前言:
kubernetes集群通常并不是只有一个集群,特别是对于业务量比较多的公司来说,可能集群的规模会非常大。所有的业务都放到一个kubernetes集群内是不现实的,也不是科学的,就如同你不会把所有数据放到一个MySQL的数据库的一张表里一样,那样会显得很傻很天真。OK,那么现在问题就来了,如果有多达上百个节点的若干kubernetes集群,如何管理?比如,A集群有10个节点,那么,远程登录到A里的一个节点进行管理吗?那么,B集群呢?C集群呢?当然,按用途来说,还有测试用集群,开发用集群,生产用集群等等。无疑的,一个个节点ssh过去是很傻的做法。
OK,可能会有人说,这没什么,我用xshell等工具就可以一个个连接了嘛,很显然,每一个登陆都需要一个节点的操作系统账号权限,对于安全来说无疑是不好的事情(比如,给了一个root账号登陆到A集群的master节点了,啪的一下子,没注意 删掉了系统的某个重要文件,这个时候是不是得懵逼一下,然后准备提桶跑路?)。
那么,有没有更加优雅的方案呢?答案是肯定的,因为kubernetes集群自己就带有RBAC权限管理系统嘛,通过kubeconfig,设置正确的kubernetes权限,在一个机器上就可以管理所有的集群无疑是一件又方便又安全的事情。
概念定义:kubeconfig就是集群的配置文件,此文件可以建立任意的用户,这个集群内的用户通过各种集群内置或者自定义的角色绑定一定的权限,OK,生成这个kuberconfig文件后,将可以在任意一台服务器上进行kubernetes集群的管理,仅仅需要一个kubernetes集群的kubectl客户端即可,这个服务器突然坏掉了?没事,只要有kuberconfig文件就可以了,在找一个有kubectl的服务器使用kubeconfig文件就可以继续管理集群了。那么,kubernetes集群的各个节点的安全性自然提高了很多(都不用登陆节点了嘛,专心的管理集群就完了(干就完了,爱谁谁!!!~~~~~~~~),比如,专心的管理pod,service这些集群资源,岂不美哉???)
- 用于配置集群访问信息的文件叫作 kubeconfig 文件,在开启了 TLS 的集群中,每次与集群交互时都需要身份认证,生产环境一般使用证书进行认证,其认证所需要的信息会放在 kubeconfig 文件中。此外,K8s 的组件都可以使用 kubeconfig 连接 apiserver,client-go 、operator、helm 等其他组件也使用 kubeconfig 访问 apiserver。
- 使用kubeconfig文件来组织有关集群、用户、命名空间和身份认证机制的信息。kubectl 命令行根据使用kubeconfig文件来查找选择集群所需的信息,并与集群的API服务进行通信。
- 默认情况下,kubectl 在 $HOME/.kube 目录下查找名为config的文件,可以通过设置KUBECONFIG环境变量或设置--kubeconfig参数来指定其他Kubeconfig文件。
- kubectl是操作k8s的一个客户端工具,只要为kubectl提供链接apiserver的配置(kubeconfig),kubectl可以在任何地方操作该集群。
-
kubectl加载配置文件的顺序:
1) kubectl 默认连接本机的 8080 端口
2) 从 $HOME/.kube 目录下查找文件名为 config 的文件
3)通过设置环境变量 KUBECONFIG 或者通过设置去指定其它 kubeconfig 文件
可能有同学问了,哪里有kubeconfig文件?需要手写吗?如何正确的优雅的使用这个所谓的kubeconfig文件?
OK,本文就是专门来讲解这些问题的。
一,
kubeconfig文件在哪里?
和安装手法有关系,kubeconfig的生成也是不一定的,但不管如何说,集群部署搭建的时候必定有一个kubeconfig文件,这个文件里包含的用户是拥有最高权限的,否则集群部署完了,没有用户,那可管理不了集群了。
二进制部署方式:
通常在安装kube-apiserver服务后就会初始化一个kubeconfig文件,当然,二进制里这个文件的名称比较随意,都是自定义的,例子可见我的博客:
云原生|kubernetes|kubernetes-1.18 二进制安装教程单master(其它的版本也基本一样)_晚风_END的博客-CSDN博客_二进制安装kubelet
下面是关于kubeconfig文件生成的截图:
kubeadm部署方式(当然也包括集成部署方式,例如minkube,它们的kubeconfig文件都是全自动生成的):
集成部署方式会贴心的给你省去自己手写kubeconfig的烦恼,自动生成,生成时间一般为初始化集群的时候,也就是说,kubeadm init 命令执行后,此命令的输出日志里会有提示,现只截取提示的那一部分:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
OK,以上的意思表明 此kubeconfig文件存放在了/etc/kubernetes/目录下,名称一般固定的是admin.conf ,将此文件放入隐藏目录 .kube下并重命名为了config,然后赋予当前用户的权限。因此,不管是哪种方式部署的集群,一般有做上面这一串步骤的话,kubeconfig的存放位置都在 .kube/目录下的config文件。
二,
kubeconfig文件内容
以我前面部署的minikube为例,先看看这个文件的内容吧:
[root@node3 mnt]# cat config
apiVersion: v1
clusters:
- cluster:
certificate-authority: /root/.minikube/ca.crt
server: https://192.168.217.23:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /root/.minikube/profiles/minikube/client.crt
client-key: /root/.minikube/profiles/minikube/client.key
OK,此文件表明用户minikube可以通过kubectl和server为192.168.217.23:8443的apiserver通信,这个集群名称为minikube,并且需要三个携带三个证书文件,从而管理集群。那,我不想带证书,太麻烦了,也不想用这个用户,只想在别的服务器上有一个kubectl就可以连接到这个minikube集群,就可以做集群管理了,可以吗?
答案当然是可以的。
这里多说一句,为什么这个kubeconfig和一般见到的其它集群的kubeconfig不太一样,整个都是证书路径呢?只是由于我初始化此集群的时候没有使用--embed-certs=true这个参数罢了。embed-certs 这个参数如果是true的话,那么,生成的kubeconfig将会内嵌证书。这个下面就会讲到。
三,
kubeconfig文件可不可以手写?
