Kubernetes 准入控制

一、Kubernetes 鉴权

1.1、Kubernetes API 鉴权流程

1.2、Kubernetes API 鉴权类型

鉴权类型: https://kubernetes.io/zh/docs/reference/access-authn-authz/authorization
Node(节点鉴权):针对kubelet发出的API请求进行鉴权。
授予node节点的kubelet读取services、 endpoints、 secrets、 configmaps等事件状态, 并向API server更新pod与node状态。

Webhook: 是一个HTTP回调, 发生某些事情时调用的HTTP调用。
# Kubernetes API 版本
apiVersion: v1
# API 对象种类
kind: Config
# clusters 代表远程服务。
clusters:
  - name: name-of-remote-authz-service
    cluster:
    # 对远程服务进行身份认证的 CA。
    certificate-authority: /path/to/ca.pem
    # 远程服务的查询 URL。 必须使用 'https'。
    server: https://authz.example.com/authorize
    
ABAC(Attribute-based access control ):基于属性的访问控制
1
.6之前使用, 将属性与账户直接绑定。 {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "user1", "namespace": "*", "resource": "*", "apiGroup": "*"}} #用户user1对所有namespace所有API版本的所有资源拥有所有权限((没有设置"readonly": true)。 {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "user2", "namespace": "myserver", "resource": "pods", "readonly": true}} #用户user2对namespace myserver的pod有只读权限。 --authorization-mode=...,RBAC,ABAC --authorization-policy-file=mypolicy.json #开启ABAC参数 RBAC(Role-Based Access Control):基于角色的访问控制
将权限与角色(role)先进行关联,然后将角色与用户进行绑定(Binding)从而继承角色中的权限

1.3、Kubernetes鉴权类型说明

apiVersion: rbac.authorization.k8s.io/v1
kind: Role #类似为role即角色
metadata:
  namespace: default #角色所在的namespace
  name: pod-reader #角色名称
rules: #定义授权规则
- apiGroups: [""] #资源对象的API, 空表示所有版本
  resources: ["pods"] #目标资源对象
  verbs: ["get", "watch", "list"] #该角色针对上述资源对象的动作集

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding #类型为角色绑定
metadata:
  name: read-pods #角色绑定的名称
  namespace: default #角色绑定所在的namespace
subjects: #主体配置, 格式为列表
- kind: User
  name: jane #角色绑定的目标账户
  apiGroup: rbac.authorization.k8s.io #API组
roleRef: #角色配置, "roleRef" 指定账户是与 Role 还是与 ClusterRole 进行绑定
  kind: Role # 绑定类型, 必须是 Role 或 ClusterRole二者其一
  name: pod-reader # 此字段必须与要绑定的目标 Role 或 ClusterRole 的名称匹配
  apiGroup: rbac.authorization.k8s.io #API版本

二、RBAC 简介

2.1、RBAC API声明

RBAC API声明了四种Kubernetes对象: Role、 ClusterRole、 RoleBinding和ClusterRoleBinding。

  • Role: 定义一组规则, 用于访问命名空间中的 Kubernetes 资源。
  • RoleBinding: 定义用户和角色(Role)的绑定关系。
  • ClusterRole: 定义了一组访问集群中 Kubernetes 资源(包括所有命名空间)的规则。
  • ClusterRoleBinding: 定义了用户和集群角色(ClusterRole)的绑定关系。

 

2.2、RBAC多账户实现

RBAC是基于角色的访问控制(Role-Based Access Control)
https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/ #使用RBAC鉴权
https://kubernetes.io/zh/docs/reference/access-authn-authz/authorization/ #鉴权概述

#在指定namespace创建账户
[root@easzlab-deploy RBAC]# kubectl create ns magedu
namespace/magedu created
[root@easzlab-deploy RBAC]#
[root@easzlab-deploy RBAC]# kubectl create serviceaccount magedu -n magedu
serviceaccount/magedu created
[root@easzlab-deploy RBAC]#
#创建role规则
[root@easzlab-deploy RBAC]# vi magedu-role.yaml 
[root@easzlab-deploy RBAC]# cat magedu-role.yaml 
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: magedu
  name: magedu-role
rules:
- apiGroups: ["*"]
  resources: ["pods","pods/exec"]
  verbs: ["*"]
  ##RO-Role
  #verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "apps/v1"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  ##RO-Role
  #verbs: ["get", "watch", "list"]
[root@easzlab-deploy RBAC]# kubectl apply -f magedu-role.yaml
role.rbac.authorization.k8s.io/magedu-role created
[root@easzlab-deploy RBAC]#
#将规则与账户进行绑定
[root@easzlab-deploy RBAC]# vi magedu-role-bind.yaml 
[root@easzlab-deploy RBAC]# cat magedu-role-bind.yaml 
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: role-bind-magedunamespace: magedu
subjects:
- kind: ServiceAccount
  name: magedu
  namespace: magedu
roleRef:
  kind: Role
  name: magedu-role
  apiGroup: rbac.authorization.k8s.io
[root@easzlab-deploy RBAC]# 
[root@easzlab-deploy RBAC]# kubectl apply -f magedu-role-bind.yaml
rolebinding.rbac.authorization.k8s.io/role-bind-magedu created
[root@easzlab-deploy RBAC]#

验证绑定信息

[root@easzlab-deploy RBAC]# kubectl get sa -n magedu
NAME      SECRETS   AGE
default   0         5m48s
magedu    0         5m46s
[root@easzlab-deploy RBAC]# kubectl get sa -n magedu -oyaml
apiVersion: v1
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    creationTimestamp: "2022-10-25T15:28:29Z"
    name: default
    namespace: magedu
    resourceVersion: "1751076"
    uid: ac18d65a-9a5c-4efe-a76a-8dd53978e009
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    creationTimestamp: "2022-10-25T15:28:31Z"
    name: magedu
    namespace: magedu
    resourceVersion: "1751089"
    uid: 2d92e942-72ca-4716-9d4c-799458a9e5c6
kind: List
metadata:
  resourceVersion: ""
[root@easzlab-deploy RBAC]# kubectl get role -n magedu -oyaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"name":"root-role","namespace":"magedu"},"rules":[{"apiGroups":["*"],"resources":["pods","pods/exec"],"verbs":["*"]},{"apiGroups":["extensions","apps/v1"],"resources":["deployments"],"verbs":["get","list","watch","create","update","patch","delete"]}]}
    creationTimestamp: "2022-10-25T15:32:19Z"
    name: magedu-role
    namespace: magedu
    resourceVersion: "1751748"
    uid: 90d1680c-5a8f-49e0-a1ed-cf190c0198d7
  rules:
  - apiGroups:
    - '*'
    resources:
    - pods
    - pods/exec
    verbs:
    - '*'
  - apiGroups:
    - extensions
    - apps/v1
    resources:
    - deployments
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
    - delete
kind: List
metadata:
  resourceVersion: ""
[root@easzlab-deploy RBAC]# kubectl get rolebindings.rbac.authorization.k8s.io -n magedu
NAME             ROLE             AGE
role-bind-magedu   Role/magedu-role   2m27s
[root@easzlab-deploy RBAC]# kubectl get rolebindings.rbac.authorization.k8s.io -n magedu -oyaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"name":"role-bind-magedu","namespace":"magedu"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"magedu-role"},"subjects":[{"kind":"ServiceAccount","name":"magedu","namespace":"magedu"}]}
    creationTimestamp: "2022-10-25T15:32:20Z"
    name: role-bind-magedunamespace: magedu
    resourceVersion: "1751749"
    uid: 0d18631b-f031-4f04-83b1-e0d9c35341ee
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: magedu-role
  subjects:
  - kind: ServiceAccount
    name: magedu
    namespace: magedu
kind: List
metadata:
  resourceVersion: ""
[root@easzlab-deploy RBAC]# 

创建root账号token

[root@easzlab-deploy RBAC]# kubectl get secret -n magedu
No resources found in magedu namespace.
[root@easzlab-deploy RBAC]# kubectl get secret -n magedu -oyaml
apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""
[root@easzlab-deploy RBAC]#
[root@easzlab-deploy RBAC]# vi magedu-secret.yaml 
[root@easzlab-deploy RBAC]# cat magedu-secret.yaml 
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: dashboard-magedu-user
  namespace: magedu
  annotations:
    kubernetes.io/service-account.name: "magedu-user"
[root@easzlab-deploy RBAC]# kubectl apply -f magedu-secret.yaml 
secret/dashboard-magedu-user created
[root@easzlab-deploy RBAC]# 
[root@easzlab-deploy RBAC]# kubectl get secrets -n magedu
NAME                TYPE                                  DATA   AGE
magedu-admin-user   kubernetes.io/service-account-token   3      84s
[root@easzlab-deploy RBAC]# 
[root@easzlab-deploy RBAC]# kubectl describe secrets -n magedu magedu-admin-user
Name:         magedu-admin-user
Namespace:    magedu
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: magedu
              kubernetes.io/service-account.uid: 105d6824-e3d0-4f95-be5e-4bfb2221e349

