第一步,必须准备好要连接/使用的K8S的配置文件,笔者给出一份杜撰的配置: apiVersion:v1clusters:-cluster:certificate-authority-data:thisisfakecertifcateauthoritydata00000000000server:https://1.2.3.4:1234name:cls-devcontexts:-context:cluster:cls-devuser:kubernetes-adminname:kubernetes-admin@testcurrent-context...
certificate-authority-data 内容就是根据ca.pem内容加密/解密生成的2.设置客户端认证参数set-credentials admin admin是admin-csr.json 文件中的CN值[root@master01 work ]#kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kube...
client-certificate-data: REDACTED # 客户端证书 client-key-data: REDACTED # 客户端密钥 总结: 一个config主要包含了三部分内容:users、clusters、contexts,每个部分都有两部分组成: name和user|cluster|context 对于cluster,对外的地址-server 和 基本的认证方式-certificate-authority-data 对于context,连接到的集群-...
┌──[root@vms81.liruilongs.github.io]-[~/.kube]└─$kubectlconfig view -o json|jq .clusters[{"name":"kubernetes","cluster":{"server":"https://192.168.26.81:6443","certificate-authority-data":"DATA+OMITTED"}}] 创建工作组对应的命名空间 ┌──[root@vms81.liruilongs.github.io]-[~...
certificate-authority-data: DATA+OMITTED server: https://192.168.0.41:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes kind: Config ...
certificate-authority-data: DATA+OMITTED server: https://192.168.10.29:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes kind: Config ...
certificate-authority-data: DATA+OMITTED server: https://192.168.4.170:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes kind: Config ...
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EUXdOekUzTWprd05Wb1hEVE15TURRd05ERTNNamt3TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSW...
certificate-authority-data: $certificate server: https://$endpoint name: $namespace-cluster-readonly users: - name: $namespace-user-readonly user: as-user-extra: {} client-key-data: $certificate token: $token contexts: - context:
client-key-data: 客户端私钥 可以提取出来 certificate-authority-data 的内容放到一个文件cert.txt,然后base64解码 ertificate-authority-data: 得到的内容其实就是 ca.pem 即服务端证书,apiserver 的证书也是基于ca.pem签发,因为 TLS 是双向认证,apiserver 在认证 kubectl请求时,kubectl 也需要验证 apiserver 的证书...