kubeconfig 文件结构 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 apiVersion: v1 kind: Config clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ETXlNVEE0TXpZMU1Wb1hEVE0wTURNeE9UQTRNelkxTVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFBaCjZUcUFNMVhiRkxIbnVvd1ZNT1FHeWQ2SzVBcGdwcmhYSlBvclVKdStoazBKd3BQQlNRZGNSdnJjYy9wNTNDbnQKTTBXWVN4dThTd1Z6a0dHajh0cHNSNjRkMWMxdFk1djYzYnlkVXN5M3JwME1OWUt1ckJPNEY2aVFLK01oL3R6UAp4eUdZei9BUnhheDdXNysvWEV6Y2FsdFp5T1JZZk9ISUR5ZjN5R3V2T1htYmw5ZEJmRHFBMFlSMGxOTFFlUEcrCm5lZkVGb1dUQncxUytiZEl0MDBRZnl3MVlvRXpkOFd6UDRBTzFlV3AxK0tJdFhLaUxyaWFBbjkzNTJhbnVIT2YKQ3h0U0NCbEwwRThCL3dGKzhTd0RQbDlUYkNhZU1nTUJpY2hsQzlYSjNrV2k2cElOVnVEeEpRUy82cnlwQWhLbgpHK21RWlJIdmhsUk1wTjhEbDBzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZLay8zWDh0Q1dhZEpKN011SjNRNE5DL2xHd3pNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSDR1K05zbE9ORWJVZXB1M0JaRQozL1hnQitFNDZVZ3N2d2R6UzhEWXF3YzBWQ28vUFc0RUNreW9IUkJINHJkdTVpaTBhVUhjZUxpNjhZQjlvQ3hpCmlkbHp3bUNGV1g1dEtGMUJTRFJ1YSt5MjVrOGZuSGtodm5IVG9CQ2c5ZlMzdFBOekNUdEtMSUhyVFpQVDhWU3IKdVYyZkdOcXMyT2djWjc4TmY4M2pnVVBXbFVPZkVsTDBrYjNYVHo5M29DdnF0RS9tRi9VOWhmOUdiRU5Lai9BSAovUHA4QWNmellkVGxGNTBva09temVFdnJnalZmaXFKMitGd2I5Lys1SUljSWFMR3IwZjVUMUVINzdxVEdEWElWCncwWGlKYmVTL1JTYTYrZFM0b1dRMS82Ryt1SUdRQWx0eTRSTXdqbG4rMTMvdStPelowTHErNzBlQTdUSm5mU0MKRVhBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://127.0.0.1:55282 name: kind-kind - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVQVFVeTNtWi80eWZmbEhjTi9WblNIcUYwL0NRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SSXdFQVlEVlFRSEV3bFRkVzV1ZVhaaApiR1V4RURBT0JnTlZCQW9UQjB0MVltVmFiMjh4Q3pBSkJnTlZCQXNUQWtOQk1STXdFUVlEVlFRREV3cExkV0psCmNtNWxkR1Z6TUI0WERUSTBNRE15TVRBNE16a3dNRm9YRFRJNU1ETXlNREE0TXprd01Gb3dZakVMTUFrR0ExVUUKQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJJd0VBWURWUVFIRXdsVGRXNXVlWFpoYkdVeEVEQU9CZ05WQkFvVApCMHQxWW1WYWIyOHhDekFKQmdOVkJBc1RBa05CTVJNd0VRWURWUVFERXdwTGRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlNNGo2d1NSdTUrcFpwckk1WkhxdmYycXpJdTUKSlZkYzRFUEp3cGY5eU9LN1FPZFM1SHJRUzVNK3ZEMFMzOUNJVFVYY2YxZUNJZy83SEt4TmVFbVk0TVdCMVlBWQpZOVRjMkZlR3JMMVBFR0lwNER6TnRRMkhvcWFxU2pJd0d0bnh3RjV5OGRRUGJkQ3JOdllDRVl5QlR2S0VtUXVoClFmdDhJR1NmaWJ0M3gwa2ZaaUFqZTJ5SDJabFNyMnBRSzRWWFdWUU5UV0hOQnlMS29Lb05Yazl2UTQ4dHhYbVUKcFRDWUxjcGdZSC9tU0lpY1FOcDQwRjRaOUUraGFjdTVkYVFVakIzZzQxWEVvYXBzL2xSa3d0bVFlV1gwVjR2VQp3cUlCS0doZmJ3dmluUjAvTmJGOVVLVldaVlpVL2R0NHR6TXQxVHg4L2tmcExmL0xnNXdoOThUSkJ3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKWXp4aGFlN2V3TXNIeEJ5YnQ4U0Ntb01zVGg0d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFWk5uUjI5SDVjRwpJSFBKdDlNMk5YZGt1NzFuU2VZb2s3SFBVdnJ6V0JOdFJjMUJPZkJRc25zb0RRcDQ1SmQxUnZsOEdLRHJjOCtICm5yaXZGQXpPZFRPQlhib3RMcFdGc0U1WU5VcGlUbWU2aW9pUVRVTnQ2WCtLd29CV00xNUwyWlJBYXdQQ0FBZ0sKeWRRU2lZaHVZMS93ekltWW1LenczRjVYb1BJcHVjTjhNam1MM3ZPNlFPaW51OFQrcW9wbWlmRFMraUVzRjcwSApwaW9mVXFJR3Zmbm5uVFFTWnFrRFAybXZ2VHFqT1lCbjU1dHRsL2JYQzh2ZHlwakNGVWRGOXNjUFM5R28ycTRuClkySUUvdHIvUFhaODUvUVVsdVQ2UEd5VUMycDNhZmNhdXRBbC9hQUZvM1ltK3BNbW03WUhad2JjcUp6U3BmRXIKbnJaekRNZFNGS2c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://127.0.0.1:6443 name: zoo contexts: - context: cluster: kind-kind user: kind-kind name: kind-kind - context: cluster: zoo user: zoo-admin name: zoo current-context: kind-kind preferences: {}users: - name: kind-kind user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSkNhSHFyUUl0b0l3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBek1qRXdPRE0yTlRGYUZ3MHlOVEF6TWpFd09ETTJOVEphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXFNS1VOcStyTGNPTkxDWmMKTjA4SjBpYzhBdnhjdmlZNG40SVN1UFFleVViYUhLTVpRNnJpNjA4SlZoNUZxc3B3N3BoWTkrYVBMTHJQaG9uWApCQWhQdmVSSVVxeDdaTkJhODNuVUIrTXIrOXIrazAwTk1yNDBTdkg5aGpnTXVZUjFvN051OWRzN1k3U0pOcXVsCnlwOVN6YzUwUTNBbzh1cHBTRFlFRW5Hd3I0VVBidlp0ZTVlQXo2T2hDYy9hazZuZGlFcU9hMkdJRzhlUmEyWTkKM2hBQjl6V3YvVldGTkxFNXh2Mm5oS3JDQVl6TzBrVmJwTkNlSmkxRGFvNTIzQURWajhGQjRFbDFVNCtvTmM2Vwo5VHdRbDFIUklxZXJ6MUFMTFl1THhadGFFY2IwYW04N2dTcEtyaXcrYWVBL3h6L29tQ1BLY1IrQTBSTkpBcVdWCnduTzhDUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTcFA5MS9MUWxtblNTZXpMaWQwT0RRdjVScwpNekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbjVCalc3VEZvYlBxWk5obS82cEJPVUdGUmVncHFKYVcrUFN1CktUVU5qNXdDU1ZjTWg3V2RmQWtBSGxrYzQ5YWZlaHpWZmVwUXJEUEpOam96eCsxOGc2ZmtNalJRdEhRaW9yYSsKck82UklBYnVJR0pqTXBKVGNGL25OMkY4amFzdFlrdkZ1cjNtdlVldzhsWmtEZEdYMFFaU0J2Y0xqVGdvZURmSQpLTmhjMGVaQ2QrMStGeVJYajZwaUs4Y3pBWlkvTTVsVHJSZTVQUmJSaHpMeVo0Wm1nMHZjOUZjZFcxbThVZ2hDCkVOWkZCVDA0WTl2bHRGTHJaSG9IRlFERlNKRUxTSnl5VG95dTVnYVh6OElZUm41Y0k0b1RPZXlKN2JvQ3hvdzEKa3VXbWdxbVZHdjZwUWJqRm0zaTBTZXFRMkQ5bU1SaDhsYW0vMlhiaVlyWlBjQUlaRnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcU1LVU5xK3JMY09OTENaY04wOEowaWM4QXZ4Y3ZpWTRuNElTdVBRZXlVYmFIS01aClE2cmk2MDhKVmg1RnFzcHc3cGhZOSthUExMclBob25YQkFoUHZlUklVcXg3Wk5CYTgzblVCK01yKzlyK2swME4KTXI0MFN2SDloamdNdVlSMW83TnU5ZHM3WTdTSk5xdWx5cDlTemM1MFEzQW84dXBwU0RZRUVuR3dyNFVQYnZadAplNWVBejZPaENjL2FrNm5kaUVxT2EyR0lHOGVSYTJZOTNoQUI5eld2L1ZXRk5MRTV4djJuaEtyQ0FZek8wa1ZiCnBOQ2VKaTFEYW81MjNBRFZqOEZCNEVsMVU0K29OYzZXOVR3UWwxSFJJcWVyejFBTExZdUx4WnRhRWNiMGFtODcKZ1NwS3JpdythZUEveHovb21DUEtjUitBMFJOSkFxV1Z3bk84Q1FJREFRQUJBb0lCQUJzQWR5S0EzUXpIZXpFVApPaklIVFhUNG5odUVNWHFqTnZBZXFjdzZFeXIxVVRTL3krME56SjBGMm1LVEdXYUlXYVZ6YnRqTFpTRXRDc05tCkRxY3doVUhHNHVPSGdYN1I3NXVCWkxHV1laVThwdnIrbXh3Qlh2Q1c0NCswTENVSzBwL010L1pTaTZBYVpOSUEKaU5od3daajRiWlhVdmxpUHRTUytyOHdic0wrRWNqTGFtZVhlQWNpTDByNTVzZzA5akxhSENkNnhQZ29FYlFPawpKR25kZ1JsSTFSZis5RGdON0toRkdQMkEvOGJEMytONERZT3pRcm8zWE1ZcG9kNyt3ODlkclFnOG9ob2pRQkd5CjZrR0tNeXdsaktNRmxuV3c4bmYwbDU4VzVibWo2enp3RzZPcDQra21wVStyc3pqR0JEdDQ1QnlQNUhTbEFEelMKYzNudFArRUNnWUVBeUhGc1l0aHZ4Vk1sVWdzZTViRzVWYXdwUGNjU3JuY0p3SXU4U1AvaExYUi9POUsvZVhwTAo2OUhtemNMSW1Dd1J1cWwzdUEvQlhYR1hpNlh5SWMvK3k0bzZyUEhoZk4wS2x5cFVOTXd4Ri9FY0t2VklmeE1ECjM2Uks5eVdvem5zVUFVVkw5L0dPK2ViK0dLOGtQRHYyVFdwTEVIVDFjVFc4aHNNV3JvTENLclVDZ1lFQTE0a1IKT2FWejBEbHFLUXlNSU0zVkk4Kzc4TUNOTzdUTFVOait4SWRyV2lGLzlCOG8wSVp3dG5GREo1OHE3dWZNcHhpTAptZEtwRENHcGhIWmhRQzYxWEhBNXEyVFIzamxhK1ArdnpTRVNxeWIvWWhrelk3dDdZY0xMSFBValRiWXpmV2I0Cjl6TjdTNkF6NWM2aGs1Nzd3RmxTODE2KzlWK2pBVW5MaWdkZzNJVUNnWUVBb1BlbFNRUHpUbzNsREt2dGxoeFIKYitHZ0JRS1htQS8wZnZJNHRJNzRzRjQ3eHprSmwyNkZCYzQ5QWNTSS90dDFLV2Zxd3ArMGMyeERmVnc0eExxYQpMYTdHVEJpN01tRDRua2paOHNTQU1HL3FaUDB4eVFybU0zVm0xbThoengrOEF3RTVidFpJTVp3MU5uR0FNZmNkClp6SVRNaFlhL1YxZ0Z3RVlkL0IrS1hrQ2dZRUFxdzA1b1dGQVAxRkJnaUJXR1RhaFg1RmVXeHZGT2t3cVN4aGIKWUVjRW1Id2JtdmNib2huLzI1cVpyQmt5cm5WQndwN0ZNNmV1eDFUenZvOWdjTnBnem1LMk1lS0tkKzFXMkdPNgo5blczNWlMRjdPbUpFaTVaSmVXODRsZGQxQyswUDJKNFZWOERDNnF4WlVFT2xDUkpNWWJ5UVBqQlhlU3ZiYmRPCkZGWDB0aTBDZ1lBZDNXTjl2SlN5UUxDUDlHdHA0dVRJQXpYRlFGbkJiY2ZKVzdaL2hnUXlZUWlWa0p6K3pQSCsKclU5RWE3ZTVyTlg0MmtuK2E1cXpudXZEeE5aMDhjRjYwdFBBajR2T1UrTkZyb2FyU29xL3lreTJMTnR2LzJ0OApocXJQblk0dE04dFpON2w5NktHSklJdzlVUXcyR2NpS3JXSXkvT0NQR2lERGthakhGS2lndlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - name: zoo-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyRENDQXNDZ0F3SUJBZ0lVYlBFdGx4LzRTYm9TckRvZTd1djllS1YrckZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SSXdFQVlEVlFRSEV3bFRkVzV1ZVhaaApiR1V4RURBT0JnTlZCQW9UQjB0MVltVmFiMjh4Q3pBSkJnTlZCQXNUQWtOQk1STXdFUVlEVlFRREV3cExkV0psCmNtNWxkR1Z6TUI0WERUSTBNRE15TVRBNE16a3dNRm9YRFRJMU1ETXlNVEE0TXprd01Gb3dhVEVMTUFrR0ExVUUKQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJJd0VBWURWUVFIRXdsVGRXNXVlWFpoYkdVeEZ6QVZCZ05WQkFvVApEbk41YzNSbGJUcHRZWE4wWlhKek1SQXdEZ1lEVlFRTEV3ZExkV0psV205dk1RNHdEQVlEVlFRREV3VmhaRzFwCmJqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1PYnpoeDBOTW5ubTdHbmFjb2sKWHJ1RmxrRVBXc01la2xLNnBtbWFDRUVVUTNocHdsUWw2Z09UekpwaUVYVGZMZU1Uc29ZZ1NtNGFySWdjdVlTcwo3cDdzdWhhUi9RN1g3SUZjMXJEMzFtODB5amZEVUhYZi9jSWhDVmp0NDhLY1JLL2QrK2NzZkU5eHpEdlVBdDVxCmxmNFNvMy9YSnJyYzdtdURiUXdYdDgvaGQ4RnVZYUFWN2YraXVMMW5DRTB3b01IaFNPSkpEWC9TQ1pMakxTS2wKYU9aM2lOL0dDRXo4cldPUmVBbGUwQzRwazRwc0xmN1h6UlJpcnFTT21lQ3JTZzJoNlU1OS8xTHN5dXVqeTVFWQpxT3RsZ0R0Z3l5RDhBRWZhanM5R0NNRnFFOStHZWR6NkpuRmFlUlpOZThlVWNhVU1GWFVSWjYxb0pqT2UraUZ4CjU3TUNBd0VBQWFOL01IMHdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUIKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlRPL0JxUE9HcVU1V0JYSW9wQgoxajdxYVBvTkh6QWZCZ05WSFNNRUdEQVdnQlJqUEdGcDd0N0F5d2ZFSEp1M3hJS2FneXhPSGpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUF0SVRaN0FUVVhManB6UWtQVGM0RVFKYi9IZlJTcklOV3pSMlpRcVI1Q2J1dXEzR08KUktDZFphenVrakJjMCtXVkhGcVo4SEtNNUR2YThKbzZCUXgycXoxZ0ptVE1oYUdRMFlyNWFFcmxFZWJCWUcwVgpLMGh4LzJuMmNmMkt3N3VBOWdkeUJKSVFJbnY2RFJPUmt6VVNuQXJEd21TNitUNXdKK0lTUGlPdHVGRnQzazRyClZsZ1N3bjE5WHRSRnJ4OEI4dWRkSlZ4VEloN3FPa09hbURQaFJrTGJKNFdOUk5hYlpVMFVxdmxUQzVnQkhnS2QKSm1FaVQybHNoUENjS2lRZWsrTVNzNU9mNG9ZQml0TXM0eW1iendXb1hVaGcvVnRTbTdtT2MzUmo2ZGhrQXl2NwozQTJoZW1xUENKQ1JwbndzUDlpd0VrWUE0SlFZMG53aEUrd1h2Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdzV2T0hIUTB5ZWVic2FkcHlpUmV1NFdXUVE5YXd4NlNVcnFtYVpvSVFSUkRlR25DClZDWHFBNVBNbW1JUmROOHQ0eE95aGlCS2JocXNpQnk1aEt6dW51eTZGcEg5RHRmc2dWeldzUGZXYnpUS044TlEKZGQvOXdpRUpXTzNqd3B4RXI5Mzc1eXg4VDNITU85UUMzbXFWL2hLamY5Y211dHp1YTROdERCZTN6K0Yzd1c1aApvQlh0LzZLNHZXY0lUVENnd2VGSTRra05mOUlKa3VNdElxVm81bmVJMzhZSVRQeXRZNUY0Q1Y3UUxpbVRpbXd0Ci90Zk5GR0t1cEk2WjRLdEtEYUhwVG4zL1V1eks2NlBMa1JpbzYyV0FPMkRMSVB3QVI5cU96MFlJd1dvVDM0WjUKM1BvbWNWcDVGazE3eDVSeHBRd1ZkUkZucldnbU01NzZJWEhuc3dJREFRQUJBb0lCQUhMZ0ZYTndhM0FIck0vdwpXWmgxTTQwOUxyaVdvOTdqSFZ1b2NnS2lpeVp0R0JLblNaRFJrMVQyZjdwS3phV3RTKzJIcTloSkxtenJEVmdDClJwRThYZ2JIVDZIaHFwUUZDc2dPRmFkb1pXNTV1aWgxYzlORjhHa0pyY3VrS1pZbzM4M0l1QjlUYU0zZkx1b1QKNEh0dWJSZ0JLalB4enJUKytxWDVVUmxBOUpvSDc2c1hUb1JkYXF5YzR6VXMwcm9LNmVTb3dZeE8ydVN5TmtQcQpkai9reFJ4WTV2djYveHpPOHhVU1dUWndwVit2VUgvbVJiU1hjSjJrKzRvTDB5VmJSLzFpVStPYmpkSWU4UXNOCkhHMjBNSk9zRS9LTVVuVUlSeGxqRGlaM1o4WjVabXIrTUVTV3daOWRkUWlJbm80dSt6UkVaRTcvbnlwQ2lTY0UKOHlBNG9FRUNnWUVBOVpHbHRLdG8yaHRzZXBuWnNwdFVFdEorbXo2a001bEI2SHdpVVd3Q05ZSXpUQzRra2J2MwpXSzVMYXFpaXEwUk5zOHZSbmNXSHlwMHFidTlyOHNUellRUVVvc0luVStReGlLMUd0Uk81cVV4TE9SZzZlSjViClNCM0JoNnVQdVMyUU9qSlNKbU9uWldkUHFrRXJqSW9LWWZhT00wUGIxaUVlUzBWVUVyVWZaVGNDZ1lFQXkrcmgKeDlzM0FnMVk0bkVpVThsbGpDNlZQYk8yQ3pRM3ViWXJlcjhobVFTYkRsQjBHMEhOVE01YWNaSFdNVUdnWWVlagpUbFJCcVQvbFZtOXV3NFBxc1Ezejl4QnB0YmZDVUpqeEVucnJWQkdpeElNeHlGMU85WTh2WVRkZENLa3VVVVE5CnEybnpuNzNMNGdDRDlMcW4yYlFpaEFucHdTamcySytFQ2V4RlQyVUNnWUVBdWJIM2tsV0VKbHBTZjZ0VG1lSW4KZzB3MWZRT3plMmxMRTVpN0FzTWdNSUpTZENyNGNGT3BTU0FUMjRYRjdLanI4U2dSVExNUWFrREswN1NzOXBuRQpTUHFpK0NqRlFJVHdpQ0F2dGNKQ3hTanlRU3gzR3JyMDMrWFFjTjFsQTJ6WEFZc0g0QXUvaThqQnowY1V2V090ClVrTDFhUUxKZkhUeXlZeVZkTWdPQTZVQ2dZQndDcUY5dDFRVkc1SlA4UXVFYis4TXcvZWFUR2prNVE4TlNpdS8KcU03a0RhVElpNm9QNCtyU25ic1NGYWhUcmhSYVZ2VGlyK2JZQU5TWTFtZE1vK25LMkxqSWNrc3kza0cxR1NPMApITGU2bkdvTGdXNVVBZmpGY2FQOXpYYWZzSjFUWjZSZXo3dGRkT0pXVGlReXpuQTFiUVZkK1RobnVuYzRkOCtiCnlDY1pCUUtCZ0ZWcFZacDdjWUxHYlE1dERkL0orZ1BhcFo0TWFYSzluWDFTaktlalhjcVFFSUc3NEYrdkxzdEwKZCs4R3N0VkRzdy8vQ0VNcW9pYXZ1MkVlQ0VQZzF3ZHpDU3pWa2IrZ1FRZXA0cE1LZEhaai9YaysvNVVXTUJzOApkNnNwMWxrTTRqSGhjYkFLU056VTUrTG1NRnk0MzBPZlI2dmxVTFZjNVlaR2hSU0ZCdzdDCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
