本地连接k8s集群
在日常开发的过程中,经常会需要在本地开发的程序需要在k8s中调试的场景,比如,写了一个operator。
如果此时,本地又没有可以直接可达的k8s集群,
比如k8s是在公有云的vpc环境内,外面无法直接访问。想要本地连接远程k8s集群,可以参考 本地连接远程的内网k8s集群
再比如k8s集群是自己通过多台云服务器自行搭建的,master节点有自己的公网ip。想要本地连接远程k8s集群,可以参考本文。
1⃣️ 重新生成config文件
默认下,~/.kube/config 生成配置文件的时候只包含了k8s集群ip和这个节点的局域网ip,本地如果想远程操作k8s的话,必定要通过公网ip连接到k8s集群,所以我们需要把节点绑定的公网ip也放到证书里面去,即我们需要重新生成证书。如果不这样做,本地直接访问的话,会报如下提示:
tony@192 ~ % kubectl get pod
Unable to connect to the server: x509: certificate is valid for 10.96.0.1, 172.17.0.14, not 106.55.152.92
先备份证书:
[root@k8s-master .kube]# mkdir -p /etc/kubernetes/pki.bak
[root@k8s-master .kube]# mv /etc/kubernetes/pki/apiserver.* /etc/kubernetes/pki.bak
重新生成证书:
[root@k8s-master .kube]# kubeadm init phase certs all --apiserver-advertise-address=0.0.0.0 --apiserver-cert-extra-sans=10.96.0.1,172.17.0.14,xxx.xxx.xxx.xxx(公网ip)
I0627 15:10:39.069106 7777 version.go:252] remote version is much newer: v1.21.2; falling back to: stable-1.18
W0627 15:10:40.982380 7777 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Using existing ca certificate authority
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.17.0.14 10.96.0.1 172.17.0.14 106.55.152.92]
[certs] Using existing apiserver-kubelet-client certificate and key on disk
[certs] Using existing front-proxy-ca certificate authority
[certs] Using existing front-proxy-client certificate and key on disk
[certs] Using existing etcd/ca certificate authority
[certs] Using existing etcd/server certificate and key on disk
[certs] Using existing etcd/peer certificate and key on disk
[certs] Using existing etcd/healthcheck-client certificate and key on disk
[certs] Using existing apiserver-etcd-client certificate and key on disk
[certs] Using the existing "sa" key
重启apiserver:
[root@k8s-master .kube]# docker rm -f `docker ps -q -f 'name=k8s_kube-apiserver*'`
cd130929bc7e
[root@k8s-master .kube]# systemctl restart kubelet
2⃣️ 修改ip
拷贝master节点的配置文件 ~/.kube/config 到本地 ~/.kube/config ,修改server的ip地址为master节点的公网ip地址
3⃣️ 本地验证
tony@192 ~ % kubectl get pod
NAME READY STATUS RESTARTS AGE
ceres-admin-server-deployment-7f9c4c697d-7pphh 2/2 Running 0 92d
ceres-admin-web-deployment-7c8fb64f58-ft8xv 2/2 Running 2 192d
ceres-app-server-deployment-65b6bb99f9-qlwb2 2/2 Running 0 92d
ceres-jobs-server-deployment-bdcd669bb-284k5 2/2 Running 2 217d
ceres-merchant-web-deployment-6c6b668b8d-5vtq5 2/2 Running 2 192d
ceres-settled-merchant-deployment-5f74c8f46d-f982v 2/2 Running 2 213d
details-v1-6c9f8bcbcb-pzkfm 2/2 Running 6 296d
nfs-client-provisioner-6965c6967-6jv6c 2/2 Running 8 217d
productpage-v1-7f9d9c48c8-kgtlw 2/2 Running 4 296d
ratings-v1-65cff55fb8-vmj4z 2/2 Running 6 296d
reviews-v1-d5b6b667f-9b7kw 2/2 Running 4 296d
reviews-v2-784495d9bc-xvqpw 2/2 Running 6 296d
reviews-v3-57fcb844b7-xsj47 2/2 Running 4 296d
评论