14. 创建用户认证授权的kubeconfig文件¶
1. 签发证书对:¶
# 创建目录
mkdir -p /k8s/cert
cd /k8s/cert
# 生成私钥
openssl genrsa -out luffy.key 2048
# 生成证书请求文件
openssl req -new -key luffy.key -out luffy.csr -subj "/O=admin:luffy/CN=luffy-admin"
# 创建文件,用于证书拓展属性
vim extfile.conf
[ v3_ca ]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
# 生成luffy.crt证书
openssl x509 -req -in luffy.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -sha256 -out luffy.crt -extensions v3_ca -extfile extfile.conf -days 3650
[root@k8s-master ~]# # 创建目录
[root@k8s-master ~]# mkdir -p /k8s/cert
[root@k8s-master ~]# cd /k8s/cert
[root@k8s-master cert]#
[root@k8s-master cert]# # 生成私钥
[root@k8s-master cert]# openssl genrsa -out luffy.key 2048
Generating RSA private key, 2048 bit long modulus
.........................................+++
.........+++
e is 65537 (0x10001)
[root@k8s-master cert]#
[root@k8s-master cert]# ls
luffy.key
[root@k8s-master cert]#
[root@k8s-master cert]# # 生成证书请求文件
[root@k8s-master cert]# openssl req -new -key luffy.key -out luffy.csr -subj "/O=admin:luffy/CN=luffy-admin"
[root@k8s-master cert]#
[root@k8s-master cert]# ls
luffy.csr luffy.key
[root@k8s-master cert]#
[root@k8s-master cert]# # 证书拓展属性
[root@k8s-master cert]# vim extfile.conf
[root@k8s-master cert]#
[root@k8s-master cert]# ls
extfile.conf luffy.csr luffy.key
[root@k8s-master cert]#
[root@k8s-master cert]# # 生成luffy.crt证书
[root@k8s-master cert]# openssl x509 -req -in luffy.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -sha256 -out luffy.crt -extensions v3_ca -extfile extfile.conf -days 3650
Signature ok
subject=/O=admin:luffy/CN=luffy-admin
Getting CA Private Key
[root@k8s-master cert]#
[root@k8s-master cert]# ls
extfile.conf luffy.crt luffy.csr luffy.key
2. 配置kubeconfig文件:¶
# 创建kubeconfig文件,指定集群名称和地址
kubectl config set-cluster luffy-cluster --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true --server=https://81.70.4.171:6443 --kubeconfig=luffy.kubeconfig
# 为kubeconfig文件添加认证信息
kubectl config set-credentials luffy-admin --client-certificate=luffy.crt --client-key=luffy.key --embed-certs=true --kubeconfig=luffy.kubeconfig
# 为kubeconfig添加上下文配置
kubectl config set-context luffy-context --cluster=luffy-cluster --user=luffy-admin --kubeconfig=luffy.kubeconfig
# 设置默认的上下文
kubectl config use-context luffy-context --kubeconfig=luffy.kubeconfig
[root@k8s-master cert]# # 创建kubeconfig文件,指定集群名称和地址
[root@k8s-master cert]# kubectl config set-cluster luffy-cluster --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true --server=https://81.70.4.171:6443 --kubeconfig=luffy.kubeconfig
Cluster "luffy-cluster" set.
[root@k8s-master cert]#
[root@k8s-master cert]# ls
extfile.conf luffy.crt luffy.csr luffy.key luffy.kubeconfig
[root@k8s-master cert]#
[root@k8s-master cert]# cat luffy.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXlPREEzTXpJd01sb1hEVE14TURZeU5qQTNNekl3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVZ0CmJ6Z281VTBHZmpWblVzaHRpWWc0aUlJQ1ZDV090QmVLOTk2cWVReHNzaWFxLzlRNS9EUzJRTWM4d1hBNnJlenAKMzAyVVFuc0lmSEZUSXN3S0hKUzlMeWlEZHErTkhpNHdWaHV5bk9LWkE5cG1BU202b1UvQlZ3UU0yYUN5ZlNDVwpBb1E4VkRNUUY1WXMrb01lWWh0M0Q3L1VoRnVYQm10akkveU9TN2RCUGFscWVDTTZJakJ2WlJJbGljYkUyN1VOCi84Qk5pcm5sSnpOZm83bC9yN3YrcnVpTm1jdkpsb0Nza0tHKzZCL2VSUjVPdkZmbTFxbE05VENSVDBMcHJJSEUKLzhhOWZ1YWh5dnFTWFBDb3BNeHZ5TXVMcTFaNjFlTWw2N29TNzA2RFdJdzE5ajRqQW9DZXM1UjUyZW5oUzd4SgpHcmdvK0J1ODhqSU9qNzBwNko4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPd0d0QXJjbWp1NE1jODRBRjc4K05QWndxNlRNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDTGEyVUF4UkNZNFhtczAzTkdUQU1DcGZybitjVUVqSDdKQXZkMEFRZFVVVngxRk11SQpFS0ZaK2xac2pybElzRHFIQ3ZDRWhhSGZpUWpJMTNLK3Eza0oyenVrUHppWUlJdTlOWUVhTGNGNndqdmNpWVozCk5aSk5iNkI0M0xsYVRqSjY0dnJ0RkVpOTBEYnNMaTk0WXI0Q1ljZElvQ3lNd2tJMXFxcG9mY3l6cGEyTHQzQUoKVkpsU3RhV3k3M0JtaVBWTHlXZk1wSW8zdzhZVDdOUlBkNUlDdnU5K09WblBTYmtFdXR5dzRpTVBTK1BqQUhWWgpxaHBzQ2xPUFd2S2tIV3BxZlYwRW5GemxLeU80WkZJanRuSkJzRmJkeFM4Q0hpdzMzV2ljTGxOUVZNZlFpQytFCkcxSEJ3ZmZkUktkQ005dzREWk1FZzROS3NPMmNrcDFwVlU0TgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://81.70.4.171:6443
name: luffy-cluster
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
[root@k8s-master cert]#
[root@k8s-master cert]# # 为kubeconfig文件添加认证信息
[root@k8s-master cert]# kubectl config set-credentials luffy-admin --client-certificate=luffy.crt --client-key=luffy.key --embed-certs=true --kubeconfig=luffy.kubeconfig
User "luffy-admin" set.
