《kubernetes-1.8.0》03-kubectl管理工具

—《kubernetes 1.8.0 测试环境安装部署》

— 时间：2017-11-22

一、kuberctl安装

kubectl 默认从 ~/.kube/config配置文件获取访问 kube-apiserver 地址、证书、用户名等信息，如果没有配置该文件，执行命令时出错：

$  kubectl get podsThe connection to the server localhost:8080 was refused - did you specify the right host or port?

本文使用mritd所提供的tar ball中的rpm包进行kubectl的安装，kubectl包含于tarball目录下rpms中的kubernetes-client rpm包中。

$ tar -xvf k8s_v1.8.0_custom.tar -C ~$ cd ~/k8s/rpms/##分发rpm包至其他节点：$ for IP in `seq 131 134`; do    scp kubernetes*.rpm root@172.18.169.$IP:~; done##在三台master上安装 kubernetes-client server node rpm包,顺道都装了$ for IP in `seq 131 133`; do    ssh root@172.18.169.$IP yum install -y kubernetes*.rpmdone

二、分发kubernets相关证书

$ cd ~/kubernets_ssl/$ for IP in `seq 131 133`;do    ssh root@172.18.169.$IP mkdir -p /etc/kubernetes/ssl    scp *.pem root@172.18.169.$IP:/etc/kubernetes/ssl    ssh root@172.18.169.$IP chown -R kube:kube /etc/kubernetes/ssldone

三、生成kubectl kubeconfig 文件

在三台master上分别执行：

$ # 设置集群参数-在~/.kube/config加入ca证书$ kubectl config set-cluster kubernetes \  --certificate-authority=/etc/kubernetes/ssl/k8s-root-ca.pem \  --embed-certs=true \  --server=https://172.18.169.131:6443$ # 设置客户端认证参数-指定之前创建的admin证书对$ kubectl config set-credentials admin \  --client-certificate=/etc/kubernetes/ssl/admin.pem \  --embed-certs=true \  --client-key=/etc/kubernetes/ssl/admin-key.pem$ # 设置上下文参数$ kubectl config set-context kubernetes \  --cluster=kubernetes \  --user=admin$ # 设置默认上下文$ kubectl config use-context kubernetes

• 可以选择在三台上逐一生成，或者拷贝生成好的~/.kube/config文件至剩下两台的相应目录下修改server: 172.18.169.131为本机地址,并设置好相应权限即可。
• admin.pem证书 O 字段值为 system:masters，kube-apiserver 预定义的 RoleBinding cluster-admin 将 Group system:masters 与 Role cluster-admin 绑定，该 Role 授予了调用kube-apiserver 相关 API 的权限；
• 生成的kubeconfig被保存到 ~/.kube/config文件；
• --server=https:制定apiserver的secure advertise-address

查看生成的~/.kube/config

$ cat ~/.kube/config apiVersion: v1clusters:- cluster:    certificate-authority-data: ...6VjV4dUFBZ3RQNVA0ZDVRY0wyVmF5KytJVm8rRGpPL2NxMlBCMDhEOWl2cHhvTlNDREhMVUpkMWMKSzVzV1ptY21CbTZVejdNTkxLZHBQNTNpR1ZqSFg3ZFpRbzVZd1R4cEZHNHMrdHpEYWRUTnVyeXpJa2d5cStDYgpxdWUzdmVpR0tGU0IxKzZkMmZCT2ZuRko3K0hxRWZaZDl5VitucTF2TlFOT042SXRIclJSUlBMTkljUWFPTmorCjI0dzZIdGpQeFA0b2wxeC8wcG1BNGJUSkd1aXBIUTAvbGJrZkcyRVpnK2UzcFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==    server: 172.18.169.131  name: kubernetescontexts:- context:    cluster: kubernetes    user: admin  name: kubernetescurrent-context: kuberneteskind: Configpreferences: {}users:- name: admin  user:    as-user-extra: {}    client-certificate-data: ...HZlLzdleVFpeXFnU0xmcFNuQUxic2RqMlB6Tk9uSjdUK2ErVFcrV1dsNFFSa2JXTGY2ZEgKSEIxL3J1NkYzZlpLdllaWTlzeURPeTVBWFJ4L2xha0lacG16bkdhQjdVdWx1S3QrWmFmS3dyVVMzNmNqeGVGMwpUZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K    client-key-data: ...J5Sm14VFpzRjV6ZlkxelBiOS9RWFdTbVpKUDVEbFZmLzlJeFUKSERPY3hmUHFyd0o2S2FpMnFxVlJKN2ZkM1VpNWtFRlpBeDBBVzJUUitYc2htWEJKMExEdXJCQi9SYXg0RVJwcQpCTEtacUxDVmM1YTVrc1V0OHA4WHNkblNPTTVLNEgrV0xYYWlyT2tPWkZzTkpXZTZENzhTeUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

至此kubectl管理工具安装完成

本系列其他内容：

• 01-环境准备

• 02-etcd群集搭建

• 03-kubectl管理工具

• 04-master搭建

• 05-node节点搭建

• 06-addon-calico

• 07-addon-kubedns

• 08-addon-dashboard

• 09-addon-kube-prometheus

• 10-addon-EFK

• 11-addon-Harbor

• 12-addon-ingress-nginx

• 13-addon-traefik

参考链接：

https://mritd.me/2017/10/09/set-up-kubernetes-1.8-ha-cluster/

https://github.com/opsnull/follow-me-install-kubernetes-cluster

https://kubernetes.io/docs/reference/generated/kubelet/