集群导入

Bearer Token

获取 apiserver 地址

cat ~/.kube/config | grep server: | awk ‘{print $2}’

  • 注意: 如果 server IP 为 127.0.0.1,需要将 IP 替换为集群 master 节点 IP

获取 Token

默认

KubeOperator 部署的 Kubernetes 集群,可在集群任意节点上执行如下命令

  1. kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ko-admin | awk '{print $1}') | grep token: | awk '{print $2}'

Kubectl 方式部署的 KubePi 服务,在集群任意节点上执行如下命令

  1. kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubepi-user | awk '{print $1}') | grep token: | awk '{print $2}'

自定义

创建 Service Account

  1. cat <<EOF > kubepi-serviceaccount.yaml
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5.   name: kubepi-user
  6.   namespace: kube-system
  7. EOF
  1. kubectl create -f ./kubepi-serviceaccount.yaml

创建 ClusterRoleBinding

  1. cat <<EOF > kubepi-clusterrolebinding.yaml
  2. apiVersion: rbac.authorization.k8s.io/v1
  3. kind: ClusterRoleBinding
  4. metadata:
  5.   name: kubepi-user
  6. roleRef:
  7.   apiGroup: rbac.authorization.k8s.io
  8.   kind: ClusterRole
  9.   name: cluster-admin
  10. subjects:
  11.   - kind: ServiceAccount
  12.     name: kubepi-user
  13.     namespace: kube-system
  14. EOF
  1. kubectl create -f ./kubepi-clusterrolebinding.yaml

获取 Token

  1. kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubepi-user | awk '{print $1}') | grep token: | awk '{print $2}'

cluster-import-token

kubeconfig 文件

将任意集群节点 kubeconfig 文件拷贝到本机后导入(默认路径为: ~/.kube/config)

  • 注意: 如果 server IP 为 127.0.0.1,需要将 IP 替换为集群 master 节点 IP

cluster-import-kubeconfig

证书

cluster-import-certificate