Type:  kubernetes.io/service-account-token

Data
====
namespace:  6 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InZDa2N6eDdTOW1KdTdpckRBeDYtLWs1VjZBZXNGSzNqLVhsR2tfNGE2dHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtYWdlZHUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoibWFnZWR1LWFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibWFnZWR1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTA1ZDY4MjQtZTNkMC00Zjk1LWJlNWUtNGJmYjIyMjFlMzQ5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om1hZ2VkdTptYWdlZHUifQ.ZE0cKcT5u5yZASIp54IDAczG6vyugxeHHBjukqBI70g-L1GsieTIGG95c1YkKjXWxO5mi2jUAmiGHfGHcnj7YHKWbiE839CXQ6_WHy4Wzjxm-HbBG4ytfTUUec1giEXMGZ2Gki8myOsFmB-5rT1mA3uGcdnf2HAr05B_MAHF4ndTaNEq0K4vRRjP_WMVNFmAsh50Aw_iUz3yzEr-ZHpp-er6QTvUzBVtQdY1L791aTKi2NsL14QYJ-XZ6b5vZZ9z7G88F1fY1Qm_FhjevUj2hqEmYKZTa_hfDcpELKoVqe7rU0o2cSSITGBzWYcvlc-NP1t_IZJIY83Xbbrl8KsTBA
ca.crt:     1302 bytes
[root@easzlab-deploy RBAC]# 

登录dashboard测试

缩小权限,取消登录pod权限

 修改role 文件

[root@easzlab-deploy magedu]# vi magedu-role.yaml 
[root@easzlab-deploy magedu]# cat magedu-role.yaml 
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: magedu
  name: magedu-role
rules:
- apiGroups: ["*"]
  resources: ["pods","pods/exec"]
  #verbs: ["*"]
  ##RO-Role
  #verbs: ["get", "watch", "list","create"]
  verbs: ["get", "watch", "list"]

- apiGroups: ["*"]
  resources: ["pods/exec"]
  #verbs: ["*"]
  ##RO-Role
  verbs: ["get", "list","watch"]

- apiGroups: ["apps/v1"]
  resources: ["deployments"]
  #verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  ##RO-Role
  verbs: ["get", "watch", "list"]
[root@easzlab-deploy magedu]# kubectl apply -f magedu-role.yaml 
role.rbac.authorization.k8s.io/magedu-role configured
[root@easzlab-deploy magedu]# 

在测试验证

 同时也无法删除pod

2.3、设置kubeconfig配置文件登录

dashboard-admin-user 超级管理员设置

[root@easzlab-deploy magedu]# cp /root/.kube/config  .
[root@easzlab-deploy magedu]# 
[root@easzlab-deploy magedu]# ll -h
total 32K
drwxr-xr-x 2 root root 4.0K Oct 26 00:28 ./
drwxr-xr-x 4 root root 4.0K Oct 25 23:48 ../
-r-------- 1 root root 6.1K Oct 26 00:28 config
-rw-r--r-- 1 root root  218 Oct 25 23:49 magedu-csr.json
-rw-r--r-- 1 root root  262 Oct 25 23:50 magedu-role-bind.yaml
-rw-r--r-- 1 root root  551 Oct 26 00:19 magedu-role.yaml
-rw-r--r-- 1 root root  190 Oct 25 23:50 magedu-secret.yaml
[root@easzlab-deploy magedu]# mv config kubeconfig
[root@easzlab-deploy magedu]# kubectl describe secrets -n kubernetes-dashboard  dashboard-admin-user
Name:         dashboard-admin-user
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 0e00ba5d-e43c-4e25-8af5-102a1218bfe9

