HelloWood

Kubernetes 配置 kubeconfig 访问多个集群

2018-10-23

Kubernetes 配置 kubeconfig 访问多个集群

如果有多个不同的集群,需要切换访问,就需要配置多个 Kubernetes 账号和 Context;集群的 KubeConfig 文件一般为~/.kube/config,默认只能访问一个集群,如果需要访问多个集群就需要修改这个文件

可以参考文档 https://kubernetes.io/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters/配置,但是这个文档描述不够直接简单,可以参考以下内容直接修改

假设现在有两个集群,一个是本地的 docker-for-desktop-cluster,另一个是部署在测试环境的 kubernetes ,本地只有 docker-for-desktop-cluster的配置

根据官方文档合并后的 Demo,其实是将两个 Config 文件的相同类型的字段直接合并了,所以直接将相同的字段的其他集群的配置内容复制到当前的配置中即可,如:将kubernetescluster 的配置直接复制到当前配置中:

  • 测试环境 cluster 配置
1
2
3
4
5
- cluster:
    certificate-authority-data: CERTIFICATE_AUTHORITY_DATA 
    server: https://192.168.111.129:6443
  name: kubernetes

  • 本地集群 cluster 配置
1
2
3
4
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
  • 合并后
1
2
3
4
5
6
7
8
9
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
- cluster:
    certificate-authority-data: CERTIFICATE_AUTHORITY_DATA
    server: https://192.168.111.129:6443
  name: kubernetes
  • 合并完成后更新配置
1
export KUBECONFIG=~/.kube/config
  • 查看合并后的 kubeconfig 
1
kubectl config view
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
- cluster:
    certificate-authority-data: REDACTED
    server: https://192.168.111.129:6443
  name: kubernetes
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
  • 查看集群 
1
kubectl config get-contexts
1
2
3
CURRENT   NAME                          CLUSTER                      AUTHINFO             NAMESPACE
          docker-for-desktop            docker-for-desktop-cluster   docker-for-desktop
*         kubernetes-admin@kubernetes   kubernetes                   kubernetes-admin
  • 切换集群
1
2
kubectl config use-context docker-for-desktop
kubectl config use-context kubernetes-admin@kubernetes
  • 如果想限制用户的 Namespace,可以在 context 中加入namespaces 配置
1
2
3
4
5
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
    namespace: default
  name: docker-for-desktop
  • 本地docker-for-desktop-cluster 的配置 (~/.kube/config)内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
current-context: docker-for-desktop
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: CLIENT_CERTIFICATE_DATA
    client-key-data: CLIENT_KEY_DATA
  • 测试环境 kubernetes 的 配置(~/.kube/config)内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: CERTIFICATE_AUTHORITY_DATA 
    server: https://192.168.111.129:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: CLIENT_CERTIFICATE_DATA
    client-key-data: CLIENT_KEY_DATA
  • 合并后
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
- cluster:
    certificate-authority-data: CERTIFICATE_AUTHORITY_DATA
    server: https://192.168.111.129:6443
  name: kubernetes
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: CLIENT_CERTIFICATE_DATA
    client-key-data: CLIENT_KEY_DATA
- name: kubernetes-admin
  user:
    client-certificate-data: CLIENT_CERTIFICATE_DATA
    client-key-data: CLIENT_KEY_DATA
Tags: Kubernetes
Kubernetes 中部署 SpringBoot 应用 SpringBoot 中 Spring Security 403 自定义返回消息