当用户在云容器引擎中拥有多个Kubernetes(K8s)集群实例时,如何在一个主机终端通过kubectl连接访问多个集群,请参考如下指引。
前提条件:
拥有多个集群实例,且当前用户在某一主机网络能够连接多个集群的主机。
原理:
在某一主机上,配置多个集群实例的kubectl访问凭证,通过kubectl命令切换使用不同集群的上下文。
获取多个集群的kubectl访问凭证:
打开云容器引擎的集群信息-连接信息tab页面,可查看到当前集群的访问凭证,点击复制按钮:
apiVersion: v1
clusters:
- cluster:
server: https://xxx.xxx.xxx.xxx:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: "16261"
name: 16261-17120288662000021
current-context: 16262-17120288662000021
kind: Config
preferences: {}
users:
- name: "16261"
user:
client-certificate-data: LS0tLS1CRUdJTiBDR1...
client-key-data: LS0tLS1CRUdJTiBSU0Eg1...
- clusters:描述集群的信息,我们需要取集群的访问地址,用于配置多个集群cluster列表。
- users:描述访问集群访问用户的信息,我们需要取client-certificate-data和client-key-data这两个证书文件内容,用于配置多个集群的user列表。
- contexts:描述集群配置的上下文,每个上下文关联了user和对应的cluster,用kubectl命令切换上下文,便可指定使用指定的user去访问对应的集群。
注意一个集群可能有内网访问地址和公网访问地址,有两个上下文,可配置成两个cluster及对应的usercontext,通过切换上下文选择使用不同的地址访问集群。
配置多个集群的kubectl访问凭证
下面用2个集群为例演示如何修改config文件访问多个集群。
-
获取集群A的访问凭证,例如:
apiVersion: v1 clusters: - cluster: server: https://xxx.xxx.xxx.xx1:6443 name: kubernetes contexts: - context: cluster: kubernetes user: "16261" name: 16261-17120288662000021 current-context: 16261-17120288662000021 kind: Config preferences: {} users: - name: "16261" user: client-certificate-data: LS0tLS1CRUdJTiBDR1... client-key-data: LS0tLS1CRUdJTiBSU0Eg1... -
把集群cluster名、用户user名修改成方便识别的名称,例如集群名修改成cluster-a,用户名修改成cluster-a-user:
apiVersion: v1 clusters: - cluster: server: https://xxx.xxx.xxx.xx1:6443 name: cluster-a contexts: - context: cluster: cluster-a user: "cluster-a-user" name: cluster-a-context current-context: cluster-a-context kind: Config preferences: {} users: - name: "cluster-a-user" user: client-certificate-data: LS0tLS1CRUdJTiBDR1... client-key-data: LS0tLS1CRUdJTiBSU0Eg1... -
获取集群B的访问凭证,例如:
apiVersion: v1 clusters: - cluster: server: https://xxx.xxx.xxx.xx2:6443 name: kubernetes contexts: - context: cluster: kubernetes user: "16262" name: 16262-17120288662000022 current-context: 16262-17120288662000022 kind: Config preferences: {} users: - name: "16262" user: client-certificate-data: LS0tLS1CRUdJTiBDR2... client-key-data: LS0tLS1CRUdJTiBSU0Eg2... -
把集群cluster名、用户user名修改成方便识别的名称,例如集群名修改成cluster-b,用户名修改成cluster-b-user:
apiVersion: v1 clusters: - cluster: server: https://xxx.xxx.xxx.xx2:6443 name: cluster-b contexts: - context: cluster: cluster-b user: "cluster-b-user" name: cluster-b-context current-context: cluster-b-context kind: Config preferences: {} users: - name: "cluster-b-user" user: client-certificate-data: LS0tLS1CRUdJTiBDR2... client-key-data: LS0tLS1CRUdJTiBSU0Eg2... -
把两份凭证合并到同个config文件,把两份文件中的cluster、user、contenxt合并到同一父路径下:
apiVersion: v1 clusters: - cluster: server: https://xxx.xxx.xxx.xx1:6443 name: cluster-a - cluster: server: https://xxx.xxx.xxx.xx2:6443 name: cluster-b contexts: - context: cluster: cluster-a user: "cluster-a-user" name: cluster-a-context - context: cluster: cluster-b user: "cluster-b-user" name: cluster-b-context current-context: cluster-a-context kind: Config preferences: {} users: - name: "cluster-a-user" user: client-certificate-data: LS0tLS1CRUdJTiBDR1... client-key-data: LS0tLS1CRUdJTiBSU0Eg1... - name: "cluster-b-user" user: client-certificate-data: LS0tLS1CRUdJTiBDR2... client-key-data: LS0tLS1CRUdJTiBSU0Eg2...
使用配置凭证
-
把上述config文件配置到home的下面目录:
[docker@10 ~]$ mkdir -p $HOME/.kube [docker@10 ~]$ mv config $HOME/.kube -
使用kubectl命令切换集群上下文:
[docker@10 ~]$ kubectl config use-context cluster-a-context Switched to context "cluster-a-context". [docker@10 ~]$ kubectl cluster-info Kubernetes master is running at https://xxx.xxx.xxx.97:6443 KubeDNS is running at https://xxx.xxx.xxx.97:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. [docker@10 ~]$ kubectl config use-context cluster-b-context Switched to context "cluster-b-context". [docker@10 ~]$ kubectl cluster-info Kubernetes master is running at https://xxx.xxx.xxx.46:6443 CoreDNS is running at https://xxx.xxx.xxx.46:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