kubeconfig文件不可手写,手写会出各种各样的问题,反正我是尝试了几个小时,也可能是坐姿不对吧,不建议手写。有命令就可以生成,手写是不是傻,对吧。
OK,上面的kubeconfig文件证书不是内嵌的,现在把它修改成内嵌的,重置集群在添加--embed-certs=true参数不是我的风格嘛(重置了等于认怂了,对吧),然后集群名称也看的不爽,修改掉。用户由于和角色绑定了,我也不知道和哪个角色绑定了就还是原来 的吧。
以下操作在192.168.217.23服务器上执行,方面读取证书的信息。
A,
设置一个变量,此变量下面的命令引用,变量值为要设置的集群的apiserverIP和端口
KUBE_APISERVER="https://192.168.217.23:8443"
kubectl config set-cluster myminikube \
--certificate-authority=/root/.minikube/ca.crt \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=bootstrap.kubeconfig
- set-cluster myminikube 设置集群名称为myminikube
- --kubeconfig=bootstrap.kubeconfig kubeconfig名称的定义,因为我是登陆专用文件,因此,bootstrap,当然可以任意取名,只要你知道干什么的就行
- --embed-certs=true \ 证书内嵌开启
- --certificate-authority=/root/.minikube/ca.crt \ 集群的ca证书,其实是复制了上面那个文件里写的路径,kubeadm的证书一般存放在/etc/kubernetes/pki目录下--server=${KUBE_APISERVER} \ 集群的apiserver的通信网址,此CA证书里的CN就是将要使用的用户。
- 此命令执行后,会在当前目录下生成名叫bootstrap.kubeconfig的文件
B,
- set-credentials minikube \ 这里minikube也是随意的一写,无所谓,爱谁谁,这个名字是users的名字,一哈看生成的kubeconfig就知道了,无关紧要。
- --client-certificate这个和上面的命令基本一样,只是内嵌的证书是客户端使用的,此证书将会由apiserver这个服务校验是否正确。--client-key也是客户端证书,只是是key而已。
kubectl config set-credentials minikube \
--client-certificate=/root/.minikube/profiles/minikube/client.crt \
--client-key=/root/.minikube/profiles/minikube/client.key \
--embed-certs=true \
--kubeconfig=bootstrap.kubeconfig
C,
- set-context default \ 设置上下文,这个上下文可就关键了,上下文也是有名称的,这里名字叫default,如果kubeconfig文件内定义了多个集群,可全靠这个名称切换集群了,后话,先放这。
- --cluster=myminikube \集群名称要上面定义的,这里不要瞎写了。
- --user="minikube" \ 这里也不要乱写了,要不还需要给用户设置权限,就很麻烦。
kubectl config set-context default \
--cluster=myminikube \
--user="minikube" \
--kubeconfig=bootstrap.kubeconfig
D,
- 这个命令是设置current-context 名称的,current-context 是当前使用的上下文的意思,如果使用此kubeconfig文件的话。对应命令是:kubectl config current-context,可以快速查询现在用的是哪个集群的上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
OK,此kubeconfig文件就通过这四个命令生成了,可以看看此kubeconfig的内容了:
[root@node3 media]# cat bootstrap.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJeU1URXdNVEE1TWpnd05Gb1hEVE15TVRBek1EQTVNamd3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSm5qCm5PNm94a1VJNGR1UGlsb3RXd3FpdUp3TDVlcjJGczhqL3lIb2ViNkVDa1ZuTldncHBOZHlCS3N2UytjQjhkOTUKb1Jjd25ZamhsOGZta25YUytRK2gzbmJsY3JKWE1OQytnWkdqRldEVCtqOUwvT3NRd1BjbFE1eWFoNEtFY2kvbApUOWhhdlJCRXFRMzY2ZjhsZDZlSytaOFF5bWV4QlkvRlp6THdZMmtRajZnZU9NZkRoY0JSM3NWYjVweHRBSlByCk8xVWpudkxkRVRLekw1ajZYdXlGLzdsaGZhcE5aSFpIMUs2WjF3R3RTYUF0L0FGZmJDTFcvaDMyRlVkUExKTU0KMkVkVU1PaVVIeXorM3dWNEVONWlOY0FuUk9kYTlCdTBsRjRLbVVzNSt1SkNVc0lReXRvbDBwenpxWWZOWEtUSQpkT2trSGdYdWtSaGIyZ3JuTHg4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCOHkzRzBCbEw4TDdPUFpTckJ2RlpNSWJJSEpzRE83cG5WVGkvWW95VWg5TFdndnB1TQpvMDdjOWJKM21YN25OVGFyOU1la1JnZ2hTTHBkTHBjaFlOSEY5bkFzQ3liblI3L05ZZVZlYUFSM2xRaWNETTJBCnAxV2YwYzhJZ0tJUHk0Z0k2MThOQkhtSUlnTEU1Yk1BSkczalFDNXBzcnM1ZXlsUnVrNkdCbEpia280YThJS1cKQm9QWHFtM2M1WGd3c0MvckhxU1lyL2RaYXlOL3dGQmIyRWJIS1gyMXRpZEZKYXhITGZKaUhRM1pjRGl5eHdqTwpSNTA3SzgvbTQrVEJrM012RzlFNUp4S2xiNk43M0NSbGo4ZUtJRm1vanBDRk5EWk5udkNPc3FnZ1YybXhHaEtDCkRLRXZ6SFI0VkhnRnliUHNEb0tOY2NjbERxeTRMelFkK3c4agotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.217.23:8443
name: myminikube
contexts:
- context:
cluster: myminikube
user: minikube
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJeU1URXdNakE1TkRVeE4xb1hEVEl6TVRFd016QTVORFV4TjFvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDM21rQThRSE14bk90aDQyZFRoc1cxc2pBeFQrdlAKQVBxeHRSam1ickNabVJOTWZxckVweXNVWWJqOWdHWGtrckhtR0FabmptRmlTVEVieTlOZVcxeGJvbE9BamVsVwp3Wlh5NFRlbTk1anVPV0EvakIzNWhNdC84c0lER2xvQ3d2R1ErZUwvcFZSSkc4bTh3RGJxOU92V2dybnRndllyCkJSMjZ4b3NpSUZONVVKdTBPb0cxNnE3bUNDY1FyblJjREVnejg2QW9rUllGYVJqUWlaUWZrcmYxK3kyWnhRVkQKdFlzUURycytuRk5kWWltcnJwdUl1SFdabXh1aXN2MFI0eWFLa0xkRHBFalkrNzBHYm9OMVF3MWxMS1VhWDdCZQpnYTFENVJWalY3RjJSMGlhTitneDQ1WUFTTUxhUHJ5WHhUakEzRmVjc01KZDZaVFpscnpuQjExNUFnTUJBQUdqClB6QTlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZjF2NklkaWdKTlpHZURkUgo5SzZsd3RtWHdWVEJNZnliZEVlZFcxMjJEZGMwWThDdEw0VEtjOGEyeEJGNnFHQ3M5bDlzdXEwZS9aREJGbVJXCnc0d05tc0pSSm9Xejg0cm9WUGFJUTF1YlpPMmxZOUViaU9SMGZSRVZXYXNTZ1RoaExEOWdVUnpLZjd2bDFRNEgKL3A2M2ExTWJzQlBlMlFHK09GR09pMlFKcWtxTndVcnQ5ZE53RVFKSjFMbUJtQlBzUFFzQ1JoaXR0NCt6OWltagp0MlZVY0M3bVZvOWNMVVFma0pubnJRdjFmeGxDeEo2M2Z6eEVpNEtNYjM4N1ljakhqTXhiUmJDdWoyZ1dvenk0CkRRMzlzN2dqMkE4ZUdqQ2FRdWRzbVlERFB1VGlaTEtWUlZ2Nkczck9xUUdxancwaitPajRtT1BZeDdXZlR5Mm4KdnJoK3V3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdDVwQVBFQnpNWnpyWWVOblU0YkZ0Ykl3TVUvcnp3RDZzYlVZNW02d21aa1RUSDZxCnhLY3JGR0c0L1lCbDVKS3g1aGdHWjQ1aFlra3hHOHZUWGx0Y1c2SlRnSTNwVnNHVjh1RTNwdmVZN2psZ1A0d2QKK1lUTGYvTENBeHBhQXNMeGtQbmkvNlZVU1J2SnZNQTI2dlRyMW9LNTdZTDJLd1VkdXNhTElpQlRlVkNidERxQgp0ZXF1NWdnbkVLNTBYQXhJTS9PZ0tKRVdCV2tZMEltVUg1SzM5ZnN0bWNVRlE3V0xFQTY3UHB4VFhXSXBxNjZiCmlMaDFtWnNib3JMOUVlTW1pcEMzUTZSSTJQdTlCbTZEZFVNTlpTeWxHbCt3WG9HdFErVVZZMWV4ZGtkSW1qZm8KTWVPV0FFakMyajY4bDhVNHdOeFhuTERDWGVtVTJaYTg1d2RkZVFJREFRQUJBb0lCQVFDRjAwZ0k0czFVRjFXMgpkd09FYlZMRTJrbW9WK0hBYzYxSFJJSU96QldyRDFseXcwMERvL21