{"id":110,"date":"2024-03-13T09:18:00","date_gmt":"2024-03-13T01:18:00","guid":{"rendered":"https:\/\/www.xueyaa.top\/?p=110"},"modified":"2026-03-10T21:47:55","modified_gmt":"2026-03-10T13:47:55","slug":"kubeconfig","status":"publish","type":"post","link":"https:\/\/www.xueyaa.top\/?p=110","title":{"rendered":"kubeconfig"},"content":{"rendered":"\n

1.1kubeconfig\u6982\u8ff0<\/h2>\n\n\n\n
kubeconfig\u662fYAML\u683c\u5f0f\u7684\u6587\u4ef6\uff0c\u7528\u4e8e\u5b58\u50a8\u8eab\u4efd\u8ba4\u8bc1\u4fe1\u606f\uff0c\u4ee5\u4fbf\u4e8e\u5ba2\u6237\u7aef\u52a0\u8f7d\u5e76\u8ba4\u8bc1\u5230API Server\u3002\n\nkubeconfig\u4fdd\u5b58\u6709\u8ba4\u8bc1\u5230\u4e00\u81f3\u591a\u4e2aKubernetes\u96c6\u7fa4\u7684\u76f8\u5173\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u5141\u8bb8\u7ba1\u7406\u5458\u6309\u9700\u5728\u5404\u914d\u7f6e\u95f4\u7075\u6d3b\u5207\u6362\n\tclusters\uff1a\n\t\tKubernetes\u96c6\u7fa4\u8bbf\u95ee\u7aef\u70b9\uff08API Server\uff09\u5217\u8868\u3002\n\t\t\u8bf4\u767d\u4e86\uff0c\u5c31\u662f\u53ef\u4ee5\u5b9a\u4e49\u591a\u4e2aK8S\u96c6\u7fa4\u5217\u8868\u3002\n\tusers\uff1a\n\t\t\u8ba4\u8bc1\u5230API Server\u7684\u8eab\u4efd\u51ed\u636e\u5217\u8868\u3002\n\t\t\u8bf4\u767d\u4e86\uff0c\u53ef\u4ee5\u5b9a\u4e49\u591a\u4e2a\u7528\u6237\u5217\u8868\uff0c\u8fd9\u4e2a\u7528\u6237\u53ef\u4ee5\u662ftoken\uff0c\u6216\u8005x509\u8bc1\u4e66\u51ed\u636e\u3002\n\tcontexts\uff1a\n\t\t\u5c06\u6bcf\u4e00\u4e2auser\u540c\u53ef\u8ba4\u8bc1\u5230\u7684cluster\u5efa\u7acb\u5173\u8054\u7684\u4e0a\u4e0b\u6587\u5217\u8868\u3002\n\t\t\u8bf4\u767d\u4e86\uff0c\u5c31\u662f\u5c06\u591a\u4e2a\u7528\u6237\u548c\u5bf9\u5e94\u7684\u96c6\u7fa4\u8fdb\u884c\u5173\u8054\uff0c\u5c06\u6765\u4f7f\u7528\u54ea\u4e2a\u7528\u6237\uff0c\u5c31\u4f1a\u53bb\u5173\u8054\u7684\u96c6\u7fa4\u8fdb\u884c\u8bbf\u95ee\u8ba4\u8bc1\u3002\u4e5f\u53ef\u4ee5\u5b9a\u4e49\u591a\u4e2a\u4e0a\u4e0b\u6587\u7684\u5173\u7cfb\u3002\n\tcurrent-context:\n\t\t\u5f53\u524d\u9ed8\u8ba4\u4f7f\u7528\u7684context\u3002<\/code><\/pre>\n\n\n\n
1.2kubeconfig\u7684\u7ec4\u6210\u90e8\u5206\u9a8c\u8bc1<\/h2>\n\n\n\n
\t1.\u67e5\u770bkubeconfig\u6587\u4ef6\u7684\u6587\u4ef6\u7ed3\u6784 \u9ed8\u8ba4  \u6b64\u6587\u4ef6\u5c31\u662f~\/.kube\/config\n[root@master231 ~]# kubectl config view \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: DATA+OMITTED\n    server: https:\/\/10.0.0.231:6443\n  name: kubernetes\ncontexts:\n- context:\n    cluster: kubernetes\n    user: kubernetes-admin\n  name: kubernetes-admin@kubernetes\ncurrent-context: kubernetes-admin@kubernetes\nkind: Config\npreferences: {}\nusers:\n- name: kubernetes-admin\n  user:\n    client-certificate-data: REDACTED\n    client-key-data: REDACTED\n[root@master231 ~]# \n\n\n\t2.\u67e5\u770b\u6587\u4ef6\u7684\u6e90\u6587\u4ef6\u5185\u5bb9\n[root@master231 ~]# kubectl config view --raw   #--raw\u539f\u6837\u8f93\u51fa \u5371\u9669\uff01\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: kubernetes\ncontexts:\n- context:\n    cluster: kubernetes\n    user: kubernetes-admin\n  name: kubernetes-admin@kubernetes\ncurrent-context: kubernetes-admin@kubernetes\nkind: Config\npreferences: {}\nusers:\n- name: kubernetes-admin\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJUWFsb3k5Q3ltaHN3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBME1EY3dNekF3TURSYUZ3MHlOakEwTURjd016QXdNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJrT29uQlNkeEhGZHZSTnYKVW9WbUFUdU1lVDB1T3VUalk0eU9meXY4UElsRGVEeGdtdXp5OXBjK0xzdkNFUXJGRHhSL1hVOW8vZzF3NTJFcwpvSXAvQjdhdzl2anZ1M2FidVBrRS9Kc2xwWi9GdjFMdnNoZE1BYWh6ZkZzVmIxUVMxTjVxcjJBZzhaQXp3SmJJCjlGYXhIMzE2WktwaU1GZW1ubGJMVVVYbG9QeVVjSkdEcGRNa3F1ME8vTDIvbGMvNVBqNkpRZWdrUVNXN1ZHUTgKTkcxR29TcVljekhtZkVZdE14WEF0TVNQMTRFR0pCZjBqMG5sd1R3QU92SkJCZWNmQnRoSU5Zek14d2dNYzFJSApXSnkyU1R0Mkd4VkpybVlYSkpNdU5rNkpmeWlxUklBMzNQQ0FOdS9DcHRtV2FGT2lsZXVFUVhrdy9VajdHMDhECm5YZ2ZHd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRUlpPY3ZwZDNSTlI1anNuU0JkcGZRdFBQNQp6akFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUnBDMWVUeVI4NXNtZnNJUWozemdzT0NxQWxIcW5Ub2xCNm0wCk14VjdVTGVCVmZoNmg3a3F5cVBzelorczM1MHJxNHpyczI2Qy8xSVBwK1p3MEhvVm9zdmNOSkZvMW0wY2lpUlMKUjVqSXU0Q1Rpd2R0aWZSUUd2SmhmQVFMZmNZd1JlTHJVQUg0YmxYRUZibkorM2FyeHZPQ1B3NThjL2lJTm9XWQpBenlZUElEZHJTSjFCTlZGYkVhSjhYR1ZSYW0rSGRkNHM1bExieGYzWFlPT0o0eWNha29pdWFQN3RUNmw3MXZ2CnAwNS9nOHA3R3NsV1R0cWFFa3JXbW5yUVlXN1Z1M015cWE0M1l4dFFMa2hvVzNad2lseEc1TVo4ZXd1NXdvWlQKQUgrRzB3MkNhbzk4NEVIUFBnL2tQOFVPTGRCZWhjVUgwU2J6YXBBMjJDZ3luN0ozZEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcmtPb25CU2R4SEZkdlJOdlVvVm1BVHVNZVQwdU91VGpZNHlPZnl2OFBJbERlRHhnCm11enk5cGMrTHN2Q0VRckZEeFIvWFU5by9nMXc1MkVzb0lwL0I3YXc5dmp2dTNhYnVQa0UvSnNscFovRnYxTHYKc2hkTUFhaHpmRnNWYjFRUzFONXFyMkFnOFpBendKYkk5RmF4SDMxNlpLcGlNRmVtbmxiTFVVWGxvUHlVY0pHRApwZE1rcXUwTy9MMi9sYy81UGo2SlFlZ2tRU1c3VkdROE5HMUdvU3FZY3pIbWZFWXRNeFhBdE1TUDE0RUdKQmYwCmowbmx3VHdBT3ZKQkJlY2ZCdGhJTll6TXh3Z01jMUlIV0p5MlNUdDJHeFZKcm1ZWEpKTXVOazZKZnlpcVJJQTMKM1BDQU51L0NwdG1XYUZPaWxldUVRWGt3L1VqN0cwOERuWGdmR3dJREFRQUJBb0lCQUhZUGdIdTl1K1VLcU9jZgo4NXVFcE1iUkFTcGlPSi9OMGYvdmlkcStnZlRCU2VSN2d6ZHlzR2cvcnZFbE9pVXhscS9Rd3prRVE2MWFqZE0wCkVuZnhYSDV0VnhiN0wrOWhPNzdsZG10czhPUjBpaFJFcS8rTHFRSzJqUWNDN2xLdU10UGttNEtWTGJ4NlpaVmsKa21CM0d5aXFhZkVwUGJ4aXBZOUFYaDZCckVDVHZ4VGYxUElOcVlkT1JEcjl5S2hFUjZRV2tHTlJzZjZYUFR6MwpRRytMYVRzbERtbW1NL1JickU1V1dlUTJSQlJnWVJjU2hQYmh3cUZGZXhhN2dkVmtRQVFOY21WUW5weHdXcDNCCnZCUWh0MTh6Z2tKbXUwN215aWdjZE9Gak0vdFdTd0ZkSVhZKzBrNHVZNWtmL1dackNRQ0YzUXBrZld6L0pGbEkKNU9VS2VJRUNnWUVBd284d0pTd1BoUTNZWDJDQzgwcWdRNDhiZWlVZFgyN0tjSlRWa0hYSkhheHZEczRvTXo5agpRV0FPaFB2NGdXM0tFYUlnUDN4K3kwa3lzeHFXNVVMdERvVHVyVE45cWQ0L012bVJFZEdjcys0OWNXSkRSTDRTCnZUR2dZQWZvR3hCS21qZjcwR0Zqdlp1VjJtMGl6QTJlNXRubWFpam8xeDRuaGxWc1BCVkJBYVVDZ1lFQTVVdkEKNHNFbkFUQVdBTlRFeVU2R2JXY0JpN0F5KzdYTUkvcGphMmZiRjN1RjRrNTZpZGtTVmNPeTlhUTVVOUZKeWdkWAo4d05CbDdyZldQVGVOd3BBc3RMVkZwd3gvQzRxQ3U4SEE1dXRZSW9wcFRUd3FRWG1pS0tQQVh4bUg2aDNRZElxCnQvL1dnejh2N0E2RTc4V1Q1UmJOZk9XS0lBVlh5UE5oMGo3SlFiOENnWUJCeExtWHR6OC8wU0JWallCMjBjRS8KVlQ4S21VVkduMk1iajVScUV3YjdXdkRuNWxTOGppNzFTSTFmOHZWY2UwcVZqMktyVTJCaFE4czV0RUZTR3IrYgo2dC9yK0w0QUVEcjQ5bGhOMTdmTE16dmQra09YRjFHcVZ2NUp1Q0tFRTR2RWVpeExrc0J1dGd1QUhPaG9aaXBUCkMxSFNqU1c0b2w3bUVEWllVUzc2YVFLQmdRRGt5c2JITzdYZ3NJdHovdG53aUNNSUxOelU5bGFZNUppeVdaZzAKUnFmTmNacHc2cC9JeGtsT1BIeG9NSnBuTVJDd3ZzMGFGV2l3cm0xSHhPV3FBOWYwMXZ4Nm1CWWtMQ2dWU3RZegoybldRTzZ3OFJXdlJLNnNSTVNzQ2I0OHpEWlVabjB5eTFsdkVFQnVRTGhpbGF2OGNlcmxGWTRDRVhQQnYrYkhrCjZITkczd0tCZ0dPekxRZnorMEFoaXJTZTZTZllmanQrMkdVSGc3U21UcjZjNm9jTnlpZGNSQks5Q25jcENiOW4KeVZ2SktzSkNuY2FvTCsra2M1aE1YWEJxendEQzNweVlFOWR2UFRiNXFOa1Z3UEJqa0VMcEsyaXhsRUlYRUc1cApJdjVxeVJWTit1QU9PMm5zNWJXQTUwTUpHK1JjSUZrQUphcUR1R1dMWFNZdmdVOVdPREpZCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==\n[root@master231 ~]# <\/code><\/pre>\n\n\n\n
1.3\u4e3a\u9759\u6001\u4ee4\u724c\u8ba4\u8bc1token\u7528\u6237\u751f\u6210kubeconfig\u5b9e\u6218<\/h2>\n\n\n\n
\t1 \u521b\u5efa\u4e00\u4e2a\u96c6\u7fa4\n[root@worker232 ~]# kubectl config set-cluster myk8s --embed-certs=true --certificate-authority=\/etc\/kubernetes\/pki\/ca.crt --server=\"https:\/\/10.0.0.231:6443\" --kubeconfig=.\/yinzhengjie-k8s-token.conf\nCluster \"myk8s\" set.\n[root@worker232 ~]# \n[root@worker232 ~]# cat .\/yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers: null\n[root@worker232 ~]# \n[root@worker232 ~]# ll yinzhengjie-k8s-token.conf \n-rw------- 1 root root 1663 Sep 27 16:34 yinzhengjie-k8s-token.conf\n[root@worker232 ~]# \n\n\n\t2.\u67e5\u770b\u96c6\u7fa4\u4fe1\u606f(get-clusters)\n[root@worker232 ~]# kubectl config get-clusters --kubeconfig=.\/yinzhengjie-k8s-token.conf\nNAME\nmyk8s\n[root@worker232 ~]# \n\n\n\t3.\u67e5\u770b\u4ee4\u724c\u8ba4\u8bc1\u6587\u4ef6\n[root@master231 auth]# cat \/etc\/kubernetes\/pki\/token.csv \n01b202.d5c4210389cbff08,yinzhengjie,10001,k8s\n497804.9fc391f505052952,jasonyin,10002,k8s\n8fd32c.0868709b9e5786a8,linux100,10003,k3s\njvt496.ls43vufojf45q73i,linux101,10004,k3s\nqo7azt.y27gu4idn5cunudd,linux102,10005,k3s\nmic1bd.mx3vohsg05bjk5rr,linux103,10006,k3s\n[root@master231 auth]# \n\n\n\t4.\u521b\u5efa\u7528\u6237\u4fe1\u606f\n[root@worker232 ~]# kubectl config set-credentials yinzhengjie --token=\"01b202.d5c4210389cbff08\" --kubeconfig=.\/yinzhengjie-k8s-token.conf \nUser \"yinzhengjie\" set.\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl config set-credentials jasonyin --token=\"497804.9fc391f505052952\" --kubeconfig=.\/yinzhengjie-k8s-token.conf\nUser \"jasonyin\" set.\n[root@worker232 ~]# \n[root@worker232 ~]# cat yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jasonyin\n  user:\n    token: 497804.9fc391f505052952\n- name: yinzhengjie\n  user:\n    token: 01b202.d5c4210389cbff08\n[root@worker232 ~]# \n\n \n\t5.\u67e5\u770b\u7528\u6237\u4fe1\u606f\n[root@worker232 ~]# kubectl config get-users --kubeconfig=.\/yinzhengjie-k8s-token.conf\nNAME\njasonyin\nyinzhengjie\n[root@worker232 ~]# \n\n\n\t6.\u5b9a\u4e49\u4e0a\u4e0b\u6587\n[root@worker232 ~]# kubectl config set-context yinzhengjie@myk8s --user=yinzhengjie --cluster=myk8s --kubeconfig=.\/yinzhengjie-k8s-token.conf\nContext \"yinzhengjie@myk8s\" created.\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl config set-context jasonyin@myk8s --user=jasonyin --cluster=myk8s --kubeconfig=.\/yinzhengjie-k8s-token.conf\nContext \"jasonyin@myk8s\" created.\n[root@worker232 ~]# \n[root@worker232 ~]# cat yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jasonyin\n  name: jasonyin@myk8s\n- context:\n    cluster: myk8s\n    user: yinzhengjie\n  name: yinzhengjie@myk8s\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jasonyin\n  user:\n    token: 497804.9fc391f505052952\n- name: yinzhengjie\n  user:\n    token: 01b202.d5c4210389cbff08\n[root@worker232 ~]# \n\n\n\t7.