cluster 字段 certificate-authority-data 字段:服务端的 ca 证书,用来验证 kube-apiserver 证书的正确性。--tls-cert-file 配置的证书文件,kubectl 通过 kubeconfig 中的 certificate-authority-data 字段来校验 kube-apiserver 返回证书的有效性。--insecure-skip-tls-verify=true,即可跳过对 kube-apiserver 证书的校验。
users
name:用户名称
client-certificate-data:kubectl 连接 kube-apiserver 时使用的客户端证书,会发送给 kube-apiserver。内容经过 base64 编码。
client-key-data:客户端私钥信息。内容经过 base64 编码。
client-certificate-data 对应的为用户的公钥信息,使用命令 echo 'xx' | base64 -d > /tmp/client.crt; openssl x509 -in /tmp/client.crt -noout -text可对证书的内容进行解密。解密完成后的证书内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 Certificate: Data: Version: 3 (0x2) Serial Number: 2604918601715070594 (0x242687aab408b682) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = kubernetes Validity Not Before: Mar 21 08 :36:51 2024 GMT Not After : Mar 21 08 :36:52 2025 GMT Subject: O = system:masters, CN = kubernetes-admin Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a8:c2:94:36:af:ab:2d:c3:8d:2c:26:5c:37:4f: 09:d2:27:3c:02:fc:5c:be:26:38:9f:82:12:b8:f4: 1e:c9:46:da:1c:a3:19:43:aa:e2:eb:4f:09:56:1e: 45:aa:ca:70:ee:98:58:f7:e6:8f:2c:ba:cf:86:89: d7:04:08:4f:bd:e4:48:52:ac:7b:64:d0:5a:f3:79: d4:07:e3:2b:fb:da:fe:93:4d:0d:32:be:34:4a:f1: fd:86:38:0c:b9:84:75:a3:b3:6e:f5:db:3b:63:b4: 89:36:ab:a5:ca:9f:52:cd:ce:74:43:70:28:f2:ea: 69:48:36:04:12:71:b0:af:85:0f:6e:f6:6d:7b:97: 80:cf:a3:a1:09:cf:da:93:a9:dd:88:4a:8e:6b:61: 88:1b:c7:91:6b:66:3d:de:10:01:f7:35:af:fd:55: 85:34:b1:39:c6:fd:a7:84:aa:c2:01:8c:ce:d2:45: 5b:a4:d0:9e:26:2d:43:6a:8e:76:dc:00:d5:8f:c1: 41:e0:49:75:53:8f:a8:35:ce:96:f5:3c:10:97:51: d1:22:a7:ab:cf:50:0b:2d:8b:8b:c5:9b:5a:11:c6: f4:6a:6f:3b:81:2a:4a:ae:2c:3e:69:e0:3f:c7:3f: e8:98:23:ca:71:1f:80:d1:13:49:02:a5:95:c2:73: bc:09 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: A9:3F:DD:7F:2D:09:66:9D:24:9E:CC:B8:9D:D0:E0:D0:BF:94:6C:33 Signature Algorithm: sha256WithRSAEncryption Signature Value: 9f:90:63:5b:b4:c5:a1:b3:ea:64:d8:66:ff:aa:41:39:41:85: 45:e8:29:a8:96:96:f8:f4:ae:29:35:0d:8f:9c:02:49:57:0c: 87:b5:9d:7c:09:00:1e:59:1c:e3:d6:9f:7a:1c:d5:7d:ea:50: ac:33:c9:36:3a:33:c7:ed:7c:83:a7:e4:32:34:50:b4:74:22: a2:b6:be:ac:ee:91:20:06:ee:20:62:63:32:92:53:70:5f:e7: 37:61:7c:8d:ab:2d:62:4b:c5:ba:bd:e6:bd:47:b0:f2:56:64: 0d:d1:97:d1:06:52:06:f7:0b:8d:38:28:78:37:c8:28:d8:5c: d1:e6:42:77:ed:7e:17:24:57:8f:aa:62:2b:c7:33:01:96:3f: 33:99:53:ad:17:b9:3d:16:d1:87:32:f2:67:86:66:83:4b:dc: f4:57:1d:5b:59:bc:52:08:42:10:d6:45:05:3d:38:63:db:e5: b4:52:eb:64:7a:07:15:00:c5:48:91:0b:48:9c:b2:4e:8c:ae: e6:06:97:cf:c2:18:46:7e:5c:23:8a:13:39:ec:89:ed:ba:02: c6:8c:35:92:e5:a6:82:a9:95:1a:fe:a9:41:b8:c5:9b:78:b4: 49:ea:90:d8:3f:66:31:18:7c:95:a9:bf:d9:76:e2:62:b6:4f: 70 :02:19:17
其中的 Subject 中的 O 对应的 k8s 中的 Group,CN 对应的 k8s 中的 User。kube-apiserver 会通过证书的 O 和 CN 获取到 User 和 Group 信息。在 k8s 系统中,实际上并没有存储 Group 和 User 信息,而是完全依赖该证书中的信息。
kubeconfig 文件生成 kubeconfig 文件本质上是个证书,包含了 ca、证书公钥和证书私钥,在有了证书后可以通过 kubectl 命令生成新的 kubeconfig 文件
1 2 3 4 kubectl --kubeconfig ~/.kube/111111.kubeconfig config set-cluster hello --certificate-authority=/tmp/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 kubectl --kubeconfig ~/.kube/111111.kubeconfig config set-credentials hello-admin --client-certificate=/tmp/tls.crt --client-key=/tmp/tls.key --embed-certs=true kubectl --kubeconfig ~/.kube/111111.kubeconfig config set-context hello --cluster=hello --user=hello-admin kubectl --kubeconfig ~/.kube/111111.kubeconfig config use-context hello
使用 curl 命令直接访问 kube-apiserver 由于 kube-apiserver 开启了双向认证,使用 curl 命令访问 kube-apiserver 时,curl 需要指定证书信息,证书信息可以使用 kubeconfig 中的证书信息。
1 2 3 4 5 6 7 8 WORK_DIR=/tmp KUBECONFIG=~/.kube/config CONTEXT=kind-kind server=`yq eval '.clusters.[]|select(.name=="'$CONTEXT'")|.cluster.server' $KUBECONFIG` yq eval '.users.[]|select(.name=="'$CONTEXT'")|.user.client-certificate-data' $KUBECONFIG | base64 --decode > ${WORK_DIR}/client.crt yq eval '.users.[]|select(.name=="'$CONTEXT'")|.user.client-key-data' ~/.kube/config | base64 --decode > ${WORK_DIR}/client.key yq eval '.clusters.[]|select(.name=="'$CONTEXT'")|.cluster.certificate-authority-data' $KUBECONFIG | base64 --decode > ${WORK_DIR}/ca.crt curl --cert ${WORK_DIR}/client.crt --key ${WORK_DIR}/client.key --cacert ${WORK_DIR}/ca.crt "$server/apis/apiextensions.k8s.io/v1/customresourcedefinitions?limit=500&resourceVersion=0"
资料