SbEowN0laQ2paNDJGOG5NUW5rWTdWckFWCjI1NklRejF4aVVNbUM4cE5zekx4NHRrbXVZaGQ4N0pFLzRPRnNSYUhmMUdNNDNOQ1dnZXJyWWlZNEZBc0xiWUEKLzNYSUVwZW9Ob2NCS1JqM1NIWmdBb0c5Y1NTRzRrOGtlam52T2Y5TWRNZ1JTL2NvT2FMdk5qbCt4QjJwb3MxaAp3UFNKamg4bGNTZzhiUjMvMjYxQkpIMWt5RU04dU04cEZtdFp1Q3N3VU1uNFZqMnNVUnVUOWpkaDljYnFmUE1KCmZqN1VnZHhBSkZHRTBKc2VidjVBN3BZY3Q0VWg2NE1yNklmOTdjRDZSdHNOa2oxYTRTdFBwQVQ3SWs0RThiWkIKUnNoMEtKc0JBb0dCQU5DMm5mUXFlZlZHdDBYaXEvVzFPcm9mKy9MM3JXbEZCNjVpYmxQZUh2alhHRFhGZ083NgpqR2hxS2E0RWFCS1VBdER6YmZrYzlXa1FSSFhqUkxxZVhML2Fhb1FHMjJJMVZ5Z09ZdkxTSStGdmJrb0paMExsCmZpYmRmZFRaVXc1d0hsajJYRkMzVzMrMHNiUXlSQVlFaW1DeGJvU0tCNHZ5OGFhUlFsODJhOU5aQW9HQkFPRXoKTk1iUXNsaEJYVjBTVUVrTWRKbWlFYlVWdzNnemhORnAxVnNSNnlUakxIR0NvNllQZk02RzNlVDFHdndWTFZCOQpHY2lvVlZPbVF3UDBoRjJzTVl6NUtidytGTEM1bXZXZnEvVGNDQzZ3RGt0VGFZUW0vZVRzdFkzVkNDQmNZOTZ4Ck9EeEU3UFplN1RydVU3WnA2SUFCYWNKSzYyYjhleG1DWVI5RVlUY2hBb0dBTGVkY1NpMWxjV3JDT0Y2b1Qzd3kKbEdrZ2NzbkNuQnFRbSt3T00rZndpKzVTNXRDdmtPQU9MWkRiNWVnV002L1dCcnJqZnh5OVpRUXM2bmkzend1eApmb2k5VUpocGUrb2Jaelh5MFZFaWp4eUE5MHVtS0hKdEVvTTRmNjNrdEpJNE9uekV4UVB1M2VHU0MvM2FORENmCmRyRFBpOXNIMmVIdkFDR0dwWVpFcE5FQ2dZRUFscDNnMW5nT1QraW53Ty9Xc29TYUY0YkZ3UTlsUktkd1ZYOHIKSzFXNHAxc3BCbUlSZ2FjcUdoY3BvVkF0VkJ2MXlyZGczMHQyaGhQVkRuZ2piMk1UWU8za2Mvb3hiR0UydXNDbwpDWVNBRkhtN2xiV2NCTDd2WUlUUWlLUEtZNXBuVVRIR0lza1drMUM1Nllnc2hQd2dmRHgxdDNUVUxIVUEvL2FyCmJuWVZid0VDZ1lFQXFmL2JLYk5PTXFobHBhM1RrSDBZM1luM05jRGhoTHlpV2diRkM4YjN6TW45THdjdTZ5SE4Kb2Z5ekV6Y0hFbDFBZE1OSzMwMFpkaVNCYll2RldBblRaL2JIUXRydTJ4OXpoZ051VjhOL1BaUjVTNVh6TVhxTApCTUJZZmZRck1xV3FqZDdxVEQ1Y1VkMFE4MEV0cnQ3L05GcTFxcXN1SDdRNFgwdkR3Sk16dFM4PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
可以看到client-certificate变成了client-certificate-data,其它两个证书也是一样的,多了个-data,集群名称也变了,是myminikube,ok,现在就使用它试试。
特别提醒注意:
这两个必须是一致的,是一对的,比如,现在都是default,那么, 同时修改为zsk也是可以的。
和也是一对的,必须一致,比如,现在的这个minikube同时修改为john也是可以的。
它实际使用的用户应该是生成CA证书的那个json文件里的CN值,和这个kubeconfig里设置的用户名称毛的关系都没有。
四,
kubeconfig文件的使用:
定义环境变量,这个环境变量非常非常重要 KUBECONFIG 它的值是这个kubeconfig文件的绝对路径就可以了,我把这个文件存放到了23服务器的/media 文件夹下了:
export KUBECONFIG=/media/bootstrap.kubeconfig
OK,现在就可以使用kubectl试试使用此kubeconfig文件连接192.168.217.23:8443 这个apiserver了(还是在23服务器上):
[root@node3 media]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default static-web-node3 1/1 Running 0 4h42m
kube-system coredns-7ff77c879f-nsj95 1/1 Running 0 5h25m
kube-system etcd-node3 1/1 Running 0 5h25m
kube-system kube-apiserver-node3 1/1 Running 0 5h25m
kube-system kube-controller-manager-node3 1/1 Running 0 5h25m
kube-system kube-flannel-ds-amd64-6cdl5 1/1 Running 0 5h25m
kube-system kube-proxy-vdhzr 1/1 Running 0 5h25m
kube-system kube-scheduler-node3 1/1 Running 0 5h25m
kube-system storage-provisioner 1/1 Running 0 5h25m
证明连接没有问题,kubectl config view 可以查看当前使用的kubeconfig文件的大概信息,可以看到证书的详细信息是隐藏了,集群名称也是前面设置的my:
[root@node3 media]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.217.23:8443
name: myminikube
contexts:
- context:
cluster: myminikube
user: minikube
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
那么,把这个文件传到另一台服务器,例如192.168.217.24服务器上,此服务器上只安装了一个kubectl:
版本说明:
注意,kubectl我安装的版本是1.22.2,管理的集群minikube的版本是1.18.8,因此,最后有一个报警,说客户端和服务端版本最好相差1,否则会出问题。
[root@node4 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:5b:a4:eb brd ff:ff:ff:ff:ff:ff
inet 192.168.217.24/24 brd 192.168.217.255 scope global ens33
[root@node4 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.2", GitCommit:"8b5a19147530eaac9476b0ab82980b4088bbc1b2", GitTreeState:"clean", BuildDate:"2021-09-15T21:38:50Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-13T16:04:18Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
WARNING: version difference between client (1.22) and server (1.18) exceeds the supported minor version skew of +/-1
192.168.217.23上面安装的minkube版本是1.18.8:
[root@node3 media]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:70:12:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.217.23/24 brd 192.168.217.255 scope global ens33
[root@node3 media]# kubectl get no
NAME STATUS ROLES AGE VERSION
node3 Ready master 5h34m v1.18.8
说明kubectl确实是客户端,192.168.217.24服务器上只需要安装一个kubectl就可以了。
23上,上传前面命令制作的kubeconfig文件到24根目录:
[root@node3 media]# scp bootstrap.kubeconfig 192.168.217.24:~/
root@192.168.217.24's password:
bootstrap.kubeconfig 100% 5482 1.5MB/s 00:00
在24服务器上使用传来的文件(定义环境变量):
[root@node4 ~]# export KUBECONFIG=/root/bootstrap.kubeconfig
[root@node4 ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default static-web-node3 1/1 Running 0 4h55m
kube-system coredns-7ff77c879f-nsj95 1/1 Running 0 5h38m
kube-system etcd-node3 1/1 Running 0 5h38m
kube-system kube-apiserver-node3 1/1 Running 0 5h38m
kube-system kube-controller-manager-node3 1/1 Running 0 5h38m
kube-system kube-flannel-ds-amd64-6cdl5 1/1 Running 0 5h38m
kube-system kube-proxy-vdhzr 1/1 Running 0 5h38m
kube-system kube-scheduler-node3 1/1 Running 0 5h38m
kube-system storage-provisioner 1/1 Running 0 5h39m
OK了,现在只需要把上面这个环境变量写入/etc/profile文件内,以后集群开机后就只需要登录24服务器就可以进行集群管理工作了。那么,假如有多个集群呢?
