1 生成admin-csr.json
cat > admin-csr.json << "EOF"
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "system:masters",
"OU": "system"
}
]
}
EOF
cat admin-csr.json2,生成证书文件
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
admin-csr.json | cfssljson -bare admin
ls admin*3 复制文件到指定目录
cp admin*.pem /etc/kubernetes/ssl/
ls /etc/kubernetes/ssl/4 生成kube.config配置文件
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://192.168.187.131:9443 \
--kubeconfig=kube.config
kubectl config set-credentials admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=kube.config
kubectl config set-context kubernetes \
--cluster=kubernetes \
--user=admin \
--kubeconfig=kube.config
kubectl config use-context kubernetes \
--kubeconfig=kube.config
ls kube.config
cat kube.config5 准备kubectl配置文件并进行角色绑定
mkdir ~/.kube
cp kube.config ~/.kube/config
cat ~/.kube/config
kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=system:kubelet-api-admin --user kubernetes --kubeconfig=/root/.kube/config
6 查看集群状态
export KUBECONFIG=$HOME/.kube/config
kubectl cluster-info
kubectl get componentstatuses
kubectl get all --all-namespaces7 同步kubectl配置文件到其他master
for node in master02 master03;
do ssh $node "mkdir /root/.kube";
done
cd /root/.kube
for node in master02 master03;
do scp /root/.kube/config $node:/root/.kube/;
done8 配置kubectl命令不全
yum install -y bash-completion
source /usr/share/bash-completion/bash-completion
source <(kubectl completion bash)
kubectl completion bash > ~/.kube/completion.bash.inc
source '/root/.kube/completion.bash.inc'
source $HOME/.bash_profile| 留言与评论(共有 0 条评论) “” |
