文件以方便身份验证之前,您需要知道您自己的安全要求和策略。</li>
|
||
<li>将上面的代码段替换为您的集群的 api-server 端点的信息。</li>
|
||
<li>确保您的 api-server 至少能够以提供一个用户(即 <code>green-user</code>)凭据的方式启动。 当然您必须查看 api-server 文档,以了解当前关于身份验证细节方面的最新技术。 </li>
|
||
</ul>
|
||
<footer class="page-footer"><span class="copyright">Copyright © jimmysong.io 2017 all right reserved,powered by Gitbook</span><span class="footer-modification">Updated:
|
||
2017-08-21 18:23:34
|
||
</span></footer>
|
||
|
||
</section>
|
||
|
||
</div>
|
||
<div class="search-results">
|
||
<div class="has-results">
|
||
|
||
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
|
||
<ul class="search-results-list"></ul>
|
||
|
||
</div>
|
||
<div class="no-results">
|
||
|
||
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
<a href="access-cluster.html" class="navigation navigation-prev " aria-label="Previous page: 3.4.1 访问集群">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
|
||
<a href="connecting-to-applications-port-forward.html" class="navigation navigation-next " aria-label="Next page: 3.4.3 通过端口转发访问集群中的应用程序">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
|
||
|
||
|
||
</div>
|
||
|
||
<script>
|
||
var gitbook = gitbook || [];
|
||
gitbook.push(function() {
|
||
gitbook.page.hasChanged({"page":{"title":"3.4.2 使用 kubeconfig 文件配置跨集群认证","level":"1.4.4.2","depth":3,"next":{"title":"3.4.3 通过端口转发访问集群中的应用程序","level":"1.4.4.3","depth":3,"path":"guide/connecting-to-applications-port-forward.md","ref":"guide/connecting-to-applications-port-forward.md","articles":[]},"previous":{"title":"3.4.1 访问集群","level":"1.4.4.1","depth":3,"path":"guide/access-cluster.md","ref":"guide/access-cluster.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.1","level":"1.2","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":1,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.2","level":"1.2","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":2,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.3","level":"1.2","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":3,"url":"../images/12-factor-app.png","index":3,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.4","level":"1.2","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":4,"url":"../images/kubernetes-jenkins-ci-cd.png","index":4,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.5","level":"1.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":5,"url":"../images/filebeat-log-collector-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"1.2.5"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.6","level":"1.2","list_caption":"Figure: API文档","alt":"API文档","nro":6,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"API文档","attributes":{},"skip":false,"key":"1.2.6"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.7","level":"1.2","list_caption":"Figure: 迁移步骤示意图","alt":"迁移步骤示意图","nro":7,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":7,"caption_template":"图片 - _CAPTION_","label":"迁移步骤示意图","attributes":{},"skip":false,"key":"1.2.7"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.8","level":"1.2","list_caption":"Figure: service mesh架构图","alt":"service mesh架构图","nro":8,"url":"../images/serivce-mesh-control-plane.png","index":8,"caption_template":"图片 - _CAPTION_","label":"service mesh架构图","attributes":{},"skip":false,"key":"1.2.8"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.9","level":"1.2","list_caption":"Figure: kibana界面","alt":"kibana界面","nro":9,"url":"../images/filebeat-docker-test.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"kibana界面","attributes":{},"skip":false,"key":"1.2.9"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.10","level":"1.2","list_caption":"Figure: Grafana界面示意图1","alt":"Grafana界面示意图1","nro":10,"url":"../images/kubernetes-devops-example-grafana-1.png","index":10,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图1","attributes":{},"skip":false,"key":"1.2.10"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.11","level":"1.2","list_caption":"Figure: Grafana界面示意图2","alt":"Grafana界面示意图2","nro":11,"url":"../images/kubernetes-devops-example-grafana-2.png","index":11,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图2","attributes":{},"skip":false,"key":"1.2.11"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.12","level":"1.2","list_caption":"Figure: Grafana界面示意图3","alt":"Grafana界面示意图3","nro":12,"url":"../images/kubernetes-devops-example-grafana-3.png","index":12,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图3","attributes":{},"skip":false,"key":"1.2.12"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.13","level":"1.2","list_caption":"Figure: dashboard","alt":"dashboard","nro":13,"url":"../images/spark-job-on-kubernetes-example-1.jpg","index":13,"caption_template":"图片 - _CAPTION_","label":"dashboard","attributes":{},"skip":false,"key":"1.2.13"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.14","level":"1.2","list_caption":"Figure: Grafana","alt":"Grafana","nro":14,"url":"../images/spark-job-on-kubernetes-example-2.jpg","index":14,"caption_template":"图片 - _CAPTION_","label":"Grafana","attributes":{},"skip":false,"key":"1.2.14"},{"backlink":"concepts/index.html#fig1.3.1","level":"1.3","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":15,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.3.1"},{"backlink":"concepts/index.html#fig1.3.2","level":"1.3","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":16,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.3.2"},{"backlink":"concepts/index.html#fig1.3.3","level":"1.3","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":17,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.3.3"},{"backlink":"concepts/index.html#fig1.3.4","level":"1.3","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":18,"url":"../images/kubernetes-master-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"1.3.4"},{"backlink":"concepts/index.html#fig1.3.5","level":"1.3","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":19,"url":"../images/kubernetes-node-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"1.3.5"},{"backlink":"concepts/index.html#fig1.3.6","level":"1.3","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":20,"url":"../images/kubernetes-layers-arch.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"1.3.6"},{"backlink":"concepts/concepts.html#fig1.3.1.1","level":"1.3.1","list_caption":"Figure: 分层架构示意图","alt":"分层架构示意图","nro":21,"url":"../images/kubernetes-layers-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"分层架构示意图","attributes":{},"skip":false,"key":"1.3.1.1"},{"backlink":"concepts/pod-overview.html#fig1.3.2.1.1","level":"1.3.2.1","list_caption":"Figure: pod diagram","alt":"pod diagram","nro":22,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"pod diagram","attributes":{},"skip":false,"key":"1.3.2.1.1"},{"backlink":"concepts/pod.html#fig1.3.2.1.1.1","level":"1.3.2.1.1","list_caption":"Figure: Pod示意图","alt":"Pod示意图","nro":23,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod示意图","attributes":{},"skip":false,"key":"1.3.2.1.1.1"},{"backlink":"concepts/pod.html#fig1.3.2.1.1.2","level":"1.3.2.1.1","list_caption":"Figure: Pod Cheatsheet","alt":"Pod Cheatsheet","nro":24,"url":"../images/kubernetes-pod-cheatsheet.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Pod Cheatsheet","attributes":{},"skip":false,"key":"1.3.2.1.1.2"},{"backlink":"concepts/service.html#fig1.3.2.4.1","level":"1.3.2.4","list_caption":"Figure: userspace代理模式下Service概览图","alt":"userspace代理模式下Service概览图","nro":25,"url":"../images/services-userspace-overview.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"userspace代理模式下Service概览图","attributes":{},"skip":false,"key":"1.3.2.4.1"},{"backlink":"concepts/service.html#fig1.3.2.4.2","level":"1.3.2.4","list_caption":"Figure: iptables代理模式下Service概览图","alt":"iptables代理模式下Service概览图","nro":26,"url":"../images/services-iptables-overview.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"iptables代理模式下Service概览图","attributes":{},"skip":false,"key":"1.3.2.4.2"},{"backlink":"concepts/deployment.html#fig1.3.2.6.1","level":"1.3.2.6","list_caption":"Figure: kubernetes deployment cheatsheet","alt":"kubernetes deployment cheatsheet","nro":27,"url":"../images/deployment-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes deployment cheatsheet","attributes":{},"skip":false,"key":"1.3.2.6.1"},{"backlink":"concepts/horizontal-pod-autoscaling.html#fig1.3.2.16.1","level":"1.3.2.16","list_caption":"Figure: horizontal-pod-autoscaler","alt":"horizontal-pod-autoscaler","nro":28,"url":"../images/horizontal-pod-autoscaler.png","index":1,"caption_template":"图片 - _CAPTION_","label":"horizontal-pod-autoscaler","attributes":{},"skip":false,"key":"1.3.2.16.1"},{"backlink":"concepts/label.html#fig1.3.2.17.1","level":"1.3.2.17","list_caption":"Figure: label示意图","alt":"label示意图","nro":29,"url":"../images/labels.png","index":1,"caption_template":"图片 - _CAPTION_","label":"label示意图","attributes":{},"skip":false,"key":"1.3.2.17.1"},{"backlink":"guide/using-kubectl.html#fig1.4.2.1.1","level":"1.4.2.1","list_caption":"Figure: kubectl cheatsheet","alt":"kubectl cheatsheet","nro":30,"url":"../images/kubernetes-kubectl-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubectl cheatsheet","attributes":{},"skip":false,"key":"1.4.2.1.1"},{"backlink":"guide/using-kubectl.html#fig1.4.2.1.2","level":"1.4.2.1","list_caption":"Figure: kube-shell页面","alt":"kube-shell页面","nro":31,"url":"../images/kube-shell.