[root@k8s-master cert]#
[root@k8s-master cert]# cat luffy.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXlPREEzTXpJd01sb1hEVE14TURZeU5qQTNNekl3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVZ0CmJ6Z281VTBHZmpWblVzaHRpWWc0aUlJQ1ZDV090QmVLOTk2cWVReHNzaWFxLzlRNS9EUzJRTWM4d1hBNnJlenAKMzAyVVFuc0lmSEZUSXN3S0hKUzlMeWlEZHErTkhpNHdWaHV5bk9LWkE5cG1BU202b1UvQlZ3UU0yYUN5ZlNDVwpBb1E4VkRNUUY1WXMrb01lWWh0M0Q3L1VoRnVYQm10akkveU9TN2RCUGFscWVDTTZJakJ2WlJJbGljYkUyN1VOCi84Qk5pcm5sSnpOZm83bC9yN3YrcnVpTm1jdkpsb0Nza0tHKzZCL2VSUjVPdkZmbTFxbE05VENSVDBMcHJJSEUKLzhhOWZ1YWh5dnFTWFBDb3BNeHZ5TXVMcTFaNjFlTWw2N29TNzA2RFdJdzE5ajRqQW9DZXM1UjUyZW5oUzd4SgpHcmdvK0J1ODhqSU9qNzBwNko4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPd0d0QXJjbWp1NE1jODRBRjc4K05QWndxNlRNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDTGEyVUF4UkNZNFhtczAzTkdUQU1DcGZybitjVUVqSDdKQXZkMEFRZFVVVngxRk11SQpFS0ZaK2xac2pybElzRHFIQ3ZDRWhhSGZpUWpJMTNLK3Eza0oyenVrUHppWUlJdTlOWUVhTGNGNndqdmNpWVozCk5aSk5iNkI0M0xsYVRqSjY0dnJ0RkVpOTBEYnNMaTk0WXI0Q1ljZElvQ3lNd2tJMXFxcG9mY3l6cGEyTHQzQUoKVkpsU3RhV3k3M0JtaVBWTHlXZk1wSW8zdzhZVDdOUlBkNUlDdnU5K09WblBTYmtFdXR5dzRpTVBTK1BqQUhWWgpxaHBzQ2xPUFd2S2tIV3BxZlYwRW5GemxLeU80WkZJanRuSkJzRmJkeFM4Q0hpdzMzV2ljTGxOUVZNZlFpQytFCkcxSEJ3ZmZkUktkQ005dzREWk1FZzROS3NPMmNrcDFwVlU0TgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://81.70.4.171:6443
name: luffy-cluster
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: luffy-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lKQVA3cEtpb0pyUUJPTUEwR0NTcUdTSWIzRFFFQkN3VUFNQlV4RXpBUkJnTlYKQkFNVENtdDFZbVZ5Ym1WMFpYTXdIaGNOTWpFd056QTRNREkxT1RFMFdoY05NekV3TnpBMk1ESTFPVEUwV2pBcwpNUlF3RWdZRFZRUUtEQXRoWkcxcGJqcHNkV1ptZVRFVU1CSUdBMVVFQXd3TGJIVm1abmt0WVdSdGFXNHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3BWdXdIRmJER2tmem43VjBJcEhLdGtoWUsKZCtTYVRUNmFXRGhjVXpNQksreHlMdFFYdUQ0WGNzTmxkT1drdlAvc1hOSzMybnFNM25VRVJKbjFuNDdjZ2RuMQplZ0g4cTNOMVpCMnFlOExGNFpaTXJBYnU4Q0M5MkxyeGdaaTRhakc0NG9JUFcwbG1WZTRicmlDV1d0bytDNFNBCkExQkZRNm5pVGtSMUk4UUEzMnZyQWl4TmMyTTBrQVFnYnpTM3N5K2lSSHhOSlljeXIxUjFpaUl6clpMSW1VbkIKbDVtdjZRTTFGSWpkOExxMzQ4aFQ2M2tVZXlSUUUvcERSSVNiaGZDajBaZ0Frekdpck1CQ1B2d2JGUzI3V3U0OQptcnB1RlZPWEUxT1VMM09UYXNkVitFVkl5alJxbkcwMFBtNlplY2hXSnZSNll4eVZxaXZqSGpScHF6RTVBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQWpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFManluUDU5WDJTRXpHNjFMUXF1YnBBTlNuL1BuUUYzaGhqQTlVWmxielFSMwoxRllMS0FvVFljL1doNjlINFd5bkI0bStjMU16QmJCcVdIblpGM1ArSmthbGNWZlFuMjhyVS9QZ1RkS1FOMHh2Ci9EUFZNaHlOWVVhQUlnQjFNejdmT2k2bnFYOVg1VzdnczkyQWJoaWRRQWRwNUd1WEJLbEw0UHFERWN3NnU0VFgKNkxkSXZhdXkxc1pDOTB4ZXdNR1ZmWCtDMWM1bWNmVzdiZWlFNVNKT0o5Ui9uY3VhT0o0dlc2NHRzbVkrM1VscgpwWkN4citzSGYxTkUxVUJMaGdCNnUvbWlqMHd2RURjRUh5ZXl6TFo0QmhURmZ1NDJWaitlblJmamYyclJhUEZVCjJxcUplSEpoRXZHY3Q1SU5BelJ5OVUvTm5ITmZldVVzbEQxOE5sbE5pdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcVZic0J4V3d4cEg4NSsxZENLUnlyWklXQ25ma21rMCttbGc0WEZNekFTdnNjaTdVCkY3ZytGM0xEWlhUbHBMei83RnpTdDlwNmpONTFCRVNaOVorTzNJSFo5WG9CL0t0emRXUWRxbnZDeGVHV1RLd0cKN3ZBZ3ZkaTY4WUdZdUdveHVPS0NEMXRKWmxYdUc2NGdsbHJhUGd1RWdBTlFSVU9wNGs1RWRTUEVBTjlyNndJcwpUWE5qTkpBRUlHODB0N012b2tSOFRTV0hNcTlVZFlvaU02MlN5SmxKd1plWnIra0ROUlNJM2ZDNnQrUElVK3Q1CkZIc2tVQlA2UTBTRW00WHdvOUdZQUpNeG9xekFRajc4R3hVdHUxcnVQWnE2YmhWVGx4TlRsQzl6azJySFZmaEYKU01vMGFweHRORDV1bVhuSVZpYjBlbU1jbGFvcjR4NDBhYXN4T1FJREFRQUJBb0lCQUdDMDdqZ2hrQUhtejJyWQpLSUJPQWR2VUNOaFRuZTdzM0NxaTVSVDh3cTBSbTRlZDdLdmJJVUtjM0svdE1WU0NSeG1CN1Nqb0VZS3ZiRjVTCm15WWx5QjF2M3J5TXYrTy9Pa0c1T2lQcFo5TkFRR2hxK2M2c3ZkWU5scjFqU0lkUXhqS1MwTG5hWlRHWE0xTUYKZjBDK2c5SlpHNE5MNFNTZFBzQ3A5L2g1dzI3SE8xdDdpcnU5Zm1rS1J0MWFOZlYvbEFFVWY4OVNNQzJ6dmRrYQpOak1Vd0UxQjlBckZKdVI4NFdsbVhZWnV6ei9oZDh4TWlBdnVxUEcyWlRBdnNia2JPdWZ5bXl4MzBkOHFucGVpCmk0TWZFUW5KVUxLaXZKenNrTUpiVFk3dFhlRFluZjMzNWY1NG9lRlQ4SUFSYnhLUGhCRCtPRGpITDJuU1JNaXIKL2k4UDd3RUNnWUVBMXByMHhZS0I2bzVDNDdUZnlSeExQZ1NUa0pzMXpiS2xxN0l6T083Y0tpSm1pTXJLUXB1NQpZbE9xOW10TjNma3B5YXR4dWxMOWdzZGdnek1SeWZsRGJNWHhEOVhKKzNycXJjSzBvOE00SnhiSDFlNFBNcEtMCnhXNlpicVJQVnRiaEQrV240VnZFR2ZSUWlIWnZzT1RPWlZPNTJqMEdKZE1vWUpNK3h2aUVnK0VDZ1lFQXlnREgKRkFVcm96RE9ZNmNpemw4ZFlMTWFoOStrSlcrUlRsVXNvWmMwdDBMVkJFQTRuU2dzalJjdEdhejFXc21ZNG5WZApicDJNZEQ1eG9ZV2JkT1VOZFJCVFJaS1RidXVmM0QzaDZwZFZudDRmci82WFJETGp0eHdQcUFFLzM1Sm9PT2JpCng2WjQwL1p4MjBuZERtQmoyWlY3M0prSllNWEsyUStPMVQ3RVdGa0NnWUJYNGdFVzJRa0cydGM5bEphSUx4UUoKQTZyQ2J5MHJYVnRHNHFUalRiM1BhMkw5NWIzS1pTY1h3eGVoN2ZOblVWL3hmRW9JZVcvam5HNURqQ2hldzdyKwowbGlUbVlNcmZ2eVh4OEpkeGRZNis3TStRa3pxOHVSV0o2S2hrcHdDL2VBUXVJVjFYalVDUS9DdTBZR1B1VU5rCmIxTU9zaXJRVnBhVVpmZ3hWeGc5UVFLQmdRQ2Q3Zm0zTjB1a3JMWFB4NDQ0MXJnN01Bd2dDc05rMlZNN2NQQVIKN2d1eTg3ZGpPV3FKeEMwQXFnd0N0T3ltYkZMeFNsMGY3R0V4U05qQ05aa1N6VG0yT210QVM1YWs4K2JwNUIvSwpyMEtya0hJcHdOdzIzNnFWTUlVMURyVUhjSW0zWXh3T2g2S1Q1V3Vpeko3ZGJKTGtQREM0aVpXQmFXSnNUZk9YCjJSamRFUUtCZ0hwVHZmWEFuUU9XdHNBM0hRa2lnK0pCeldRK09DSG9jUWhSTmk3ZU1WSEVVb09TS05LWXoxdjcKaDlJVWdnbUNiNFJkM1ROVjVrdFVIaG1qTDNabThaaGVkc3VObFJxKzFoYk1XcFdjZ2ZaV3VVcitXOW0yZVIrRwpRNml2WkNJZG9rdllpRnBCcXlkamF1Sy9TR1lwYm1GSjk5akU2ai93WjMxcXF5RCtGaUpXCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
[root@k8s-master cert]#
[root@k8s-master cert]# # 为kubeconfig添加上下文配置
[root@k8s-master cert]# kubectl config set-context luffy-context --cluster=luffy-cluster --user=luffy-admin --kubeconfig=luffy.kubeconfig
Context "luffy-context" created.