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1302 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InZDa2N6eDdTOW1KdTdpckRBeDYtLWs1VjZBZXNGSzNqLVhsR2tfNGE2dHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGUwMGJhNWQtZTQzYy00ZTI1LThhZjUtMTAyYTEyMThiZmU5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.WyBVRp-SvAqRZ_u3yR481sgTbdA77SebkgelJzO27Ml8ZYb7RJK5XSNalB29ro3uB9DOH8Le13GCLEl04RGEn-GKi48LQCoGoY1P-CmxodjD4o48y1VPlv8dm2F09sbUdAuDNO6MMi0J0AvHgVBHBs56KWDxN7nhMSh3YVYT4p9YxoFSearetsiAhfsBlf39VCLSWQN9u77xiFh8Kq9W0CIhEeF54kr6T9BENZwtxu_eeScSa68GSHxL1r7l6eCRKOLcFBUoJmL8bBnuwr1ERAH9iTzSgOLglQWx8_2AE3st5-7wpMYGoO-AV0uBBU4olgROJOEW2nNv7cDjgp7v6A
[root@easzlab-deploy magedu]# 
[root@easzlab-deploy magedu]# vi kubeconfig 
[root@easzlab-deploy magedu]# cat kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVWGdMN0NMcXZGZjlEeFp2RnQrVUF6YkxsWU1Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREV6TVRJeU1UQXdXaGdQTWpFeU1qQTVNVGt4TWpJeE1EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXB3KzNoK2o1SS8yZXhWVlN2eEwvajcwWFo1ZXAKWFc1dGNsS2FnN1FmL3g1b1plOE8xeU14WlhpUEtnenFHR1M2OG1vcnBHNXZEMmhWUEVzcUlDT2hIaUZsMkFEMwpaZ01DRFdNR2VPeWs2ekdnRGJuVFVzRk83Ui92N2tOVG5CVjZCcWdLS2xHOU5xVHRyRFNQTG9lYWtUQjJxQnRWCldqaHYrWXJYWHNNVmNFYWl1RVE0d0xEODdLbXk4cjd4UnRFdHRFTEtId2RJOGlTNENhcStxeHRtL0Vvc3lUaVQKYlFiVUI0bWtHWjZzRkZ3S1NLYUxVR3o4TnExeUhrSlliSTc3WURoVUJuYU5FUUJlbVBtRWZrQmVIQ2FqYnp4MQpDS1BJYWlyckFaTmFvTVBLOXN0dUsrWUxrOVovZ0xVWXJaZTJTOFMrazZEUGx2dWozMjdiTHdLV0N3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJaElETGlTMFIxTQpicTJSWk1RUk9yRXpLczAyQ2NseFlqd2NyOGhyWG0vWWxCNmE4YkhHMnYzSEFTaSs3UVo4OSthZ3ovT2VvK0NwCjZhYkRUaVhIb2xVa1V1eWRkZDE0S0J3YW5DN3Vid0RCc3F4cjRpdGVOejVING1sMXV4YVo4Rzk0dVZ5QmdDMlUKcWprV0d0WGJ3NlJ1WStZVHVxWXpYM1M2MjFVK2h3TFdOMWNYbVJjeWREWnduTXVJK3JDd0VLTFhxTEVTRE1iRwpqaVExc2JMSTEyb1FhMDdmZStyZmZuR0FXZTdQMmZNQXUvTVF4bTlNbTgrcFgrMldnS2F1RHdwRy92Mm9aeEFPCmlRcUlDRWFZQmVjZ0xSQlRqODY4TEhWbGkxQ25xVURWakp0NTl2RDIvTFo4STVXbnFuR0ZmT05sdVlTZ0ZpRlEKbS83WHVwT3BoM2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.16.88.157:6443
  name: cluster1
contexts:
- context:
    cluster: cluster1
    user: admin
  name: context-cluster1
current-context: context-cluster1
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQxekNDQXIrZ0F3SUJBZ0lVYW1raTQ4RjkwVkJHRnloaGtUdGsrYWtWa0xnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREU0TURnMU9EQXdXaGdQTWpBM01qRXdNRFV3T0RVNE1EQmFNR2N4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEZ6QVZCZ05WQkFvVApEbk41YzNSbGJUcHRZWE4wWlhKek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweERqQU1CZ05WQkFNVEJXRmtiV2x1Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBb3Z3MnJMcnUvdk01Q1ZhUlZrdk0KK1Q2eHBlNmRkMmFrMDdwcFhRSXpYRXNCSVh4MkhqQ2UvUFJtTnN4Q3JEbEFMcU15MmJDTEhqK2hVd0NoK1RrNwpTdnBZR1hDNWtSdk13OW9sa0diSFN6dzNLa0F1dTFJeWlLS29iTDBXVGo3azNNd21pbE9HNFpJanQrVGpqZng0CkRVQlVFSlBOVkw3RmJmY01UbFpYcmEyeEJoL2xVaDA1V3o5L3pIYVhyVk0rRVVnZ2diQmtYSnk5bzdxSE5HNXMKZjA0eHMvSk9hYUpJdmJlamhwcHFGT1pQTndDc2hKK1lKR21vRVBoaVljRHFqdDBIRURnTkJSelJlNGtjaXlpKwpjY0VERkozUHZyd1RlcXBJMkQrTGI3ZVhkUzZwK05HU3lGc0hpZW11USs5bDFGb2YwTUlVVm4xNWJmYTFUc04vCll3SURBUUFCbzM4d2ZUQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGT1ltQkROWGw0elUrM0RKM3VEdgo2c2xoMDhsWk1COEdBMVVkSXdRWU1CYUFGRjFNQUM2R0RSc1h5QnYvQWF6NVhzMlhkN21rTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQmZOT1g1bTNVUys3dG42R2I4UmxvUUNQZDBLaVJSQ0xjQXZ0dWJ3aVh5NUUwVUpjY1gKbmFHc1ZGSGM5WkIzanA5MkJCTjRmbWJuTU1YbWgwdTdhd0tiU0h6VUh1Q0NiUTVzNUovV0o3VEZLMlRpUGd0bwpjajluRUlMSjZObjVoYkxBVzVFTzN3U3F2MVkzelZjYzhPMW9pbHNkOHdvcDN1YTBrdlhlTmtSVXZtWUxEdGNDClNDY1RINi9sVkhtbUhENE9oK1l5Y3gwSHAyUUozR3RjU1FYK1Jwc0hUUFJxWHBjWXgzalEwTlpXdkM5NFhkUDEKbjc5WGdDSXRvMlowanRYWDBvdlpKSmw0VWRoak9DSEorblFhV0dzUEIzVnppcHZWZDVzNllVT0l3WHo2a1N3bwpTdFJCUkdRQ2dsVy95NUNqQUd3VTh4RzFiTlYzRWtjYTVEdGIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb3Z3MnJMcnUvdk01Q1ZhUlZrdk0rVDZ4cGU2ZGQyYWswN3BwWFFJelhFc0JJWHgyCkhqQ2UvUFJtTnN4Q3JEbEFMcU15MmJDTEhqK2hVd0NoK1RrN1N2cFlHWEM1a1J2TXc5b2xrR2JIU3p3M0trQXUKdTFJeWlLS29iTDBXVGo3azNNd21pbE9HNFpJanQrVGpqZng0RFVCVUVKUE5WTDdGYmZjTVRsWlhyYTJ4QmgvbApVaDA1V3o5L3pIYVhyVk0rRVVnZ2diQmtYSnk5bzdxSE5HNXNmMDR4cy9KT2FhSkl2YmVqaHBwcUZPWlBOd0NzCmhKK1lKR21vRVBoaVljRHFqdDBIRURnTkJSelJlNGtjaXlpK2NjRURGSjNQdnJ3VGVxcEkyRCtMYjdlWGRTNnAKK05HU3lGc0hpZW11USs5bDFGb2YwTUlVVm4xNWJmYTFUc04vWXdJREFRQUJBb0lCQUhiTGpxNW5zanR4M0dqSwpDRFQyR3Zpd2tadDRTSjMyMnJ6WWFtTzRidWNlWkR5Y0V4ditKR1FMWDFVaG5KY2JRNFM2dngyY2FFb3I1dEl3CjY5NVRzTHY5cktrZVdLTkR1QVFveEtoendWODlESmhuSDZpNVNNditndlIrL2ZzYUxJWWk1eFI3dlJ3OUFIdlIKQVd0RVVkeVd2cTgyaTdyeE1jWHRBN00xaThLeVpPN3Y4Rm1KRUpvYUFGQnQvUHF5cjVuYmcwQzlHd296ZGNtVwo1UFBWR0ZYQ001OU56b3dTMDkwUWUzSFgwQVJRWER3MU8wN3RRaDl0UzdBZnlJc0g5d2dwUWxhcElsUjN0K3BmCmlEY0h2MkdoWktpQ3FmRCs1U1ZjRHZqemlHb2U4Y3ZhT2VReEdVdnFCM1M0ZEUxdnJpeDBxRGF5YkFOOWYwY1oKVXlYeWRvRUNnWUVBMW1GcWRVRGd1OTBrRDVCU29NSWNpUXFpcGorWWNHUHExOWZGcmdNb2lZNWhTZm1kbXlaYQpUQXh3NmN4Q3NDQXN1MllvSFdLK2xaM1dlYm4yaFRBKzFiNzh0WEN3NHBqck4yTzZoSmYzSktYSkRsTzVxY05tClZUbWdyWWdHQnhjZnJHRGptcGhhZFFacUdWRVFpT2d4dVZBRnArQXFCb2Ftb2traEFIREl6ZGtDZ1lFQXdxQjcKSWhKaTVNMDlDZUhGZS83bEJTSUdzQ3UySXkzbzBiUmt3Yy9FVEp3bWJ6NkEzekxQYlJER3FKRGR2WDRNUnpmegpKTDFzSVVpMkJWTEplellpd3ZjUHVWWGxHTnR3eGtqbWk5TUozWHk3eFRJMTVVN3ZQZDNvR1ZYMDAyQU9rbnlnCmJ4OW8ya3BESlFXSFZrbnRTWld0di9NeDlPblFEUzdvTEZGU3Bac0NnWUVBeVFtZG5jdHpkSGtTNGcyRGp3RzUKWk1JMmVSVFdUVDlGOFplRTU0Ukt0WVJ4czcrRGp3Vk9WRmF1WkhHS2NFUWI3cmtFRVZxU1F4ZzdFdmZUT0Y5Zgo3VzRtNmJkK0NXRkI0eldBcWVzZ2RwdUppZ2YxNmo4MWJlS1d6V1RyMGlaYkszbkl0eWI4WFJYZzFWRHg0cEZzClg4MnRJQnJWRGoyamNqaUYzRFhuK1RFQ2dZQmxlYnI1cHRCOUx5MVdDNnNsM1Y2WGNJaEFMbXBHcVZjc2ozdkIKT1l6RnpOeVZQK2Q5ZUVhQ1BTNzNFS0VzZlozMVBBeS82U3VKcHhtUWFQdTREQi9QdTNVdFVzV2lVamZZaW9YNQovVXkxZUtXR1NZbWtSNldoZ2lQVG9lZUdsaHpDNzh2T1pIZ002STlkckNaR0xVRlZEbitMQjBmU3hGMi9vZWRYCnhBYnRaUUtCZ0JyRFY1MmJTa1dwRitqdGIybytLck9kbjZVeW5DMS9FSzYyZk9HVXVCVHNwa1VrdjdSNy9HV1MKUm5EU0NPVzRRbGpTUmw1SU1KenJ1VlltQmd1ZERFVU5kdWQrN1IxQlh1YTlJT0YxRzNxakcyQWdkWXI3SktibQoyQUdWZHo5MlhlSjIyNW5XUzFRakZXZk54RUNHZEZCSW9Wam5OVzB3ZFliUk5TL016M1IrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6InZDa2N6eDdTOW1KdTdpckRBeDYtLWs1VjZBZXNGSzNqLVhsR2tfNGE2dHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGUwMGJhNWQtZTQzYy00ZTI1LThhZjUtMTAyYTEyMThiZmU5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.WyBVRp-SvAqRZ_u3yR481sgTbdA77SebkgelJzO27Ml8ZYb7RJK5XSNalB29ro3uB9DOH8Le13GCLEl04RGEn-GKi48LQCoGoY1P-CmxodjD4o48y1VPlv8dm2F09sbUdAuDNO6MMi0J0AvHgVBHBs56KWDxN7nhMSh3YVYT4p9YxoFSearetsiAhfsBlf39VCLSWQN9u77xiFh8Kq9W0CIhEeF54kr6T9BENZwtxu_eeScSa68GSHxL1r7l6eCRKOLcFBUoJmL8bBnuwr1ERAH9iTzSgOLglQWx8_2AE3st5-7wpMYGoO-AV0uBBU4olgROJOEW2nNv7cDjgp7v6A
[root@easzlab-deploy magedu]# 