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kube-shell页面","attributes":{},"skip":false,"key":"1.4.2.1.2"},{"backlink":"guide/ip-masq-agent.html#fig1.4.3.6.1","level":"1.4.3.6","list_caption":"Figure: IP伪装代理示意图","alt":"IP伪装代理示意图","nro":32,"url":"../images/ip-masq.png","index":1,"caption_template":"图片 - _CAPTION_","label":"IP伪装代理示意图","attributes":{},"skip":false,"key":"1.4.3.6.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.1","level":"1.4.5.1","list_caption":"Figure: API","alt":"API","nro":33,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"API","attributes":{},"skip":false,"key":"1.4.5.1.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.2","level":"1.4.5.1","list_caption":"Figure: wercker","alt":"wercker","nro":34,"url":"../images/k8s-app-monitor-agent-wercker.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"wercker","attributes":{},"skip":false,"key":"1.4.5.1.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.3","level":"1.4.5.1","list_caption":"Figure: 图表","alt":"图表","nro":35,"url":"../images/k8s-app-monitor-agent.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"图表","attributes":{},"skip":false,"key":"1.4.5.1.3"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.1","level":"1.4.5.2","list_caption":"Figure: spark on yarn with kubernetes","alt":"spark on yarn with kubernetes","nro":36,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"spark on yarn with kubernetes","attributes":{},"skip":false,"key":"1.4.5.2.1"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.2","level":"1.4.5.2","list_caption":"Figure: Terms","alt":"Terms","nro":37,"url":"../images/terms-in-kubernetes-app-deployment.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Terms","attributes":{},"skip":false,"key":"1.4.5.2.2"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.3","level":"1.4.5.2","list_caption":"Figure: 分解步骤解析","alt":"分解步骤解析","nro":38,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":3,"caption_template":"图片 - _CAPTION_","label":"分解步骤解析","attributes":{},"skip":false,"key":"1.4.5.2.3"},{"backlink":"practice/node-installation.html#fig1.5.1.6.1","level":"1.5.1.6","list_caption":"Figure: welcome-nginx","alt":"welcome-nginx","nro":39,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-installation-test-nginx.png","index":1,"caption_template":"图片 - _CAPTION_","label":"welcome-nginx","attributes":{},"skip":false,"key":"1.5.1.6.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.5.1.8.1","level":"1.5.1.8","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":40,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-dashboard-raw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.1.8.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.5.1.8.2","level":"1.5.1.8","list_caption":"Figure: V1.6.3版本的dashboard界面","alt":"V1.6.3版本的dashboard界面","nro":41,"url":"../images/dashboard-v163.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"V1.6.3版本的dashboard界面","attributes":{},"skip":false,"key":"1.5.1.8.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.1","level":"1.5.1.9","list_caption":"Figure: dashboard-heapster","alt":"dashboard-heapster","nro":42,"url":"../images/kubernetes-dashboard-with-heapster.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"dashboard-heapster","attributes":{},"skip":false,"key":"1.5.1.9.1"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.2","level":"1.5.1.9","list_caption":"Figure: grafana","alt":"grafana","nro":43,"url":"../images/kubernetes-heapster-grafana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"grafana","attributes":{},"skip":false,"key":"1.5.1.9.