这个就简单了,把每个集群的kubeconfig文件都统一放置到一个服务器内,比如我这个192.168.217.24服务器内,然后进行kubeconfig文件的合并。
五,
kubeconfig文件的合并
现在有两个集群,一个是kubeadm安装的高可用四节点集群,vip为192.168.217.100,一个是minkube,IP地址为192.168.217.23
将kubeadm部署的集群的kubeconfig文件kubeadm-config放置到192.168.217.24服务器上,文件内容如下:
[root@node4 ~]# cat kubeadm-config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1URXdNVEV5TXpReE1sb1hEVE15TVRBeU9URXlNelF4TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk50CjBPUC94dmlnSlZSb0lteGpWd1JXREZUWWxFWVV5eW5NL0xOL09GRnJxdk1mV0FTa280UlpPazNMa05kSW9XWXQKdmErUXc4eEFKb2NjVkgzQkF6N1VDRG1aWkNJbVN2M2JSVitBL2VxLzlqbERINjE4L2JSQzB4ckoyRndTYStkUgp6Z1k0MUs0TlRBZmxQTjZlSVJ4TTQ0QnM4blVMNDZ5ODBYczg5N3QrdFp0YkdVNXhWL0h4VzBMR3RpbHdab09rCmEzeDlSa05IdG5oaTM4NndrYkNScnlwR3NSRXVXaUoyMGFmbkxDamNvSDhLZHgwd1hrTHN1RHY5Q2lFV21CVVAKRXhDc1J2a2R3RmNUak5Jb2hHSHFmbXRjT3RKYnlVYXV5YjFTQ1JSZWw0cXBUNnR1U3BtaW9DQVNaQXRNbVovRwpWTGV2cjNPR0hKOGZHQUF4MlRFQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFcUxCT2lyK0g3bjhSSmFLYjg1R0FocjBjU0tNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR3QxSHptY1pYTng0KzIyMTlERAphaVRFWFlIeE4xaVQ2bnV6SllCc0xjVFVscFRWTjNoT25CbUc0aGhZVGVscngzU1J0VndVeVNIRHgrT0QvL3F3CmtXZml2NUVMRzRyVTNNb1lmVlQ1MWcybzhXMHlnV2h3UkdSRGZJYTEwTy9hN1RlVWVmVjk2UWc5bUJqOTNJcTYKbW9nRWdYOVZMeiswYmpZL2Q4ZkhUcDVPTU04V0xOK0xVd0lac0dLWE1ldnZsMTlZTlpvVXh1azdKMFFrWmZvVwpCaHBaMTRmWjE2TVJTTHRSZDdtc0FOL1RLZVVJRmp0Tm41U3ZtV1hEUUhoLzJNK2dPWjZUa1kzcHRqM1BMZGlsClRWYnpGQXpOUjdMQW52VWs3V3RscERyd1NrL1N6YXpvRDU4dzZ2eXJsc0ZpSmFVM2R3UXE5RUl3RmJzSGgvN0wKZ0dZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.217.100:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWTFlRWwvV21KTjR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpFeE1ERXhNak0wTVRKYUZ3MHlNekV4TURFeE1qTTBNVFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXI4STl1dnh6ZlJqU1lzVzAKaGxRWTB6NXdpcEVaVWJJS0N2NVppcjdtU2lzVXN4V21lc2xEOW1TMHNJOEIwRXBxbjVnMjVnRTg5c1lDa0R3SQpVWVpqZHVDd1paeDNlTmZsSmdES04xTmxXU3ljRzZhSGI2NzdncWVPWStlNHBxRTV1YzNPRWVyRTR6ajJPTHZBCjdjYjVYT0lqWXNKRkxINlMyODVoN2NyU3JMdVJudklwYXdVQ3V0MmdXZGFPYUJ2RDRqUzBiMUQ5RkFjYktZVXAKT2FuZTdmRTAyNHdBZlNjd3FUdmlRVEhTbFZLdFByeUh4TUluMnlmc3ZNT0NseWRCdCtDemdDM0lnb1QzWXpPUgp3WDloTVF6bEx2cU1Ga2Rub1ZHelo4Q2tGNVRmM01QckxKZzc0QlFjVGtlWU1HQkJSVHZBYU9uUlpJMFI5NDYzCkduQTgzUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSS2l3VG9xL2grNS9FU1dpbS9PUmdJYTlIRQppakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWG1hSlh4ZGFlMm93V0pqQ0d3ZGEwNFJXMHJaQ3JQcStJUTNpCjduYzhwMjVIbEc4ZDU1VVdDU2ZNa3hIakhJemFGMmYxRUduTkRWa1I1ZFo3Y3JxcUVBRVlOOGRBOS9NcFcrZUUKR1MxaXFVTytvNS8zYjBvaGtIaGlPR3VEQ2orb0c1MEd1aFdxZC9Sd1Mva1Y4bUZJdFB2bEVwMG5SV3dNOW84dgozMGorVEtUcUNLRitxQlVMckRnamNpOUN3ckJLK0pCUzdIQXpDUitldURQN3RUUWZFRG9iSlIxMGw1am0rWnpVCi81K1Y2M1kzZG1kOWZmQXhUZmpWN3MvRk1vcUJPUHpjRWRmNUdHTHZ3dU1NdittL1VMV29JRE0rWENzVWNOYnEKREhhWVcxcDRPMnlLcExjT0lmSld2OHRNNlJ0NmhxQkhVZGN4RW5FOEFBb2pDemo1a3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcjhJOXV2eHpmUmpTWXNXMGhsUVkwejV3aXBFWlViSUtDdjVaaXI3bVNpc1VzeFdtCmVzbEQ5bVMwc0k4QjBFcHFuNWcyNWdFODlzWUNrRHdJVVlaamR1Q3daWngzZU5mbEpnREtOMU5sV1N5Y0c2YUgKYjY3N2dxZU9ZK2U0cHFFNXVjM09FZXJFNHpqMk9MdkE3Y2I1WE9JallzSkZMSDZTMjg1aDdjclNyTHVSbnZJcAphd1VDdXQyZ1dkYU9hQnZENGpTMGIxRDlGQWNiS1lVcE9hbmU3ZkUwMjR3QWZTY3dxVHZpUVRIU2xWS3RQcnlICnhNSW4yeWZzdk1PQ2x5ZEJ0K0N6Z0MzSWdvVDNZek9Sd1g5aE1RemxMdnFNRmtkbm9WR3paOENrRjVUZjNNUHIKTEpnNzRCUWNUa2VZTUdCQlJUdkFhT25SWkkwUjk0NjNHbkE4M1FJREFRQUJBb0lCQUEwa3hJTUlRQWE1NVhuWAplU0dXaG1pOXdhTExLUTZQOXVwTmpScXdIZjZyN0JkY1poL0dqMXVNdW1wOXQxQUJVS253c3lKT00yWHM5dUljCmF5N1ZrdmlmNHZFbVcxVGhLRlRJT0ZjYzJIWnJ2Snpndmo0ZTR0WXBlNStEQTY4S1hZdkVsVVdIdmdPVURlMisKTkxaVGEvQ0RSTXdzNVFsbnljbkFURmlCRTNJeFVQNWlFWnp6NWlyeG9rL0JRTThvT0h1emtQYkR6dGNYcXFEMQorNVFOTWhJSWc4cW92L2MwaFplL1dTWjMvY09kUHhSN1J4WFB1S3RoZWpQc1NWWUVoZCs5K0o1VmJxY2Nld0NICjVLUkd3azlMREZVSEFZMzVOaEFXbnZVclZ0OGlSN2RtaS9rT3BPMlF3K0tRTm9samZrSUhlaWI0NjVVdng4VUQKajRPUW5xMENnWUVBMEZHQlh4cU5KNGlXZ09GRVBXNlBhUW1URFI5ZHNRS1J0cXhFYkVZNldZOVg4M0xjeHZEbwo1TEU0SWZlZ2h2SXdxL0E1U2lpbUlKVnkwR0xocHZMdTZDWVZyeHpJbFp5R3hFZG5TSjVhVkszeDIvMlRUMEUxCjdoMW5pNk9EUFNmSVZDcXJld0JvZjlodnF5Z2RrMlBZLzJTZXBhU2E2cFBjN3NZUG9idlZYTU1DZ1lFQTEvemsKWW9ZV0ErVWpZYUdtZ0dIT1pkSEpRN3lPcVpLYmZHRTVNQzJJSzA1RllGL3UzWjR2dStTSXpBeTFFRkhiRmtSTwo3TEcrbThUV2dwcldDaDB6dE9uUTJUb1RTOWFHVU84SjZiK3JlQnluMDZZaERvQm9wdGJHVWZ1WHRvUllZbktEClBOalhNcjlRWDZJcHdKb1JpakhNcmpOYXV0UVFkYTZVaGpCZTVkOENnWUVBdWg1b0FNbGZIZGdaNTNIY0h5cTkKZEhINmNQbjZJbUVTUU93dWdiSkpCYVZkUmdQMG5zVzB2a1pieVhWTmRlUENlb3U1RTdtM20xc0s1b1hCNkFBYQpWVTFaaUVlbUtvMWJsdGZZdm5mRWF1MnlMZ09qYm1icndSK0NXSzh4WFIxRERYZkdGN0lvcXpoN3BLYkZyZDdDCmpJT2dmb3ZQWVEvVWozeGprUE9aMERNQ2dZQlVOczJSd0xnNndvLytGRHBJV2xwUWh2Q1RrYVNLWjVocWNib0wKbCtVOUJXSzFoaElycE83MXN0REh4cmllYVZ3a0hYUXNnODFQRFB1YXB1YUh3UVVWS0FsL2VVNW14bmxPZXpXQgpSM09DL0tGUE83b3QzbEZ2bzlSbHlOUkpuT2FkVkFycG9aNmVzY3VUempXN1hCYzBxK0FqbC9CclloNGMxSG9pCnJCK0VQd0tCZ1FDd042NDFkZi85Z2NhaTdYRXkvanNkbm1lVnBxTG9TSzBuV09HdXhIMFR2dkxmVGtuMHQ4TE4KMFRXelVOaExKT1ZTcWgyUCtPQWs2dzd2UlFMeEU2L2pVMmNuRzBpZURkMU96cmlFM1JjMEtzZUVBUjNyU1JoWQp5YnRITnlDOWtsdlZmSTk3Tnk3bVZxMENKaTBQUVplTFZ3UUdya3EwNGZ6SVBRTTl0Yi9yYUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
激活环境变量后,可以正常管理此高可用集群:
[root@node4 ~]# export KUBECONFIG=/root/kubeadm-config
[root@node4 ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-796cc7f49d-k586w 1/1 Running 2 (3m48s ago) 2d2h
kube-system calico-node-7x86d 1/1 Running 2 (3m50s ago) 2d2h
kube-system calico-node-dhxcq 1/1 Running 2 (4m ago) 2d2h
kube-system calico-node-jcq6p 1/1 Running 4 (110s ago) 2d2h
kube-system calico-node-vjtv6 1/1 Running 2 (3m48s ago) 2d2h
kube-system coredns-7f6cbbb7b8-7c85v 1/1 Running 18 (3m48s ago) 7d23h
kube-system coredns-7f6cbbb7b8-7xm62 1/1 Running 2 (3m48s ago) 2d2h
OK,开始kubeconfig文件的合并,两个文件同时写入环境变量,文件之间用 :隔离开就是合并啦:
export KUBECONFIG=/root/kubeadm-config:/root/bootstrap.kubeconfig
config view 可以读取环境变量后,将相关内容显示出来:
[root@node4 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.217.100:6443
name: kubernetes
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.217.23:8443
name: myminikube
contexts:
- context:
cluster: myminikube
user: minikube
name: default
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
- name: minikube
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
OK,先看看在使用哪个集群:
[root@node4 ~]# kubectl config current-context
kubernetes-admin@kubernetes
对比这个输出,我们可以看到context的名字是kubernetes这个集群,也就是kubeadm部署的HA集群 ,下面的命令也验证了这一点。
[root@node4 ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-796cc7f49d-k586w 1/1 Running 2 (13m ago) 2d3h
kube-system calico-node-7x86d 1/1 Running 2 (13m ago) 2d3h
略略略
OK,通过 config use-context 也就是切换上下文的方式,切换kubectl管理集群:
[root@node4 ~]# kubectl config use-context default
Switched to context "default".
验证一哈,确实切换到minikube了:
[root@node4 ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default static-web-node3 1/1 Running 0 5h35m
kube-system coredns-7ff77c879f-nsj95 1/1 Running 0 6h18m
kube-system etcd-node3 1/1 Running 0 6h18m
略略略
在切换到kubeadm部署的HA集群:
[root@node4 ~]# kubectl config use-context kubernetes-admin@kubernetes
Switched to context "kubernetes-admin@kubernetes".