[root@k8s-master cert]#
[root@k8s-master cert]# cat luffy.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXlPREEzTXpJd01sb1hEVE14TURZeU5qQTNNekl3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVZ0CmJ6Z281VTBHZmpWblVzaHRpWWc0aUlJQ1ZDV090QmVLOTk2cWVReHNzaWFxLzlRNS9EUzJRTWM4d1hBNnJlenAKMzAyVVFuc0lmSEZUSXN3S0hKUzlMeWlEZHErTkhpNHdWaHV5bk9LWkE5cG1BU202b1UvQlZ3UU0yYUN5ZlNDVwpBb1E4VkRNUUY1WXMrb01lWWh0M0Q3L1VoRnVYQm10akkveU9TN2RCUGFscWVDTTZJakJ2WlJJbGljYkUyN1VOCi84Qk5pcm5sSnpOZm83bC9yN3YrcnVpTm1jdkpsb0Nza0tHKzZCL2VSUjVPdkZmbTFxbE05VENSVDBMcHJJSEUKLzhhOWZ1YWh5dnFTWFBDb3BNeHZ5TXVMcTFaNjFlTWw2N29TNzA2RFdJdzE5ajRqQW9DZXM1UjUyZW5oUzd4SgpHcmdvK0J1ODhqSU9qNzBwNko4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPd0d0QXJjbWp1NE1jODRBRjc4K05QWndxNlRNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDTGEyVUF4UkNZNFhtczAzTkdUQU1DcGZybitjVUVqSDdKQXZkMEFRZFVVVngxRk11SQpFS0ZaK2xac2pybElzRHFIQ3ZDRWhhSGZpUWpJMTNLK3Eza0oyenVrUHppWUlJdTlOWUVhTGNGNndqdmNpWVozCk5aSk5iNkI0M0xsYVRqSjY0dnJ0RkVpOTBEYnNMaTk0WXI0Q1ljZElvQ3lNd2tJMXFxcG9mY3l6cGEyTHQzQUoKVkpsU3RhV3k3M0JtaVBWTHlXZk1wSW8zdzhZVDdOUlBkNUlDdnU5K09WblBTYmtFdXR5dzRpTVBTK1BqQUhWWgpxaHBzQ2xPUFd2S2tIV3BxZlYwRW5GemxLeU80WkZJanRuSkJzRmJkeFM4Q0hpdzMzV2ljTGxOUVZNZlFpQytFCkcxSEJ3ZmZkUktkQ005dzREWk1FZzROS3NPMmNrcDFwVlU0TgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://81.70.4.171:6443
name: luffy-cluster
contexts:
- context:
cluster: luffy-cluster
user: luffy-admin
name: luffy-context
current-context: ""
kind: Config
preferences: {}
users:
- name: luffy-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lKQVA3cEtpb0pyUUJPTUEwR0NTcUdTSWIzRFFFQkN3VUFNQlV4RXpBUkJnTlYKQkFNVENtdDFZbVZ5Ym1WMFpYTXdIaGNOTWpFd056QTRNREkxT1RFMFdoY05NekV3TnpBMk1ESTFPVEUwV2pBcwpNUlF3RWdZRFZRUUtEQXRoWkcxcGJqcHNkV1ptZVRFVU1CSUdBMVVFQXd3TGJIVm1abmt0WVdSdGFXNHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3BWdXdIRmJER2tmem43VjBJcEhLdGtoWUsKZCtTYVRUNmFXRGhjVXpNQksreHlMdFFYdUQ0WGNzTmxkT1drdlAvc1hOSzMybnFNM25VRVJKbjFuNDdjZ2RuMQplZ0g4cTNOMVpCMnFlOExGNFpaTXJBYnU4Q0M5MkxyeGdaaTRhakc0NG9JUFcwbG1WZTRicmlDV1d0bytDNFNBCkExQkZRNm5pVGtSMUk4UUEzMnZyQWl4TmMyTTBrQVFnYnpTM3N5K2lSSHhOSlljeXIxUjFpaUl6clpMSW1VbkIKbDVtdjZRTTFGSWpkOExxMzQ4aFQ2M2tVZXlSUUUvcERSSVNiaGZDajBaZ0Frekdpck1CQ1B2d2JGUzI3V3U0OQptcnB1RlZPWEUxT1VMM09UYXNkVitFVkl5alJxbkcwMFBtNlplY2hXSnZSNll4eVZxaXZqSGpScHF6RTVBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQWpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFManluUDU5WDJTRXpHNjFMUXF1YnBBTlNuL1BuUUYzaGhqQTlVWmxielFSMwoxRllMS0FvVFljL1doNjlINFd5bkI0bStjMU16QmJCcVdIblpGM1ArSmthbGNWZlFuMjhyVS9QZ1RkS1FOMHh2Ci9EUFZNaHlOWVVhQUlnQjFNejdmT2k2bnFYOVg1VzdnczkyQWJoaWRRQWRwNUd1WEJLbEw0UHFERWN3NnU0VFgKNkxkSXZhdXkxc1pDOTB4ZXdNR1ZmWCtDMWM1bWNmVzdiZWlFNVNKT0o5Ui9uY3VhT0o0dlc2NHRzbVkrM1VscgpwWkN4citzSGYxTkUxVUJMaGdCNnUvbWlqMHd2RURjRUh5ZXl6TFo0QmhURmZ1NDJWaitlblJmamYyclJhUEZVCjJxcUplSEpoRXZHY3Q1SU5BelJ5OVUvTm5ITmZldVVzbEQxOE5sbE5pdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcVZic0J4V3d4cEg4NSsxZENLUnlyWklXQ25ma21rMCttbGc0WEZNekFTdnNjaTdVCkY3ZytGM0xEWlhUbHBMei83RnpTdDlwNmpONTFCRVNaOVorTzNJSFo5WG9CL0t0emRXUWRxbnZDeGVHV1RLd0cKN3ZBZ3ZkaTY4WUdZdUdveHVPS0NEMXRKWmxYdUc2NGdsbHJhUGd1RWdBTlFSVU9wNGs1RWRTUEVBTjlyNndJcwpUWE5qTkpBRUlHODB0N012b2tSOFRTV0hNcTlVZFlvaU02MlN5SmxKd1plWnIra0ROUlNJM2ZDNnQrUElVK3Q1CkZIc2tVQlA2UTBTRW00WHdvOUdZQUpNeG9xekFRajc4R3hVdHUxcnVQWnE2YmhWVGx4TlRsQzl6azJySFZmaEYKU01vMGFweHRORDV1bVhuSVZpYjBlbU1jbGFvcjR4NDBhYXN4T1FJREFRQUJBb0lCQUdDMDdqZ2hrQUhtejJyWQpLSUJPQWR2VUNOaFRuZTdzM0NxaTVSVDh3cTBSbTRlZDdLdmJJVUtjM0svdE1WU0NSeG1CN1Nqb0VZS3ZiRjVTCm15WWx5QjF2M3J5TXYrTy9Pa0c1T2lQcFo5TkFRR2hxK2M2c3ZkWU5scjFqU0lkUXhqS1MwTG5hWlRHWE0xTUYKZjBDK2c5SlpHNE5MNFNTZFBzQ3A5L2g1dzI3SE8xdDdpcnU5Zm1rS1J0MWFOZlYvbEFFVWY4OVNNQzJ6dmRrYQpOak1Vd0UxQjlBckZKdVI4NFdsbVhZWnV6ei9oZDh4TWlBdnVxUEcyWlRBdnNia2JPdWZ5bXl4MzBkOHFucGVpCmk0TWZFUW5KVUxLaXZKenNrTUpiVFk3dFhlRFluZjMzNWY1NG9lRlQ4SUFSYnhLUGhCRCtPRGpITDJuU1JNaXIKL2k4UDd3RUNnWUVBMXByMHhZS0I2bzVDNDdUZnlSeExQZ1NUa0pzMXpiS2xxN0l6T083Y0tpSm1pTXJLUXB1NQpZbE9xOW10TjNma3B5YXR4dWxMOWdzZGdnek1SeWZsRGJNWHhEOVhKKzNycXJjSzBvOE00SnhiSDFlNFBNcEtMCnhXNlpicVJQVnRiaEQrV240VnZFR2ZSUWlIWnZzT1RPWlZPNTJqMEdKZE1vWUpNK3h2aUVnK0VDZ1lFQXlnREgKRkFVcm96RE9ZNmNpemw4ZFlMTWFoOStrSlcrUlRsVXNvWmMwdDBMVkJFQTRuU2dzalJjdEdhejFXc21ZNG5WZApicDJNZEQ1eG9ZV2JkT1VOZFJCVFJaS1RidXVmM0QzaDZwZFZudDRmci82WFJETGp0eHdQcUFFLzM1Sm9PT2JpCng2WjQwL1p4MjBuZERtQmoyWlY3M0prSllNWEsyUStPMVQ3RVdGa0NnWUJYNGdFVzJRa0cydGM5bEphSUx4UUoKQTZyQ2J5MHJYVnRHNHFUalRiM1BhMkw5NWIzS1pTY1h3eGVoN2ZOblVWL3hmRW9JZVcvam5HNURqQ2hldzdyKwowbGlUbVlNcmZ2eVh4OEpkeGRZNis3TStRa3pxOHVSV0o2S2hrcHdDL2VBUXVJVjFYalVDUS9DdTBZR1B1VU5rCmIxTU9zaXJRVnBhVVpmZ3hWeGc5UVFLQmdRQ2Q3Zm0zTjB1a3JMWFB4NDQ0MXJnN01Bd2dDc05rMlZNN2NQQVIKN2d1eTg3ZGpPV3FKeEMwQXFnd0N0T3ltYkZMeFNsMGY3R0V4U05qQ05aa1N6VG0yT210QVM1YWs4K2JwNUIvSwpyMEtya0hJcHdOdzIzNnFWTUlVMURyVUhjSW0zWXh3T2g2S1Q1V3Vpeko3ZGJKTGtQREM0aVpXQmFXSnNUZk9YCjJSamRFUUtCZ0hwVHZmWEFuUU9XdHNBM0hRa2lnK0pCeldRK09DSG9jUWhSTmk3ZU1WSEVVb09TS05LWXoxdjcKaDlJVWdnbUNiNFJkM1ROVjVrdFVIaG1qTDNabThaaGVkc3VObFJxKzFoYk1XcFdjZ2ZaV3VVcitXOW0yZVIrRwpRNml2WkNJZG9rdllpRnBCcXlkamF1Sy9TR1lwYm1GSjk5akU2ai93WjMxcXF5RCtGaUpXCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
[root@k8s-master cert]#
[root@k8s-master cert]#
[root@k8s-master cert]# # 设置默认的上下文
[root@k8s-master cert]# kubectl config use-context luffy-context --kubeconfig=luffy.kubeconfig
Switched to context "luffy-context".