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.3","level":"1.5.1.9","list_caption":"Figure: kubernetes-influxdb-heapster","alt":"kubernetes-influxdb-heapster","nro":44,"url":"../images/kubernetes-influxdb-heapster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes-influxdb-heapster","attributes":{},"skip":false,"key":"1.5.1.9.3"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.4","level":"1.5.1.9","list_caption":"Figure: 修改grafana模板","alt":"修改grafana模板","nro":45,"url":"../images/grafana-dashboard-setting.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"修改grafana模板","attributes":{},"skip":false,"key":"1.5.1.9.4"},{"backlink":"practice/efk-addon-installation.html#fig1.5.1.10.1","level":"1.5.1.10","list_caption":"Figure: es-setting","alt":"es-setting","nro":46,"url":"../images/es-setting.png","index":1,"caption_template":"图片 - _CAPTION_","label":"es-setting","attributes":{},"skip":false,"key":"1.5.1.10.1"},{"backlink":"practice/efk-addon-installation.html#fig1.5.1.10.2","level":"1.5.1.10","list_caption":"Figure: es-home","alt":"es-home","nro":47,"url":"../images/kubernetes-efk-kibana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"es-home","attributes":{},"skip":false,"key":"1.5.1.10.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.1","level":"1.5.2.1","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":48,"url":"../images/traefik-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.2.1.1"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.2","level":"1.5.2.1","list_caption":"Figure: traefik-nginx","alt":"traefik-nginx","nro":49,"url":"../images/traefik-nginx.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"traefik-nginx","attributes":{},"skip":false,"key":"1.5.2.1.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.3","level":"1.5.2.1","list_caption":"Figure: traefik-guestbook","alt":"traefik-guestbook","nro":50,"url":"../images/traefik-guestbook.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"traefik-guestbook","attributes":{},"skip":false,"key":"1.5.2.1.3"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.1","level":"1.5.2.2","list_caption":"Figure: 使用dashboard来扩容","alt":"使用dashboard来扩容","nro":51,"url":"../images/dashbaord-scale.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用dashboard来扩容","attributes":{},"skip":false,"key":"1.5.2.2.1"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.2","level":"1.5.2.2","list_caption":"Figure: Traefik的UI","alt":"Traefik的UI","nro":52,"url":"../images/traefik-dashboard-locust.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Traefik的UI","attributes":{},"skip":false,"key":"1.5.2.2.2"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.3","level":"1.5.2.2","list_caption":"Figure: Locust启动界面","alt":"Locust启动界面","nro":53,"url":"../images/locust-start-swarming.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Locust启动界面","attributes":{},"skip":false,"key":"1.5.2.2.3"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.4","level":"1.5.2.2","list_caption":"Figure: Dashboard查看页面","alt":"Dashboard查看页面","nro":54,"url":"../images/sample-webapp-rc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Dashboard查看页面","attributes":{},"skip":false,"key":"1.5.2.2.4"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.5","level":"1.5.2.2","list_caption":"Figure: Locust测试结果页面","alt":"Locust测试结果页面","nro":55,"url":"../images/locust-dashboard.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Locust测试结果页面","attributes":{},"skip":false,"key":"1.5.2.2.5"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.5.2.3.1","level":"1.5.2.3","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":56,"url":"http://olz1di9xf.bkt.clouddn.com/kubenetes-e2e-test.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.2.3.1"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.5.2.3.2","level":"1.5.2.3","list_caption":"Figure: locust-test","alt":"locust-test","nro":57,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-locust-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"locust-test","attributes":{},"skip":false,"key":"1.5.2.3.2"},{"backlink":"practice/edge-node-configuration.html#fig1.5.2.4.1","level":"1.5.2.4","list_caption":"Figure: 边缘节点架构","alt":"边缘节点架构","nro":58,"url":"../images/kubernetes-edge-node-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"边缘节点架构","attributes":{},"skip":false,"key":"1.5.2.4.1"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.1","level":"1.5.3.