Kubernetes——k8s集群外主机通过kubectl访问集群

k8s集群外主机通过kubectl访问集群

  你可以使用 Kubectl 命令行工具管理 Kubernetes 集群。kubectl 在 $HOME/.kube 目录中查找一个名为 config 的配置文件。你可以通过设置 KUBECONFIG 环境变量或设置 --kubeconfig 参数来指定其它 kubeconfig 文件。

  官网相关资源:

使用 kubeconfig 文件组织集群访问

配置对多集群的访问

问题背景:

  需要在 kubernetes 集群外访问 kubernetes 中的资源对象。由于 kubectl 命令行工具管理 kubernetes 集群,需要 kubeconfig 的配置文件,其中包含获取访问 kube-apiserver 地址、证书、用户名等信息。

环境准备:

[root@k8s-master-01 ~]# kubectl get nodes
NAME                            STATUS   ROLES                  AGE   VERSION
k8s-master-01-192.168.153.201   Ready    control-plane,master   65m   v1.20.10
k8s-master-02-192.168.153.202   Ready    control-plane,master   65m   v1.20.10
k8s-worker-01-192.168.153.211   Ready    worker                 65m   v1.20.10
k8s-worker-02-192.168.153.212   Ready    worker                 65m   v1.20.10
[root@k8s-master-01 ~]#

操作配置:

  在 master 集群节点上执行如下命令:

# 1 设置集群参数(注意:单master集群为master节点私网IP,高可用集群为虚拟IP)
kubectl config set-cluster kubernetes \
  --server=https://192.168.153.200:16443 \
  --certificate-authority=/etc/kubernetes/pki/ca.pem \
  --embed-certs=true \
  --kubeconfig=config


# 2 设置客户端认证参数
kubectl config set-credentials cluster-admin \
  --certificate-authority=/etc/kubernetes/pki/ca.pem \
  --embed-certs=true \
  --client-key=/etc/kubernetes/pki/admin.key \
  --client-certificate=/etc/kubernetes/pki/admin.pem \
  --kubeconfig=config
  
# 3 设置上下文参数
kubectl config set-context default \
  --cluster=kubernetes \
  --user=cluster-admin \
  --kubeconfig=config
  
# 4 设置默认上下文
kubectl config use-context default --kubeconfig=config

  当前目录下会生成 config 文件,config 文件内容如下:

[root@k8s-master-01 ~]# cat config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrakNDQWVLZ0F3SUJBZ0lVRDQ5Mndpd3E4Z2VqN0p6RnVLNjREZXNUSnJzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF3d0thM1ZpWlhKdVpYUmxjekFlRncweU1UQTNNamN4TmpNMU1URmFGdzB6TVRBMwpNalV4TmpNMU1URmFNQlV4RXpBUkJnTlZCQU1NQ210MVltVnlibVYwWlhNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVHcwMHR1K2wxZ2Z1MzFmMjJncG51ekNXZUhZVTZOL0dmcUw4dzhkVlcKb0dqOVFlSnpOUmtmWVZ5bFRndm1USVA0Nzd6akJGdUl3elNIc204MVQ4RGZUUjJsM2RPbjRWMEQxTUhsUjFraApBTk80MU9idDUxM1BSZG9pc3ZFaHhBaTdwMm8vR295WG5Jd1ZOL2YxYU9FNlpBY1NzeHl2VHhNS0JmWXRRcEhTCnRxWnNvSUE5a1hrdzdhNzVrckd4anV0VWpyUGtKUzgzM09UdnJGQUUrUnFrbjIwMTIzU1BqMlhzR2t5aldCdUkKZFBRNUJreTNsK09zSUZZUERFZVI5LzRnM2ZFdENWU0Q3NnRGMmppT3BJSFZYVi9jcVowUXN2ZEtQbVQ4anZtRwplUDlYVXorRDRNeEpXa3VPakVvTUJYd0pNM05NdUZpWGJGaHVOSEd4cm1iSEFnTUJBQUdqUWpCQU1BNEdBMVVkCkR3RUIvd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEdkRm9aKzdha2MvMzgKNkhUSm05b0FRVzFDc1RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUlheTNvTThZQURBTlZPRmM1aXlzakdUaApua1ZGZjlBeW5PYW13bll1aTVScDhSY3ZlTlFYS2krRHVwZDE3VTBkMDZUZS9MejhnMVY3TlZyOHAwTjBUcm0wCjMybXVneTZueEp0aWc5VVk2bENIVUdkd3JCMGltWTg3bkJnNzlEWExFSVM1S2RmQjFBUWpaa0FpWWFwNmRhMDIKeVRQZGFBUnVvSjg5VG91ZnBwdzY3YkZ3SmpmaktpMVo5MzBxRHdKS1V5SEpGTTZ0aHVpWVFWZkNRZnBmaUtSegpEdnluYktRdUQrMms5UllLSEk2RXBWdzRiTHdXcTBMUWMrZXliSWV5N0x0Qjlad2QxZmdvNHJwT29odXJES0p4CjNVTTJsZ1hBcHZFOVV3U2Z3SlNBcUFRQ0MvcytqcUhmUjVTQmtLazY4UjRkSUIxVzFGRnNPQkM2TlFrd0J3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    server: https://192.168.153.200:16443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: cluster-admin
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: cluster-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lVTU9GR3lYWjBLY0hWUkhWR2gwclhSN2grSHpFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF3d0thM1ZpWlhKdVpYUmxjekFlRncweU1UQTNNamt4TmpJMk16WmFGdzB6TVRBMwpNamN4TmpJMk16WmFNRFF4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyCmRXSmxjbTVsZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEKbkI5NDBsK0d4dzR0YkNhWlBTQnhrTzJUZ0pEVzZPdXBlQ0FiNEMxN2JrSThWWWpuWVZjVHBhSFFTMTdIV1I5UQpzRGhHbEVzYUJZOWRpK3ZZd0xqam4wYmo0ckpINWZ5WjhvL1d6L3FpMVhXQ1RPQUhOSDAyeE9zMnRmUnNjbVdQCjlEcVRQS1pTQ1pzWW1ROWhFb2lDbkE2eElSaEVManBQakhjK21vZFY5TnMzWFUzQUNPUjZXMncyR01HWHdWY0oKMHVxeG1VVEV5UitSNHlUZkdMSWVaOVNvdUVCYURHSVVSNURvaWZRYWxCZ2NTZENPR1p4TnBuYk9qS1hUanE4bAp6TnNBQzF0Y0RsbEZuaXlKdVhaSDFRa3pHV2NzN0l1Z09KT2tNWWxzM2orbDcwTkZBTXFycllyQ1NhRUdHa1owCnBNZHlWWU9qWTdkU0gvNytoWkxQYVFJREFRQUJvelV3TXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGwKQkF3d0NnWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpYUnUrVFJleUFwR09sb0V4SlhacGY4VlBmOVZqcDhjVGc0eWI3L2g4ZnpZRWFaVXZqNThSc0cyZjRMRHl1VEN0Cm95NkhYM3lqU05wdlVQWHdWelJ3cHphWVo3TVVRa1JmVkNkUCtlbkdCSHU0VllLeHZnTjhVM0N2SjBldWdXR24KRmpFZC9OM1lnYmZKWGRhZFVNRnVsL0N1OE9TTUpXL1hsVS9QcUxKUjVKc01QVzVvZ25TS3l6R2FKSmJRUGRUZwpWR1hVeWVlT0V2Yy9Rd3FIdmNBb08reDQvRFJvMy9Gdi9vRUt5MmkrUVljUW5NQjhmc3loK3lQc2c0b1JxajgrCkt5MGhtNG5pbjFSWnpYMC9wbWJlWFpNT09IQ0pTbEFXazBMcGJtRG9SRUw1NU5lWlNwNUFUOFVXRG1TS3Y1MEwKS254ZHo2TmJ2V2ZUUzZhbEpzSzdsUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbkI5NDBsK0d4dzR0YkNhWlBTQnhrTzJUZ0pEVzZPdXBlQ0FiNEMxN2JrSThWWWpuCllWY1RwYUhRUzE3SFdSOVFzRGhHbEVzYUJZOWRpK3ZZd0xqam4wYmo0ckpINWZ5WjhvL1d6L3FpMVhXQ1RPQUgKTkgwMnhPczJ0ZlJzY21XUDlEcVRQS1pTQ1pzWW1ROWhFb2lDbkE2eElSaEVManBQakhjK21vZFY5TnMzWFUzQQpDT1I2VzJ3MkdNR1h3VmNKMHVxeG1VVEV5UitSNHlUZkdMSWVaOVNvdUVCYURHSVVSNURvaWZRYWxCZ2NTZENPCkdaeE5wbmJPaktYVGpxOGx6TnNBQzF0Y0RsbEZuaXlKdVhaSDFRa3pHV2NzN0l1Z09KT2tNWWxzM2orbDcwTkYKQU1xcnJZckNTYUVHR2taMHBNZHlWWU9qWTdkU0gvNytoWkxQYVFJREFRQUJBb0lCQUZ6RFptcTVUNytlY09hOQoySGMxZThUOUpKTlRmQjVSU0JTVUgzd0lDanJ0S0NRNmdDQ2FPSlpGbXhudGFzMU5pZ2ZxcUNVY3FvMTdMYjRoCm1GeUtmdFQ0cmhiWWoxZmJ5eTBRd2pZNVdkOHpQd1NtYUNHTDlLcjBoMEY5eGFJRExwR1M3RUV4SWJXTGJnWWoKMlMzRjVyVUxGYnZ3U3pLY2V2K2ZLcGR1cW1nZG15WWMxRFpyYnRLZ2V0VWFYcHhiSzNuU1dFWG9JYmN1TTVBTgpIbnFmaWs1SEw3Z1lGa2JnSWMzQ2FLZUZ1V2JoTGgvTEdmUXdSd2trK0NpYnNYTGdNK0llVnl3aFBCS1FsOE5LCldsNjczQm40MzE3dmRGcUhRY0tOUVVEODRnNDJna3hIVExuS0w1by8wSFYzSmxjRnNMZnBKU2s5RTZhRGU0UzQKb00rZTlBRUNnWUVBeWRKblRKU0g2bGpzSkFVN0k3VWpPK2V0WVVRRDQwanoyeVhDQlkramw0ZFhsUUtUbWx1KwpPaXN3L3NlWjZ1OExYOVlsYUdJZm5zclRCS0JVNWp0OGFRd3A2MldyZk9mWkJNamVsOUZuYnp0VEQ5Y0I0L24vCk5CMWp0VDFtOCtTckRSZ1FhK2Z3eWsxTTVTY2pWSUF6QzQ4THhpenM1a05MOHNRRVBvV2J0UWtDZ1lFQXhnaUwKK1hmalB6WldBeWZSaUdJdWNOL0RHVGFQOVVFUER2b3VGT09jSVI5VUNtNTlqbjdSWk1tL25pdFhEUHRDbktCUQpCR2M5bWhtelM1dmYvcW4rU0lGYXI5eURad0JYQVNTYUZ2cFlrRm5VZWJtSE5tdmloQzZuUlJaaXEyUlhqd040CjEveEdCNzErZ285V0Y0cGdXMWp2aGRySnVQbDBBc1JGbTJ0V1AyRUNnWUVBa0dMTXNFYmE3ZGRzS1dEc3JHRWMKc2ZEUFkzU3JhMkYzeEdMQTZnV1hQZ0wvcjRWR1gvb2VuN0xpdklQRUpBV2NsNVcyOFhTeHRvTFljTWpidEZMKwpjSkRaTktWcUNGUStPR1FVaTN5dWlTOWgvMFVNL3pLTlY1Vm5EZlM5d09McFZOYlFlTUpZekFKOWJydVBWUmJhCmJmeUtxZDdlSk9Za1lhdkdkWXhVbHpFQ2dZQWdIVnExeGg5d0xOdWQvMk1YZnZTUkVYaU9LaThHVXRxaVR5Z1IKOHlkcXA2MzFVeDNCY2dkN0ZNeWlWZHowR2ZzZmMxQUdwc2R5cWlCTmJxWFFvcmkrQVZ3M2tNY3VlUHVqRDlCOQpVWFB6Vk40RUwzWWgrVFR1d3JJVm5oKzZNN2VQVmJ6UEtmWWhZeldVN3JIRGQ0bFF4d2R3Nlo0MUJSOHZJNjAyCkd4NE5nUUtCZ1FDSFhxeTc2SWo4Wkk3ajVLSEFmREhycFhjSmpOQVI0NGFJQmdOYnpEZG5oYy95em9CSHZPNHkKUFpvY2ZyWERmQWVsclBSSXlPamUzcmlFRVdxODAvS0RsN2xSa2lCRDdJekNMNjIvcjdYWGJRTjc3aEltVjRFMwozKzdSdmRqK2xNTlRaR1FHdFlMNjUvcGJtOGZkd0RteG5vcVZkZTJhcUtzUFhYQmh2ZGx3Wmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
[root@k8s-master-01 ~]#

  将 config 拷贝到 kubernetes 集群外节点上,并在该节点上执行 kubectl-v1.20.10 --kubeconfig=config get nodes。注意:kubectl 版本和 kubernetes 中的 kubectl 版本一致。

 

[root@localhost ~]# ./kubectl-v1.20.10 --kubeconfig=config get nodes
NAME                            STATUS   ROLES                  AGE   VERSION
k8s-master-01-192.168.153.201   Ready    control-plane,master   79m   v1.20.10
k8s-master-02-192.168.153.202   Ready    control-plane,master   79m   v1.20.10
k8s-worker-01-192.168.153.211   Ready    worker                 79m   v1.20.10
k8s-worker-02-192.168.153.212   Ready    worker                 79m   v1.20.10
[root@localhost ~]#

  成功! 

posted @ 2021-09-13 10:43  左扬  阅读(3567)  评论(0编辑  收藏  举报
levels of contents