验证,可以看到完美切换:
[root@node4 ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-796cc7f49d-k586w 1/1 Running 2 (20m ago) 2d3h
kube-system calico-node-7x86d 1/1 Running 2 (20m ago) 2d3h
略略略
那么环境变量合并的方式对于目前来说是足够了,仅仅几个集群嘛,无所谓,爱谁谁了。如果达到几十个上百个集群,那么,还是需要通过命令来合并集群的kubeconfig文件了。
六,
命令方式合并kubeconfig文件
这个方法比较简单,主要是确定合并方向,是把minikube的kubeconfig文件合并到HA的kubeconfig文件内,因此,将24服务器上的HAkubeconfig文件改名为two-cs-config, 然后将此文件传到minkube的服务器也就是192.168.217.23服务器上,在执行以下的三个命令将它的本地证书内嵌到kubeconfig文件内,在将此文件传到24服务器就,就可以正常使用了(命令会追加写入指定内容到kubeconfig文件内,不会覆盖)
mv kubeadm-config two-cs-config
[root@node3 mnt]# kubectl config set-cluster myminikube \
> --certificate-authority=/root/.minikube/ca.crt \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=two-cs-config
Cluster "myminikube" set.
[root@node3 mnt]# kubectl config set-credentials minikube \
> --client-certificate=/root/.minikube/profiles/minikube/client.crt \
> --client-key=/root/.minikube/profiles/minikube/client.key \
> --embed-certs=true \
> --kubeconfig=two-cs-config
User "minikube" set.
[root@node3 mnt]# kubectl config set-context default \
> --cluster=myminikube \
> --user="minikube" \
> --kubeconfig=two-cs-config
Context "default" created.
[root@node3 mnt]# cat two-cs-config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1URXdNVEV5TXpReE1sb1hEVE15TVRBeU9URXlNelF4TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk50CjBPUC94dmlnSlZSb0lteGpWd1JXREZUWWxFWVV5eW5NL0xOL09GRnJxdk1mV0FTa280UlpPazNMa05kSW9XWXQKdmErUXc4eEFKb2NjVkgzQkF6N1VDRG1aWkNJbVN2M2JSVitBL2VxLzlqbERINjE4L2JSQzB4ckoyRndTYStkUgp6Z1k0MUs0TlRBZmxQTjZlSVJ4TTQ0QnM4blVMNDZ5ODBYczg5N3QrdFp0YkdVNXhWL0h4VzBMR3RpbHdab09rCmEzeDlSa05IdG5oaTM4NndrYkNScnlwR3NSRXVXaUoyMGFmbkxDamNvSDhLZHgwd1hrTHN1RHY5Q2lFV21CVVAKRXhDc1J2a2R3RmNUak5Jb2hHSHFmbXRjT3RKYnlVYXV5YjFTQ1JSZWw0cXBUNnR1U3BtaW9DQVNaQXRNbVovRwpWTGV2cjNPR0hKOGZHQUF4MlRFQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFcUxCT2lyK0g3bjhSSmFLYjg1R0FocjBjU0tNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR3QxSHptY1pYTng0KzIyMTlERAphaVRFWFlIeE4xaVQ2bnV6SllCc0xjVFVscFRWTjNoT25CbUc0aGhZVGVscngzU1J0VndVeVNIRHgrT0QvL3F3CmtXZml2NUVMRzRyVTNNb1lmVlQ1MWcybzhXMHlnV2h3UkdSRGZJYTEwTy9hN1RlVWVmVjk2UWc5bUJqOTNJcTYKbW9nRWdYOVZMeiswYmpZL2Q4ZkhUcDVPTU04V0xOK0xVd0lac0dLWE1ldnZsMTlZTlpvVXh1azdKMFFrWmZvVwpCaHBaMTRmWjE2TVJTTHRSZDdtc0FOL1RLZVVJRmp0Tm41U3ZtV1hEUUhoLzJNK2dPWjZUa1kzcHRqM1BMZGlsClRWYnpGQXpOUjdMQW52VWs3V3RscERyd1NrL1N6YXpvRDU4dzZ2eXJsc0ZpSmFVM2R3UXE5RUl3RmJzSGgvN0wKZ0dZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.217.100:6443
name: kubernetes
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJeU1URXdNVEE1TWpnd05Gb1hEVE15TVRBek1EQTVNamd3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSm5qCm5PNm94a1VJNGR1UGlsb3RXd3FpdUp3TDVlcjJGczhqL3lIb2ViNkVDa1ZuTldncHBOZHlCS3N2UytjQjhkOTUKb1Jjd25ZamhsOGZta25YUytRK2gzbmJsY3JKWE1OQytnWkdqRldEVCtqOUwvT3NRd1BjbFE1eWFoNEtFY2kvbApUOWhhdlJCRXFRMzY2ZjhsZDZlSytaOFF5bWV4QlkvRlp6THdZMmtRajZnZU9NZkRoY0JSM3NWYjVweHRBSlByCk8xVWpudkxkRVRLekw1ajZYdXlGLzdsaGZhcE5aSFpIMUs2WjF3R3RTYUF0L0FGZmJDTFcvaDMyRlVkUExKTU0KMkVkVU1PaVVIeXorM3dWNEVONWlOY0FuUk9kYTlCdTBsRjRLbVVzNSt1SkNVc0lReXRvbDBwenpxWWZOWEtUSQpkT2trSGdYdWtSaGIyZ3JuTHg4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCOHkzRzBCbEw4TDdPUFpTckJ2RlpNSWJJSEpzRE83cG5WVGkvWW95VWg5TFdndnB1TQpvMDdjOWJKM21YN25OVGFyOU1la1JnZ2hTTHBkTHBjaFlOSEY5bkFzQ3liblI3L05ZZVZlYUFSM2xRaWNETTJBCnAxV2YwYzhJZ0tJUHk0Z0k2MThOQkhtSUlnTEU1Yk1BSkczalFDNXBzcnM1ZXlsUnVrNkdCbEpia280YThJS1cKQm9QWHFtM2M1WGd3c0MvckhxU1lyL2RaYXlOL3dGQmIyRWJIS1gyMXRpZEZKYXhITGZKaUhRM1pjRGl5eHdqTwpSNTA3SzgvbTQrVEJrM012RzlFNUp4S2xiNk43M0NSbGo4ZUtJRm1vanBDRk5EWk5udkNPc3FnZ1YybXhHaEtDCkRLRXZ6SFI0VkhnRnliUHNEb0tOY2NjbERxeTRMelFkK3c4agotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.217.23:8443
