当存在多个kubeconfig文件时,我们可以将其进行合并使用。

当前系统上存在2个kubeconfig文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# kubeconfig文件1
root@k8s-master01:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://kube-api:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED


# kubeconfig文件2
root@k8s-master01:~# kubectl config view --kubeconfig=/tmp/mykubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://kube-api:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: masuri
  name: masuri@kubernetes
current-context: masuri@kubernetes
kind: Config
preferences: {}
users:
- name: masuri
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

使用变量合并kubeconfig

1.使用KUBECONFIG变量将其进行合并

1
root@k8s-master01:~# export KUBECONFIG="$HOME/.kube/config:/tmp/mykubeconfig"

2.再次使用config view查看config文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
root@k8s-master01:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://kube-api:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
- context:
    cluster: kubernetes
    user: masuri
  name: masuri@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: masuri
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    
# 两个文件已经合并

但是此方法存在问题,如果多个kubeconfig文件中存在多个相同的集群,会导致config中相同的集群出现多次。我们可以在此基础上将其重合部分进行斩平,然后重新生成新文件。

合并kubeconfig方法2

使用merge文件合并,flatten斩平

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
root@k8s-master01:~# kubectl config view --merge --flatten  > /tmp/newkubeconfig

# 再次查看文件
root@k8s-master01:~# kubectl config view --kubeconfig=/tmp/newkubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://kube-api:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
- context:
    cluster: kubernetes
    user: masuri
  name: masuri@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: masuri
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

测试使用不同账号来获取资源信息

1
2
3
4
5
6
7
8
9
10
11
# 使用默认的kubenetes-admin@kubernetes账号
root@k8s-master01:~# kubectl get nodes --kubeconfig=/tmp/newkubeconfig
NAME           STATUS   ROLES                  AGE   VERSION
k8s-master01   Ready    control-plane,master   15d   v1.21.2
k8s-node01     Ready    <none>                 15d   v1.21.2
k8s-node02     Ready    <none>                 15d   v1.21.2
k8s-node03     Ready    <none>                 15d   v1.21.2

# 使用masuri@kubernetes账号
root@k8s-master01:~# kubectl get nodes --kubeconfig=/tmp/newkubeconfig --context=masuri@kubernetes
Error from server (Forbidden): nodes is forbidden: User "masuri" cannot list resource "nodes" in API group "" at the cluster scope