# 1. k8s認證
## 1.2 兩種賬戶信息
1. user賬戶
2. pod訪問apiServer的一種賬戶(service account)
`kubectl config view`對應配置文件/root/.kube/config(認證信息)
```
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.56.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
```
有四種實體,users對象列表,clusters集群列表,contexts用戶與集群對應關系,current-context用來指定當前連接那個集群
# 2. 創建serviceAccount
**1. 使用k8是證書簽名serviceAccount證書**
```
# private key
openssl genrsa -out tuna.key 1024
# private Ca
openssl req -new -key tuna.key -out tuna.csr -subj "/CN=tuna"
# sign CA
openssl x509 -req -in tuna.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out tuna.crt -days 365
```
**2. config加入用戶tuna**
```
[root@master serviceAccount]# kubectl config set-credentials tuna --client-certificate=./tuna.crt --embed-certs=true --client-key=./tuna.key
User "tuna" set.
[root@master serviceAccount]# kubectl config view
apiVersion: v1
clusters:
...
- name: tuna
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
```
**3. 操作context將用戶與集群綁定**
```
[root@master serviceAccount]# kubectl config set-context tuna@kubernates --cluster=kubernates --user=tuna
Context "tuna@kubernates" created.
[root@master serviceAccount]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.56.10:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
- context:
cluster: kubernates
user: tuna
name: tuna@kubernates
```
**4. 使用tuna操作k8s**
> 當前用戶切換到tuna
```
[root@master serviceAccount]# kubectl config use-context tuna@kubernates
Switched to context "tuna@kubernates".
```
```
[root@master serviceAccount]# kubectl get pods
error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
```
- docker
- docker安裝
- 數據持久化
- 鏡像管理
- Dockerfile
- 鏡像的分層
- add copy
- 構建實例
- 鏡像的導入導出
- 清理構建空間
- 配置阿里云加速器
- docker網絡模型
- 本地倉庫
- registry
- harbor
- IDEA部署docker
- 軟件安裝
- 安裝es
- 安裝MongoDB
- 安裝rabbitmq
- 安裝redis
- 安裝nacos
- 安裝mysql
- Minio
- 鏡像中心
- kubernetes
- 1. 安裝k8s
- 2.主要組件
- 3.污點
- 4.pod
- 5.控制器
- 6.網絡
- 7.探針
- 8.安裝Dashbord
- 9.secret
- 9.serviceAccount
- 10.service
- 資源清單
- kube-proxy
- flannel源文件
- 服務升級
- 筆記
- 鏡像