name: myminikube
contexts:
- context:
cluster: myminikube
user: minikube
name: default
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWTFlRWwvV21KTjR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpFeE1ERXhNak0wTVRKYUZ3MHlNekV4TURFeE1qTTBNVFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXI4STl1dnh6ZlJqU1lzVzAKaGxRWTB6NXdpcEVaVWJJS0N2NVppcjdtU2lzVXN4V21lc2xEOW1TMHNJOEIwRXBxbjVnMjVnRTg5c1lDa0R3SQpVWVpqZHVDd1paeDNlTmZsSmdES04xTmxXU3ljRzZhSGI2NzdncWVPWStlNHBxRTV1YzNPRWVyRTR6ajJPTHZBCjdjYjVYT0lqWXNKRkxINlMyODVoN2NyU3JMdVJudklwYXdVQ3V0MmdXZGFPYUJ2RDRqUzBiMUQ5RkFjYktZVXAKT2FuZTdmRTAyNHdBZlNjd3FUdmlRVEhTbFZLdFByeUh4TUluMnlmc3ZNT0NseWRCdCtDemdDM0lnb1QzWXpPUgp3WDloTVF6bEx2cU1Ga2Rub1ZHelo4Q2tGNVRmM01QckxKZzc0QlFjVGtlWU1HQkJSVHZBYU9uUlpJMFI5NDYzCkduQTgzUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSS2l3VG9xL2grNS9FU1dpbS9PUmdJYTlIRQppakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWG1hSlh4ZGFlMm93V0pqQ0d3ZGEwNFJXMHJaQ3JQcStJUTNpCjduYzhwMjVIbEc4ZDU1VVdDU2ZNa3hIakhJemFGMmYxRUduTkRWa1I1ZFo3Y3JxcUVBRVlOOGRBOS9NcFcrZUUKR1MxaXFVTytvNS8zYjBvaGtIaGlPR3VEQ2orb0c1MEd1aFdxZC9Sd1Mva1Y4bUZJdFB2bEVwMG5SV3dNOW84dgozMGorVEtUcUNLRitxQlVMckRnamNpOUN3ckJLK0pCUzdIQXpDUitldURQN3RUUWZFRG9iSlIxMGw1am0rWnpVCi81K1Y2M1kzZG1kOWZmQXhUZmpWN3MvRk1vcUJPUHpjRWRmNUdHTHZ3dU1NdittL1VMV29JRE0rWENzVWNOYnEKREhhWVcxcDRPMnlLcExjT0lmSld2OHRNNlJ0NmhxQkhVZGN4RW5FOEFBb2pDemo1a3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcjhJOXV2eHpmUmpTWXNXMGhsUVkwejV3aXBFWlViSUtDdjVaaXI3bVNpc1VzeFdtCmVzbEQ5bVMwc0k4QjBFcHFuNWcyNWdFODlzWUNrRHdJVVlaamR1Q3daWngzZU5mbEpnREtOMU5sV1N5Y0c2YUgKYjY3N2dxZU9ZK2U0cHFFNXVjM09FZXJFNHpqMk9MdkE3Y2I1WE9JallzSkZMSDZTMjg1aDdjclNyTHVSbnZJcAphd1VDdXQyZ1dkYU9hQnZENGpTMGIxRDlGQWNiS1lVcE9hbmU3ZkUwMjR3QWZTY3dxVHZpUVRIU2xWS3RQcnlICnhNSW4yeWZzdk1PQ2x5ZEJ0K0N6Z0MzSWdvVDNZek9Sd1g5aE1RemxMdnFNRmtkbm9WR3paOENrRjVUZjNNUHIKTEpnNzRCUWNUa2VZTUdCQlJUdkFhT25SWkkwUjk0NjNHbkE4M1FJREFRQUJBb0lCQUEwa3hJTUlRQWE1NVhuWAplU0dXaG1pOXdhTExLUTZQOXVwTmpScXdIZjZyN0JkY1poL0dqMXVNdW1wOXQxQUJVS253c3lKT00yWHM5dUljCmF5N1ZrdmlmNHZFbVcxVGhLRlRJT0ZjYzJIWnJ2Snpndmo0ZTR0WXBlNStEQTY4S1hZdkVsVVdIdmdPVURlMisKTkxaVGEvQ0RSTXdzNVFsbnljbkFURmlCRTNJeFVQNWlFWnp6NWlyeG9rL0JRTThvT0h1emtQYkR6dGNYcXFEMQorNVFOTWhJSWc4cW92L2MwaFplL1dTWjMvY09kUHhSN1J4WFB1S3RoZWpQc1NWWUVoZCs5K0o1VmJxY2Nld0NICjVLUkd3azlMREZVSEFZMzVOaEFXbnZVclZ0OGlSN2RtaS9rT3BPMlF3K0tRTm9samZrSUhlaWI0NjVVdng4VUQKajRPUW5xMENnWUVBMEZHQlh4cU5KNGlXZ09GRVBXNlBhUW1URFI5ZHNRS1J0cXhFYkVZNldZOVg4M0xjeHZEbwo1TEU0SWZlZ2h2SXdxL0E1U2lpbUlKVnkwR0xocHZMdTZDWVZyeHpJbFp5R3hFZG5TSjVhVkszeDIvMlRUMEUxCjdoMW5pNk9EUFNmSVZDcXJld0JvZjlodnF5Z2RrMlBZLzJTZXBhU2E2cFBjN3NZUG9idlZYTU1DZ1lFQTEvemsKWW9ZV0ErVWpZYUdtZ0dIT1pkSEpRN3lPcVpLYmZHRTVNQzJJSzA1RllGL3UzWjR2dStTSXpBeTFFRkhiRmtSTwo3TEcrbThUV2dwcldDaDB6dE9uUTJUb1RTOWFHVU84SjZiK3JlQnluMDZZaERvQm9wdGJHVWZ1WHRvUllZbktEClBOalhNcjlRWDZJcHdKb1JpakhNcmpOYXV0UVFkYTZVaGpCZTVkOENnWUVBdWg1b0FNbGZIZGdaNTNIY0h5cTkKZEhINmNQbjZJbUVTUU93dWdiSkpCYVZkUmdQMG5zVzB2a1pieVhWTmRlUENlb3U1RTdtM20xc0s1b1hCNkFBYQpWVTFaaUVlbUtvMWJsdGZZdm5mRWF1MnlMZ09qYm1icndSK0NXSzh4WFIxRERYZkdGN0lvcXpoN3BLYkZyZDdDCmpJT2dmb3ZQWVEvVWozeGprUE9aMERNQ2dZQlVOczJSd0xnNndvLytGRHBJV2xwUWh2Q1RrYVNLWjVocWNib0wKbCtVOUJXSzFoaElycE83MXN0REh4cmllYVZ3a0hYUXNnODFQRFB1YXB1YUh3UVVWS0FsL2VVNW14bmxPZXpXQgpSM09DL0tGUE83b3QzbEZ2bzlSbHlOUkpuT2FkVkFycG9aNmVzY3VUempXN1hCYzBxK0FqbC9CclloNGMxSG9pCnJCK0VQd0tCZ1FDd042NDFkZi85Z2NhaTdYRXkvanNkbm1lVnBxTG9TSzBuV09HdXhIMFR2dkxmVGtuMHQ4TE4KMFRXelVOaExKT1ZTcWgyUCtPQWs2dzd2UlFMeEU2L2pVMmNuRzBpZURkMU96cmlFM1JjMEtzZUVBUjNyU1JoWQp5YnRITnlDOWtsdlZmSTk3Tnk3bVZxMENKaTBQUVplTFZ3UUdya3EwNGZ6SVBRTTl0Yi9yYUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- name: minikube