\u67e5\u770b\u4e0a\u4e0b\u6587\u5217\u8868\n[root@worker232 ~]# kubectl config get-contexts --kubeconfig=.\/yinzhengjie-k8s-token.conf\nCURRENT   NAME                CLUSTER   AUTHINFO      NAMESPACE\n          jasonyin@myk8s      myk8s     jasonyin      \n          yinzhengjie@myk8s   myk8s     yinzhengjie   \n[root@worker232 ~]# \n\n\n\t8.\u5b9a\u4e49\u5f53\u524d\u4f7f\u7528\u7684\u4e0a\u4e0b\u6587\n[root@worker232 ~]# kubectl config use-context yinzhengjie@myk8s --kubeconfig=.\/yinzhengjie-k8s-token.conf\nSwitched to context \"yinzhengjie@myk8s\".\n[root@worker232 ~]# \n[root@worker232 ~]# cat yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jasonyin\n  name: jasonyin@myk8s\n- context:\n    cluster: myk8s\n    user: yinzhengjie\n  name: yinzhengjie@myk8s\ncurrent-context: yinzhengjie@myk8s\nkind: Config\npreferences: {}\nusers:\n- name: jasonyin\n  user:\n    token: 497804.9fc391f505052952\n- name: yinzhengjie\n  user:\n    token: 01b202.d5c4210389cbff08\n[root@worker232 ~]# \n\n\n\t9.\u67e5\u770b\u5f53\u524d\u4f7f\u7528\u7684\u4e0a\u4e0b\u6587\n[root@worker232 ~]# kubectl config current-context --kubeconfig=.\/yinzhengjie-k8s-token.conf\nyinzhengjie@myk8s\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl config get-contexts --kubeconfig=.\/yinzhengjie-k8s-token.conf\nCURRENT   NAME                CLUSTER   AUTHINFO      NAMESPACE\n          jasonyin@myk8s      myk8s     jasonyin      \n*         yinzhengjie@myk8s   myk8s     yinzhengjie   \n[root@worker232 ~]# \n\n\n\t10.\u6253\u5370kubeconfig\u4fe1\u606f\uff0c\u9ed8\u8ba4\u4f1a\u4f7f\u7528\u201cREDACTED\u201d\u6216\u8005\u201cDATA+OMITTED\u201d\u5173\u952e\u5b57\u9690\u85cf\u8bc1\u4e66\u4fe1\u606f\n[root@worker232 ~]# kubectl config view --kubeconfig=.\/yinzhengjie-k8s-token.conf\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: DATA+OMITTED\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jasonyin\n  name: jasonyin@myk8s\n- context:\n    cluster: myk8s\n    user: yinzhengjie\n  name: yinzhengjie@myk8s\ncurrent-context: yinzhengjie@myk8s\nkind: Config\npreferences: {}\nusers:\n- name: jasonyin\n  user:\n    token: REDACTED\n- name: yinzhengjie\n  user:\n    token: REDACTED\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl config view --kubeconfig=.\/yinzhengjie-k8s-token.conf --raw\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJMU1EUXdOekF6TURBd05Gb1hEVE0xTURRd05UQXpNREF3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTl4Cmh0RHhVQVJsUGo0NlFEa1Rwd3dPWnJsN2d1bG5IUzRYN1Y1S1pFN3cyZVZRakJXUmpRMENnSzNjMFFBa3hoT1YKWXl4Y1pSbVg2U3FkRFZOWFBNQVZzSmNUeDd4VkRWNk9DYVQxSjRkZmcxVWNGTTNidXM5R3VMMzBITVBRYVEvaApyN2RrcnkxTUlLaVh3MUU5SkFSc05PMnhnamJBMHJEWlpIOXRRRlpwMlpUa1BNU1AzMG5WTWJvNWh3MHZLUGplCnoxNlB6Q3JwUjJIRkZrc0dXRmI3SnVobHlkWmpDaVQwOFJPY3N5ZERUTVFXZWZBdTNEcUJvMHpOSmtrcVovaVAKWkFFZ29DNXZ2MEg2N0Q4SEJxSzArRmUrZjJCaUs1SGNoYkF1WndwWjNkQ0pMTXVmU3FSWkNVVmFtTW56dWlaRApQTmVJbmdPSCtsMWZReTFad0pzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCRms1eStsM2RFMUhtT3lkSUYybDlDMDgvbk9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmxjZ0l1YUsxSVZydVBTVzk2SwpkTTZ6V294WmJlaVpqTWdpd2Q2R3lSL0JBdjI2QzB5V1piZjFHY3A4TlBISDJLdlhscTliUGpSODZSUkNpRFQ4Ci9VZGlTWVpQejByNnJrcTVCZ2x1Rk5XNlRTTXJyRndEVDlubVh0d0pZdzVQU29sS0JHQjIvaThaVTVwL3FkQUMKZ2Z3bU1sY3NPV3ZFUVV5bTVUYmZiWVU3NStxODJsNjY5ZGpGenh2VHFEWEIvZ0hoK1JvRXVaRTNSdjd5Slc1MwpMbkVhVWZSYjRCcmxGclFrKzlPRXZKMUF5UTE0LzcwTjlhVlJXZVZpTkxyQVdJTTNnajN1WmVHMk5yMXdic1ozCjM3VDF5MSs3TVlRcUpiUWRleUpyUVRyaGNjMXlRWTJIOEpaOXBqOERhNVVpSjlkQ1ZMeEtJSlFMeTV4b0RXaTgKL2hvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jasonyin\n  name: jasonyin@myk8s\n- context:\n    cluster: myk8s\n    user: yinzhengjie\n  name: yinzhengjie@myk8s\ncurrent-context: yinzhengjie@myk8s\nkind: Config\npreferences: {}\nusers:\n- name: jasonyin\n  user:\n    token: 497804.9fc391f505052952\n- name: yinzhengjie\n  user:\n    token: 01b202.d5c4210389cbff08\n[root@worker232 ~]# \n\n\t11.\u5ba2\u6237\u7aef\u8fdb\u884c\u8ba4\u8bc1 \n[root@worker232 ~]# kubectl get pods --kubeconfig=.\/yinzhengjie-k8s-token.conf\nError from server (Forbidden): pods is forbidden: User \"yinzhengjie\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl get pods --kubeconfig=.\/yinzhengjie-k8s-token.conf  --context=jasonyin@myk8s\nError from server (Forbidden): pods is forbidden: User \"jasonyin\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker232 ~]# <\/code><\/pre>\n\n\n\n
1.4kubectl\u52a0\u8f7dkubeconfig\u7684\u4f18\u5148\u7ea7<\/h2>\n\n\n\n