[root@k8s-master cert]#
[root@k8s-master cert]# cat luffy.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXlPREEzTXpJd01sb1hEVE14TURZeU5qQTNNekl3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVZ0CmJ6Z281VTBHZmpWblVzaHRpWWc0aUlJQ1ZDV090QmVLOTk2cWVReHNzaWFxLzlRNS9EUzJRTWM4d1hBNnJlenAKMzAyVVFuc0lmSEZUSXN3S0hKUzlMeWlEZHErTkhpNHdWaHV5bk9LWkE5cG1BU202b1UvQlZ3UU0yYUN5ZlNDVwpBb1E4VkRNUUY1WXMrb01lWWh0M0Q3L1VoRnVYQm10akkveU9TN2RCUGFscWVDTTZJakJ2WlJJbGljYkUyN1VOCi84Qk5pcm5sSnpOZm83bC9yN3YrcnVpTm1jdkpsb0Nza0tHKzZCL2VSUjVPdkZmbTFxbE05VENSVDBMcHJJSEUKLzhhOWZ1YWh5dnFTWFBDb3BNeHZ5TXVMcTFaNjFlTWw2N29TNzA2RFdJdzE5ajRqQW9DZXM1UjUyZW5oUzd4SgpHcmdvK0J1ODhqSU9qNzBwNko4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPd0d0QXJjbWp1NE1jODRBRjc4K05QWndxNlRNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDTGEyVUF4UkNZNFhtczAzTkdUQU1DcGZybitjVUVqSDdKQXZkMEFRZFVVVngxRk11SQpFS0ZaK2xac2pybElzRHFIQ3ZDRWhhSGZpUWpJMTNLK3Eza0oyenVrUHppWUlJdTlOWUVhTGNGNndqdmNpWVozCk5aSk5iNkI0M0xsYVRqSjY0dnJ0RkVpOTBEYnNMaTk0WXI0Q1ljZElvQ3lNd2tJMXFxcG9mY3l6cGEyTHQzQUoKVkpsU3RhV3k3M0JtaVBWTHlXZk1wSW8zdzhZVDdOUlBkNUlDdnU5K09WblBTYmtFdXR5dzRpTVBTK1BqQUhWWgpxaHBzQ2xPUFd2S2tIV3BxZlYwRW5GemxLeU80WkZJanRuSkJzRmJkeFM4Q0hpdzMzV2ljTGxOUVZNZlFpQytFCkcxSEJ3ZmZkUktkQ005dzREWk1FZzROS3NPMmNrcDFwVlU0TgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://81.70.4.171:6443
name: luffy-cluster
contexts:
- context:
cluster: luffy-cluster
user: luffy-admin
name: luffy-context
current-context: luffy-context
kind: Config
preferences: {}
users:
- name: luffy-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lKQVA3cEtpb0pyUUJPTUEwR0NTcUdTSWIzRFFFQkN3VUFNQlV4RXpBUkJnTlYKQkFNVENtdDFZbVZ5Ym1WMFpYTXdIaGNOTWpFd056QTRNREkxT1RFMFdoY05NekV3TnpBMk1ESTFPVEUwV2pBcwpNUlF3RWdZRFZRUUtEQXRoWkcxcGJqcHNkV1ptZVRFVU1CSUdBMVVFQXd3TGJIVm1abmt0WVdSdGFXNHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3BWdXdIRmJER2tmem43VjBJcEhLdGtoWUsKZCtTYVRUNmFXRGhjVXpNQksreHlMdFFYdUQ0WGNzTmxkT1drdlAvc1hOSzMybnFNM25VRVJKbjFuNDdjZ2RuMQplZ0g4cTNOMVpCMnFlOExGNFpaTXJBYnU4Q0M5MkxyeGdaaTRhakc0NG9JUFcwbG1WZTRicmlDV1d0bytDNFNBCkExQkZRNm5pVGtSMUk4UUEzMnZyQWl4TmMyTTBrQVFnYnpTM3N5K2lSSHhOSlljeXIxUjFpaUl6clpMSW1VbkIKbDVtdjZRTTFGSWpkOExxMzQ4aFQ2M2tVZXlSUUUvcERSSVNiaGZDajBaZ0Frekdpck1CQ1B2d2JGUzI3V3U0OQptcnB1RlZPWEUxT1VMM09UYXNkVitFVkl5alJxbkcwMFBtNlplY2hXSnZSNll4eVZxaXZqSGpScHF6RTVBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQWpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFManluUDU5WDJTRXpHNjFMUXF1YnBBTlNuL1BuUUYzaGhqQTlVWmxielFSMwoxRllMS0FvVFljL1doNjlINFd5bkI0bStjMU16QmJCcVdIblpGM1ArSmthbGNWZlFuMjhyVS9QZ1RkS1FOMHh2Ci9EUFZNaHlOWVVhQUlnQjFNejdmT2k2bnFYOVg1VzdnczkyQWJoaWRRQWRwNUd1WEJLbEw0UHFERWN3NnU0VFgKNkxkSXZhdXkxc1pDOTB4ZXdNR1ZmWCtDMWM1bWNmVzdiZWlFNVNKT0o5Ui9uY3VhT0o0dlc2NHRzbVkrM1VscgpwWkN4citzSGYxTkUxVUJMaGdCNnUvbWlqMHd2RURjRUh5ZXl6TFo0QmhURmZ1NDJWaitlblJmamYyclJhUEZVCjJxcUplSEpoRXZHY3Q1SU5BelJ5OVUvTm5ITmZldVVzbEQxOE5sbE5pdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcVZic0J4V3d4cEg4NSsxZENLUnlyWklXQ25ma21rMCttbGc0WEZNekFTdnNjaTdVCkY3