如何导入在另一台服务器上创建的状态? [英] How to import state created on another server?
问题描述
我使用kops设置了Kubernetes集群,而我是在本地计算机上完成的.因此,我的.kube
目录存储在本地计算机上,但是我将kops
设置为用于s3
中的状态存储.
I setup my Kubernetes cluster using kops, and I did so from local machine. So my .kube
directory is stored on my local machine, but I setup kops
for state storage in s3
.
我现在正在设置CI服务器,我想从该框中运行我的kubectl
命令.如何将现有状态导入该服务器?
I'm in the process of setting up my CI server now, and I want to run my kubectl
commands from that box. How do I go about importing the existing state to that server?
推荐答案
要运行kubectl
命令,您将需要集群的apiServer URL和相关凭据进行身份验证.这些数据按照约定存储在~/.kube/config
文件中.您也可以通过kubectl config view
命令查看它.
To run kubectl
command, you will need the cluster's apiServer URL and related credentials for authentication. Those data are by convention stored in ~/.kube/config
file. You may also view it via kubectl config view
command.
为了在CI服务器上运行kubectl
,您需要确保~/.kube/config
文件包含kubectl
客户端所需的所有信息.
In order to run kubectl
on your CI server, you need to make sure the ~/.kube/config
file contains all the information that kubectl
client needs.
使用kops,一个简单的天真解决方案是:
With kops, a simple naive solution is to:
1)在CI服务器上安装kops,kubectl
1) install kops, kubectl on your CI server
2)(通过IAM角色或简单地通过env vars)在CI服务器上配置AWS访问凭据,确保其有权访问您的s3状态存储路径
2) config the AWS access credential on your CI server (either via IAM Role or simply env vars), make sure it has access to your s3 state store path
3)设置env var以便kops访问您的集群:
3) set env var for kops to access your cluster:
export NAME=${YOUR_CLUSTER_NAME}
export KOPS_STATE_STORE=s3://${YOUR_CLUSTER_KOPS_STATE_STORE}
4)使用kops export命令获取运行kubectl所需的kubecfg
4) Use kops export command to get the kubecfg needed for running kubectl
kops export kubecfg ${YOUR_CLUSTER_NAME}
请参见 https://github.com/kubernetes/kops /blob/master/docs/cli/kops_export.md
现在,CI服务器上的~/.kube/config
文件应包含kubectl
访问群集所需的所有信息.
Now the ~/.kube/config
file on your CI server should contain all the information kubectl
needs to access your cluster.
请注意,这将使用CI服务器上的默认管理员帐户.为了实现更安全的CI/CD环境,您应该创建绑定到所需权限范围(例如名称空间,类型或资源)的服务帐户,并将其凭据放在CI服务器计算机上.
Note that this will use the default admin account on your CI server. To implement a more secure CI/CD environment, you should create a service account bind to a required permission scope (a namespace or type or resources for example), and place its credential on your CI server machine.
这篇关于如何导入在另一台服务器上创建的状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!