下载本地,并登录测试

2.4、普通用户配置kubeconfig

[root@easzlab-deploy certs]# scp  /etc/kubeasz/bin/cfssl* root@172.16.88.157:/usr/bin
[root@easzlab-k8s-master-01 ~]# mkdir -p magedu/CA
[root@easzlab-k8s-master-01 ~]# cd magedu/CA
[root@easzlab-k8s-master-01 CA]# cfssl version  #注意cfssl版本
Version: 1.6.1
Runtime: go1.12.12
[root@easzlab-k8s-master-01 CA]# 
[root@easzlab-k8s-master-01 CA]# cfssl print-defaults config > ca-config.json #使用它生成json文件,防止手写格式错误
[root@easzlab-k8s-master-01 CA]# cfssl print-defaults csr > magedu-csr.json
[root@easzlab-k8s-master-01 CA]# cp /etc/kubernetes/ssl/ca-key.pem  .
[root@easzlab-k8s-master-01 CA]# cp /etc/kubernetes/ssl/ca.pem .
[root@easzlab-k8s-master-01 CA]# cat ca-config.json 
{
    "signing": {
        "default": {
            "expiry": "87600h"
        },
        "profiles": {
            "kubernetes": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "client": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            }
        }
    }
}
[root@easzlab-k8s-master-01 CA]# cat magedu-csr.json 
{
    "CN": "China",
    "hosts": [],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "BeiJing",
            "L": "BeiJing",
            "O": "k8s",
            "OU": "System"
        }
    ]
}
[root@easzlab-k8s-master-01 CA]# 
[root@easzlab-k8s-master-01 CA]# cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem  -ca-key=/etc/kubernetes/ssl/ca-key.pem -config=/root/ca-config.json  -profile=kubernetes magedu-csr.json | cfssljson -bare  magedu
2022/10/27 00:15:06 [INFO] generate received request
2022/10/27 00:15:06 [INFO] received CSR
2022/10/27 00:15:06 [INFO] generating key: rsa-2048
2022/10/27 00:15:07 [INFO] encoded CSR
2022/10/27 00:15:07 [INFO] signed certificate with serial number 587672493973528118639261423785767565743242661187
2022/10/27 00:15:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@easzlab-k8s-master-01 CA]# 
[root@easzlab-k8s-master-01 CA]# ll -h 
total 36K
drwxr-xr-x 2 root root 4.0K Oct 27 00:15 ./
drwxr-xr-x 3 root root 4.0K Oct 27 00:04 ../
-rw-r--r-- 1 root root  580 Oct 27 00:09 ca-config.json
-rw-r--r-- 1 root root 1.7K Oct 27 00:14 ca-key.pem
-rw-r--r-- 1 root root 1.3K Oct 27 00:14 ca.pem
-rw-r--r-- 1 root root  263 Oct 27 00:14 magedu-csr.json
-rw------- 1 root root 1.7K Oct 27 00:15 magedu-key.pem
-rw-r--r-- 1 root root  993 Oct 27 00:15 magedu.csr
-rw-r--r-- 1 root root 1.4K Oct 27 00:15 magedu.pem
[root@easzlab-k8s-master-01 CA]# 

生成magedu账号的kubeconfig文件

[root@easzlab-k8s-master-01 CA]# kubectl config set-cluster cluster1 --certificate-authority=/etc/kubernetes/ssl/ca.pem --embed-certs=true --server=https://172.16.88.157:6443 --kubeconfig=magedu.kubeconfig
Cluster "cluster1" set.
[root@easzlab-k8s-master-01 CA]# ll -h 
total 40K
drwxr-xr-x 2 root root 4.0K Oct 27 00:29 ./
drwxr-xr-x 3 root root 4.0K Oct 27 00:04 ../
-rw-r--r-- 1 root root  580 Oct 27 00:09 ca-config.json
-rw-r--r-- 1 root root 1.7K Oct 27 00:14 ca-key.pem
-rw-r--r-- 1 root root 1.3K Oct 27 00:14 ca.pem
-rw-r--r-- 1 root root  263 Oct 27 00:14 magedu-csr.json
-rw------- 1 root root 1.7K Oct 27 00:15 magedu-key.pem
-rw-r--r-- 1 root root  993 Oct 27 00:15 magedu.csr
-rw------- 1 root root 1.9K Oct 27 00:29 magedu.kubeconfig
-rw-r--r-- 1 root root 1.4K Oct 27 00:15 magedu.pem
[root@easzlab-k8s-master-01 CA]# 

