cncfkubernetes
Source
Edit
History

kubectl 远程访问内网中的 kubernetes 集群

Catálogo
  1. 1. 拷贝 config
  2. 2. 修改服务器地址
  3. 3. 重新生成证书
    1. 3.1. 保存kubeadm 配置
    2. 3.2. 增加可信地址
    3. 3.3. 生成新的证书

拷贝 config

将服务器的 /etc/kubernetes/admin.conf 拷贝至本地的 ~/.kube/config

修改服务器地址

1
2
3
4
5
6
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN
    server: https://172.17.43.150:6443
  name: kubernetes

server 改成你的远程地址

重新生成证书

保存kubeadm 配置

1
kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm.yaml

增加可信地址

1
2
3
4
5
6
7
8
apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}

修改为

1
2
3
4
5
6
7
8
9
10
apiServer:
  certSANs:
    - "<YOUR_IP>"
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}

生成新的证书

1
2
3
4
5
6
7
8
9
10
11
12
13

# 删除 crt
mv /etc/kubernetes/pki/apiserver.{crt,key} ~


# 生成证书
kubeadm init phase certs apiserver --config kubeadm.yaml

# 重启 api server
docker kill $(docker ps | grep kube-apiserver | grep -v pause | awk '{print $1}')

# 更新配置
kubeadm config migrate --old-config kubeadm.yaml