从命令行更新群集kubeconfig

克林德瓦尔
Userlevel 1

只是想分享我们如何从命令行更新Kubeconfig。

背景:
在我们的组织中,从Karbon UI下载Kubeconfig被认为有些笨拙。我们喜欢命令行,并想要一种快速的方法来更新身份验证令牌。

解决方案:
我们创建了一个包含“ KarbonCtl”二进制文件和包装脚本的Docker映像。Dockerfile还包含在我们的CI/CD管道中以自动化图像创建。

包装脚本有两件事:

  • KarbonCtl登录-PC-IP Prism.Nightingale.nu-PC-username“ $ 1”

  • karbonctl群集kubeconfig-cluster-name“ $ 2”>“ $ 3”

最终用户运行的命令:

  • docker run -rm -rm -It -v“ $(pwd)”:/tmp docker.registry.local/karbonctl:最新 mycluster/tmp/karbon.cfg
  • 导出kubeconfig =“ $(pwd)/karbon.cfg”

-Clindevall@Nightingale
Just wanted to share how we are renewing the kubeconfig from the command line.<\/p>

Background:
In our organization it was considered a bit clumsy to download the kubeconfig from the Karbon UI. We love the command line and wanted a quick\u2019n\u2019easy way to renew the authentication token.

The solution:
We created a docker image that contains the \u201ckarbonctl\u201d binary and a wrapper script. The Dockerfile\u00a0was also included into our CI\/CD pipeline to automate the image creation.<\/p>

The wrapper script does two things:<\/p>

  • karbonctl login --pc-ip prism.nightingale.nu --pc-username \u201c$1\u201d<\/li>

  • karbonctl cluster kubeconfig --cluster-name \u201c$2\u201d\u00a0>\u201d$3\u201d<\/p> <\/li> <\/ul>

    The commands that the end user run:<\/p>

    • docker run --rm -it -v \u201c$(pwd)\u201d:\/tmp docker.registry.local\/karbonctl:latest <login> mycluster \/tmp\/karbon.cfg<\/li>
    • export KUBECONFIG=\u201d$(pwd)\/karbon.cfg\u201d<\/li> <\/ul>

      \u00a0<\/p>","quoteUsername":"clindevall","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

该主题已关闭以供评论

14个答复

乔森纳克斯
秩
UserLevel 4
徽章 +5

嘿,

感谢分享。您有机会与社区共享Dockerfile或Docker图像吗?

何塞·戈麦斯(Jose Gomez)|技术营销工程师|jose.gomez@nutanix.com |@pipoe2H
Hey,<\/p>

Thanks for sharing. Any chance you have the Dockerfile or Docker image available to share with the community?<\/p>

\u00a0<\/p>","quoteUsername":"JoseNutanix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

阿卢西亚尼
UserLevel 7
徽章 +34

感谢分享 @clindevall- 好东西!

顺便说一句 - 爱化身!

在Twitter上关注我:https://twitter.com/angeloluciani
Thanks for sharing @clindevall<\/user-mention> - good stuff!<\/p>

BTW - love the avatar!<\/p>","quoteUsername":"aluciani","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

克林德瓦尔
Userlevel 1

你好,

这是当前的Dockerfile:

来自Centos:7

复制karbonctl/usr/local/bin

复制kubeconfig/usr/local/bin

入口处[/usr/local/bin/kubeconfig]

“ kubeconfig”外壳脚本看起来像这样:

#!/bin/sh

如果[$#-LT 2]

然后

回声“用法:kubeconfig

出口1

fi

KarbonCTL登录-PC-IP Prism-Central.Host.Local -pc-username“ $ 1”

如果 [ !-Z“ $ 3”]

然后

karbonctl群集kubeconfig-cluster-name“ $ 2”>“ $ 3”

别的

karbonctl群集kubeconfig-cluster-name“ $ 2”

fi

-Clindevall@Nightingale
Hello,<\/p>

Here\u2019s the current Dockerfile:

FROM centos:7<\/code><\/p>

COPY karbonctl \/usr\/local\/bin<\/code><\/p>

COPY kubeconfig \/usr\/local\/bin<\/code><\/p>

ENTRYPOINT [\"\/usr\/local\/bin\/kubeconfig\"]<\/code>

The \u201ckubeconfig\u201d shell script looks like this:

#!\/bin\/sh<\/code><\/p>

if [ $# -lt 2 ]<\/code><\/p>

then<\/code><\/p>

echo \"Usage: kubeconfig <Office 365 login> <Karbon cluster name>\"<\/code><\/p>

exit 1<\/code><\/p>

fi<\/code><\/p>

karbonctl login --pc-ip prism-central.host.local\u00a0--pc-username \"$1\"<\/code><\/p>

if [ ! -z \"$3\" ]<\/code><\/p>

then<\/code><\/p>

karbonctl cluster kubeconfig --cluster-name \"$2\" >\"$3\"<\/code><\/p>

else<\/code><\/p>

karbonctl cluster kubeconfig --cluster-name \"$2\"<\/code><\/p>

fi<\/code>
\u00a0<\/p>","quoteUsername":"clindevall","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

克林德瓦尔
Userlevel 1

有改进的空间,但是现在我们使用这样的码头图像:

docker run -rm -rm -It -v“ $(pwd)”:/tmp docker.registry.local/karbon:最新john.doe@office365.com mycluster/tmp/tmp/mycluster.cfg

-Clindevall@Nightingale
There\u2019s room for improvement, but for now we use the docker image like this:

docker run --rm -it -v \"$(pwd)\":\/tmp docker.registry.local\/karbon:latest john.doe@office365.com\u00a0mycluster \/tmp\/mycluster.cfg<\/code><\/p>","quoteUsername":"clindevall","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
理查德

从哪里获得karbonctl二进制?

Where does one get the karbonctl binary from?<\/p>","quoteUsername":"RichardCZ","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
乔森纳克斯
秩
UserLevel 4
徽章 +5

它位于棱镜中心。使用Nutanix用户通过SSH登录/in home/home/nutanix/karbon

何塞·戈麦斯(Jose Gomez)|技术营销工程师|jose.gomez@nutanix.com |@pipoe2H
It is in Prism Central. Login via SSH with nutanix user and look in \/home\/nutanix\/karbon<\/p>","quoteUsername":"JoseNutanix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
理查德

它位于棱镜中心。使用Nutanix用户通过SSH登录/in home/home/nutanix/karbon

可以在其他地方下载它吗?我正在尝试设置另一个VM或找到可扩展的方法来续订上下文,因为共享管理凭据并不理想

\t

It is in Prism Central. Login via SSH with nutanix user and look in \/home\/nutanix\/karbon<\/p> \t <\/content-quote>

Is it possible to download this somewhere else? I\u2019m trying to setup another VM or find a scalable way to renew contexts as sharing the admin credentials isn\u2019t ideal<\/p>","quoteUsername":"RichardCZ","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

C

有没有密码的方法可以做到这一点?

帮助声称,生成了KarbonCTL配置,以允许使用KarbonCTL登录名来验证Karbon,但我每次都必须输入登录和密码。

这是我尝试过的示例命令:

karbonctl登录-config/root/.karbon/config/karbonctl.yaml -pc-username 

karbonctl登录-config/root/.karbon/config/karbonctl.yaml

KarbonCTL登录

karbonctl登录-PC-IP  -pc-username  -pc-password   - 输出JSON

KarbonCTL登录-PC-IP  -pc-username  -pc-password   - 输出'json'

最终,我试图抓住kubeconfig的詹金斯设置,我试图部署到集群。这应该是自动化的,并且不需要每次输入密码。

Is there a passwordless way to do this?<\/p>

The help claims a karbonctl configuration is generated to allow passwordless authentication to Karbon using karbonctl login, but I have to enter a login and password every time.<\/p>

\u00a0<\/p>

\"//www.jhbzcj.com/next/karbon-kubernetes-orchestration-30/\"<\/figure>

\u00a0<\/p>

Here are example commands I have tried:<\/p>

\u00a0<\/p>

karbonctl login --config \/root\/.karbon\/config\/karbonctl.yaml --pc-username <username>

karbonctl login --config \/root\/.karbon\/config\/karbonctl.yaml

karbonctl login

karbonctl login --pc-ip <cluster ip> --pc-username <username> --pc-password <password> --output json

karbonctl login --pc-ip <cluster ip> --pc-username <username> --pc-password <password> --output 'json'
<\/code><\/pre>
\u00a0<\/p>
Ultimately, I am trying to grab the kubeconfig for a Jenkins setup where I am trying to deploy to the cluster. This should be automated and not require a password to be entered everytime.<\/p>
\u00a0<\/p>","quoteUsername":"Chance","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
PIPOE2H
徽章 +4

为什么要为詹金斯密码?

