不使用gcloud工具将kubectl的本地实例连接到GKE集群吗? [英] Connect local instance of kubectl to GKE cluster without using gcloud tool?

问题描述

有人知道如何在不使用本地gcloud工具的情况下将kubectl的本地实例连接到Google Kubernetes Engine(GKE)集群吗?

Does anyone know how to connect a local instance of kubectl to a Google Kubernetes Engine (GKE) cluster, without using the gcloud tool locally?

例如:

如果通过以下命令使用gcloud工具:

If you use the gcloud tool with this command:

gcloud container clusters get-credentials NAME [--zone=ZONE, -z ZONE] [GCLOUD_WIDE_FLAG …]

您会在~/.kube/config中找到这样的用户:

You'll find a user like this in ~/.kube/config:

- name: gke_myproj_myzone
  user:
    auth-provider:
      config:
        access-token: TOKENSTRING
        cmd-args: config config-helper --format=json
        cmd-path: /google/google-cloud-sdk/bin/gcloud
        expiry: 2018-01-22 18:05:46
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp

如您所见，gcloud工具提供的默认值要求glcoud工具作为 auth-provider 登录到群集.

As you can see, the default values, the gcloud tool provides require the glcoud tool as an auth-provider to log in to your cluster.

现在，我正在寻找的是将kubectl连接到未安装gcloud的计算机上的群集的方法.

Now, what I'm looking for is a way to connect kubectl to a cluster on a machine, that does not have gcloud installed.

推荐答案

最简单的方法是将~/.kube/config文件(来自经过gcloud身份验证的实例)复制到本地实例(笔记本电脑)中的该目录$HOME/.kube中).

The easiest way to achieve this is by copying the ~/.kube/config file (from a gcloud authenticated instance) to this directory $HOME/.kube in your local instance (laptop).

但是首先，必须使用经过身份验证的实例，根据此

But first, and using the authenticated instance, you would have to enable legacy cluster per this document by running these commands:

gcloud config set container/use_client_certificate True
export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True

然后执行get-credentials命令，并复制文件.

Then execute the get-credentials command, and copy the file.

gcloud container clusters get-credentials NAME [--zone=ZONE, -z ZONE] [GCLOUD_WIDE_FLAG …]

请注意，您可能必须运行get-credentials命令，并在认证令牌(保存在配置文件中)每次到期时复制配置文件.

Note that you may have to run the get-credentials command, and copy the config file every time authentication tokens (saved in the config file) expire.

这篇关于不使用gcloud工具将kubectl的本地实例连接到GKE集群吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！