kubernetes 增加管理节点 配置kubectl管理工具
来源:原创
时间:2019-10-28
作者:脚本小站
分类:云原生
kubernetes增加管理节点只要把kubectl命令工具和kubeconfig配置文件放入任意一个节点的$HOME./kube 目录即可。
创建证书秘钥:
openssl genrsa -out jenkins.key 2048
创建csr请求:注意这里的组:O=dev:jenkins,后面要用这个组绑定ClusterRole。
openssl req -new -key jenkins.key -subj "/CN=jenkins/O=dev:jenkins" -out jenkins.csr
签署证书:
openssl x509 -req -in jenkins.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out jenkins.crt -days 5000
设置kubeconfig:
kubectl config set-cluster kubernetes --kubeconfig=kubeconfig --server="https://192.168.1.140:6443" --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true kubectl config set-credentials jenkins --client-certificate=jenkins.crt --client-key=jenkins.key --embed-certs=true --kubeconfig=kubeconfig kubectl config set-context jenkins@kubernetes --cluster=kubernetes --user=jenkins --kubeconfig=kubeconfig kubectl config use-context jenkins@kubernetes --kubeconfig=kubeconfig
创建ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: jenkinsclusterrole rules: - apiGroups: - extensions resources: - daemonsets - deployments - deployments/rollback - deployments/scale - ingresses - networkpolicies - replicasets - replicasets/scale - replicationcontrollers/scale verbs: - create - delete - deletecollection - patch - update - get - list - watch
绑定权限:dev:jenkins 组绑定之前定义好的 ClusterRole。
kubectl create clusterrolebinding jenkins --clusterrole=jenkinsclusterrole --group=dev:jenkins
使用新配置文件查看:
kubectl get pods --all-namespaces --kubeconfig=kubeconfig
将配置文件拷贝到要使用的节点:配置文件默认为 /root/.kube/config 如果名称不对要修改,或使用时加上 --kubeconfig 参数来指定配置文件。
scp kubeconfig root@192.168.1.151:/root/.kube/config
在新的节点上:
kubectl get pods NAME READY STATUS RESTARTS AGE nginx-dm-57f45f868f-xprhj 1/1 Running 0 160m