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":59,"url":"../images/filebeat-log-collector.png","index":1,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"1.5.3.2.1"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.2","level":"1.5.3.2","list_caption":"Figure: Kibana页面","alt":"Kibana页面","nro":60,"url":"../images/filebeat-docker-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kibana页面","attributes":{},"skip":false,"key":"1.5.3.2.2"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.3","level":"1.5.3.2","list_caption":"Figure: filebeat收集的日志详细信息","alt":"filebeat收集的日志详细信息","nro":61,"url":"../images/kubernetes-filebeat-detail.png","index":3,"caption_template":"图片 - _CAPTION_","label":"filebeat收集的日志详细信息","attributes":{},"skip":false,"key":"1.5.3.2.3"},{"backlink":"practice/monitor.html#fig1.5.3.4.1","level":"1.5.3.4","list_caption":"Figure: Kubernetes集群中的监控","alt":"Kubernetes集群中的监控","nro":62,"url":"../images/monitoring-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes集群中的监控","attributes":{},"skip":false,"key":"1.5.3.4.1"},{"backlink":"practice/monitor.html#fig1.5.3.4.2","level":"1.5.3.4","list_caption":"Figure: kubernetes的容器命名规则示意图","alt":"kubernetes的容器命名规则示意图","nro":63,"url":"../images/kubernetes-container-naming-rule.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kubernetes的容器命名规则示意图","attributes":{},"skip":false,"key":"1.5.3.4.2"},{"backlink":"practice/monitor.html#fig1.5.3.4.3","level":"1.5.3.4","list_caption":"Figure: Heapster架构图(改进版)","alt":"Heapster架构图(改进版)","nro":64,"url":"../images/kubernetes-heapster-monitoring.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图(改进版)","attributes":{},"skip":false,"key":"1.5.3.4.3"},{"backlink":"practice/monitor.html#fig1.5.3.4.4","level":"1.5.3.4","list_caption":"Figure: 应用监控架构图","alt":"应用监控架构图","nro":65,"url":"../images/kubernetes-app-monitoring.png","index":4,"caption_template":"图片 - _CAPTION_","label":"应用监控架构图","attributes":{},"skip":false,"key":"1.5.3.4.4"},{"backlink":"practice/monitor.html#fig1.5.3.4.5","level":"1.5.3.4","list_caption":"Figure: 应用拓扑图","alt":"应用拓扑图","nro":66,"url":"../images/weave-scope-service-topology.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"应用拓扑图","attributes":{},"skip":false,"key":"1.5.3.4.5"},{"backlink":"practice/data-persistence-problem.html#fig1.5.3.5.1","level":"1.5.3.5","list_caption":"Figure: 日志持久化收集解决方案示意图","alt":"日志持久化收集解决方案示意图","nro":67,"url":"../images/log-persistence-logstash.png","index":1,"caption_template":"图片 - _CAPTION_","label":"日志持久化收集解决方案示意图","attributes":{},"skip":false,"key":"1.5.3.5.1"},{"backlink":"practice/using-prometheus-to-monitor-kuberentes-cluster.html#fig1.5.3.7.1","level":"1.5.3.7","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":68,"url":"../images/kubernetes-prometheus-monitoring.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"1.5.3.7.1"},{"backlink":"practice/using-heapster-to-get-object-metrics.html#fig1.5.3.8.1","level":"1.5.3.8","list_caption":"Figure: Heapster架构图","alt":"Heapster架构图","nro":69,"url":"../images/heapster-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图","attributes":{},"skip":false,"key":"1.5.3.8.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.5.4.1.2.1","level":"1.5.4.1.2","list_caption":"Figure: Screen Shot 2017-03-23 at 21.50.34","alt":"Screen Shot 2017-03-23 at 21.50.34","nro":70,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-23-at-21-50-34.png?w=440","index":1,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-23 at 21.50.34","attributes":{},"skip":false,"key":"1.5.4.1.2.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.5.4.1.2.2","level":"1.5.4.1.2","list_caption":"Figure: Screen Shot 2017-03-24 at 11.09.34.png","alt":"Screen Shot 2017-03-24 at 11.09.34.png","nro":71,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-24-at-11-09-341.png?w=440","index":2,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-24 at 11.09.34.png","attributes":{},"skip":false,"key":"1.5.4.1.2.2"},{"backlink":"practice/helm.html#fig1.5.5.1.1","level":"1.5.5.1","list_caption":"Figure: Helm chart源","alt":"Helm chart源","nro":72,"url":"../images/helm-charts-repository.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm chart源","attributes":{},"skip":false,"key":"1.5.5.1.1"},{"backlink":"practice/helm.html#fig1.5.5.1.2","level":"1.5.5.1","list_caption":"Figure: TODO应用的Web页面","alt":"TODO应用的Web页面","nro":73,"url":"../images/helm-mean-todo-aholic.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"TODO应用的Web页面","attributes":{},"skip":false,"key":"1.5.5.1.2"},{"backlink":"practice/create-private-charts-repo.html#fig1.5.5.2.1","level":"1.5.5.2","list_caption":"Figure: Helm monocular界面","alt":"Helm monocular界面","nro":74,"url":"../images/helm-monocular-jimmysong.