准備配置數據
拿到集群 api server 地址
$ kubectl cluster-info
Kubernetes control plane is running at https://k8s-api:6443
拿到集群 ca 證書
kubectl get secret \
$(kubectl get secrets | grep default-token | awk '{print $1}') \
-o jsonpath="{['data']['ca\.crt']}" | base64 --decode
創建具有集群管理權限的 ServiceAccount 並拿到其 token,比如這里用戶名是 k8s-admin
kubectl create serviceaccount k8s-admin -n kube-system
kubectl create clusterrolebinding k8s-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:k8s-admin -n kube-system
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep k8s-admin | awk '{print $1}')
配置 kubectl
設置之前拿到的 api server 地址與 ca 證書(先將證書保存到ca.crt文件)
kubectl config set-cluster k8s --server=https://k8s-api:6443 --certificate-authority=ca.crt --embed-certs=true
設置連接集群的 ServiceAccount 的 token
kubectl config set-credentials k8s-admin --token=***
設置 context
kubectl config set-context k8s --cluster k8s --user k8s-admin
設置默認 context
kubectl config use-context k8s
用配置好的 kubectl 開船
kubectl get pods -n kube-system
參考博文:Manually connect to your Kubernetes Cluster from the outside