K8S多集群管理
1. 前提在实际生产环境中,往往需要维护多个k8s集群,在多个环境和节点之间切换,影响工作效率,不符合devops的理念,因此作者尝试在单个节
1. 前提
在实际生产环境中,往往需要维护多个k8s集群,在多个环境和节点之间切换,影响工作效率,不符合devops的理念,因此作者尝试在单个节点下面维护多个k8s集群。
2. 要求
- 了解k8s的context
- 了解k8s的kubeconfig
- 至少2个以上k8s集群
3. 实验
3.1 k8s集群
- 节点t34集群
[root@t34 ~]# kubectl get nodes nNAME STATUS ROLES AGE VERSIONnt31 Ready worker 156d v1.14.3nt32 Ready worker 70d v1.14.3nt34 Ready controlplane,etcd,worker 199d v1.14.3nt90 Ready worker 156d v1.14.3nt91 Ready worker 169d v1.14.3
- 节点node43集群
[root@node43 ~]# kubectl get nodes nNAME STATUS ROLES AGE VERSIONnnode43 Ready controlplane,etcd,worker 121d v1.14.3
3.2 kubeconfig文件
查看kubeconfig文件可以使用kubectl命令,也可以直接查看/root/.kube/config(默认位置) - node43集群
[root@node43 ~]# kubectl config view napiVersion: v1nclusters:n- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.5.43/k8s/clusters/c-mg6wmn name: testn- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.5.43:6443n name: test-node43ncontexts:n- context:n cluster: testn user: user-twwt4n name: testn- context:n cluster: test-node43n user: user-twwt4n name: test-node43ncurrent-context: testnkind: Confignpreferences: {}nusers:n- name: user-twwt4n user:n token: kubeconfig-user-twwt4.c-mg6wm:r7bk54gw2h5vpx6wqwbqrldzhp2nz5lppvf5cfgbgnwffsj7rfkjdp
- t34集群
[root@t34 canary]# kubectl config view napiVersion: v1nclusters:n- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.4.34/k8s/clusters/c-6qgsln name: testn- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.4.34:6443n name: test-t34ncontexts:n- context:n cluster: testn user: user-czbv6n name: testn- context:n cluster: test-t34n user: user-czbv6n name: test-t34ncurrent-context: testnkind: Confignpreferences: {}nusers:n- name: user-czbv6n user:n token: kubeconfig-user-czbv6.c-6qgsl:tznvpqkdw7mz6r8276h8zs5hbl45h2bv2g8jwfjqc8qckhgfwwz9rd
3.3 配置
在t34上面配置node43的cluster,user以及context
- 添加cluster
[root@t34 canary]# kubectl config set-cluster node43 --server=https://192.168.5.43:6443 --insecure-skip-tls-verify=truenCluster "node43" set.
- 添加user
[root@t34 canary]# kubectl config set-credentials node43-user --token=kubeconfig-user-twwt4.c-mg6wm:r7bk54gw2h5vpx6wqwbqrldzhp2nz5lppvf5cfgbgnwffsj7rfkjdpnUser "node43-user" set.
- 添加context
[root@t34 canary]# kubectl config set-context node43-context --cluster=node43 --user=node43-usernContext "node43-context" created.
- 查看
[root@t34 canary]# kubectl config view napiVersion: v1nclusters:n- cluster:n insecure-skip-tls-verify: truen server: https://192.168.5.43:6443n name: node43n- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.4.34/k8s/clusters/c-6qgsln name: testn- cluster:n certificate-authority-data: DATA+OMITTEDn server: https://192.168.4.34:6443n name: test-t34ncontexts:n- context:n cluster: node43n user: node43-usern name: node43-contextn- context:n cluster: testn user: user-czbv6n name: testn- context:n cluster: test-t34n user: user-czbv6n name: test-t34ncurrent-context: testnkind: Confignpreferences: {}nusers:n- name: node43-usern user:n token: kubeconfig-user-twwt4.c-mg6wm:r7bk54gw2h5vpx6wqwbqrldzhp2nz5lppvf5cfgbgnwffsj7rfkjdpn- name: user-czbv6n user:n token: kubeconfig-user-czbv6.c-6qgsl:tznvpqkdw7mz6r8276h8zs5hbl45h2bv2g8jwfjqc8qckhgfwwz9rd
3.4 测试
当前context为test,cluster对应的test(即t34集群),user为user-czbv6
[root@t34 canary]# kubectl config current-contextntestnn[root@t34 canary]# kubectl get nodesnNAME STATUS ROLES AGE VERSIONnt31 Ready worker 156d v1.14.3nt32 Ready worker 70d v1.14.3nt34 Ready controlplane,etcd,worker 199d v1.14.3nt90 Ready worker 156d v1.14.3nt91 Ready worker 169d v1.14.3
切换context为node43-context,cluster对应的node43(即node43集群),user为node43-user
[root@t34 canary]# kubectl config use-context node43-context nSwitched to context "node43-context".nn[root@t34 canary]# kubectl config current-contextnnode43-contextn[root@t34 canary]# kubectl get nodesnNAME STATUS ROLES AGE VERSIONnnode43 Ready controlplane,etcd,worker 121d v1.14.3
至此,在t34节点上维护了两个k8s集群,按照同样的办法可以添加更多的k8s集群,只是通过不同的context进行切换。
btw:在同一集群下,利用context可以完成生产环境和开发环境的分离
