将群集添加到联合 - 带证书的apiserver身份验证

时间:2018-04-18 12:41:13

标签: kubernetes

我将联邦控制平面部署到主机群集,这是主机群集的kubeconfig:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/ssl/ca.pem
    server: https://k8s-apiserver.bcmt.cluster.local:8443
  name: bcmt-kubernetes
- cluster:
    certificate-authority-data: REDACTED
    server: https://172.16.1.4:32471
  name: federation
contexts:
- context:
    cluster: bcmt-kubernetes
    namespace: default
    user: kubectl
  name: default-context
- context:
    cluster: federation
    user: federation
  name: federation
- context:
    cluster: bcmt-kubernetes
    namespace: kube-system
    user: kubectl
  name: kube-system-context
current-context: default-context
kind: Config
preferences: {}
users:
- name: federation
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    token: e7506989-42eb-11e8-bf70-fa163eb593a3
- name: federation-basic-auth
  user:
    password: e7506937-42eb-11e8-bf70-fa163eb593a3
    username: admin
- name: kubectl
  user:
    client-certificate: /etc/kubernetes/ssl/kubectl.pem
    client-key: /etc/kubernetes/ssl/kubectl-key.pem

现在我尝试将群集加入联盟,低于此群集的配置:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/ssl/ca.pem
    server: https://k8s-apiserver.bcmt.cluster.local:8443
  name: bcmt-kubernetes
contexts:
- context:
    cluster: bcmt-kubernetes
    namespace: default
    user: kubectl
  name: default-context
- context:
    cluster: bcmt-kubernetes
    namespace: kube-system
    user: kubectl
  name: kube-system-context
current-context: default-context
kind: Config
preferences: {}
users:
- name: kubectl
  user:
    client-certificate: /etc/kubernetes/ssl/kubectl.pem
    client-key: /etc/kubernetes/ssl/kubectl-key.pem

正如您所看到的,对api服务器的访问是使用证书完成的,以便将此群集加入到联合中;我的意思是,我应该公开我加入的群集的apiserver以及主机群集将如何使用证书以便到达加入群集的apiserver? 任何提示请该怎么做!

0 个答案:

没有答案
相关问题
最新问题