\t1.\u57fa\u4e8eKUBECONFIG\u53d8\u91cf\n[root@worker232 ~]# export KUBECONFIG=\/root\/yinzhengjie-k8s-token.conf \n[root@worker232 ~]# \n[root@worker232 ~]# kubectl get nodes\nError from server (Forbidden): nodes is forbidden: User \"yinzhengjie\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl get pods --context=jasonyin@myk8s\nError from server (Forbidden): pods is forbidden: User \"jasonyin\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker232 ~]# \n\n\n\t2.\u6307\u5b9akubeconfig\u6587\u4ef6\uff0c\u4f18\u5148\u7ea7\u9ad8\u4e8eKUBECONFIG\u53d8\u91cf\n\t\t2.1 \u62f7\u8d1dkubeconfig\u6587\u4ef6(\u5c31\u662f~\/.kube\/config)\n[root@master231 ~]# scp \/etc\/kubernetes\/admin.conf 10.0.0.232:~\n\n\t\t2.2 \u6d4b\u8bd5\u9a8c\u8bc1\n[root@worker232 ~]#  env | grep KUBECONFIG\nKUBECONFIG=\/root\/yinzhengjie-k8s-token.conf\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl get nodes \nError from server (Forbidden): nodes is forbidden: User \"yinzhengjie\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n[root@worker232 ~]# \n[root@worker232 ~]# kubectl get nodes --kubeconfig=admin.conf\nNAME        STATUS   ROLES                  AGE   VERSION\nmaster231   Ready    control-plane,master   8d    v1.23.17\nworker232   Ready    <none>                 8d    v1.23.17\nworker233   Ready    <none>                 8d    v1.23.17\n[root@worker232 ~]# \n\n\n\t3.\u6307\u5b9akubeconfig\u6587\u4ef6\uff0c\u4f18\u5148\u7ea7\u9ad8\u4e8e\"~\/.kube\/config\"\u6587\u4ef6 \n\t\t3.1 \u62f7\u8d1dkubeconfig\u6587\u4ef6\n[root@worker232 ~]# scp yinzhengjie-k8s-token.conf 10.0.0.231:~\n\n\t\t3.2 \u6d4b\u8bd5\u9a8c\u8bc1\n[root@master231 ~]# env | grep KUBECONFIG\n[root@master231 ~]# \n[root@master231 ~]#  ll ~\/.kube\/config\n-rw------- 1 root root 5634 Nov 30 11:02 \/root\/.kube\/config\n[root@master231 ~]# \n[root@master231 ~]# kubectl get nodes --kubeconfig=yinzhengjie-k8s-token.conf\nError from server (Forbidden): nodes is forbidden: User \"yinzhengjie\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n[root@master231 ~]# \n\n\n\t4.\"~\/.kube\/config\"\u548cKUBECONFIG\u53d8\u91cf\u7684\u4f18\u5148\u7ea7\u6bd4\u8f83\n\t\t4.1 \u914d\u7f6e\u73af\u5883\u53d8\u91cf \n[root@master231 ~]# env | grep KUBECONFIG\n[root@master231 ~]# \n[root@master231 ~]# export KUBECONFIG=\/root\/yinzhengjie-k8s-token.conf\n[root@master231 ~]# \n[root@master231 ~]# env | grep KUBECONFIG\nKUBECONFIG=\/root\/yinzhengjie-k8s-certs.conf \n[root@master231 ~]# \n[root@master231 ~]# ll ~\/.kube\/config \n-rw------- 1 root root 5638 May 22 10:59 \/root\/.kube\/config\n[root@master231 ~]# \n\n\t\t4.2 \u6d4b\u8bd5\u9a8c\u8bc1 \n[root@master231 ~]# kubectl get nodes\nError from server (Forbidden): nodes is forbidden: User \"yinzhengjie\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n[root@master231 ~]# \n\n\t\t4.4 \u5220\u9664\u53d8\u91cf \n[root@master231 ~]# unset KUBECONFIG\n[root@master231 ~]# env | grep KUBECONFIG\n[root@master231 ~]# \n[root@master231 ~]# kubectl get nodes\nNAME        STATUS     ROLES                  AGE     VERSION\nmaster231   Ready      control-plane,master   12d     v1.23.17\nworker232   Ready      <none>                 12d     v1.23.17\nworker233   NotReady   <none>                 5d18h   v1.23.17\n[root@master231 ~]# \n\n\t5.\u7efc\u4e0a\u6240\u8ff0\uff0ckubectl\u52a0\u8f7dkubeconfig\u6587\u4ef6\u7684\u4f18\u5148\u7ea7\u603b\u7ed3\n\t\t- 1.\u4f7f\u7528\"--kubeconfig\"\u7684\u4f18\u5148\u7ea7\u6700\u5927\uff0c\u76f4\u63a5\u65e0\u89c6\u540e\u9762\u7684\u4e24\u4e2a\u914d\u7f6e\u6587\u4ef6;\n\t\t- 2.\u4f7f\u7528\"KUBECONFIG\"\u53d8\u91cf\u7684\u4f18\u5148\u7ea7\u6b21\u4e4b;\n\t\t- 3.\u5982\u679c\u6ca1\u6709\u5b9a\u4e49\u4e0a\u9762\u4e24\u4e2a\u914d\u7f6e\uff0c\u5219\u9ed8\u8ba4\u4f7f\u7528\u7684\"~\/.kube\/config\"\u6587\u4ef6;\n\t\t- 4.\u5982\u679c\u524d\u97623\u4e2a\u73af\u5883\u90fd\u6ca1\u6709\uff0c\u5219\u9ed8\u8ba4\u94fe\u63a5\"localhost:8080\"; \uff08\u65e9\u671f \u8d70\u7684http\u534f\u8bae\uff09<\/code><\/pre>\n\n\n\n
1.5\u4e3aX509\u6570\u5b57\u8bc1\u4e66\u7684\u7528\u6237\u751f\u6210kubeconfig\u5b9e\u6218<\/h2>\n\n\n\n
\t1 \u51c6\u5907\u8bc1\u4e66\n[root@worker233 ~]# ll jiege.*\n-rw-r--r-- 1 root root 1115 Apr 14 10:58 jiege.crt\n-rw-r--r-- 1 root root  911 Apr 14 10:43 jiege.csr\n-rw------- 1 root root 1704 Apr 14 10:43 jiege.key\n[root@worker233 ~]# \n\n\t2 \u6dfb\u52a0\u8bc1\u4e66\u7528\u6237\n[root@worker233 ~]# kubectl config set-credentials jiege --client-certificate=\/root\/jiege.crt --client-key=\/root\/jiege.key --embed-certs=true --kubeconfig=.\/yinzhengjie-k8s-certs.conf \nUser \"jiege\" set.