为 docker 桌面包含的独立 k8s 服务器集群创建新上下文时如何进行身份验证
[英]How to do authentication when create new context for the cluster of standalone k8s server which docker desktop includes
问题描述
I am using the standalone Kubernetes server and client that docker desktop includes.
我正在使用docker desktop 包含的独立Kubernetes服务器和客户端。
I created two namespaces for k8s named: development and production .我为 k8s 创建了两个命名空间: development和production 。
☁ kubernetes-labs [master] ⚡ k get namespace
NAME STATUS AGE
default Active 3d22h
development Active 2d23h
kube-node-lease Active 3d23h
kube-public Active 3d23h
kube-system Active 3d23h
production Active 5m1s
Then, set a new cluster named kubernetes-labs :然后,设置一个名为kubernetes-labs的新集群:
☁ kubernetes-labs [master] ⚡ k config set-cluster kubernetes-labs --server=https://kubernetes.docker.internal:6443
Cluster "kubernetes-labs" set.
As you can see, the new cluster's server point to https://kubernetes.docker.internal:6443 which is used by the standalone Kubernetes server.如您所见,新集群的服务器指向独立 Kubernetes 服务器使用的https://kubernetes.docker.internal:6443 。
Next, created two contexts:接下来,创建了两个上下文:
☁ kubernetes-labs [master] ⚡ kubectl config set-context kubernetes-labs-dev --cluster=kubernetes-labs --namespace=development --user=dev
Context "kubernetes-labs-dev" modified.
☁ kubernetes-labs [master] ⚡ kubectl config set-context kubernetes-labs-prod --cluster=kubernetes-labs --namespace=production --user=prod
Context "kubernetes-labs-prod" created.
Switch to kubernetes-labs-dev context:切换到kubernetes-labs-dev上下文:
☁ kubernetes-labs [master] ⚡ k config use-context kubernetes-labs-dev
Switched to context "kubernetes-labs-dev".
Now, when I try to get pods from the current namespace:现在,当我尝试从当前命名空间获取 pod 时:
☁ kubernetes-labs [master] ⚡ k get pods
Please enter Username: dev
Please enter Password:
Need an authentication, I don't know what username and password should be entered.需要认证,我不知道应该输入什么username和password 。
Besides, when I try to view the config used by the current context, got an error.此外,当我尝试查看当前上下文使用的配置时,出现错误。
☁ kubernetes-labs [master] ⚡ k config view --minify=true
error: cannot locate user dev
1 个解决方案
解决方案1
1 2020-11-02 10:08:32
In order to make it work you need to Configure Access to Multiple Clusters :为了使其工作,您需要配置对多个集群的访问:
This page shows how to configure access to multiple clusters by using configuration files.
You need to make sure that your configuration file is correct.您需要确保您的配置文件是正确的。 A configuration file describes clusters, users, and contexts.配置文件描述集群、用户和上下文。 Than, you can add users details to your configuration file, for example:然后,您可以将用户详细信息添加到您的配置文件中,例如:
kubectl config --kubeconfig=config-demo set-credentials developer --client-certificate=fake-cert-file --client-key=fake-key-seefile
kubectl config --kubeconfig=config-demo set-credentials experimenter --username=exp --password=some-password
The same can be done with contexts, for example:上下文也可以这样做,例如:
kubectl config --kubeconfig=config-demo set-context dev-frontend --cluster=development --namespace=frontend --user=developer
kubectl config --kubeconfig=config-demo set-context dev-storage --cluster=development --namespace=storage --user=developer
kubectl config --kubeconfig=config-demo set-context exp-scratch --cluster=scratch --namespace=default --user=experimenter
and clusters, for example:和集群,例如:
kubectl config --kubeconfig=config-demo set-cluster development --server=https://1.2.3.4 --certificate-authority=fake-ca-file
kubectl config --kubeconfig=config-demo set-cluster scratch --server=https://5.6.7.8 --insecure-skip-tls-verify
Bear in mind that you need to set the proper pathnames of the certificate files in your environment for your configuration file to work properly.请记住,您需要在您的环境中设置证书文件的正确路径名,以使您的配置文件正常工作。
Also, remember that:另外,请记住:
Each context is a triple (cluster, user, namespace).
You can find more details and examples in the linked documentation.您可以在链接的文档中找到更多详细信息和示例。 The step by step guide will make it easier for you to setup properly.分步指南将使您更容易正确设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.