这里以K3S为例,默认情况下,kubectl 会在 $HOME/.kube 目录下查找名为 config 的文件,如果root用户登录的、config配置文件路径为 ~/.kube/config,文件内容如下:
K3S的config文件在/etc/rancher/k3s/k3s.yml
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: ***
server: https://127.0.0.1:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
users:
- name: default
user:
client-certificate-data: **
client-key-data: ***修改config文件
为了便于管理和区分不同的集群,我们需要对所有集群的配置文件内容进行修改,主要修改的内容有:集群、上下文、用户信息。
这里你可以选择将多个集群的config文件放到跳板机或者操作节点上。
[root@k3s-master ~]# mkdir -p $HOME/.kube
[root@k3s-master .kube]# scp master1:/root/.kube/config config1
config 100% 5650 5.4MB/s 00:00
[root@k3s-master .kube]# scp k3s-master:/root/.kube/config config2
config 100% 5641 4.8MB/s 00:00
[root@k3s-master .kube]# ls
config1 config2修改config1文件
修改config文件时,用户名、集群名称、上下文名称不能相同,否则合并后会出现问题。
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: XXX
server: https://192.168.1.90:6443
name: k3s-prod # 修改集群名称
contexts:
- context:
cluster: k3s-prod # 修改集群名称
user: prod-admin # 修改用户名
name: prod-admin@k3s-prod # 修改上下文名称
current-context: prod-admin@k3s-prod # 修改上下文名称
kind: Config
preferences: {}
users:
- name: prod-admin # 修改用户名
user:
client-certificate-data: XXX
client-key-data: XXX
修改config2文件
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: XXX
server: https://192.168.1.120:6443
name: k8s-test # 修改集群名称
contexts:
- context:
cluster: k8s-test # 修改集群名称
user: test-admin # 修改用户名
name: test-admin@k8s-test # 修改上下文名称
current-context: test-admin@k8s-test # 修改上下文名称
kind: Config
preferences: {}
users:
- name: test-admin # 修改用户名
user:
client-certificate-data: XXX
client-key-data: XXX
合并config文件
[root@k3s-master .kube]# KUBECONFIG=config1:config2 kubectl config view --flatten > $HOME/.kube/config
[root@k3s-master .kube]# cat config # 此时发现已经合并为一个config文件
# 修改权限
[root@k3s-master .kube]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@k3s-master .kube]# chmod 600 config
[root@k3s-master .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.1.90:6443
name: k8s-ha
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.1.120:6443
name: k8s-test
contexts:
- context:
cluster: k8s-ha
user: test-admin
name: test-admin@k8s-ha
- context:
cluster: k8s-test
user: test-admin
name: test-admin@k8s-test
current-context: test-admin@k8s-ha
kind: Config
preferences: {}
users:
- name: test-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
- name: test-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
添加环境变量
[root@k3s-master ~]# echo "export KUBECONFIG=/etc/rancher/k3s/config" >> ~/.bash_profile
[root@k3s-master ~]# source ~/.bash_profile
多集群切换
获取全局上下文
[root@k3s-master .kube]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* test-admin@k8s-prod k8s-prod test-admin
test-admin@k8s-test k8s-test test-admin
获取当前上下文
[root@k3s-master .kube]# kubectl config current-context
test-admin@k8s-ha
[root@k3s-master .kube]# kubectl get node
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane 285d v1.27.6
master2 Ready control-plane 285d v1.27.6
master3 Ready control-plane 285d v1.27.6
work1 Ready <none> 285d v1.27.6
work2 Ready <none> 285d v1.27.6
work3 Ready <none> 285d v1.27.6
切换当前上下文
[root@k3s-master .kube]# kubectl config use-context test-admin@k8s-test
Switched to context "test-admin@k8s-test".
[root@k3s-master .kube]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 21h v1.23.17
k8s-work1 Ready <none> 20h v1.23.17
k8s-work2 Ready <none> 20h v1.23.17
评论区