ZytGM0xEWlhUbHBMei83RnpTdDlwNmpONTFCRVNaOVorTzNJSFo5WG9CL0t0emRXUWRxbnZDeGVHV1RLd0cKN3ZBZ3ZkaTY4WUdZdUdveHVPS0NEMXRKWmxYdUc2NGdsbHJhUGd1RWdBTlFSVU9wNGs1RWRTUEVBTjlyNndJcwpUWE5qTkpBRUlHODB0N012b2tSOFRTV0hNcTlVZFlvaU02MlN5SmxKd1plWnIra0ROUlNJM2ZDNnQrUElVK3Q1CkZIc2tVQlA2UTBTRW00WHdvOUdZQUpNeG9xekFRajc4R3hVdHUxcnVQWnE2YmhWVGx4TlRsQzl6azJySFZmaEYKU01vMGFweHRORDV1bVhuSVZpYjBlbU1jbGFvcjR4NDBhYXN4T1FJREFRQUJBb0lCQUdDMDdqZ2hrQUhtejJyWQpLSUJPQWR2VUNOaFRuZTdzM0NxaTVSVDh3cTBSbTRlZDdLdmJJVUtjM0svdE1WU0NSeG1CN1Nqb0VZS3ZiRjVTCm15WWx5QjF2M3J5TXYrTy9Pa0c1T2lQcFo5TkFRR2hxK2M2c3ZkWU5scjFqU0lkUXhqS1MwTG5hWlRHWE0xTUYKZjBDK2c5SlpHNE5MNFNTZFBzQ3A5L2g1dzI3SE8xdDdpcnU5Zm1rS1J0MWFOZlYvbEFFVWY4OVNNQzJ6dmRrYQpOak1Vd0UxQjlBckZKdVI4NFdsbVhZWnV6ei9oZDh4TWlBdnVxUEcyWlRBdnNia2JPdWZ5bXl4MzBkOHFucGVpCmk0TWZFUW5KVUxLaXZKenNrTUpiVFk3dFhlRFluZjMzNWY1NG9lRlQ4SUFSYnhLUGhCRCtPRGpITDJuU1JNaXIKL2k4UDd3RUNnWUVBMXByMHhZS0I2bzVDNDdUZnlSeExQZ1NUa0pzMXpiS2xxN0l6T083Y0tpSm1pTXJLUXB1NQpZbE9xOW10TjNma3B5YXR4dWxMOWdzZGdnek1SeWZsRGJNWHhEOVhKKzNycXJjSzBvOE00SnhiSDFlNFBNcEtMCnhXNlpicVJQVnRiaEQrV240VnZFR2ZSUWlIWnZzT1RPWlZPNTJqMEdKZE1vWUpNK3h2aUVnK0VDZ1lFQXlnREgKRkFVcm96RE9ZNmNpemw4ZFlMTWFoOStrSlcrUlRsVXNvWmMwdDBMVkJFQTRuU2dzalJjdEdhejFXc21ZNG5WZApicDJNZEQ1eG9ZV2JkT1VOZFJCVFJaS1RidXVmM0QzaDZwZFZudDRmci82WFJETGp0eHdQcUFFLzM1Sm9PT2JpCng2WjQwL1p4MjBuZERtQmoyWlY3M0prSllNWEsyUStPMVQ3RVdGa0NnWUJYNGdFVzJRa0cydGM5bEphSUx4UUoKQTZyQ2J5MHJYVnRHNHFUalRiM1BhMkw5NWIzS1pTY1h3eGVoN2ZOblVWL3hmRW9JZVcvam5HNURqQ2hldzdyKwowbGlUbVlNcmZ2eVh4OEpkeGRZNis3TStRa3pxOHVSV0o2S2hrcHdDL2VBUXVJVjFYalVDUS9DdTBZR1B1VU5rCmIxTU9zaXJRVnBhVVpmZ3hWeGc5UVFLQmdRQ2Q3Zm0zTjB1a3JMWFB4NDQ0MXJnN01Bd2dDc05rMlZNN2NQQVIKN2d1eTg3ZGpPV3FKeEMwQXFnd0N0T3ltYkZMeFNsMGY3R0V4U05qQ05aa1N6VG0yT210QVM1YWs4K2JwNUIvSwpyMEtya0hJcHdOdzIzNnFWTUlVMURyVUhjSW0zWXh3T2g2S1Q1V3Vpeko3ZGJKTGtQREM0aVpXQmFXSnNUZk9YCjJSamRFUUtCZ0hwVHZmWEFuUU9XdHNBM0hRa2lnK0pCeldRK09DSG9jUWhSTmk3ZU1WSEVVb09TS05LWXoxdjcKaDlJVWdnbUNiNFJkM1ROVjVrdFVIaG1qTDNabThaaGVkc3VObFJxKzFoYk1XcFdjZ2ZaV3VVcitXOW0yZVIrRwpRNml2WkNJZG9rdllpRnBCcXlkamF1Sy9TR1lwYm1GSjk5akU2ai93WjMxcXF5RCtGaUpXCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
3. 验证:¶
# 查看config位置
pwd
# 设置当前kubectl使用的config文件
export KUBECONFIG=/k8s/cert/luffy.kubeconfig
# 当前不具有任何权限,因为没有为用户或者组设置RBAC规则
kubectl get po
Error from server (Forbidden): pods is forbidden: User "luffy-admin" cannot list resource "pods" in API group "" in the namespace "default"
[root@k8s-master cert]# pwd
/k8s/cert
[root@k8s-master cert]#
[root@k8s-master cert]# export KUBECONFIG=/k8s/cert/luffy.kubeconfig
[root@k8s-master cert]#
[root@k8s-master cert]# kubectl get po
Error from server (Forbidden): pods is forbidden: User "luffy-admin" cannot list resource "pods" in API group "" in the namespace "default"
4. 创建role和rolebinding,为luffy用户添加luffy命名空间访问权限:¶
# 切换回原来的config
export KUBECONFIG=
# 定义role,具有luffy命名空间的所有权限
vim luffy-admin-role.yaml
#########################################################
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: luffy
name: luffy-admin
rules:
