1、部署kubectl 命令行工具
准备二进制包
[root@k8smaster ~]# cd /usr/local/src/kubernetes/client/bin
[root@k8smaster bin]# cp kubectl /opt/kubernetes/bin/

2、创建 admin 证书签名请求
[root@k8smaster bin]# cd /usr/local/src/ssl/
[root@k8smaster ssl]# vim admin-csr.json

{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}

3、生成 admin 证书和私钥:
[root@k8smaster ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes admin-csr.json | cfssljson -bare admin

2018/06/12 20:13:11 [INFO] generate received request
2018/06/12 20:13:11 [INFO] received CSR
2018/06/12 20:13:11 [INFO] generating key: rsa-2048
2018/06/12 20:13:12 [INFO] encoded CSR
2018/06/12 20:13:12 [INFO] signed certificate with serial number 165814787638355531945310975608531058629796019352
2018/06/12 20:13:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

[root@k8smaster ssl]# mv admin*.pem /opt/kubernetes/ssl/

4、设置集群参数
[root@k8smaster ~]# kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://192.168.137.171:6443
Cluster "kubernetes" set.

5、设置客户端认证参数
[root@k8smaster ~]# kubectl config set-credentials admin \
--client-certificate=/opt/kubernetes/ssl/admin.pem \
--embed-certs=true \
--client-key=/opt/kubernetes/ssl/admin-key.pem
User "admin" set.

6、 设置上下文参数
[root@k8smaster ~]# kubectl config set-context kubernetes \
--cluster=kubernetes \
--user=admin
Context "kubernetes" created.

7、 设置默认上下文
[root@k8smaster ~]# kubectl config use-context kubernetes
Switched to context "kubernetes".

8、 使用kubectl工具
[root@k8smaster ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
controller-manager Healthy ok
etcd-1 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}

[root@k8smaster ~]# cat .kube/config
apiVersion: v1
clusters:

  • cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVSDVEQ05wSU5DNGVNckJCK2RLMXUrZC9uVnB3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURZeE1qQTVNVEV3TUZvWERUSXpNRFl4TVRBNU1URXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdkRXcTI0SG45dGFwZlVxY0labnoKRFNBWjFESCtMaW1tY3B0ektyeEpVYm9YS0tCWi9kTlhQUE1EL2NUZFgyUmVOVElVL2JJSnd2aURaT0M2UnFLYQoyVkZKZFEwMzNaajRYbFYvakVIaFFvVUZydy9McUdTRlZnUmsycndKTjE4Um9NeUptNFpMMDBlKzJKYmY1cXd2Clpxa2p3RnFDNGdnQWU3WWo2MEdLM2FHbHR5ZU9RTzErak9mVm55eDV5cFhDMXpxUGRtRW5kc3NxSkNOeGJOMnQKUXhneDlIb1lnWGtJeVRpbzlOcDhSbzluS0ZXYWV0b3d0L0l3VE9XejRtTC9NaE5CYXlEUytaRjFlRW1jNlc5UQp6c1FRY0NuMFRVc20xWUczUHQzTGtLc1lHc1ZKUVBMdzNaVWxQeE1CZDR1eTNsdnIvbTJIZWlWSmhLTU5CY2tVCm93SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVSSt1MHI5SXJoK0dnRng5bVJ5bUZzRFVOcFdFd0h3WURWUjBqQkJnd0ZvQVVJK3UwcjlJcgpoK0dnRng5bVJ5bUZzRFVOcFdFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIM3pNVktBVzFrSVo2VllhbnM0Ck9nekdyMmdrQTcvRHVzNGhpeTR4KzNwNVpFZjRZaWJPcE1YSk42Ti94WU9mdC93VTlTSW1nZm9NVjJQKy9lc2wKZXNsNklmMzdNM3gxOC96MnJrcnlCd3JmU3d6RHZMQlVjQnJSSlZkMEdYQWpQRkU3dVRyRHQ1SFBFWTlIVXlwWQpybWNIRTRab3p6WHhFQ09LT0FuSU9jbWtGS1ZZOWlaSmRkTUFhejRpTFZMejNUR0FzZC94aEg3ZVU4c05tUVIxCk9RVks2ZU9UUzAvdnBmd0llaGt2b3VXQS81NkoxS3BCMThXVFIwUmQ0QU9qOWxCOW5PYW5WYi9MbUducCtqMHEKYWxKQ3QvTkJhZU1kUzVBYndrNERtQ3Z5MzRhZlpETXN6WFRZMENTV3BlSlVxMzRFRnFvV0ZYSzVJdmZ1bGlPYwpKL1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.137.171:6443
    name: kubernetes
    contexts:
  • context:
    cluster: kubernetes
    user: admin
    name: kubernetes
    current-context: kubernetes
    kind: Config
    preferences: {}
    users:
  • name: admin
    user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzVENDQXNXZ0F3SUJBZ0lVSFF0a2FXRVQ4SE9OaEFzbmxSRWtBU2JGdkpnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURZeE1qRXlNRGd3TUZvWERURTVNRFl4TWpFeU1EZ3dNRm93YXpFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFMRXdaVGVYTjBaVzB4RGpBTUJnTlZCQU1UCkJXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4c0YvTkNBVDBvZGYKYk5xa05KRUIvRHgwcXk0NWt4a2RZcy9ka2xuNzI5WEdGU1Nnamp1UnNhbWsyeTNmdUdQY1M1UnFOVGZHRzd3MQpwUzdxU01FQm5PL0JQUkQxWndrMmoxMU9Gc3p0ejBlOTlpa0hjLzlYdmFUcFEyQWVRMjZ0TDkxbjllbkEzamRXCmt5YWk3MS92VjRyaitNcGRscmdRd25DVlozanVOZlR6VVJwN2NVVmFqYkdBYjJDNVJlWkxZSENab1lhc2tLSTcKUGh4Z1YxM0ZnbkVhU2dHUy9Ja2xza01adWYzT3lteVZ1TlZ3RExyTUVMNTdZeWtWYlVEQmk3anRLRG5paXdxego5aTFjZ1h1VWFHSFZUa2JmOEZPWHVORkljMXdZUk8vMldYRjNlcHoybUdGbWVQbmhkRE44MG42S0cxTDNFKzhRCnRpaWhIS1NtOFFJREFRQUJvMzh3ZlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZFd3dJdjQwMGdVYgpWZ25LOEorOC9OU2F6RzBPTUI4R0ExVWRJd1FZTUJhQUZDUHJ0Sy9TSzRmaG9CY2Zaa2NwaGJBMURhVmhNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCRGx4SlhNWlFPNVVRNEVHMEJtQlF0VHYrQWMzVG53R3ZocGhZMC9sVWkKbWs4VVl4WWVzS0JpYXZ1bXJld1o2cjVFb2hJQ1hBZHRqMEczMEJtZXQ2UDVGakJNaERxZXg1Q1ppckxlRHNjdQpFR2pBSFdhcTVzeE5kNGpDSk1VS0M5VzVnSDhzTFpTcGpIbVpkYzRySWh2RVF5djhUSVdZQzJUdHA5clUza1A3CkczZVJhL3Nkc3ZhV3FiTklGWWFRT1lRYlJkT0s3V3RMdXY3cUpJb2UxS2dmdTJscHdHK2V4U3dzczZRcjU3aEIKT000SktUQzMyOTNGVWp5dURPbFdoVURERUVqNHgrM2ZoVVV3b0FUMFowd01hNzVXekVtSDdEcFBxQzZ2aytSRQprRXB4U2E0M3ZDNWVNbWcvVW5pZksveWV1VWgvaEw1Znk1M09jY3RWRFhpUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeHNGL05DQVQwb2RmYk5xa05KRUIvRHgwcXk0NWt4a2RZcy9ka2xuNzI5WEdGU1NnCmpqdVJzYW1rMnkzZnVHUGNTNVJxTlRmR0c3dzFwUzdxU01FQm5PL0JQUkQxWndrMmoxMU9Gc3p0ejBlOTlpa0gKYy85WHZhVHBRMkFlUTI2dEw5MW45ZW5BM2pkV2t5YWk3MS92VjRyaitNcGRscmdRd25DVlozanVOZlR6VVJwNwpjVVZhamJHQWIyQzVSZVpMWUhDWm9ZYXNrS0k3UGh4Z1YxM0ZnbkVhU2dHUy9Ja2xza01adWYzT3lteVZ1TlZ3CkRMck1FTDU3WXlrVmJVREJpN2p0S0RuaWl3cXo5aTFjZ1h1VWFHSFZUa2JmOEZPWHVORkljMXdZUk8vMldYRjMKZXB6Mm1HRm1lUG5oZEROODBuNktHMUwzRSs4UXRpaWhIS1NtOFFJREFRQUJBb0lCQUhINUVZV0ZnM2h0VW1ZcwpkbzhDUEQ0MU9MM1Vzd1ZNR0pMS0dnZkxlK2FURHBTZlBVWnltRmhsckhoWE5Qd2FuMy9qcW9lNzVPbVFvcjZIClNhZlFyYWtkdnhUU2ZiYkpETFZuVHRrNlNJQmRabXdiR1FBR2czem5iUy9LbFhBYnJrcE5UMGt2OHY0NmczVzgKYVNDVlJiMVFrdXZldDQ0dkhNVXpKQ21DcWk3YnRqUzQrY0x3cVF3b3NLQXg1TFR1OTNTOWdsUXNwMGRRVHppZAo2N1lTWW8vZFZwQ3Zvakdza3Ryd2JTQ2lYTUlYYjZQUXo3T3FRcTZad1Q5Zjc2eGRKTEVteTNSQXQ0RjBuSlNaCkFXVU5LTWt6RlZsL0R6N1FaRUZtTjJSTzdlT1Z4eXZnbXh1U1dGK2pQWXdETUh1Z3cweWg3eDY3a3BGb0NTYS8KUmRFSHZnRUNnWUVBMmZGNFhsVnV5N01SWEZ1Um5PNHJQSUdjMmpXN1hUd0tETzNORHg1aUljVklMdk1QZzVpVAo1N1JQVG1pRlpmUmxaTlhXWnVYb1FFVm5VTGxDMEFxcXF6YUU3cGlqK1V6OTBuSDg0VkYrNTk3Z0l1Uk9kdFFiClNEZjdNeDk5SzhhRE1JR1hsTHA0bUFoNS8xcksyWGw4VnVGbDZIS0dhVy9ZVi9xRVYrczdxSkVDZ1lFQTZYWlAKRzFUV2NUcmswOHJnY09UU2RGbWVvSzVPWTZNWkpDTWNqeVp0TW9YRnhMVjVRZnpRSHNheEhJNmphdUlqYjJYMQpzeWsvYlF2TWpSOXN4QkpldG1YbzFYK0QyUEp2MU1OUmphUUJJVTRnc3FLQnZBaHloS3BJcGUyZFNGRENoRHVYCjN3ZXZWeVRlemd0M1hTb0FtRjNFQlp0TEErQk5ZL3JxUXVJUlNHRUNnWUVBZzdhS1QwQ0VlRGpkT2hyZzhwMkIKcGN5VE5kRVpUZXgyQ29CQTJHMDlVemwrT1ZtTnU3TWZWLzNCbkJwUTNHQUtVeGxrdk1VZlNwQm5Nd0x6blBXRgpWWG5hZHJQckRVUjVkWkNNQ3NRTTFTYitBRGhJTDBwYXZwZU9pY1B6Q3R5cTlrcXJpQ2YxcjdRWHZycHBNMnRYCk9NNTVuelJ2aFJNaUJYR1NQK3diSHZFQ2dZQXBxaU9VRFIvNE5UcUJVY09jWWpuczZkR1ZlNFloNGdtcW1WbVAKY3B3cVdCVmpkYitlTnpBdFRlaHQ0RWJwM0ZIV242dXB2Y0xFQTBjT0tIMlF3SGFHdHNsRzBPc0czTDE0aXlNUwoxQ0lmZjRIMlgyb24xSm9iY3doa0ZIUHRZL3hTL1ErdGpnR00yOWVuamdSUGJCK1BFYXphRTB6ZjlEZmJqL3dlCjA1bWlBUUtCZ1FDMGhsdXdDUVBPWnBWQzIrVTZoWDhnbDFJbk1ycEpLK0dLK1lCVUxQZ0kyeGc2SzlqbHdaZmcKUGhTT3VzZE9yZCtTZXlIRHQ3ajFoZi9sVmltdVFrSzZMTCtGZmw5emlMY3ozRkFZSFV1TzNYS3BXdHllM1FvRAp3TG9uZEpXVjBja3NSVXFmM0VncCs0cjF2V2FERXNNcXlTa2drYVFrWWtSVHd6OEg4M2ZvR0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
    [root@k8smaster ~]#