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJeU1URXdNakE1TkRVeE4xb1hEVEl6TVRFd016QTVORFV4TjFvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDM21rQThRSE14bk90aDQyZFRoc1cxc2pBeFQrdlAKQVBxeHRSam1ickNabVJOTWZxckVweXNVWWJqOWdHWGtrckhtR0FabmptRmlTVEVieTlOZVcxeGJvbE9BamVsVwp3Wlh5NFRlbTk1anVPV0EvakIzNWhNdC84c0lER2xvQ3d2R1ErZUwvcFZSSkc4bTh3RGJxOU92V2dybnRndllyCkJSMjZ4b3NpSUZONVVKdTBPb0cxNnE3bUNDY1FyblJjREVnejg2QW9rUllGYVJqUWlaUWZrcmYxK3kyWnhRVkQKdFlzUURycytuRk5kWWltcnJwdUl1SFdabXh1aXN2MFI0eWFLa0xkRHBFalkrNzBHYm9OMVF3MWxMS1VhWDdCZQpnYTFENVJWalY3RjJSMGlhTitneDQ1WUFTTUxhUHJ5WHhUakEzRmVjc01KZDZaVFpscnpuQjExNUFnTUJBQUdqClB6QTlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZjF2NklkaWdKTlpHZURkUgo5SzZsd3RtWHdWVEJNZnliZEVlZFcxMjJEZGMwWThDdEw0VEtjOGEyeEJGNnFHQ3M5bDlzdXEwZS9aREJGbVJXCnc0d05tc0pSSm9Xejg0cm9WUGFJUTF1YlpPMmxZOUViaU9SMGZSRVZXYXNTZ1RoaExEOWdVUnpLZjd2bDFRNEgKL3A2M2ExTWJzQlBlMlFHK09GR09pMlFKcWtxTndVcnQ5ZE53RVFKSjFMbUJtQlBzUFFzQ1JoaXR0NCt6OWltagp0MlZVY0M3bVZvOWNMVVFma0pubnJRdjFmeGxDeEo2M2Z6eEVpNEtNYjM4N1ljakhqTXhiUmJDdWoyZ1dvenk0CkRRMzlzN2dqMkE4ZUdqQ2FRdWRzbVlERFB1VGlaTEtWUlZ2Nkczck9xUUdxancwaitPajRtT1BZeDdXZlR5Mm4KdnJoK3V3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdDVwQVBFQnpNWnpyWWVOblU0YkZ0Ykl3TVUvcnp3RDZzYlVZNW02d21aa1RUSDZxCnhLY3JGR0c0L1lCbDVKS3g1aGdHWjQ1aFlra3hHOHZUWGx0Y1c2SlRnSTNwVnNHVjh1RTNwdmVZN2psZ1A0d2QKK1lUTGYvTENBeHBhQXNMeGtQbmkvNlZVU1J2SnZNQTI2dlRyMW9LNTdZTDJLd1VkdXNhTElpQlRlVkNidERxQgp0ZXF1NWdnbkVLNTBYQXhJTS9PZ0tKRVdCV2tZMEltVUg1SzM5ZnN0bWNVRlE3V0xFQTY3UHB4VFhXSXBxNjZiCmlMaDFtWnNib3JMOUVlTW1pcEMzUTZSSTJQdTlCbTZEZFVNTlpTeWxHbCt3WG9HdFErVVZZMWV4ZGtkSW1qZm8KTWVPV0FFakMyajY4bDhVNHdOeFhuTERDWGVtVTJaYTg1d2RkZVFJREFRQUJBb0lCQVFDRjAwZ0k0czFVRjFXMgpkd09FYlZMRTJrbW9WK0hBYzYxSFJJSU96QldyRDFseXcwMERvL21SbEowN0laQ2paNDJGOG5NUW5rWTdWckFWCjI1NklRejF4aVVNbUM4cE5zekx4NHRrbXVZaGQ4N0pFLzRPRnNSYUhmMUdNNDNOQ1dnZXJyWWlZNEZBc0xiWUEKLzNYSUVwZW9Ob2NCS1JqM1NIWmdBb0c5Y1NTRzRrOGtlam52T2Y5TWRNZ1JTL2NvT2FMdk5qbCt4QjJwb3MxaAp3UFNKamg4bGNTZzhiUjMvMjYxQkpIMWt5RU04dU04cEZtdFp1Q3N3VU1uNFZqMnNVUnVUOWpkaDljYnFmUE1KCmZqN1VnZHhBSkZHRTBKc2VidjVBN3BZY3Q0VWg2NE1yNklmOTdjRDZSdHNOa2oxYTRTdFBwQVQ3SWs0RThiWkIKUnNoMEtKc0JBb0dCQU5DMm5mUXFlZlZHdDBYaXEvVzFPcm9mKy9MM3JXbEZCNjVpYmxQZUh2alhHRFhGZ083NgpqR2hxS2E0RWFCS1VBdER6YmZrYzlXa1FSSFhqUkxxZVhML2Fhb1FHMjJJMVZ5Z09ZdkxTSStGdmJrb0paMExsCmZpYmRmZFRaVXc1d0hsajJYRkMzVzMrMHNiUXlSQVlFaW1DeGJvU0tCNHZ5OGFhUlFsODJhOU5aQW9HQkFPRXoKTk1iUXNsaEJYVjBTVUVrTWRKbWlFYlVWdzNnemhORnAxVnNSNnlUakxIR0NvNllQZk02RzNlVDFHdndWTFZCOQpHY2lvVlZPbVF3UDBoRjJzTVl6NUtidytGTEM1bXZXZnEvVGNDQzZ3RGt0VGFZUW0vZVRzdFkzVkNDQmNZOTZ4Ck9EeEU3UFplN1RydVU3WnA2SUFCYWNKSzYyYjhleG1DWVI5RVlUY2hBb0dBTGVkY1NpMWxjV3JDT0Y2b1Qzd3kKbEdrZ2NzbkNuQnFRbSt3T00rZndpKzVTNXRDdmtPQU9MWkRiNWVnV002L1dCcnJqZnh5OVpRUXM2bmkzend1eApmb2k5VUpocGUrb2Jaelh5MFZFaWp4eUE5MHVtS0hKdEVvTTRmNjNrdEpJNE9uekV4UVB1M2VHU0MvM2FORENmCmRyRFBpOXNIMmVIdkFDR0dwWVpFcE5FQ2dZRUFscDNnMW5nT1QraW53Ty9Xc29TYUY0YkZ3UTlsUktkd1ZYOHIKSzFXNHAxc3BCbUlSZ2FjcUdoY3BvVkF0VkJ2MXlyZGczMHQyaGhQVkRuZ2piMk1UWU8za2Mvb3hiR0UydXNDbwpDWVNBRkhtN2xiV2NCTDd2WUlUUWlLUEtZNXBuVVRIR0lza1drMUM1Nllnc2hQd2dmRHgxdDNUVUxIVUEvL2FyCmJuWVZid0VDZ1lFQXFmL2JLYk5PTXFobHBhM1RrSDBZM1luM05jRGhoTHlpV2diRkM4YjN6TW45THdjdTZ5SE4Kb2Z5ekV6Y0hFbDFBZE1OSzMwMFpkaVNCYll2RldBblRaL2JIUXRydTJ4OXpoZ051VjhOL1BaUjVTNVh6TVhxTApCTUJZZmZRck1xV3FqZDdxVEQ1Y1VkMFE4MEV0cnQ3L05GcTFxcXN1SDdRNFgwdkR3Sk16dFM4PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
当然了,验证什么的也是没有任何问题的,在此就不验证了。