\n[root@worker233 ~]# \n[root@worker233 ~]# ll yinzhengjie-k8s-certs.conf \n-rw------- 1 root root 3935 Sep 27 17:22 yinzhengjie-k8s-certs.conf\n[root@worker233 ~]# \n[root@worker233 ~]# cat yinzhengjie-k8s-certs.conf \napiVersion: v1\nclusters: null\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jiege\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDVENDQWZHZ0F3SUJBZ0lRUjlwUUVGR1VtaUJsekFEZVdjYk8rekFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEkxTURreU56QTNNelkwTVZvWERUSTFNRGt5T0RBMwpNelkwTVZvd0pERVNNQkFHQTFVRUNoTUpiMnhrWW05NVpXUjFNUTR3REFZRFZRUURFd1ZxYVdWblpUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLZkZQaTV6bmE0Uy9DeGNNc0QzeGd5UmJjdHEKUnhERmw4dFZTK0lROGVmdGFseFBQeGV1aHFWTkZpbUVJR3VpcERXMW0zMFl6Nk96V1NyMVNPOVNJcVVTUVN4TgptWXhvV2pjbkFranZieTkrN2VkRSt6Yzc1Yy8ycFY1MlZwNjdwZlJIOVpPQ0xQTXJkc29MSlhVL2x3WDdrZ00wCjZwSGZJdHlLQ21nMlFTVlFZblNpUzNZRmNxdm5OUlZKZmRzK2gzNFZZWlJUdmhka1c2Tm9sZzZ2VFNoaHFESEYKWG02cGhySURTeVI3M25TV1R3d2FOOHBYb3d5VkZnSFpvbHZabUhrYkhjenllN1JQblVlRTJGWDZjNlBseG1meApKQzZyY1ZVbXB1VWFMem5xVEswTmlhNS92MFlEM0Rmc0pXUlBZZUM2ZjBVbFBPaDRWaC90cXg2L2JVc0NBd0VBCkFhTkdNRVF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUW1yWXltT2kzdk1HeVJCYy9JNmVWRFVySDBZREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBajRhVwpiMVBRM0lOSUZFeWVHMVNjbUdlNFBCRXFMbVZNNnZKdStMRGxVTEdKbllrOGNIdHRWZWJ2QXVLSXgrcWhOaDBDClh5ekkzSi9SYXIybGk2VDJrUC9TemV5bHF4dE51R1NUTnR2NGFUeHhESUJIRytpblVIMy9KcmxtaVl6RkhoT0oKV2d2WHZxdnVOcmdSK1JzWHZWN2N1dFl5Y2krNjZIcncvWjYxdWE1bEJ6TkszbEFyNFRIOUtOYXZDbEcwci9rZgppQ0F2cTE4V3QyR1NkUkNHRmlObWRnU0svbjY5djFzTnJDdGM3bE5OSUpqWEhVeGpjK0tzcWlZRHZpRnY5SXJnCkdYN1dPUE43eE5BamNpWFMvWWRVbzBUZ0ZhWmhBYzBjZlFUd1pzTGFTV0lXWmlRd0NBaWdILytXYm9hOW9ndWkKM2M4UjdueDB5d3ZvdkdvZ2ZBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ254VDR1YzUydUV2d3MKWERMQTk4WU1rVzNMYWtjUXhaZkxWVXZpRVBIbjdXcGNUejhYcm9hbFRSWXBoQ0Jyb3FRMXRadDlHTStqczFrcQo5VWp2VWlLbEVrRXNUWm1NYUZvM0p3Skk3Mjh2ZnUzblJQczNPK1hQOXFWZWRsYWV1NlgwUi9XVGdpenpLM2JLCkN5VjFQNWNGKzVJRE5PcVIzeUxjaWdwb05rRWxVR0owb2t0MkJYS3I1elVWU1gzYlBvZCtGV0dVVTc0WFpGdWoKYUpZT3IwMG9ZYWd4eFY1dXFZYXlBMHNrZTk1MGxrOE1HamZLVjZNTWxSWUIyYUpiMlpoNUd4M004bnUwVDUxSApoTmhWK25PajVjWm44U1F1cTNGVkpxYmxHaTg1Nmt5dERZbXVmNzlHQTl3MzdDVmtUMkhndW45RkpUem9lRllmCjdhc2V2MjFMQWdNQkFBRUNnZ0VBQTRLVng2SUZTVjJUVWhoSEVEdCszM0ljSjh2Y1JjWmtqbmdGT09zZGdlVTUKT3ZUYmZ6MkRDcXFxRFRTbHBhcmNTd0FNTmU5U3lpYlg5WlZMMjluNDZKYm1XZGR4SUNZVXhuVDErc2NBL3ErUQpxYXlMVEZTMVVseGppYTQvSjE0S0NGVGR3ZmdtR1p1dUJoSFA5dnZkY2Q0WmFDREV6RWdzc2d3MHBkNkdEcnp1CitLdWtyTW9aOVE0UmlFWkpWcXlIeUdjd1lSZFRPS2pFOXFoaGhrSHhSTkR3OWVGUTF0RGxlWlRaVFZSUmZLancKbndVWDR2bGd2NDM0eSs4WnUvaVNIVXZLK0l6VENVVzI4amNVanVGLzI5SE5STXo5dkNZaFIvbGVHTmJVR2laQwpWbVBJTkVvVlVMMDV1UmFKOUc0cTJ3U2trWTg5TWhmK2NoNVpnVFpaTlFLQmdRRFRHSWRTcERsMTlobWxFZ2ErCk10SnBZS09SUUNGdHhJcnhHK3RqeXlVNFpRcTdIbjBBb2pCQk9kUEIzUmpXZFFpdWQwZDFiYndDWkVCUTBOWVoKWTlDN3NOV2s3MnlPT1EyQVgxT2xUTGZZOGptSHBhZVhYNVlOOFhFYzJVQ2NRbjBScUpUNlJWSE5WK0F4TVIrQwpVZWVSSy9pbm1uS3lyaFlVYS9lSHYrK2ZmUUtCZ1FETGRXSFN2cXVrUHc0MUhqWDROSGs1Mmt5YmVKQzZEL01JCm5oUDBvRTQwKzY4M09yL3dmYlFmSXl6NXErZFFJYlBKV2lpZzdlLzV1aWEydFYrMEZYSU5vVHlkdkx1ZW5PRk0KVDdhejVpNDFnUW04UkJjYVJhSTB1Y0JLM3dZdEFBS0FZWFVlcVJKRExjd1VwRHZmV2ZPeC9YSnFZSVRuNC9lcwpZZUc3eFNicVp3S0JnR2FkZTlyT2ZpZzdrOGZNZFg2cjBlRHIyMWRXWjJtbXF5djl1SFZ3WVEyREFLNXBhYmFQCklRbjBCRjR2RGszaDRuQjlCejJzTkVLdFhSNXNCa2VkWC9COVM3MjdyWGVOZ0dTdzhrWmVmdGgxRjBZN1hyYVUKL3FxVWZibmFXakFibWhTbGNKWWdjRjF6cEVZRmJSMjZsdWpaQ1N6Z1JYVmFidDFLaHE5MHZCVTVBb0dBRUNHQwpXLzhhQksrckpMTDhmRzFNbnpXYmxVZjkwWUtxTmlpeVZGYlJYSW9IM2swZUlxY1V2Tk5CSVpwcmdJTHJpaTlICndWcWNDQ1NtSlI1RU5EYnZELzJVbkx6MTh5RmxDM1BXZkhUbmZQNTZFeDhpNWNaWGtlNllQRmRxV2U4Q1E4TjIKVWJQOTZxMmEzSmdZMXlCK25jSUdiRUN5eU4vZUp5Q3JrUU9VamtrQ2dZRUF5ckRKOUxaNms1QXlNTmVNVVZKagoyYzVwZlZPZ3JOL3BDUVFKdmY4SWFDVmJUS2dOZWRqUjIrb1YrVjliTSswUm9ScWFiYzQ4SG12NjBaQ3JqZDVKCkFmSHVIVTQ2aEU2Nlk2a2hHTStaMHUybnNZMUw4UWI0RXlmRVEzNFkzUklGZU53YzhneUJIZHlJYUFsNUdoVy8KY1NaU2JFenMyaWpiMXVSbVpvRkZrNW89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K\n[root@worker233 ~]# \n\n\t3 \u67e5\u770b\u7528\u6237\u5217\u8868\n[root@worker233 ~]# kubectl config get-users --kubeconfig=.\/yinzhengjie-k8s-certs.conf \nNAME\njiege\n[root@worker233 ~]# \n\n\t4.\u521b\u5efa\u4e00\u4e2a\u96c6\u7fa4\n[root@worker233 ~]# kubectl config set-cluster myk8s --embed-certs=false --certificate-authority=\/etc\/kubernetes\/pki\/ca.crt --server=\"https:\/\/10.0.0.231:6443\" --kubeconfig=.\/yinzhengjie-k8s-certs.conf \nCluster \"myk8s\" set.\n[root@worker233 ~]# \n[root@worker233 ~]# ll \/etc\/kubernetes\/pki\/ca.crt\n-rw-r--r-- 1 root root 1099 Apr 10 14:50 \/etc\/kubernetes\/pki\/ca.crt\n[root@worker233 ~]# \n[root@worker233 ~]# cat yinzhengjie-k8s-certs.conf \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority: \/etc\/kubernetes\/pki\/ca.crt   #\u8fd9\u662f--embed-certs=false\uff0ctrue\u5c31\u4f1a\u90fd\u663e\u793a\u51fa\u6765\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jiege\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDVENDQWZHZ0F3SUJBZ0lRUjlwUUVGR1VtaUJsekFEZVdjYk8rekFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEkxTURreU56QTNNelkwTVZvWERUSTFNRGt5T0RBMwpNelkwTVZvd0pERVNNQkFHQTFVRUNoTUpiMnhrWW05NVpXUjFNUTR3REFZRFZRUURFd1ZxYVdWblpUQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLZkZQaTV6bmE0Uy9DeGNNc0QzeGd5UmJjdHEKUnhERmw4dFZTK0lROGVmdGFseFBQeGV1aHFWTkZpbUVJR3VpcERXMW0zMFl6Nk96V1NyMVNPOVNJcVVTUVN4TgptWXhvV2pjbkFranZieTkrN2VkRSt6Yzc1Yy8ycFY1MlZwNjdwZlJIOVpPQ0xQTXJkc29MSlhVL2x3WDdrZ00wCjZwSGZJdHlLQ21nMlFTVlFZblNpUzNZRmNxdm5OUlZKZmRzK2gzNFZZWlJUdmhka1c2Tm9sZzZ2VFNoaHFESEYKWG02cGhySURTeVI3M25TV1R3d2FOOHBYb3d5VkZnSFpvbHZabUhrYkhjenllN1JQblVlRTJGWDZjNlBseG1meApKQzZyY1ZVbXB1VWFMem5xVEswTmlhNS92MFlEM0Rmc0pXUlBZZUM2ZjBVbFBPaDRWaC90cXg2L2JVc0NBd0VBCkFhTkdNRVF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUW1yWXltT2kzdk1HeVJCYy9JNmVWRFVySDBZREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBajRhVwpiMVBRM0lOSUZFeWVHMVNjbUdlNFBCRXFMbVZNNnZKdStMRGxVTEdKbllrOGNIdHRWZWJ2QXVLSXgrcWhOaDBDClh5ekkzSi9SYXIybGk2VDJrUC9TemV5bHF4dE51R1NUTnR2NGFUeHhESUJIRytpblVIMy9KcmxtaVl6RkhoT0oKV2d2WHZxdnVOcmdSK1JzWHZWN2N1dFl5Y2krNjZIcncvWjYxdWE1bEJ6TkszbEFyNFRIOUtOYXZDbEcwci9rZgppQ0F2cTE4V3QyR1NkUkNHRmlObWRnU0svbjY5djFzTnJDdGM3bE5OSUpqWEhVeGpjK0tzcWlZRHZpRnY5SXJnCkdYN1dPUE43eE5BamNpWFMvWWRVbzBUZ0ZhWmhBYzBjZlFUd1pzTGFTV0lXWmlRd0NBaWdILytXYm9hOW9ndWkKM2M4UjdueDB5d3ZvdkdvZ2ZBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ254VDR1YzUydUV2d3MKWERMQTk4WU1rVzNMYWtjUXhaZkxWVXZpRVBIbjdXcGNUejhYcm9hbFRSWXBoQ0Jyb3FRMXRadDlHTStqczFrcQo5VWp2VWlLbEVrRXNUWm1NYUZvM0p3Skk3Mjh2ZnUzblJQczNPK1hQOXFWZWRsYWV1NlgwUi9XVGdpenpLM2JLCkN5VjFQNWNGKzVJRE5PcVIzeUxjaWdwb05rRWxVR0owb2t0MkJYS3I1elVWU1gzYlBvZCtGV0dVVTc0WFpGdWoKYUpZT3IwMG9ZYWd4eFY1dXFZYXlBMHNrZTk1MGxrOE1HamZLVjZNTWxSWUIyYUpiMlpoNUd4M004bnUwVDUxSApoTmhWK25PajVjWm44U1F1cTNGVkpxYmxHaTg1Nmt5dERZbXVmNzlHQTl3MzdDVmtUMkhndW45RkpUem9lRllmCjdhc2V2MjFMQWdNQkFBRUNnZ0VBQTRLVng2SUZTVjJUVWhoSEVEdCszM0ljSjh2Y1JjWmtqbmdGT09zZGdlVTUKT3ZUYmZ6MkRDcXFxRFRTbHBhcmNTd0FNTmU5U3lpYlg5WlZMMjluNDZKYm1XZGR4SUNZVXhuVDErc2NBL3ErUQpxYXlMVEZTMVVseGppYTQvSjE0S0NGVGR3ZmdtR1p1dUJoSFA5dnZkY2Q0WmFDREV6RWdzc2d3MHBkNkdEcnp1CitLdWtyTW9aOVE0UmlFWkpWcXlIeUdjd1lSZFRPS2pFOXFoaGhrSHhSTkR3OWVGUTF0RGxlWlRaVFZSUmZLancKbndVWDR2bGd2NDM0eSs4WnUvaVNIVXZLK0l6VENVVzI4amNVanVGLzI5SE5STXo5dkNZaFIvbGVHTmJVR2laQwpWbVBJTkVvVlVMMDV1UmFKOUc0cTJ3U2trWTg5TWhmK2NoNVpnVFpaTlFLQmdRRFRHSWRTcERsMTlobWxFZ2ErCk10SnBZS09SUUNGdHhJcnhHK3RqeXlVNFpRcTdIbjBBb2pCQk9kUEIzUmpXZFFpdWQwZDFiYndDWkVCUTBOWVoKWTlDN3NOV2s3MnlPT1EyQVgxT2xUTGZZOGptSHBhZVhYNVlOOFhFYzJVQ2NRbjBScUpUNlJWSE5WK0F4TVIrQwpVZWVSSy9pbm1uS3lyaFlVYS9lSHYrK2ZmUUtCZ1FETGRXSFN2cXVrUHc0MUhqWDROSGs1Mmt5YmVKQzZEL01JCm5oUDBvRTQwKzY4M09yL3dmYlFmSXl6NXErZFFJYlBKV2lpZzdlLzV1aWEydFYrMEZYSU5vVHlkdkx1ZW5PRk0KVDdhejVpNDFnUW04UkJjYVJhSTB1Y0JLM3dZdEFBS0FZWFVlcVJKRExjd1VwRHZmV2ZPeC9YSnFZSVRuNC9lcwpZZUc3eFNicVp3S0JnR2FkZTlyT2ZpZzdrOGZNZFg2cjBlRHIyMWRXWjJtbXF5djl1SFZ3WVEyREFLNXBhYmFQCklRbjBCRjR2RGszaDRuQjlCejJzTkVLdFhSNXNCa2VkWC9COVM3MjdyWGVOZ0dTdzhrWmVmdGgxRjBZN1hyYVUKL3FxVWZibmFXakFibWhTbGNKWWdjRjF6cEVZRmJSMjZsdWpaQ1N6Z1JYVmFidDFLaHE5MHZCVTVBb0dBRUNHQwpXLzhhQksrckpMTDhmRzFNbnpXYmxVZjkwWUtxTmlpeVZGYlJYSW9IM2swZUlxY1V2Tk5CSVpwcmdJTHJpaTlICndWcWNDQ1NtSlI1RU5EYnZELzJVbkx6MTh5RmxDM1BXZkhUbmZQNTZFeDhpNWNaWGtlNllQRmRxV2U4Q1E4TjIKVWJQOTZxMmEzSmdZMXlCK25jSUdiRUN5eU4vZUp5Q3JrUU9VamtrQ2dZRUF5ckRKOUxaNms1QXlNTmVNVVZKagoyYzVwZlZPZ3JOL3BDUVFKdmY4SWFDVmJUS2dOZWRqUjIrb1YrVjliTSswUm9ScWFiYzQ4SG12NjBaQ3JqZDVKCkFmSHVIVTQ2aEU2Nlk2a2hHTStaMHUybnNZMUw4UWI0RXlmRVEzNFkzUklGZU53YzhneUJIZHlJYUFsNUdoVy8KY1NaU2JFenMyaWpiMXVSbVpvRkZrNW89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K\n[root@worker233 ~]# \n\n\t5 \u914d\u7f6e\u4e0a\u4e0b\u6587\n[root@worker233 ~]# kubectl config set-context jiege@myk8s --user=jiege --cluster=myk8s --kubeconfig=.\/yinzhengjie-k8s-certs.conf \nContext \"jiege@myk8s\" created.\n[root@worker233 ~]# \n[root@worker233 ~]# cat yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority: \/etc\/kubernetes\/pki\/ca.crt\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jiege\n  name: jiege@myk8s\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jiege\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDakNDQWZLZ0F3SUJBZ0lSQUtxMEY4YXlpUGlFMkdHUWtpYUN4ZWN3RFFZSktvWklodmNOQVFFTEJRQXcKRlRFVE1CRUdBMVVFQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBME1UUXdNalE0TWpoYUZ3MHlOVEEwTVRVdwpNalE0TWpoYU1DUXhFakFRQmdOVkJBb1RDVzlzWkdKdmVXVmtkVEVPTUF3R0ExVUVBeE1GYW1sbFoyVXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFRvc2doNmVpeU1CVklBNFVWaEpFSWllb0YKSmRxeGNNRDlCVVFLRGs2WUZCQ2xZUE9sd0xPek8xNU1vNk1OZXEwTGIrOFBhQWdMQml4ZERXTTR6TE1yQmxMQgpiL2x3SGkrV3Z5MnQvU1E4WU5MV09HYnhyUCtQVjJ3dUw4OWEyNHBwVk9teFFrdVExcC9XMFJHM3Zxd1RvVnd5ClRzTnlpa0VqZ0xLbXlLZWVVMWFNS3NldTV6TUNNajFYbldRNk5ZMHB3VzcxR0dxbnZ1MjF2VEpqMUllRTRmSjAKd29IMWNpL3ZsS0Y5bERvaUFPNkFJR2VRMEZPbGlNZWkwMHppVVY1aHVPQUZaOEt4eU1oVEZ6eWVjSkl6aFUwcwpLaDdZdWZ4NVR4YUx6ZmNjdk5mUHFMZDQwbmdtUjFlMjQ0aitCclVJcGVDMkVYMHcwV3pBYTdHdjBWWTlBZ01CCkFBR2pSakJFTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGoKQkJnd0ZvQVVFV1RuTDZYZDBUVWVZN0owZ1hhWDBMVHorYzR3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURVbQpSVzRoRm83cjlreEszK1FuaENQL0lzVjNGZXltQkN5WUdUWVJoUlJOTCtEQldadlhTTUxuSkppNXRsZkFNSmNtCnY2MWN4MDY0cDRXM25TSG1aU04rODUySUR1alBwWjRXeTJ1VmIwVXR6MUtkM1RBVmJTNGdWTnVRMEgvaGs1aXEKSm9Zelh0WjdiQU4xSEgyQ3RjMUlpSGlNYzBHV1djcUtQQWtzZmNrTjR2Z2lYUDNZVTRFS1lJdXBtVWV4czBLbApoRXVHNUp3aGtLVStYWFZqNm1CWDdrNnBIT3Z3SG5lNEJDRW1sT2lIYnRXU3ZPd2poUTB1ZEJ6OEFKUWYxYVJjCkkyMW5oK2dCekpDdk5oOUpLVXpkemVMSFpld0g2dzB1YndJdEUvWDV3S3l6UmNwMUpweGZoZm1TZW00elRKbnMKS2JnV3pOUzYvUHp0ak90NWV4az0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFRvc2doNmVpeU1CVkkKQTRVVmhKRUlpZW9GSmRxeGNNRDlCVVFLRGs2WUZCQ2xZUE9sd0xPek8xNU1vNk1OZXEwTGIrOFBhQWdMQml4ZApEV000ekxNckJsTEJiL2x3SGkrV3Z5MnQvU1E4WU5MV09HYnhyUCtQVjJ3dUw4OWEyNHBwVk9teFFrdVExcC9XCjBSRzN2cXdUb1Z3eVRzTnlpa0VqZ0xLbXlLZWVVMWFNS3NldTV6TUNNajFYbldRNk5ZMHB3VzcxR0dxbnZ1MjEKdlRKajFJZUU0Zkowd29IMWNpL3ZsS0Y5bERvaUFPNkFJR2VRMEZPbGlNZWkwMHppVVY1aHVPQUZaOEt4eU1oVApGenllY0pJemhVMHNLaDdZdWZ4NVR4YUx6ZmNjdk5mUHFMZDQwbmdtUjFlMjQ0aitCclVJcGVDMkVYMHcwV3pBCmE3R3YwVlk5QWdNQkFBRUNnZ0VBTnI0TWRubENyNVN3YklnOGpHeFY5NWQwNlEvNW1aeEl6eW5saDVSYjBBcWcKbzZhSVgzK1ErL09IV051YStZbVo2VE55NnRGR0ExUDlkYlJZemdCazkrUVMwK1phNXgxbndkNkJ1bGVZWCtYTApvNDNEVXhBa3FyYzZURmdoa3FibkRvZmdTdkdUQ2t2NTNGOEg3amRyMjBnSnlSbUdoTUl1UnppcS9XazVza0h6CjFWQzRvdWl1Qk1yTStzcXhOWVNmYnJGK3pXV3R1QW05RzBkejVWRzdKSGRIOUEyMHFCeW5uNkF2VU5zempvdm8KYk9jVDVMenc5eGtOKzRjNnlXd3JWdzRRb3hCUWdUVi9Cd0l3bjlqZnB2eXRqaGp4bW9kVEoxcEJZT0ZMb0Q3WQp1YlVoVHdtL1Q1SmZXT0wyR09nZjNOempYeFlVS056WmhvMXJVMVEzSVFLQmdRRHVoV3NwQmdRY2dGZU9OWEhBCjdBQ1MrQldvWFZTeU1TMWdodUF1cFZmakVWL2ZHa3kvOVMyYkZMUVhPaFMrSCtuZUNlZHdUVzZKVC9rNitxYVkKbkVqaGpMenJsTWY3YUt1QkdFUnpZTmc0S2pUekdlOFViaURRRFE2MlRtMDk1eVhVN0lTSjJnS1Vad0RWY0ROUApVR3lBOWFEMHF4aGp1WkJOVFpwaG94MzhId0tCZ1FEakpRRGpscC9uRVFEMFpScm56WFJVSmc4ZTdFUGF6dVBlCkRSYUlrSjFCSzlTRjlBd0pid2hNNkVwRUxWbjNWSnpSZ2JVSENDdnhhbzB0WTFxaldaN1RocTFQb3I4aXQ1RUQKSlE4VG9UMzkrdDgwR0N4T1lZWC8zUUlHcThKa1lGSGtiekhJek9wK1B0UEJESXNIMkdXRWxKUVVrMWo1bG1pWAptdEorRVV4aUl3S0JnUUMwb2FkZ251UzRMTjJobllteS8wY0VCZ3Bvd1oxbGdPYUxaamthT2k4UGo5WFo0RkhsClFTaXplLzlTWTdMWHROVm9TSG5UeTEvOWJ1b2dwemRJOVhvZ0RYUDR1R2ltVlVNa2RadEpBVHRkZFdFNkJSYlEKa3dJWWJQc0tSdVJsNzhudnNOcENoeTVTOHBwb0NSdGlZbFo1Wndyb256WE9OL1kzQktENGRnNDhJd0tCZ0NzMwpYaHp2Q290WEE5eDc1QXVZWG5xb0p4WldFMjd0RUJPdVg4d3AzNUdIdWs2bUtTZ2VWUEQwL1RSTmdLRjdHcjhOCnM1aWI2R2h0UW1FUlZ5eGZIOFhWQ09KdTczaTJma09mNkdkdXRURythbnNwNGp3amQvQS9aMlJIaDV1N2E3bFAKb3FRMndLSzJaMm1DYm0xV3NiSHc1dCtuVFRWbmRZenFxd1BMWE1JTEFvR0FMK21ldGNiejlSSFN1d0NUTW5lRQo0dFFxanBqM3o1OUQwWFR0dytiRG4vYnRBalF1VHJqa2k2Ums2a0E2bG1YYXRKQ2Z3WnVNdTd5L0MyUThUS1hjCjVWcUt1cGNhdnpHTWkzeVJrcmlmSEhpb2V1NGpXNlQyYk1XcDRuUTRoV050cEx1blF5aXNCeGpOZEMzZzBONmEKb2M4eXBOL3ZUVHFGdVB6Q3l2VmxUWEU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K\n[root@worker233 ~]# \n\n\n\t6.\u67e5\u770b\u4e0a\u4e0b\u6587\u5217\u8868\n[root@worker233 ~]# kubectl config get-contexts --kubeconfig=.\/yinzhengjie-k8s-certs.conf  \nCURRENT   NAME          CLUSTER   AUTHINFO   NAMESPACE\n          jiege@myk8s   myk8s     jiege      \n[root@worker233 ~]# \n\n\n\t7.\u67e5\u770bkubeconfig\u4fe1\u606f\n[root@worker233 ~]# kubectl --kubeconfig=.\/yinzhengjie-k8s-certs.conf  config view\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority: \/etc\/kubernetes\/pki\/ca.crt\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jiege\n  name: jiege@myk8s\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers:\n- name: jiege\n  user:\n    client-certificate-data: REDACTED\n    client-key-data: REDACTED\n[root@worker233 ~]# \n\n\t\t\n\t8.\u5ba2\u6237\u7aef\u6d4b\u8bd5\u9a8c\u8bc1 \n[root@worker233 ~]# kubectl get pods --kubeconfig=.\/yinzhengjie-k8s-certs.conf\n#\u6ca1\u6709\u4e0a\u4e0b\u6587,\u4e0d\u77e5\u9053\u7528\u8c01-->localhost:8080\nThe connection to the server localhost:8080 was refused - did you specify the right host or port?\n[root@worker233 ~]# \n[root@worker233 ~]# kubectl get pods --kubeconfig=.\/yinzhengjie-k8s-certs.conf  --context=jiege@myk8s\nError from server (Forbidden): pods is forbidden: User \"jiege\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker233 ~]# \n\n\t9.\u914d\u7f6e\u9ed8\u8ba4\u4e0a\u4e0b\u6587\n[root@worker233 ~]# kubectl config use-context jiege@myk8s --kubeconfig=.\/yinzhengjie-k8s-certs.conf  \nSwitched to context \"jiege@myk8s\".\n[root@worker233 ~]# \n[root@worker233 ~]# cat yinzhengjie-k8s-certs.conf  \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority: \/etc\/kubernetes\/pki\/ca.crt\n    server: https:\/\/10.0.0.231:6443\n  name: myk8s\ncontexts:\n- context:\n    cluster: myk8s\n    user: jiege\n  name: jiege@myk8s\ncurrent-context: jiege@myk8s\nkind: Config\npreferences: {}\nusers:\n- name: jiege\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDakNDQWZLZ0F3SUJBZ0lSQUtxMEY4YXlpUGlFMkdHUWtpYUN4ZWN3RFFZSktvWklodmNOQVFFTEJRQXcKRlRFVE1CRUdBMVVFQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBME1UUXdNalE0TWpoYUZ3MHlOVEEwTVRVdwpNalE0TWpoYU1DUXhFakFRQmdOVkJBb1RDVzlzWkdKdmVXVmtkVEVPTUF3R0ExVUVBeE1GYW1sbFoyVXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFRvc2doNmVpeU1CVklBNFVWaEpFSWllb0YKSmRxeGNNRDlCVVFLRGs2WUZCQ2xZUE9sd0xPek8xNU1vNk1OZXEwTGIrOFBhQWdMQml4ZERXTTR6TE1yQmxMQgpiL2x3SGkrV3Z5MnQvU1E4WU5MV09HYnhyUCtQVjJ3dUw4OWEyNHBwVk9teFFrdVExcC9XMFJHM3Zxd1RvVnd5ClRzTnlpa0VqZ0xLbXlLZWVVMWFNS3NldTV6TUNNajFYbldRNk5ZMHB3VzcxR0dxbnZ1MjF2VEpqMUllRTRmSjAKd29IMWNpL3ZsS0Y5bERvaUFPNkFJR2VRMEZPbGlNZWkwMHppVVY1aHVPQUZaOEt4eU1oVEZ6eWVjSkl6aFUwcwpLaDdZdWZ4NVR4YUx6ZmNjdk5mUHFMZDQwbmdtUjFlMjQ0aitCclVJcGVDMkVYMHcwV3pBYTdHdjBWWTlBZ01CCkFBR2pSakJFTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGoKQkJnd0ZvQVVFV1RuTDZYZDBUVWVZN0owZ1hhWDBMVHorYzR3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURVbQpSVzRoRm83cjlreEszK1FuaENQL0lzVjNGZXltQkN5WUdUWVJoUlJOTCtEQldadlhTTUxuSkppNXRsZkFNSmNtCnY2MWN4MDY0cDRXM25TSG1aU04rODUySUR1alBwWjRXeTJ1VmIwVXR6MUtkM1RBVmJTNGdWTnVRMEgvaGs1aXEKSm9Zelh0WjdiQU4xSEgyQ3RjMUlpSGlNYzBHV1djcUtQQWtzZmNrTjR2Z2lYUDNZVTRFS1lJdXBtVWV4czBLbApoRXVHNUp3aGtLVStYWFZqNm1CWDdrNnBIT3Z3SG5lNEJDRW1sT2lIYnRXU3ZPd2poUTB1ZEJ6OEFKUWYxYVJjCkkyMW5oK2dCekpDdk5oOUpLVXpkemVMSFpld0g2dzB1YndJdEUvWDV3S3l6UmNwMUpweGZoZm1TZW00elRKbnMKS2JnV3pOUzYvUHp0ak90NWV4az0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFRvc2doNmVpeU1CVkkKQTRVVmhKRUlpZW9GSmRxeGNNRDlCVVFLRGs2WUZCQ2xZUE9sd0xPek8xNU1vNk1OZXEwTGIrOFBhQWdMQml4ZApEV000ekxNckJsTEJiL2x3SGkrV3Z5MnQvU1E4WU5MV09HYnhyUCtQVjJ3dUw4OWEyNHBwVk9teFFrdVExcC9XCjBSRzN2cXdUb1Z3eVRzTnlpa0VqZ0xLbXlLZWVVMWFNS3NldTV6TUNNajFYbldRNk5ZMHB3VzcxR0dxbnZ1MjEKdlRKajFJZUU0Zkowd29IMWNpL3ZsS0Y5bERvaUFPNkFJR2VRMEZPbGlNZWkwMHppVVY1aHVPQUZaOEt4eU1oVApGenllY0pJemhVMHNLaDdZdWZ4NVR4YUx6ZmNjdk5mUHFMZDQwbmdtUjFlMjQ0aitCclVJcGVDMkVYMHcwV3pBCmE3R3YwVlk5QWdNQkFBRUNnZ0VBTnI0TWRubENyNVN3YklnOGpHeFY5NWQwNlEvNW1aeEl6eW5saDVSYjBBcWcKbzZhSVgzK1ErL09IV051YStZbVo2VE55NnRGR0ExUDlkYlJZemdCazkrUVMwK1phNXgxbndkNkJ1bGVZWCtYTApvNDNEVXhBa3FyYzZURmdoa3FibkRvZmdTdkdUQ2t2NTNGOEg3amRyMjBnSnlSbUdoTUl1UnppcS9XazVza0h6CjFWQzRvdWl1Qk1yTStzcXhOWVNmYnJGK3pXV3R1QW05RzBkejVWRzdKSGRIOUEyMHFCeW5uNkF2VU5zempvdm8KYk9jVDVMenc5eGtOKzRjNnlXd3JWdzRRb3hCUWdUVi9Cd0l3bjlqZnB2eXRqaGp4bW9kVEoxcEJZT0ZMb0Q3WQp1YlVoVHdtL1Q1SmZXT0wyR09nZjNOempYeFlVS056WmhvMXJVMVEzSVFLQmdRRHVoV3NwQmdRY2dGZU9OWEhBCjdBQ1MrQldvWFZTeU1TMWdodUF1cFZmakVWL2ZHa3kvOVMyYkZMUVhPaFMrSCtuZUNlZHdUVzZKVC9rNitxYVkKbkVqaGpMenJsTWY3YUt1QkdFUnpZTmc0S2pUekdlOFViaURRRFE2MlRtMDk1eVhVN0lTSjJnS1Vad0RWY0ROUApVR3lBOWFEMHF4aGp1WkJOVFpwaG94MzhId0tCZ1FEakpRRGpscC9uRVFEMFpScm56WFJVSmc4ZTdFUGF6dVBlCkRSYUlrSjFCSzlTRjlBd0pid2hNNkVwRUxWbjNWSnpSZ2JVSENDdnhhbzB0WTFxaldaN1RocTFQb3I4aXQ1RUQKSlE4VG9UMzkrdDgwR0N4T1lZWC8zUUlHcThKa1lGSGtiekhJek9wK1B0UEJESXNIMkdXRWxKUVVrMWo1bG1pWAptdEorRVV4aUl3S0JnUUMwb2FkZ251UzRMTjJobllteS8wY0VCZ3Bvd1oxbGdPYUxaamthT2k4UGo5WFo0RkhsClFTaXplLzlTWTdMWHROVm9TSG5UeTEvOWJ1b2dwemRJOVhvZ0RYUDR1R2ltVlVNa2RadEpBVHRkZFdFNkJSYlEKa3dJWWJQc0tSdVJsNzhudnNOcENoeTVTOHBwb0NSdGlZbFo1Wndyb256WE9OL1kzQktENGRnNDhJd0tCZ0NzMwpYaHp2Q290WEE5eDc1QXVZWG5xb0p4WldFMjd0RUJPdVg4d3AzNUdIdWs2bUtTZ2VWUEQwL1RSTmdLRjdHcjhOCnM1aWI2R2h0UW1FUlZ5eGZIOFhWQ09KdTczaTJma09mNkdkdXRURythbnNwNGp3amQvQS9aMlJIaDV1N2E3bFAKb3FRMndLSzJaMm1DYm0xV3NiSHc1dCtuVFRWbmRZenFxd1BMWE1JTEFvR0FMK21ldGNiejlSSFN1d0NUTW5lRQo0dFFxanBqM3o1OUQwWFR0dytiRG4vYnRBalF1VHJqa2k2Ums2a0E2bG1YYXRKQ2Z3WnVNdTd5L0MyUThUS1hjCjVWcUt1cGNhdnpHTWkzeVJrcmlmSEhpb2V1NGpXNlQyYk1XcDRuUTRoV050cEx1blF5aXNCeGpOZEMzZzBONmEKb2M4eXBOL3ZUVHFGdVB6Q3l2VmxUWEU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K\n[root@worker233 ~]# \n\n\t\n\t10.\u518d\u6b21\u6d4b\u8bd5\n[root@worker233 ~]# kubectl config current-context --kubeconfig=.\/yinzhengjie-k8s-certs.conf \njiege@myk8s\n[root@worker233 ~]# \n[root@worker233 ~]# kubectl config get-contexts --kubeconfig=.\/yinzhengjie-k8s-certs.conf \nCURRENT   NAME          CLUSTER   AUTHINFO   NAMESPACE\n*         jiege@myk8s   myk8s     jiege      \n[root@worker233 ~]# \n[root@worker233 ~]# kubectl get pods --kubeconfig=.\/yinzhengjie-k8s-certs.conf  \nError from server (Forbidden): pods is forbidden: User \"jiege\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker233 ~]# \n\n\t11.\u914d\u7f6eKUBECONFIG\u73af\u5883\u53d8\u91cf \n[root@worker233 ~]# export KUBECONFIG=\/root\/yinzhengjie-k8s-certs.conf \n[root@worker233 ~]# \n[root@worker233 ~]# kubectl get pods\nError from server (Forbidden): pods is forbidden: User \"jiege\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n[root@worker233 ~]# <\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
1.1kubeconfig\u6982\u8ff0 1.2kubeconfig\u7684\u7ec4\u6210\u90e8\u5206\u9a8c\u8bc1 1.3\u4e3a\u9759\u6001\u4ee4\u724c\u8ba4\u8bc1token\u7528\u6237\u751f […]<\/p>\n","protected":false},"author":1,"featured_media":111,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-110","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":1,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":112,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions\/112"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=\/wp\/v2\/media\/111"}],"wp:attachment":[{"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xueyaa.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}