- apiGroups: [""] # "" 指定核心 API 组
resources: ["*"]
verbs: ["*"]
# 定义rolebinding,为luffy用户绑定luffy-admin这个role,这样luffy用户就有操作luffy命名空间的所有权限
vim luffy-admin-rolebinding.yaml
##########################################################
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: luffy-admin
namespace: luffy
subjects:
- kind: User
name: luffy-admin # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role #this must be Role or ClusterRole
name: luffy-admin # 这里的名称必须与你想要绑定的 Role 或 ClusterRole 名称一致
apiGroup: rbac.authorization.k8s.io
# 创建role和rolebinding资源
kubectl apply -f .
[root@k8s-master cert]# # 切换回原来的config
[root@k8s-master cert]# export KUBECONFIG=
[root@k8s-master cert]#
[root@k8s-master cert]# # 定义role,具有luffy命名空间的所有权限
[root@k8s-master cert]# vim luffy-admin-role.yaml
[root@k8s-master cert]#
[root@k8s-master cert]# #定义rolebinding,为luffy用户绑定luffy-admin这个role,这样luffy用户就有操作luffy命名空间的所有权限
[root@k8s-master cert]# vim luffy-admin-rolebinding.yaml
[root@k8s-master cert]#
[root@k8s-master cert]# # 创建role和rolebinding资源
[root@k8s-master cert]# kubectl apply -f .
role.rbac.authorization.k8s.io/luffy-admin created
rolebinding.rbac.authorization.k8s.io/luffy-admin created
5. 再次验证权限¶
# 设置当前kubectl使用的config文件
export KUBECONFIG=/k8s/cert/luffy.kubeconfig
# 验证1
kubectl get po
#验证2
kubectl -n luffy get po
[root@k8s-master cert]# # 设置当前kubectl使用的config文件
[root@k8s-master cert]# export KUBECONFIG=/k8s/cert/luffy.kubeconfig
[root@k8s-master cert]#
[root@k8s-master cert]# # 验证1
[root@k8s-master cert]# kubectl get po
Error from server (Forbidden): pods is forbidden: User "luffy-admin" cannot list resource "pods" in API group "" in the namespace "default"
[root@k8s-master cert]#
[root@k8s-master cert]# #验证2
[root@k8s-master cert]# kubectl -n luffy get po
No resources found in luffy namespace.
6. 此时,可以将此配置文件发给需要的人用了!¶
1. 将配置文件发送给ubuntu用户¶
cp /k8s/cert/luffy.kubeconfig /home/ubuntu/
root@k8s-master:/k8s/cert# ls
extfile.conf luffy-admin-rolebinding.yaml luffy-admin-role.yaml luffy.crt luffy.csr luffy.key luffy.kubeconfig
root@k8s-master:/k8s/cert#
root@k8s-master:/k8s/cert# cp /k8s/cert/luffy.kubeconfig /home/ubuntu/
2. 更改文件权限¶
chown ubuntu.ubuntu /home/ubuntu/luffy.kubeconfig
3. 切换到ubuntu用户¶
#切换用户命令是啥?
su ubuntu
4. 声明配置文件¶
export KUBECONFIG=/home/ubuntu/luffy.kubeconfig
5. 测试¶
kubectl get pod
kubectl -n luffy get pod
root@k8s-master:/k8s/cert# su ubuntu
ubuntu@k8s-master:/k8s/cert$
ubuntu@k8s-master:/k8s/cert$
ubuntu@k8s-master:/k8s/cert$ export KUBECONFIG=/home/ubuntu/luffy.kubeconfig
ubuntu@k8s-master:/k8s/cert$
ubuntu@k8s-master:/k8s/cert$ kubectl get pod
Error from server (Forbidden): pods is forbidden: User "luffy-admin" cannot list resource "pods" in API group "" in the namespace "default"
ubuntu@k8s-master:/k8s/cert$ kubectl -n luffy get pod
NAME READY STATUS RESTARTS AGE
xiaoniao-v1-8685dc479b-bhrt8 1/1 Running 0 39h
xiaoniao-v1-8685dc479b-vc6rz 1/1 Running 0 39h
xiaoniao-v1-8685dc479b-wlhnc 1/1 Running 2 39h
xiaoniao-v1-8685dc479b-wp77r 1/1 Running 0 39h
最后更新:
2022-02-22 04:55:01