如何导入在另一台服务器上创建的状态? [英] How to import state created on another server?
问题描述
我使用kops设置了Kubernetes集群,而我是在本地计算机上完成的.因此,我的.kube目录存储在本地计算机上,但是我将kops设置为用于s3中的状态存储.
I setup my Kubernetes cluster using kops, and I did so from local machine. So my .kube directory is stored on my local machine, but I setup kops for state storage in s3.
我现在正在设置CI服务器,我想从该框中运行我的kubectl命令.如何将现有状态导入该服务器?
I'm in the process of setting up my CI server now, and I want to run my kubectl commands from that box. How do I go about importing the existing state to that server?
推荐答案
要运行kubectl命令,您将需要集群的apiServer URL和相关凭据进行身份验证.这些数据按照约定存储在~/.kube/config文件中.您也可以通过kubectl config view命令查看它.
To run kubectl command, you will need the cluster's apiServer URL and related credentials for authentication. Those data are by convention stored in ~/.kube/config file. You may also view it via kubectl config view command.
为了在CI服务器上运行kubectl,您需要确保~/.kube/config文件包含kubectl客户端所需的所有信息.
In order to run kubectl on your CI server, you need to make sure the ~/.kube/config file contains all the information that kubectl client needs.
使用kops,一个简单的天真解决方案是:
With kops, a simple naive solution is to:
1)在CI服务器上安装kops,kubectl
1) install kops, kubectl on your CI server
2)(通过IAM角色或简单地通过env vars)在CI服务器上配置AWS访问凭据,确保其有权访问您的s3状态存储路径
2) config the AWS access credential on your CI server (either via IAM Role or simply env vars), make sure it has access to your s3 state store path
3)设置env var以便kops访问您的集群:
3) set env var for kops to access your cluster:
export NAME=${YOUR_CLUSTER_NAME}
export KOPS_STATE_STORE=s3://${YOUR_CLUSTER_KOPS_STATE_STORE}
4)使用kops export命令获取运行kubectl所需的kubecfg
4) Use kops export command to get the kubecfg needed for running kubectl
kops export kubecfg ${YOUR_CLUSTER_NAME}
请参见 https://github.com/kubernetes/kops /blob/master/docs/cli/kops_export.md
现在,CI服务器上的~/.kube/config文件应包含kubectl访问群集所需的所有信息.
Now the ~/.kube/config file on your CI server should contain all the information kubectl needs to access your cluster.
请注意,这将使用CI服务器上的默认管理员帐户.为了实现更安全的CI/CD环境,您应该创建绑定到所需权限范围(例如名称空间,类型或资源)的服务帐户,并将其凭据放在CI服务器计算机上.
Note that this will use the default admin account on your CI server. To implement a more secure CI/CD environment, you should create a service account bind to a required permission scope (a namespace or type or resources for example), and place its credential on your CI server machine.
这篇关于如何导入在另一台服务器上创建的状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