我的建议是,您在K8S中为Jenkins创建一个服务帐户并使用它,而不是每24小时都需要检索的Kubeconfig。

Why do you want password for Jenkins?<\/p>

My recommendation is that you create a service account in K8s for Jenkins and use it, instead of the Kubeconfig that will require to retrieve it every 24h.<\/p>","quoteUsername":"PiPoe2H","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

C

我被误解了。我不想要詹金斯的密码。我想要一种无密码的方法来登录到集群,以便能够检索kubeconfig。

I was misunderstood. I do not want a password for Jenkins. I want a passwordless way to login to the cluster to be able to retrieve the kubeconfig.<\/p>","quoteUsername":"Chance","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
理查德

我被误解了。我不想要詹金斯的密码。

我想要一种无密码的方法来登录到集群,以便能够检索kubeconfig。

我相信实现此目的的唯一方法是通过登录prismentral并使用KarbonCTL远程获取上下文来使用密码。同样,在续订之前做出不定设置是确保在24小时过期后续签凭证的唯一方法。

\t

I was misunderstood. I do not want a password for Jenkins.<\/p>\t

\u00a0<\/p>\t

I want a passwordless way to login to the cluster to be able to retrieve the kubeconfig.<\/p>\t<\/content-quote>

\u00a0<\/p>

I believe the only way to accomplish this is to use passwords by logging in to PrismCentral\u00a0and get the context remotely using karbonctl. Also, doing an unset prior to renewal is the only way to ensure credentials renew after 24h expiration.<\/p>","quoteUsername":"RichardCZ","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

v
徽章

它位于棱镜中心。使用Nutanix用户通过SSH登录/in home/home/nutanix/karbon

@Josenutanix- 我想回声 @richardcz请求另一种访问此二进制的方法(KarbonCTL)。

我是开发人员,只有SSH可以访问基础的Kubernetes群集节点(不是Prism)。

我可以从UI中获得Kubeconfig,但是每天这样做很乏味。有一种提供我的密码并使用新鲜配置启动并运行的方法将是很棒的。

\t

It is in Prism Central. Login via SSH with nutanix user and look in \/home\/nutanix\/karbon<\/p>\t<\/content-quote>

@JoseNutanix<\/user-mention>\u00a0 - I would like to echo @RichardCZ<\/user-mention>\u00a0\u2018s request for another way to access this binary (karbonctl).<\/p>

I am a developer and only have ssh access to the underlying kubernetes cluster nodes (not prism).<\/p>

I can get the Kubeconfig from the UI, but doing that every day is very tedious.\u00a0 It would be great to have a way to give my password and be up and running with a fresh config.<\/p>","quoteUsername":"Vaccano","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

w

它位于棱镜中心。使用Nutanix用户通过SSH登录/in home/home/nutanix/karbon

@Josenutanix- 我想回声 @richardcz请求另一种访问此二进制的方法(KarbonCTL)。

我是开发人员,只有SSH可以访问基础的Kubernetes群集节点(不是Prism)。

我可以从UI中获得Kubeconfig,但是每天这样做很乏味。有一种提供我的密码并使用新鲜配置启动并运行的方法将是很棒的。

您只需要使用Clusterrole创建一个服务帐户并生成kubeconfig文件

我在詹金斯(Jenkins

\t
\t\t

It is in Prism Central. Login via SSH with nutanix user and look in \/home\/nutanix\/karbon<\/p>\t\t<\/div>\t<\/content-quote>

@JoseNutanix<\/user-mention>\u00a0 - I would like to echo\u00a0@RichardCZ<\/user-mention>\u00a0\u2018s request for another way to access this binary (karbonctl).<\/p>\t

I am a developer and only have ssh access to the underlying kubernetes cluster nodes (not prism).<\/p>\t

I can get the Kubeconfig from the UI, but doing that every day is very tedious.\u00a0 It would be great to have a way to give my password and be up and running with a fresh config.<\/p>\t<\/div><\/content-quote>

You just need to create a service account with clusterrole and generate your kubeconfig file<\/p>

i created a job in jenkins\u00a0for creating rbac role, service account and kube config for every new k8s cluster<\/p>","quoteUsername":"Wanexa","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

Mikkisse
UserLevel 3
徽章 +2

大家好。

您还可以通过Karbon API下载Kubeconfig,并且可以自动化它。

阅读我的文章 -https://vmik.net/2020/09/23/nutanix-karbon-kubeconfig/。它在俄语中,但在左下角翻译按钮。

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu