一、生成管理員證書
cat > admin-csr.json <<EOF { "CN": "admin", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "system:masters", "OU": "System" } ] } EOF
執行
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
二、創建kubeconfig文件
# 設置集群參數 kubectl config set-cluster kubernetes \ --server=https://192.168.124.61:6443 \ --certificate-authority=ca.pem \ --embed-certs=true \ --kubeconfig=config # 設置上下文參數 kubectl config set-context default \ --cluster=kubernetes \ --user=cluster-admin \ --kubeconfig=config # 設置客戶端認證參數 kubectl config set-credentials cluster-admin \ --certificate-authority=ca.pem \ --embed-certs=true \ --client-key=admin-key.pem \ --client-certificate=admin.pem \ --kubeconfig=config # 設置默認上下文 kubectl config use-context default --kubeconfig=config
設置客戶端認證參數時
--certificate-authority=ca.pem ##添加管理員權限,沒有這一段則為普通用戶
碰到這樣的錯誤時:
Error: failed to apply manifests: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
在/etc/profile末尾增加
export KUBECONFIG=/root/pki/config
添加完后執行
source /etc/profile