#创建上下文
[root@easzlab-k8s-master-01 CA]# cp *.pem /etc/kubernetes/ssl/
[root@easzlab-k8s-master-01 CA]# ll -h /etc/kubernetes/ssl/
total 48K
drwxr-xr-x 2 root root 4.0K Oct 27 00:31 ./
drwxr-xr-x 3 root root 4.0K Oct 18 17:08 ../
-rw-r--r-- 1 root root 1.7K Oct 18 17:07 aggregator-proxy-key.pem
-rw-r--r-- 1 root root 1.4K Oct 18 17:07 aggregator-proxy.pem
-rw-r--r-- 1 root root 1.7K Oct 27 00:31 ca-key.pem
-rw-r--r-- 1 root root 1.3K Oct 27 00:31 ca.pem
-rw-r--r-- 1 root root 1.7K Oct 18 17:07 kubelet-key.pem
-rw-r--r-- 1 root root 1.5K Oct 18 17:07 kubelet.pem
-rw-r--r-- 1 root root 1.7K Oct 18 17:07 kubernetes-key.pem
-rw-r--r-- 1 root root 1.6K Oct 18 17:07 kubernetes.pem
-rw------- 1 root root 1.7K Oct 27 00:31 magedu-key.pem
-rw-r--r-- 1 root root 1.4K Oct 27 00:31 magedu.pem
[root@easzlab-k8s-master-01 CA]#
[root@easzlab-k8s-master-01 CA]# kubectl config set-credentials magedu \
> --client-certificate=/etc/kubernetes/ssl/magedu.pem \
> --client-key=/etc/kubernetes/ssl/magedu-key.pem \
> --embed-certs=true \
> --kubeconfig=magedu.kubeconfig
User "magedu" set.
[root@easzlab-k8s-master-01 CA]#
[root@easzlab-k8s-master-01 CA]# cat magedu.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVWGdMN0NMcXZGZjlEeFp2RnQrVUF6YkxsWU1Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREV6TVRJeU1UQXdXaGdQTWpFeU1qQTVNVGt4TWpJeE1EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXB3KzNoK2o1SS8yZXhWVlN2eEwvajcwWFo1ZXAKWFc1dGNsS2FnN1FmL3g1b1plOE8xeU14WlhpUEtnenFHR1M2OG1vcnBHNXZEMmhWUEVzcUlDT2hIaUZsMkFEMwpaZ01DRFdNR2VPeWs2ekdnRGJuVFVzRk83Ui92N2tOVG5CVjZCcWdLS2xHOU5xVHRyRFNQTG9lYWtUQjJxQnRWCldqaHYrWXJYWHNNVmNFYWl1RVE0d0xEODdLbXk4cjd4UnRFdHRFTEtId2RJOGlTNENhcStxeHRtL0Vvc3lUaVQKYlFiVUI0bWtHWjZzRkZ3S1NLYUxVR3o4TnExeUhrSlliSTc3WURoVUJuYU5FUUJlbVBtRWZrQmVIQ2FqYnp4MQpDS1BJYWlyckFaTmFvTVBLOXN0dUsrWUxrOVovZ0xVWXJaZTJTOFMrazZEUGx2dWozMjdiTHdLV0N3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJaElETGlTMFIxTQpicTJSWk1RUk9yRXpLczAyQ2NseFlqd2NyOGhyWG0vWWxCNmE4YkhHMnYzSEFTaSs3UVo4OSthZ3ovT2VvK0NwCjZhYkRUaVhIb2xVa1V1eWRkZDE0S0J3YW5DN3Vid0RCc3F4cjRpdGVOejVING1sMXV4YVo4Rzk0dVZ5QmdDMlUKcWprV0d0WGJ3NlJ1WStZVHVxWXpYM1M2MjFVK2h3TFdOMWNYbVJjeWREWnduTXVJK3JDd0VLTFhxTEVTRE1iRwpqaVExc2JMSTEyb1FhMDdmZStyZmZuR0FXZTdQMmZNQXUvTVF4bTlNbTgrcFgrMldnS2F1RHdwRy92Mm9aeEFPCmlRcUlDRWFZQmVjZ0xSQlRqODY4TEhWbGkxQ25xVURWakp0NTl2RDIvTFo4STVXbnFuR0ZmT05sdVlTZ0ZpRlEKbS83WHVwT3BoM2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://172.16.88.157:6443
name: cluster1
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: magedu
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJpZ0F3SUJBZ0lVWnZBbFlmK3loVW1MdnhCcUZkeEpCdXpBelVNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREkyTVRZeE1EQXdXaGdQTWpBM01qRXdNVE14TmpFd01EQmFNR0F4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURU9NQXdHQTFVRUF4TUZRMmhwYm1Fd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETm5sMG5lbTlyWUxOaURWN3EvdUZNOW1yL3JWa3cKV0pLYjNhelExNm1YSTVaS1dqelFlRWN0RmsrMjhHUkQ5b21JSEVmR21yMmJGeXM5Mm00U01QOWRpcW9sa0JpSgo4VWFKS3FQU0xGWXB0dmJ5NDBxWC9kTmZWNUM3RHNyS296VVpyNDBlTjJFWGVVTFhxZEVHREFjVFFIMzhLZnFBCmJ1cDZxSkFvWlRMMWhNQ3krdmhnNi8vUnJibW5rcWFiQkhMWlRCQ1VaNXg1VmxJU2JaODUvbmhKdHEwWExxaHUKdUo0dExyRXhRemdGUmtZVkMxVVhJWkpIWGo2aXNaak45aTJzbzdaZDVhR1ZZaEhra25GandHN2FVWDYyZkRRNAptZWZpSjhlUHNxczdZZ1RiY0hpV2t3Nk1PQ0hITkFoZHZ4V0lQWXZPSVhoZEdJbU9NQjZxUEFmNUFnTUJBQUdqCmZ6QjlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVVVZDNWE5VEZTY3ltbzNUMkI5MjZicVBjQ1k4dwpId1lEVlIwakJCZ3dGb0FVWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBRTdtRzJPYzJxalVSbTdmRytYOUMrb0Jod1V5SGNWSFNXTkIzZHRUZnRpQXpZamdHZG9oUTZhOEtWNlMKbXVpdGVWWjJYM2tSL3lUbzBpYUNyZzk5TWEwVGJib3ppZko2cmpRbkcwNVpFSWt1QTkvbWt2QmQ4UWF6bk4rMAowcGZvUnlvWFFQdDFFaitFZENhK2NXejZXY2ZvU1Z4UDZyLzJmRklSOUJVYW94dmFBYU9EcFB2RFlyUHJWQzdHClR5OUdBQW81aHpCVVZHVVNEN1RmOXVXVmJQbVJVL3pxMXBZclpBa3JVbGgwbkQrdWVldmsxRWFvVXVWN3RjOTMKaGY2S2ZSU29USFFsV3pnQktIVmQ2MUR1RHUzRW9kZWdzM1JEYWhGSVY2Yk1OWHd2aTFGZGJGMU1vaC9SMkZ4NQpmcFl1emFoSzU3SDczYXB2R1VCcFQ1SFJWdVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBelo1ZEozcHZhMkN6WWcxZTZ2N2hUUFpxLzYxWk1GaVNtOTJzME5lcGx5T1dTbG84CjBIaEhMUlpQdHZCa1EvYUppQnhIeHBxOW14Y3JQZHB1RWpEL1hZcXFKWkFZaWZGR2lTcWowaXhXS2JiMjh1TksKbC8zVFgxZVF1dzdLeXFNMUdhK05IamRoRjNsQzE2blJCZ3dIRTBCOS9DbjZnRzdxZXFpUUtHVXk5WVRBc3ZyNApZT3YvMGEyNXA1S21td1J5MlV3UWxHZWNlVlpTRW0yZk9mNTRTYmF0Rnk2b2JyaWVMUzZ4TVVNNEJVWkdGUXRWCkZ5R1NSMTQrb3JHWXpmWXRyS08yWGVXaGxXSVI1Skp4WThCdTJsRit0bncwT0pubjRpZkhqN0tyTzJJRTIzQjQKbHBNT2pEZ2h4elFJWGI4VmlEMkx6aUY0WFJpSmpqQWVxandIK1FJREFRQUJBb0lCQUhDR1B1Snc3WEtzNjk0NApCUDdEVjFhLzc5UlY4RjQxeXAzRDFXUkE4WTFGcTJTck4yYTZ1L0RmcWVZcWJpU0hVY0tMLzNlZmpTM0hveUZwClhSMVZkUnFpM1BSTGhESlJPTkd0NVJNS3NtaUh1V000b2NURjRwdmxsczNYallFUmllaXhtcCt6bk0yMHpiQ3EKUFRwNjhKQkhsZXFlcW5rSXVnZEFJZ3dKUGJiLzRGbmJoU091SUV0TDdlVXVxTE9mK3RuckNBeXVVU0wvYUFrdApiWk14L0svVE0yTDlBUVNyMEt6ZW93ZDE3bmpBRGJaandjZFRzcDIrdzVrWHpWaFFpN1AvN0xoSnBnZkZpMmJwCklSbXF0TElFQ2UwVnVmWFZYalgvQ2VnRExac3hkWXFLSXF3NUQ4SVFicXNZbjBTT1ZrbGFhc1YrNklJZWEwWE4KMzBaWDdCRUNnWUVBK1hsYnVndmZyVWVsYWNiN3N6bmZXelVESnRxcWZ6QllPSVp2MTR2ZHlKcmNzY2Q3REJ1MApLekNvZHhwUURlRGlxUkFJK0YwMzYxbEFJenZFQ3pXd2FFbHdYQTdXWHI5L2RoSVQrNm9LMS96ZVBhcWxBb0N6CitUNW9VMGZEQXRyRkY4OVJxQ2tJa3g2N3YyQjd3SGFGMCtNT1d1cGZXTHlGQzVCdkpTNnppblVDZ1lFQTB2OVMKSG1WYk5kN1dCR1M0MjBCYzVtZkhJZC9INzh6aDVkWDhoTE4yZWkzSExkTWl2WDhQTE1mUEVkYWxIcG83VXVrMApMdk5PRTBYWXQ1OW9PTGVzUDlyMmF6QTZmakRxNXRMbHBSdXRsNkY2eXNjaVJTVEc2dlF5ZGQyQXJrTjBUSTh1Clp0c3FsNDZpQUw2QnJHcmtTNTU3NXA3azh3QkVYYkRUN3FONXJ2VUNnWUVBdFJTandnMXdWRVNYQ29xR2xIZEQKYXQ2MTVQUC9vY2Fqb3BQaWhxQmRZWWtXL0d3QklxN1JQakJaZCtvL2hYTmcwcnB5NkdReGZNRVJ6d0ZJc2FKTQo0OFc2cXZlU0hyLzljdVI0WU1ueWlRaGhBSDNtdkVSVFhtMHdLSk1FT0FRMzM2cDZhUWN2MUNvUXVUNzlWSnd6ClU3T1I3ZWdGUVZIRmVMbGtFNmNzWnlrQ2dZRUF2Q3lZd0NNRXhYYUd5RVJMMkwzK0hENVJpaFJaNjdOOWc4emoKK0RWVlpJR1BNWDhyYkhUMHc2c3ZNV21NdVU0enVpM2hMRDR4VTE3bmVGdmlSek1IbTZ0Y09SdzZEbkR5RGdubwpaT2ZhV1hEYVloNVdvZk82czdBMWtJaUxTdDg5eVVtb3lIS04rYnhySHQ3SUowenRiY05hSE1ONHpIOWdlVzVLCmxIbVcvRUVDZ1lBOHVpWm9iUEtHWjRjcnIvUjN1ejJPRHBDa1AybUZCaWtyMGdPeEFqM3J4UGdPTXhSTFFsckQKZ05BYjBIbU5QczJZcHViR0ZNRlpGKzZLYnQ2OUxGc2ZSWHhScEtzb2J1RXNxRTgzQ2pNa2xqS3R4ZGJkaHNyLwpXNWsyWTFoUlZ6c2dKaE9uWkx1Z3VhdHZ3SlJHSVo1KzhEM2pLL05vam9lbDNCcHpLb2hZN3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
[root@easzlab-k8s-master-01 CA]#
[root@easzlab-k8s-master-01 CA]# kubectl config set-context cluster1 \
> --cluster=cluster1 \
> --user=magedu \
> --namespace=magedu \
> --kubeconfig=magedu.kubeconfig
Context "cluster1" created.
[root@easzlab-k8s-master-01 CA]#
[root@easzlab-k8s-master-01 CA]# kubectl config use-context cluster1 --kubeconfig=magedu.kubeconfig
Switched to context "cluster1".
[root@easzlab-k8s-master-01 CA]#
[root@easzlab-k8s-master-01 CA]# cat magedu.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVWGdMN0NMcXZGZjlEeFp2RnQrVUF6YkxsWU1Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREV6TVRJeU1UQXdXaGdQTWpFeU1qQTVNVGt4TWpJeE1EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXB3KzNoK2o1SS8yZXhWVlN2eEwvajcwWFo1ZXAKWFc1dGNsS2FnN1FmL3g1b1plOE8xeU14WlhpUEtnenFHR1M2OG1vcnBHNXZEMmhWUEVzcUlDT2hIaUZsMkFEMwpaZ01DRFdNR2VPeWs2ekdnRGJuVFVzRk83Ui92N2tOVG5CVjZCcWdLS2xHOU5xVHRyRFNQTG9lYWtUQjJxQnRWCldqaHYrWXJYWHNNVmNFYWl1RVE0d0xEODdLbXk4cjd4UnRFdHRFTEtId2RJOGlTNENhcStxeHRtL0Vvc3lUaVQKYlFiVUI0bWtHWjZzRkZ3S1NLYUxVR3o4TnExeUhrSlliSTc3WURoVUJuYU5FUUJlbVBtRWZrQmVIQ2FqYnp4MQpDS1BJYWlyckFaTmFvTVBLOXN0dUsrWUxrOVovZ0xVWXJaZTJTOFMrazZEUGx2dWozMjdiTHdLV0N3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJaElETGlTMFIxTQpicTJSWk1RUk9yRXpLczAyQ2NseFlqd2NyOGhyWG0vWWxCNmE4YkhHMnYzSEFTaSs3UVo4OSthZ3ovT2VvK0NwCjZhYkRUaVhIb2xVa1V1eWRkZDE0S0J3YW5DN3Vid0RCc3F4cjRpdGVOejVING1sMXV4YVo4Rzk0dVZ5QmdDMlUKcWprV0d0WGJ3NlJ1WStZVHVxWXpYM1M2MjFVK2h3TFdOMWNYbVJjeWREWnduTXVJK3JDd0VLTFhxTEVTRE1iRwpqaVExc2JMSTEyb1FhMDdmZStyZmZuR0FXZTdQMmZNQXUvTVF4bTlNbTgrcFgrMldnS2F1RHdwRy92Mm9aeEFPCmlRcUlDRWFZQmVjZ0xSQlRqODY4TEhWbGkxQ25xVURWakp0NTl2RDIvTFo4STVXbnFuR0ZmT05sdVlTZ0ZpRlEKbS83WHVwT3BoM2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://172.16.88.157:6443