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm monocular界面","attributes":{},"skip":false,"key":"1.5.5.2.1"},{"backlink":"practice/jenkins-ci-cd.html#fig1.5.6.1.1","level":"1.5.6.1","list_caption":"Figure: 基于Jenkins的持续集成与发布","alt":"基于Jenkins的持续集成与发布","nro":75,"url":"../images/kubernetes-jenkins-ci-cd.png","index":1,"caption_template":"图片 - _CAPTION_","label":"基于Jenkins的持续集成与发布","attributes":{},"skip":false,"key":"1.5.6.1.1"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.1","level":"1.5.6.2","list_caption":"Figure: OAuth注册","alt":"OAuth注册","nro":76,"url":"../images/github-oauth-register.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OAuth注册","attributes":{},"skip":false,"key":"1.5.6.2.1"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.2","level":"1.5.6.2","list_caption":"Figure: OAuth key","alt":"OAuth key","nro":77,"url":"../images/github-oauth-drone-key.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OAuth key","attributes":{},"skip":false,"key":"1.5.6.2.2"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.3","level":"1.5.6.2","list_caption":"Figure: Drone登陆界面","alt":"Drone登陆界面","nro":78,"url":"../images/drone-login-github.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Drone登陆界面","attributes":{},"skip":false,"key":"1.5.6.2.3"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.4","level":"1.5.6.2","list_caption":"Figure: Github启用repo设置","alt":"Github启用repo设置","nro":79,"url":"../images/drone-github-active.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Github启用repo设置","attributes":{},"skip":false,"key":"1.5.6.2.4"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.5","level":"1.5.6.2","list_caption":"Figure: Github单个repo设置","alt":"Github单个repo设置","nro":80,"url":"../images/drone-github-repo-setting.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Github单个repo设置","attributes":{},"skip":false,"key":"1.5.6.2.5"},{"backlink":"usecases/service-discovery-in-microservices.html#fig1.6.1.1.1","level":"1.6.1.1","list_caption":"Figure: 微服务中的服务发现","alt":"微服务中的服务发现","nro":81,"url":"../images/service-discovery-in-microservices.png","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务中的服务发现","attributes":{},"skip":false,"key":"1.6.1.1.1"},{"backlink":"usecases/service-mesh.html#fig1.6.2.1","level":"1.6.2","list_caption":"Figure: Service Mesh 架构图","alt":"Service Mesh 架构图","nro":82,"url":"../images/serivce-mesh-control-plane.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Service Mesh 架构图","attributes":{},"skip":false,"key":"1.6.2.1"},{"backlink":"usecases/istio.html#fig1.6.2.1.1","level":"1.6.2.1","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":83,"url":"../images/istio-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"1.6.2.1.1"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.1","level":"1.6.2.1.1","list_caption":"Figure: BookInfo Sample应用架构图","alt":"BookInfo Sample应用架构图","nro":84,"url":"../images/bookinfo-sample-arch.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample应用架构图","attributes":{},"skip":false,"key":"1.6.2.1.1.1"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.2","level":"1.6.2.1.1","list_caption":"Figure: BookInfo Sample页面","alt":"BookInfo Sample页面","nro":85,"url":"../images/bookinfo-sample.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample页面","attributes":{},"skip":false,"key":"1.6.2.1.1.2"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.3","level":"1.6.2.1.1","list_caption":"Figure: Istio Grafana界面","alt":"Istio Grafana界面","nro":86,"url":"../images/istio-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio Grafana界面","attributes":{},"skip":false,"key":"1.6.2.1.1.3"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.4","level":"1.6.2.1.1","list_caption":"Figure: Prometheus页面","alt":"Prometheus页面","nro":87,"url":"../images/istio-prometheus.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Prometheus页面","attributes":{},"skip":false,"key":"1.6.2.1.1.4"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.5","level":"1.6.2.1.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":88,"url":"../images/istio-zipkin.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"1.6.2.1.1.5"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.6","level":"1.6.2.1.1","list_caption":"Figure: ServiceGraph页面","alt":"ServiceGraph页面","nro":89,"url":"../images/istio-servicegraph.