k8s集群中添加admin账号并签发证书生成config文件

https://www.cnblogs.com/zsl-find/articles/13110216.html
证书服务器上操作
cd /opt/certs
[root@hdss7-200 certs]# cat admin-csr.json
k8s集群中添加admin账号并签发证书生成config文件 - 图1
{
“CN”: “admin”,
“hosts”: [],
“key”: {
“algo”: “rsa”,
“size”: 2048
},
“names”: [
{
“C”: “CN”,
“ST”: “beijing”,
“L”: “beijing”,
“O”: “od”,
“OU”: “ops”
}
]
}
k8s集群中添加admin账号并签发证书生成config文件 - 图2
注意”hosts”: []表示所有主机
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client admin-csr.json | cfssl-json -bare admin

生成的文件
[root@hdss7-200 certs]# ls | grep admin
admin.csr
admin-csr.json
admin-key.pem
admin.pem
[root@hdss
master上操作
cd /opt/kubernetes/server/bin/cert/
scp hdss7-200:/opt/certs/admin.pem ./
scp hdss7-200:/opt/certs/admin-key.pem ./
cd ../conf/
#生成集群配置文件
kubectl config set-cluster myk8s \
—certificate-authority=/opt/kubernetes/server/bin/cert/ca.pem \
—embed-certs=true \
—server=https://10.5.7.10:7443 \
—kubeconfig=kube-admin.kubeconfig
设置admin管理账号
kubectl config set-credentials admin \
—client-certificate=/opt/kubernetes/server/bin/cert/admin.pem \
—client-key=/opt/kubernetes/server/bin/cert/admin-key.pem \
—embed-certs=true \
—kubeconfig=kube-admin.kubeconfig
#绑定账号和管理的集群
kubectl config set-context myk8s-context \
—cluster=myk8s \
—user=admin \
—kubeconfig=kube-admin.kubeconfig

#选择指定集群 一般在需要远程控制的机器上操作
kubectl config use-context myk8s-context —kubeconfig=kube-admin.kubeconfig

#绑定账号到指定的角色
vi k8s-admin.yaml
k8s集群中添加admin账号并签发证书生成config文件 - 图3
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: admin
k8s集群中添加admin账号并签发证书生成config文件 - 图4
kubectl create -f k8s-admin.yaml
kubectl get clusterrolebinding k8s-node -o yaml

200拷贝生成的文件后拷贝指定文件到指定位置
[root@hdss7-200 ~]# cp kube-admin.kubeconfig .kube/config
kubectl config use-context myk8s-context
[root@hdss7-200 ~]# kubectl config view