name: cluster1
contexts:
- context:
cluster: cluster1
namespace: magedu
user: magedu
name: cluster1
current-context: cluster1
kind: Config
preferences: {}
users:
- name: magedu
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJpZ0F3SUJBZ0lVWnZBbFlmK3loVW1MdnhCcUZkeEpCdXpBelVNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREkyTVRZeE1EQXdXaGdQTWpBM01qRXdNVE14TmpFd01EQmFNR0F4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURU9NQXdHQTFVRUF4TUZRMmhwYm1Fd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETm5sMG5lbTlyWUxOaURWN3EvdUZNOW1yL3JWa3cKV0pLYjNhelExNm1YSTVaS1dqelFlRWN0RmsrMjhHUkQ5b21JSEVmR21yMmJGeXM5Mm00U01QOWRpcW9sa0JpSgo4VWFKS3FQU0xGWXB0dmJ5NDBxWC9kTmZWNUM3RHNyS296VVpyNDBlTjJFWGVVTFhxZEVHREFjVFFIMzhLZnFBCmJ1cDZxSkFvWlRMMWhNQ3krdmhnNi8vUnJibW5rcWFiQkhMWlRCQ1VaNXg1VmxJU2JaODUvbmhKdHEwWExxaHUKdUo0dExyRXhRemdGUmtZVkMxVVhJWkpIWGo2aXNaak45aTJzbzdaZDVhR1ZZaEhra25GandHN2FVWDYyZkRRNAptZWZpSjhlUHNxczdZZ1RiY0hpV2t3Nk1PQ0hITkFoZHZ4V0lQWXZPSVhoZEdJbU9NQjZxUEFmNUFnTUJBQUdqCmZ6QjlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVVVZDNWE5VEZTY3ltbzNUMkI5MjZicVBjQ1k4dwpId1lEVlIwakJCZ3dGb0FVWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBRTdtRzJPYzJxalVSbTdmRytYOUMrb0Jod1V5SGNWSFNXTkIzZHRUZnRpQXpZamdHZG9oUTZhOEtWNlMKbXVpdGVWWjJYM2tSL3lUbzBpYUNyZzk5TWEwVGJib3ppZko2cmpRbkcwNVpFSWt1QTkvbWt2QmQ4UWF6bk4rMAowcGZvUnlvWFFQdDFFaitFZENhK2NXejZXY2ZvU1Z4UDZyLzJmRklSOUJVYW94dmFBYU9EcFB2RFlyUHJWQzdHClR5OUdBQW81aHpCVVZHVVNEN1RmOXVXVmJQbVJVL3pxMXBZclpBa3JVbGgwbkQrdWVldmsxRWFvVXVWN3RjOTMKaGY2S2ZSU29USFFsV3pnQktIVmQ2MUR1RHUzRW9kZWdzM1JEYWhGSVY2Yk1OWHd2aTFGZGJGMU1vaC9SMkZ4NQpmcFl1emFoSzU3SDczYXB2R1VCcFQ1SFJWdVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBelo1ZEozcHZhMkN6WWcxZTZ2N2hUUFpxLzYxWk1GaVNtOTJzME5lcGx5T1dTbG84CjBIaEhMUlpQdHZCa1EvYUppQnhIeHBxOW14Y3JQZHB1RWpEL1hZcXFKWkFZaWZGR2lTcWowaXhXS2JiMjh1TksKbC8zVFgxZVF1dzdLeXFNMUdhK05IamRoRjNsQzE2blJCZ3dIRTBCOS9DbjZnRzdxZXFpUUtHVXk5WVRBc3ZyNApZT3YvMGEyNXA1S21td1J5MlV3UWxHZWNlVlpTRW0yZk9mNTRTYmF0Rnk2b2JyaWVMUzZ4TVVNNEJVWkdGUXRWCkZ5R1NSMTQrb3JHWXpmWXRyS08yWGVXaGxXSVI1Skp4WThCdTJsRit0bncwT0pubjRpZkhqN0tyTzJJRTIzQjQKbHBNT2pEZ2h4elFJWGI4VmlEMkx6aUY0WFJpSmpqQWVxandIK1FJREFRQUJBb0lCQUhDR1B1Snc3WEtzNjk0NApCUDdEVjFhLzc5UlY4RjQxeXAzRDFXUkE4WTFGcTJTck4yYTZ1L0RmcWVZcWJpU0hVY0tMLzNlZmpTM0hveUZwClhSMVZkUnFpM1BSTGhESlJPTkd0NVJNS3NtaUh1V000b2NURjRwdmxsczNYallFUmllaXhtcCt6bk0yMHpiQ3EKUFRwNjhKQkhsZXFlcW5rSXVnZEFJZ3dKUGJiLzRGbmJoU091SUV0TDdlVXVxTE9mK3RuckNBeXVVU0wvYUFrdApiWk14L0svVE0yTDlBUVNyMEt6ZW93ZDE3bmpBRGJaandjZFRzcDIrdzVrWHpWaFFpN1AvN0xoSnBnZkZpMmJwCklSbXF0TElFQ2UwVnVmWFZYalgvQ2VnRExac3hkWXFLSXF3NUQ4SVFicXNZbjBTT1ZrbGFhc1YrNklJZWEwWE4KMzBaWDdCRUNnWUVBK1hsYnVndmZyVWVsYWNiN3N6bmZXelVESnRxcWZ6QllPSVp2MTR2ZHlKcmNzY2Q3REJ1MApLekNvZHhwUURlRGlxUkFJK0YwMzYxbEFJenZFQ3pXd2FFbHdYQTdXWHI5L2RoSVQrNm9LMS96ZVBhcWxBb0N6CitUNW9VMGZEQXRyRkY4OVJxQ2tJa3g2N3YyQjd3SGFGMCtNT1d1cGZXTHlGQzVCdkpTNnppblVDZ1lFQTB2OVMKSG1WYk5kN1dCR1M0MjBCYzVtZkhJZC9INzh6aDVkWDhoTE4yZWkzSExkTWl2WDhQTE1mUEVkYWxIcG83VXVrMApMdk5PRTBYWXQ1OW9PTGVzUDlyMmF6QTZmakRxNXRMbHBSdXRsNkY2eXNjaVJTVEc2dlF5ZGQyQXJrTjBUSTh1Clp0c3FsNDZpQUw2QnJHcmtTNTU3NXA3azh3QkVYYkRUN3FONXJ2VUNnWUVBdFJTandnMXdWRVNYQ29xR2xIZEQKYXQ2MTVQUC9vY2Fqb3BQaWhxQmRZWWtXL0d3QklxN1JQakJaZCtvL2hYTmcwcnB5NkdReGZNRVJ6d0ZJc2FKTQo0OFc2cXZlU0hyLzljdVI0WU1ueWlRaGhBSDNtdkVSVFhtMHdLSk1FT0FRMzM2cDZhUWN2MUNvUXVUNzlWSnd6ClU3T1I3ZWdGUVZIRmVMbGtFNmNzWnlrQ2dZRUF2Q3lZd0NNRXhYYUd5RVJMMkwzK0hENVJpaFJaNjdOOWc4emoKK0RWVlpJR1BNWDhyYkhUMHc2c3ZNV21NdVU0enVpM2hMRDR4VTE3bmVGdmlSek1IbTZ0Y09SdzZEbkR5RGdubwpaT2ZhV1hEYVloNVdvZk82czdBMWtJaUxTdDg5eVVtb3lIS04rYnhySHQ3SUowenRiY05hSE1ONHpIOWdlVzVLCmxIbVcvRUVDZ1lBOHVpWm9iUEtHWjRjcnIvUjN1ejJPRHBDa1AybUZCaWtyMGdPeEFqM3J4UGdPTXhSTFFsckQKZ05BYjBIbU5QczJZcHViR0ZNRlpGKzZLYnQ2OUxGc2ZSWHhScEtzb2J1RXNxRTgzQ2pNa2xqS3R4ZGJkaHNyLwpXNWsyWTFoUlZ6c2dKaE9uWkx1Z3VhdHZ3SlJHSVo1KzhEM2pLL05vam9lbDNCcHpLb2hZN3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
[root@easzlab-k8s-master-01 CA]#