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"ServiceGraph页面","attributes":{},"skip":false,"key":"1.6.2.1.1.6"},{"backlink":"usecases/linkerd.html#fig1.6.2.2.1","level":"1.6.2.2","list_caption":"Figure: source https://linkerd.io","alt":"source https://linkerd.io","nro":90,"url":"../images/diagram-individual-instance.png","index":1,"caption_template":"图片 - _CAPTION_","label":"source https://linkerd.io","attributes":{},"skip":false,"key":"1.6.2.2.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.1","level":"1.6.2.2.1","list_caption":"Figure: Jenkins pipeline","alt":"Jenkins pipeline","nro":91,"url":"../images/linkerd-jenkins-pipeline.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jenkins pipeline","attributes":{},"skip":false,"key":"1.6.2.2.1.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.2","level":"1.6.2.2.1","list_caption":"Figure: Jenkins config","alt":"Jenkins config","nro":92,"url":"../images/linkerd-jenkins.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Jenkins config","attributes":{},"skip":false,"key":"1.6.2.2.1.2"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.3","level":"1.6.2.2.1","list_caption":"Figure: namerd","alt":"namerd","nro":93,"url":"../images/namerd-internal.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"namerd","attributes":{},"skip":false,"key":"1.6.2.2.1.3"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.4","level":"1.6.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":94,"url":"../images/linkerd-helloworld-outgoing.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.6.2.2.1.4"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.5","level":"1.6.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":95,"url":"../images/linkerd-helloworld-incoming.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.6.2.2.1.5"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.6","level":"1.6.2.2.1","list_caption":"Figure: linkerd性能监控","alt":"linkerd性能监控","nro":96,"url":"../images/linkerd-grafana.png","index":6,"caption_template":"图片 - _CAPTION_","label":"linkerd性能监控","attributes":{},"skip":false,"key":"1.6.2.2.1.6"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.7","level":"1.6.2.2.1","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":97,"url":"../images/linkerd-ingress-controller.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"1.6.2.2.1.7"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.6.3.1.1","level":"1.6.3.1","list_caption":"Figure: spark master ui","alt":"spark master ui","nro":98,"url":"../images/spark-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"spark master ui","attributes":{},"skip":false,"key":"1.6.3.1.1"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.6.3.1.2","level":"1.6.3.1","list_caption":"Figure: zeppelin ui","alt":"zeppelin ui","nro":99,"url":"../images/zeppelin-ui.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"zeppelin ui","attributes":{},"skip":false,"key":"1.6.3.1.2"},{"backlink":"develop/client-go-sample.html#fig1.7.3.1","level":"1.7.3","list_caption":"Figure: 使用kubernetes dashboard进行故障排查","alt":"使用kubernetes dashboard进行故障排查","nro":100,"url":"../images/kubernetes-client-go-sample-update.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用kubernetes dashboard进行故障排查","attributes":{},"skip":false,"key":"1.7.3.1"},{"backlink":"appendix/issues.html#fig1.8.2.1","level":"1.8.2","list_caption":"Figure: pvc-storage-limit","alt":"pvc-storage-limit","nro":101,"url":"../images/pvc-storage-limit.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"pvc-storage-limit","attributes":{},"skip":false,"key":"1.8.2.1"}]},"title":"Kubernetes Handbook","language":"zh-hans","links":{"sidebar":{"Home":"https://jimmysong.io"}},"gitbook":"*","description":"Kubernetes中文指南/实践手册"},"file":{"path":"guide/authenticate-across-clusters-kubeconfig.md","mtime":"2017-08-21T10:23:34.000Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2017-11-01T15:40:15.952Z"},"basePath":"..","book":{"language":""}});
|
||
});
|
||
</script>
|
||
</div>
|
||
|
||
|
||
<script src="../gitbook/gitbook.js"></script>
|
||
<script src="../gitbook/theme.js"></script>
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-page-toc-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-editlink/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/search.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-3-ba/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
|
||
|
||
|
||
|
||
</body>
|
||
</html>
|
||
|