如何使用 kubectl 正确访问多个 kubernetes 集群
How to properly access multiple kubernetes cluster using kubectl
我有两个集群,配置文件存储在 .kube 中。我正在导出 KUBECONFIG 如下
export KUBECONFIG=/home/vagrant/.kube/config-cluster1:/home/vagrant/.kube/config-cluster2
检查上下文
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster-1 cluster-1 kubernetes-admin
cluster-2 cluster-2 kubernetes-admin
但是当我选择 cluster-2 作为我当前的上下文时,我得到了一个错误
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster-1 cluster-1 kubernetes-admin
cluster-2 cluster-2 kubernetes-admin
kubectl config use-context cluster-2
Switched to context "cluster-2".
kubectl get pods -A
error: You must be logged in to the server (Unauthorized)
如果我只导出 cluster-2 的配置并尝试 运行 kubectl 它工作正常。
我的问题是我是否正确导出了配置文件,还是应该做更多的事情。
您需要使用各自的凭据为每个集群分隔 AUTHINFO(配置文件中的 context.user)。
例如:
apiVersion: v1
clusters:
- cluster:
server: https://192.168.10.190:6443
name: cluster-1
- cluster:
server: https://192.168.99.101:8443
name: cluster-2
contexts:
- context:
cluster: cluster-1
user: kubernetes-admin-1
name: cluster-1
- context:
cluster: cluster-2
user: kubernetes-admin-2
name: cluster-2
kind: Config
preferences: {}
users:
- name: kubernetes-admin-1
user:
client-certificate: /home/user/.minikube/credential-for-cluster-1.crt
client-key: /home/user/.minikube/credential-for-cluster-1.key
- name: kubernetes-admin-2
user:
client-certificate: /home/user/.minikube/credential-for-cluster-2.crt
client-key: /home/user/.minikube/credential-for-cluster-2.key
您可以在以下文章中找到更多有用的提示:
Using different kubectl versions with multiple Kubernetes clusters:
When you are working with multiple Kubernetes clusters, it’s easy to
mess up with contexts and run kubectl in the wrong cluster. Beyond
that, Kubernetes has restrictions for versioning mismatch between the
client (kubectl) and server (kubernetes master), so running commands
in the right context does not mean running the right client version.
要克服这个问题:
- 使用
asdf管理多个kubectl版本
- Set the
KUBECONFIG 在多个 kubeconfig 文件之间切换的环境变量
- 使用
kube-ps1 跟踪您当前的 context/namespace
- 使用
kubectx and kubens在clusters/namespaces 之间快速变化
- 使用别名将它们组合在一起
我还推荐以下读物:
- Mastering the KUBECONFIG file 作者:Ahmet Alp Balkan(Google 工程师)
- How Zalando Manages 140+ Kubernetes Clusters 作者:Henning Jacobs (Zalando Tech)
我有两个集群,配置文件存储在 .kube 中。我正在导出 KUBECONFIG 如下
export KUBECONFIG=/home/vagrant/.kube/config-cluster1:/home/vagrant/.kube/config-cluster2
检查上下文
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster-1 cluster-1 kubernetes-admin
cluster-2 cluster-2 kubernetes-admin
但是当我选择 cluster-2 作为我当前的上下文时,我得到了一个错误
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster-1 cluster-1 kubernetes-admin
cluster-2 cluster-2 kubernetes-admin
kubectl config use-context cluster-2
Switched to context "cluster-2".
kubectl get pods -A
error: You must be logged in to the server (Unauthorized)
如果我只导出 cluster-2 的配置并尝试 运行 kubectl 它工作正常。
我的问题是我是否正确导出了配置文件,还是应该做更多的事情。
您需要使用各自的凭据为每个集群分隔 AUTHINFO(配置文件中的 context.user)。
例如:
apiVersion: v1
clusters:
- cluster:
server: https://192.168.10.190:6443
name: cluster-1
- cluster:
server: https://192.168.99.101:8443
name: cluster-2
contexts:
- context:
cluster: cluster-1
user: kubernetes-admin-1
name: cluster-1
- context:
cluster: cluster-2
user: kubernetes-admin-2
name: cluster-2
kind: Config
preferences: {}
users:
- name: kubernetes-admin-1
user:
client-certificate: /home/user/.minikube/credential-for-cluster-1.crt
client-key: /home/user/.minikube/credential-for-cluster-1.key
- name: kubernetes-admin-2
user:
client-certificate: /home/user/.minikube/credential-for-cluster-2.crt
client-key: /home/user/.minikube/credential-for-cluster-2.key
您可以在以下文章中找到更多有用的提示:
Using different kubectl versions with multiple Kubernetes clusters:
When you are working with multiple Kubernetes clusters, it’s easy to mess up with contexts and run
kubectlin the wrong cluster. Beyond that, Kubernetes has restrictions for versioning mismatch between the client (kubectl) and server (kubernetes master), so running commands in the right context does not mean running the right client version.
要克服这个问题:
- 使用
asdf管理多个kubectl版本 - Set the
KUBECONFIG在多个kubeconfig文件之间切换的环境变量 - 使用
kube-ps1跟踪您当前的 context/namespace - 使用
kubectxandkubens在clusters/namespaces 之间快速变化
- 使用别名将它们组合在一起
我还推荐以下读物:
- Mastering the KUBECONFIG file 作者:Ahmet Alp Balkan(Google 工程师)
- How Zalando Manages 140+ Kubernetes Clusters 作者:Henning Jacobs (Zalando Tech)