在magedu.kubeconfig后面追加token即可

[root@easzlab-k8s-master-01 CA]# kubectl describe secrets -n magedu magedu-admin-user
Name:         magedu-admin-user
Namespace:    magedu
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: magedu
              kubernetes.io/service-account.uid: 105d6824-e3d0-4f95-be5e-4bfb2221e349

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1302 bytes
namespace:  6 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InZDa2N6eDdTOW1KdTdpckRBeDYtLWs1VjZBZXNGSzNqLVhsR2tfNGE2dHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtYWdlZHUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoibWFnZWR1LWFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibWFnZWR1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTA1ZDY4MjQtZTNkMC00Zjk1LWJlNWUtNGJmYjIyMjFlMzQ5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om1hZ2VkdTptYWdlZHUifQ.ZE0cKcT5u5yZASIp54IDAczG6vyugxeHHBjukqBI70g-L1GsieTIGG95c1YkKjXWxO5mi2jUAmiGHfGHcnj7YHKWbiE839CXQ6_WHy4Wzjxm-HbBG4ytfTUUec1giEXMGZ2Gki8myOsFmB-5rT1mA3uGcdnf2HAr05B_MAHF4ndTaNEq0K4vRRjP_WMVNFmAsh50Aw_iUz3yzEr-ZHpp-er6QTvUzBVtQdY1L791aTKi2NsL14QYJ-XZ6b5vZZ9z7G88F1fY1Qm_FhjevUj2hqEmYKZTa_hfDcpELKoVqe7rU0o2cSSITGBzWYcvlc-NP1t_IZJIY83Xbbrl8KsTBA
[root@easzlab-k8s-master-01 CA]# vi magedu.kubeconfig 
[root@easzlab-k8s-master-01 CA]# cat magedu.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVWGdMN0NMcXZGZjlEeFp2RnQrVUF6YkxsWU1Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREV6TVRJeU1UQXdXaGdQTWpFeU1qQTVNVGt4TWpJeE1EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXB3KzNoK2o1SS8yZXhWVlN2eEwvajcwWFo1ZXAKWFc1dGNsS2FnN1FmL3g1b1plOE8xeU14WlhpUEtnenFHR1M2OG1vcnBHNXZEMmhWUEVzcUlDT2hIaUZsMkFEMwpaZ01DRFdNR2VPeWs2ekdnRGJuVFVzRk83Ui92N2tOVG5CVjZCcWdLS2xHOU5xVHRyRFNQTG9lYWtUQjJxQnRWCldqaHYrWXJYWHNNVmNFYWl1RVE0d0xEODdLbXk4cjd4UnRFdHRFTEtId2RJOGlTNENhcStxeHRtL0Vvc3lUaVQKYlFiVUI0bWtHWjZzRkZ3S1NLYUxVR3o4TnExeUhrSlliSTc3WURoVUJuYU5FUUJlbVBtRWZrQmVIQ2FqYnp4MQpDS1BJYWlyckFaTmFvTVBLOXN0dUsrWUxrOVovZ0xVWXJaZTJTOFMrazZEUGx2dWozMjdiTHdLV0N3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJaElETGlTMFIxTQpicTJSWk1RUk9yRXpLczAyQ2NseFlqd2NyOGhyWG0vWWxCNmE4YkhHMnYzSEFTaSs3UVo4OSthZ3ovT2VvK0NwCjZhYkRUaVhIb2xVa1V1eWRkZDE0S0J3YW5DN3Vid0RCc3F4cjRpdGVOejVING1sMXV4YVo4Rzk0dVZ5QmdDMlUKcWprV0d0WGJ3NlJ1WStZVHVxWXpYM1M2MjFVK2h3TFdOMWNYbVJjeWREWnduTXVJK3JDd0VLTFhxTEVTRE1iRwpqaVExc2JMSTEyb1FhMDdmZStyZmZuR0FXZTdQMmZNQXUvTVF4bTlNbTgrcFgrMldnS2F1RHdwRy92Mm9aeEFPCmlRcUlDRWFZQmVjZ0xSQlRqODY4TEhWbGkxQ25xVURWakp0NTl2RDIvTFo4STVXbnFuR0ZmT05sdVlTZ0ZpRlEKbS83WHVwT3BoM2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.16.88.157:6443
  name: cluster1
contexts:
- context:
    cluster: cluster1
    namespace: magedu
    user: magedu
  name: cluster1
current-context: cluster1
kind: Config
preferences: {}
users:
- name: magedu
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJpZ0F3SUJBZ0lVWnZBbFlmK3loVW1MdnhCcUZkeEpCdXpBelVNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXhNREkyTVRZeE1EQXdXaGdQTWpBM01qRXdNVE14TmpFd01EQmFNR0F4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURU9NQXdHQTFVRUF4TUZRMmhwYm1Fd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETm5sMG5lbTlyWUxOaURWN3EvdUZNOW1yL3JWa3cKV0pLYjNhelExNm1YSTVaS1dqelFlRWN0RmsrMjhHUkQ5b21JSEVmR21yMmJGeXM5Mm00U01QOWRpcW9sa0JpSgo4VWFKS3FQU0xGWXB0dmJ5NDBxWC9kTmZWNUM3RHNyS296VVpyNDBlTjJFWGVVTFhxZEVHREFjVFFIMzhLZnFBCmJ1cDZxSkFvWlRMMWhNQ3krdmhnNi8vUnJibW5rcWFiQkhMWlRCQ1VaNXg1VmxJU2JaODUvbmhKdHEwWExxaHUKdUo0dExyRXhRemdGUmtZVkMxVVhJWkpIWGo2aXNaak45aTJzbzdaZDVhR1ZZaEhra25GandHN2FVWDYyZkRRNAptZWZpSjhlUHNxczdZZ1RiY0hpV2t3Nk1PQ0hITkFoZHZ4V0lQWXZPSVhoZEdJbU9NQjZxUEFmNUFnTUJBQUdqCmZ6QjlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVVVZDNWE5VEZTY3ltbzNUMkI5MjZicVBjQ1k4dwpId1lEVlIwakJCZ3dGb0FVWFV3QUxvWU5HeGZJRy84QnJQbGV6WmQzdWFRd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBRTdtRzJPYzJxalVSbTdmRytYOUMrb0Jod1V5SGNWSFNXTkIzZHRUZnRpQXpZamdHZG9oUTZhOEtWNlMKbXVpdGVWWjJYM2tSL3lUbzBpYUNyZzk5TWEwVGJib3ppZko2cmpRbkcwNVpFSWt1QTkvbWt2QmQ4UWF6bk4rMAowcGZvUnlvWFFQdDFFaitFZENhK2NXejZXY2ZvU1Z4UDZyLzJmRklSOUJVYW94dmFBYU9EcFB2RFlyUHJWQzdHClR5OUdBQW81aHpCVVZHVVNEN1RmOXVXVmJQbVJVL3pxMXBZclpBa3JVbGgwbkQrdWVldmsxRWFvVXVWN3RjOTMKaGY2S2ZSU29USFFsV3pnQktIVmQ2MUR1RHUzRW9kZWdzM1JEYWhGSVY2Yk1OWHd2aTFGZGJGMU1vaC9SMkZ4NQpmcFl1emFoSzU3SDczYXB2R1VCcFQ1SFJWdVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBelo1ZEozcHZhMkN6WWcxZTZ2N2hUUFpxLzYxWk1GaVNtOTJzME5lcGx5T1dTbG84CjBIaEhMUlpQdHZCa1EvYUppQnhIeHBxOW14Y3JQZHB1RWpEL1hZcXFKWkFZaWZGR2lTcWowaXhXS2JiMjh1TksKbC8zVFgxZVF1dzdLeXFNMUdhK05IamRoRjNsQzE2blJCZ3dIRTBCOS9DbjZnRzdxZXFpUUtHVXk5WVRBc3ZyNApZT3YvMGEyNXA1S21td1J5MlV3UWxHZWNlVlpTRW0yZk9mNTRTYmF0Rnk2b2JyaWVMUzZ4TVVNNEJVWkdGUXRWCkZ5R1NSMTQrb3JHWXpmWXRyS08yWGVXaGxXSVI1Skp4WThCdTJsRit0bncwT0pubjRpZkhqN0tyTzJJRTIzQjQKbHBNT2pEZ2h4elFJWGI4VmlEMkx6aUY0WFJpSmpqQWVxandIK1FJREFRQUJBb0lCQUhDR1B1Snc3WEtzNjk0NApCUDdEVjFhLzc5UlY4RjQxeXAzRDFXUkE4WTFGcTJTck4yYTZ1L0RmcWVZcWJpU0hVY0tMLzNlZmpTM0hveUZwClhSMVZkUnFpM1BSTGhESlJPTkd0NVJNS3NtaUh1V000b2NURjRwdmxsczNYallFUmllaXhtcCt6bk0yMHpiQ3EKUFRwNjhKQkhsZXFlcW5rSXVnZEFJZ3dKUGJiLzRGbmJoU091SUV0TDdlVXVxTE9mK3RuckNBeXVVU0wvYUFrdApiWk14L0svVE0yTDlBUVNyMEt6ZW93ZDE3bmpBRGJaandjZFRzcDIrdzVrWHpWaFFpN1AvN0xoSnBnZkZpMmJwCklSbXF0TElFQ2UwVnVmWFZYalgvQ2VnRExac3hkWXFLSXF3NUQ4SVFicXNZbjBTT1ZrbGFhc1YrNklJZWEwWE4KMzBaWDdCRUNnWUVBK1hsYnVndmZyVWVsYWNiN3N6bmZXelVESnRxcWZ6QllPSVp2MTR2ZHlKcmNzY2Q3REJ1MApLekNvZHhwUURlRGlxUkFJK0YwMzYxbEFJenZFQ3pXd2FFbHdYQTdXWHI5L2RoSVQrNm9LMS96ZVBhcWxBb0N6CitUNW9VMGZEQXRyRkY4OVJxQ2tJa3g2N3YyQjd3SGFGMCtNT1d1cGZXTHlGQzVCdkpTNnppblVDZ1lFQTB2OVMKSG1WYk5kN1dCR1M0MjBCYzVtZkhJZC9INzh6aDVkWDhoTE4yZWkzSExkTWl2WDhQTE1mUEVkYWxIcG83VXVrMApMdk5PRTBYWXQ1OW9PTGVzUDlyMmF6QTZmakRxNXRMbHBSdXRsNkY2eXNjaVJTVEc2dlF5ZGQyQXJrTjBUSTh1Clp0c3FsNDZpQUw2QnJHcmtTNTU3NXA3azh3QkVYYkRUN3FONXJ2VUNnWUVBdFJTandnMXdWRVNYQ29xR2xIZEQKYXQ2MTVQUC9vY2Fqb3BQaWhxQmRZWWtXL0d3QklxN1JQakJaZCtvL2hYTmcwcnB5NkdReGZNRVJ6d0ZJc2FKTQo0OFc2cXZlU0hyLzljdVI0WU1ueWlRaGhBSDNtdkVSVFhtMHdLSk1FT0FRMzM2cDZhUWN2MUNvUXVUNzlWSnd6ClU3T1I3ZWdGUVZIRmVMbGtFNmNzWnlrQ2dZRUF2Q3lZd0NNRXhYYUd5RVJMMkwzK0hENVJpaFJaNjdOOWc4emoKK0RWVlpJR1BNWDhyYkhUMHc2c3ZNV21NdVU0enVpM2hMRDR4VTE3bmVGdmlSek1IbTZ0Y09SdzZEbkR5RGdubwpaT2ZhV1hEYVloNVdvZk82czdBMWtJaUxTdDg5eVVtb3lIS04rYnhySHQ3SUowenRiY05hSE1ONHpIOWdlVzVLCmxIbVcvRUVDZ1lBOHVpWm9iUEtHWjRjcnIvUjN1ejJPRHBDa1AybUZCaWtyMGdPeEFqM3J4UGdPTXhSTFFsckQKZ05BYjBIbU5QczJZcHViR0ZNRlpGKzZLYnQ2OUxGc2ZSWHhScEtzb2J1RXNxRTgzQ2pNa2xqS3R4ZGJkaHNyLwpXNWsyWTFoUlZ6c2dKaE9uWkx1Z3VhdHZ3SlJHSVo1KzhEM2pLL05vam9lbDNCcHpLb2hZN3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6InZDa2N6eDdTOW1KdTdpckRBeDYtLWs1VjZBZXNGSzNqLVhsR2tfNGE2dHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtYWdlZHUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoibWFnZWR1LWFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibWFnZWR1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTA1ZDY4MjQtZTNkMC00Zjk1LWJlNWUtNGJmYjIyMjFlMzQ5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om1hZ2VkdTptYWdlZHUifQ.ZE0cKcT5u5yZASIp54IDAczG6vyugxeHHBjukqBI70g-L1GsieTIGG95c1YkKjXWxO5mi2jUAmiGHfGHcnj7YHKWbiE839CXQ6_WHy4Wzjxm-HbBG4ytfTUUec1giEXMGZ2Gki8myOsFmB-5rT1mA3uGcdnf2HAr05B_MAHF4ndTaNEq0K4vRRjP_WMVNFmAsh50Aw_iUz3yzEr-ZHpp-er6QTvUzBVtQdY1L791aTKi2NsL14QYJ-XZ6b5vZZ9z7G88F1fY1Qm_FhjevUj2hqEmYKZTa_hfDcpELKoVqe7rU0o2cSSITGBzWYcvlc-NP1t_IZJIY83Xbbrl8KsTBA
[root@easzlab-k8s-master-01 CA]# 

下载magedu.kubeconfig 文件进行验证

 

posted @ 2022-10-25 15:51  cyh00001  阅读(1218)  评论(0编辑  收藏  举报