如何查看config文件
或者在cat $HOME/.kube/config
简单事例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
| package main
import ( "encoding/pem" "io/ioutil" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd/api" "os" )
func caData() []byte { f,_:=os.Open("./test/certs/ca.crt") b,_:=ioutil.ReadAll(f) decode,_:=pem.Decode(b) return decode.Bytes }
func userData(path string) []byte { f,_:= os.Open("./test/certs/"+path) b,_:= ioutil.ReadAll(f) decode,_:= pem.Decode(b) return decode.Bytes }
func main() { config:= api.NewConfig()
config.Clusters["kubernetes"]= &api.Cluster{ Server: "<https://192.168.92.129:6443>", CertificateAuthorityData:caData(), }
config.Contexts["abc@kuberentes"]=&api.Context{ Cluster: "kubernetes", AuthInfo: "abc", }
config.CurrentContext="abc@kubernetes"
config.AuthInfos["abc"]=&api.AuthInfo{ ClientCertificateData: userData("abc.pem"), ClientKeyData: userData("abc_key.pem"), }
clientcmd.WriteToFile(*config,"./test/certs/abc.config")
}
|
放到gin中示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
| func (rbac *RBACCtl) Clientconfig(c *gin.Context) goft.Json { user:= c.DefaultQuery("user","") if user == "" { panic("no such user or usr is empt") }
cfg:= api.NewConfig()
clusterName:="kubernetes"
cfg.Clusters[clusterName]=&api.Cluster{ Server:rbac.Sysconfig.K8s.ClusterInfo.EndPoint, CertificateAuthorityData: helpers.CertData(rbac.Sysconfig.K8s.ClusterInfo.CaFile), }
cfg.Contexts[user]=&api.Context{ Cluster: clusterName, AuthInfo: user, } contextName:=fmt.Sprintf("%s@kubernetes",user) cfg.CurrentContext=contextName
usercertpempath:=fmt.Sprintf("%s/%s.pem",rbac.Sysconfig.K8s.ClusterInfo.UserCert,user) usercertkeypath:=fmt.Sprintf("%s/%s_key.pem",rbac.Sysconfig.K8s.ClusterInfo.UserCert,user) cfg.AuthInfos[user]=&api.AuthInfo{ ClientCertificateData: helpers.CertData(usercertpempath), ClientKeyData: helpers.CertData(usercertkeypath), }
fileconfig,err:=clientcmd.Write(*cfg) goft.Error(err) return gin.H{ "code":20000, "data":string(fileconfig), } }
|
help.CertData函数如下
1 2 3 4 5 6 7 8
| func CertData(path string) []byte { f,err:=os.Open(path) goft.Error(err) defer f.Close() b,_:=ioutil.ReadAll(f) decode,_:=pem.Decode(b) return decode.Bytes }
|
在简单代码中
1 2 3 4
| config.AuthInfos["abc"]=&api.AuthInfo{ ClientCertificateData: userData("abc.pem"), ClientKeyData: userData("abc_key.pem"), }
|
这是取的是这个用户的key和pem
关于如何代码创建用户, 以及如何给这个用户签发证书, 请看下面文章