grep "client-key-data" ${kubeconf_file} | awk {'print$2'} | base64 -d > ${key} # get the old certificate from the old kubeconf grep "client-certificate-data" ${kubeconf_file} | awk {'print$2'} | base64 -d > ${cert} # get subject from the old certificate local subj=$(...
client-certificate-data: REDACTED #客户端证书,用于与apiserver进行认证 client-key-data: REDACTED #客户端私钥 在上面的配置文件当中,定义了集群、上下文以及用户。其中Config也是K8S的标准资源之一,在该配置文件当中定义了一个集群列表,指定的集群可以有多个;用户列表也可以有多个,指明集群中的用户;而在上下文列表当...
将client-certificate-data数据base64解码到client.crt,通过openssl查看证书主体Subject, O:用户组,CN:用户名;还有有效期等信息 [root@master ~]# openssl x509 -noout -text -in client.crt Certificate: Data: Version: 3 (0x2) Serial Number: 2417458285951940906 (0x218c8980b97d792a) Signature Algorithm: ...
client-certificate-data: REDACTED client-key-data: REDACTED [root@master01 manifests]# 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 提示;k8s上的客户端配置文件主要有4部分组成,分别是,users、clusters、contexts、current-context;users是指定用户帐...
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lJTzB3MXV1SWhEbDR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TVRBMk1qZ3hOelF5TVRCYUZ3MHlNakEyTWpneE56UXnp2V3RsRStRdUc2Ulk0bjB3UEc0OFR1N0JobGgxVTQKYTNVb3p4SHV4...
# 在最新 ~/.kube/config配置文件, 运行以下命令分别生成生成 ca.crt, client.crt, client.key cat ~/.kube/config | grep "certificate-authority-data" | sed s/[[:space:]]//g | cut -d ':' -f 2 | base64 -d > ca.crt cat ~/.kube/config | grep "client-certificate-data" | sed s...
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lSQU10QkpkVzlOaHhHclplUTZreFE3cG93RFFZSktvWklodmNOQVFFTEJRQXcKRlRFVE1CRUdBMVVFQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBME1EZ3dPVEU1TlRGYUZ3MHlNekEwTURndwpPVEU1TlRGYU1DY3hFekFSQmdOVkJBb1RDbU5zYjNWa1pUS...
使用openssl 命令解析 Kube-scheduler 的 KubeConfig 中 client-certificate-data 字段,查看 KubeConfig 客户端证书的 O、CN 代码语言:javascript 复制 $ cat /etc/kubernetes/scheduler.conf | grep client-certificate-data: | sed 's/ client-certificate-data: //g' | base64 -d | openssl x509 -noout -...
client-certificate-data: REDACTED client-key-data: REDACTED 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 创建context配置 [root@node-01 pki]# kubectl config set-context billy@k8s --cluster=k8s --user=billy --kubeconfig=/root/billy.conf ...
CLIENT_KEY_DATA=`cat $(pwd)/$KEY_FILE |base64|tr -d "\n"` sed -i "s/.*client-certificate.*/ client-certificate-data: $CLIENT_CERTIFICATE_DATA/g" $(pwd)/"$USERNAME".config sed -i "s/.*client-key.*/ client-key-data: $CLIENT_KEY_DATA/g" $(pwd)/"$USERNAME".config ...