k8s集群外主机通过kubectl访问集群
你可以使用 Kubectl 命令行工具管理 Kubernetes 集群。kubectl 在 $HOME/.kube 目录中查找一个名为 config 的配置文件。你可以通过设置 KUBECONFIG 环境变量或设置 --kubeconfig 参数来指定其它 kubeconfig 文件。
官网相关资源:
问题背景:
需要在 kubernetes 集群外访问 kubernetes 中的资源对象。由于 kubectl 命令行工具管理 kubernetes 集群,需要 kubeconfig 的配置文件,其中包含获取访问 kube-apiserver 地址、证书、用户名等信息。
环境准备:
[root@k8s-master-01 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-01-192.168.153.201 Ready control-plane,master 65m v1.20.10 k8s-master-02-192.168.153.202 Ready control-plane,master 65m v1.20.10 k8s-worker-01-192.168.153.211 Ready worker 65m v1.20.10 k8s-worker-02-192.168.153.212 Ready worker 65m v1.20.10 [root@k8s-master-01 ~]#
操作配置:
在 master 集群节点上执行如下命令:
# 1 设置集群参数(注意:单master集群为master节点私网IP,高可用集群为虚拟IP) kubectl config set-cluster kubernetes --server=https://192.168.153.200:16443 --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --kubeconfig=config # 2 设置客户端认证参数 kubectl config set-credentials cluster-admin --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --client-key=/etc/kubernetes/pki/admin.key --client-certificate=/etc/kubernetes/pki/admin.pem --kubeconfig=config # 3 设置上下文参数 kubectl config set-context default --cluster=kubernetes --user=cluster-admin --kubeconfig=config # 4 设置默认上下文 kubectl config use-context default --kubeconfig=config
当前目录下会生成 config 文件,config 文件内容如下:
[root@k8s-master-01 ~]# cat config apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrakNDQWVLZ0F3SUJBZ0lVRDQ5Mndpd3E4Z2VqN0p6RnVLNjREZXNUSnJzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF3d0thM1ZpWlhKdVpYUmxjekFlRncweU1UQTNNamN4TmpNMU1URmFGdzB6TVRBMwpNalV4TmpNMU1URmFNQlV4RXpBUkJnTlZCQU1NQ210MVltVnlibVYwWlhNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVHcwMHR1K2wxZ2Z1MzFmMjJncG51ekNXZUhZVTZOL0dmcUw4dzhkVlcKb0dqOVFlSnpOUmtmWVZ5bFRndm1USVA0Nzd6akJGdUl3elNIc204MVQ4RGZUUjJsM2RPbjRWMEQxTUhsUjFraApBTk80MU9idDUxM1BSZG9pc3ZFaHhBaTdwMm8vR295WG5Jd1ZOL2YxYU9FNlpBY1NzeHl2VHhNS0JmWXRRcEhTCnRxWnNvSUE5a1hrdzdhNzVrckd4anV0VWpyUGtKUzgzM09UdnJGQUUrUnFrbjIwMTIzU1BqMlhzR2t5aldCdUkKZFBRNUJreTNsK09zSUZZUERFZVI5LzRnM2ZFdENWU0Q3NnRGMmppT3BJSFZYVi9jcVowUXN2ZEtQbVQ4anZtRwplUDlYVXorRDRNeEpXa3VPakVvTUJYd0pNM05NdUZpWGJGaHVOSEd4cm1iSEFnTUJBQUdqUWpCQU1BNEdBMVVkCkR3RUIvd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEdkRm9aKzdha2MvMzgKNkhUSm05b0FRVzFDc1RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUlheTNvTThZQURBTlZPRmM1aXlzakdUaApua1ZGZjlBeW5PYW13bll1aTVScDhSY3ZlTlFYS2krRHVwZDE3VTBkMDZUZS9MejhnMVY3TlZyOHAwTjBUcm0wCjMybXVneTZueEp0aWc5VVk2bENIVUdkd3JCMGltWTg3bkJnNzlEWExFSVM1S2RmQjFBUWpaa0FpWWFwNmRhMDIKeVRQZGFBUnVvSjg5VG91ZnBwdzY3YkZ3SmpmaktpMVo5MzBxRHdKS1V5SEpGTTZ0aHVpWVFWZkNRZnBmaUtSegpEdnluYktRdUQrMms5UllLSEk2RXBWdzRiTHdXcTBMUWMrZXliSWV5N0x0Qjlad2QxZmdvNHJwT29odXJES0p4CjNVTTJsZ1hBcHZFOVV3U2Z3SlNBcUFRQ0MvcytqcUhmUjVTQmtLazY4UjRkSUIxVzFGRnNPQkM2TlFrd0J3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= server: https://192.168.153.200:16443 name: kubernetes contexts: - context: cluster: kubernetes user: cluster-admin name: default current-context: default kind: Config preferences: {} users: - name: cluster-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lVTU9GR3lYWjBLY0hWUkhWR2gwclhSN2grSHpFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF3d0thM1ZpWlhKdVpYUmxjekFlRncweU1UQTNNamt4TmpJMk16WmFGdzB6TVRBMwpNamN4TmpJMk16WmFNRFF4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyCmRXSmxjbTVsZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEKbkI5NDBsK0d4dzR0YkNhWlBTQnhrTzJUZ0pEVzZPdXBlQ0FiNEMxN2JrSThWWWpuWVZjVHBhSFFTMTdIV1I5UQpzRGhHbEVzYUJZOWRpK3ZZd0xqam4wYmo0ckpINWZ5WjhvL1d6L3FpMVhXQ1RPQUhOSDAyeE9zMnRmUnNjbVdQCjlEcVRQS1pTQ1pzWW1ROWhFb2lDbkE2eElSaEVManBQakhjK21vZFY5TnMzWFUzQUNPUjZXMncyR01HWHdWY0oKMHVxeG1VVEV5UitSNHlUZkdMSWVaOVNvdUVCYURHSVVSNURvaWZRYWxCZ2NTZENPR1p4TnBuYk9qS1hUanE4bAp6TnNBQzF0Y0RsbEZuaXlKdVhaSDFRa3pHV2NzN0l1Z09KT2tNWWxzM2orbDcwTkZBTXFycllyQ1NhRUdHa1owCnBNZHlWWU9qWTdkU0gvNytoWkxQYVFJREFRQUJvelV3TXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGwKQkF3d0NnWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpYUnUrVFJleUFwR09sb0V4SlhacGY4VlBmOVZqcDhjVGc0eWI3L2g4ZnpZRWFaVXZqNThSc0cyZjRMRHl1VEN0Cm95NkhYM3lqU05wdlVQWHdWelJ3cHphWVo3TVVRa1JmVkNkUCtlbkdCSHU0VllLeHZnTjhVM0N2SjBldWdXR24KRmpFZC9OM1lnYmZKWGRhZFVNRnVsL0N1OE9TTUpXL1hsVS9QcUxKUjVKc01QVzVvZ25TS3l6R2FKSmJRUGRUZwpWR1hVeWVlT0V2Yy9Rd3FIdmNBb08reDQvRFJvMy9Gdi9vRUt5MmkrUVljUW5NQjhmc3loK3lQc2c0b1JxajgrCkt5MGhtNG5pbjFSWnpYMC9wbWJlWFpNT09IQ0pTbEFXazBMcGJtRG9SRUw1NU5lWlNwNUFUOFVXRG1TS3Y1MEwKS254ZHo2TmJ2V2ZUUzZhbEpzSzdsUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbkI5NDBsK0d4dzR0YkNhWlBTQnhrTzJUZ0pEVzZPdXBlQ0FiNEMxN2JrSThWWWpuCllWY1RwYUhRUzE3SFdSOVFzRGhHbEVzYUJZOWRpK3ZZd0xqam4wYmo0ckpINWZ5WjhvL1d6L3FpMVhXQ1RPQUgKTkgwMnhPczJ0ZlJzY21XUDlEcVRQS1pTQ1pzWW1ROWhFb2lDbkE2eElSaEVManBQakhjK21vZFY5TnMzWFUzQQpDT1I2VzJ3MkdNR1h3VmNKMHVxeG1VVEV5UitSNHlUZkdMSWVaOVNvdUVCYURHSVVSNURvaWZRYWxCZ2NTZENPCkdaeE5wbmJPaktYVGpxOGx6TnNBQzF0Y0RsbEZuaXlKdVhaSDFRa3pHV2NzN0l1Z09KT2tNWWxzM2orbDcwTkYKQU1xcnJZckNTYUVHR2taMHBNZHlWWU9qWTdkU0gvNytoWkxQYVFJREFRQUJBb0lCQUZ6RFptcTVUNytlY09hOQoySGMxZThUOUpKTlRmQjVSU0JTVUgzd0lDanJ0S0NRNmdDQ2FPSlpGbXhudGFzMU5pZ2ZxcUNVY3FvMTdMYjRoCm1GeUtmdFQ0cmhiWWoxZmJ5eTBRd2pZNVdkOHpQd1NtYUNHTDlLcjBoMEY5eGFJRExwR1M3RUV4SWJXTGJnWWoKMlMzRjVyVUxGYnZ3U3pLY2V2K2ZLcGR1cW1nZG15WWMxRFpyYnRLZ2V0VWFYcHhiSzNuU1dFWG9JYmN1TTVBTgpIbnFmaWs1SEw3Z1lGa2JnSWMzQ2FLZUZ1V2JoTGgvTEdmUXdSd2trK0NpYnNYTGdNK0llVnl3aFBCS1FsOE5LCldsNjczQm40MzE3dmRGcUhRY0tOUVVEODRnNDJna3hIVExuS0w1by8wSFYzSmxjRnNMZnBKU2s5RTZhRGU0UzQKb00rZTlBRUNnWUVBeWRKblRKU0g2bGpzSkFVN0k3VWpPK2V0WVVRRDQwanoyeVhDQlkramw0ZFhsUUtUbWx1KwpPaXN3L3NlWjZ1OExYOVlsYUdJZm5zclRCS0JVNWp0OGFRd3A2MldyZk9mWkJNamVsOUZuYnp0VEQ5Y0I0L24vCk5CMWp0VDFtOCtTckRSZ1FhK2Z3eWsxTTVTY2pWSUF6QzQ4THhpenM1a05MOHNRRVBvV2J0UWtDZ1lFQXhnaUwKK1hmalB6WldBeWZSaUdJdWNOL0RHVGFQOVVFUER2b3VGT09jSVI5VUNtNTlqbjdSWk1tL25pdFhEUHRDbktCUQpCR2M5bWhtelM1dmYvcW4rU0lGYXI5eURad0JYQVNTYUZ2cFlrRm5VZWJtSE5tdmloQzZuUlJaaXEyUlhqd040CjEveEdCNzErZ285V0Y0cGdXMWp2aGRySnVQbDBBc1JGbTJ0V1AyRUNnWUVBa0dMTXNFYmE3ZGRzS1dEc3JHRWMKc2ZEUFkzU3JhMkYzeEdMQTZnV1hQZ0wvcjRWR1gvb2VuN0xpdklQRUpBV2NsNVcyOFhTeHRvTFljTWpidEZMKwpjSkRaTktWcUNGUStPR1FVaTN5dWlTOWgvMFVNL3pLTlY1Vm5EZlM5d09McFZOYlFlTUpZekFKOWJydVBWUmJhCmJmeUtxZDdlSk9Za1lhdkdkWXhVbHpFQ2dZQWdIVnExeGg5d0xOdWQvMk1YZnZTUkVYaU9LaThHVXRxaVR5Z1IKOHlkcXA2MzFVeDNCY2dkN0ZNeWlWZHowR2ZzZmMxQUdwc2R5cWlCTmJxWFFvcmkrQVZ3M2tNY3VlUHVqRDlCOQpVWFB6Vk40RUwzWWgrVFR1d3JJVm5oKzZNN2VQVmJ6UEtmWWhZeldVN3JIRGQ0bFF4d2R3Nlo0MUJSOHZJNjAyCkd4NE5nUUtCZ1FDSFhxeTc2SWo4Wkk3ajVLSEFmREhycFhjSmpOQVI0NGFJQmdOYnpEZG5oYy95em9CSHZPNHkKUFpvY2ZyWERmQWVsclBSSXlPamUzcmlFRVdxODAvS0RsN2xSa2lCRDdJekNMNjIvcjdYWGJRTjc3aEltVjRFMwozKzdSdmRqK2xNTlRaR1FHdFlMNjUvcGJtOGZkd0RteG5vcVZkZTJhcUtzUFhYQmh2ZGx3Wmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= [root@k8s-master-01 ~]#
将 config 拷贝到 kubernetes 集群外节点上,并在该节点上执行 kubectl-v1.20.10 --kubeconfig=config get nodes。注意:kubectl 版本和 kubernetes 中的 kubectl 版本一致。
[root@localhost ~]# ./kubectl-v1.20.10 --kubeconfig=config get nodes NAME STATUS ROLES AGE VERSION k8s-master-01-192.168.153.201 Ready control-plane,master 79m v1.20.10 k8s-master-02-192.168.153.202 Ready control-plane,master 79m v1.20.10 k8s-worker-01-192.168.153.211 Ready worker 79m v1.20.10 k8s-worker-02-192.168.153.212 Ready worker 79m v1.20.10 [root@localhost ~]#
成功!