1. Strengthen the understanding of kubectl config command in combination with kubectl deployment

kubectl config command generates cluster information, cluster users and user permissions and writes these contents to the configuration file read by kubectl

The kubectl config command executed when deploying kubectl is as follows

[root@k8s-master admin]# source /opt/k8s/bin/environment.sh

# Set cluster parameters
[root@k8s-master admin]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kubectl.kubeconfig
#Set client authentication parameters
[root@k8s-master admin]# kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kubectl.kubeconfig
#Set context parameters, including cluster name and user name to access the cluster
[root@k8s-master admin]# kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=kubectl.kubeconfig
#Use default context
[root@k8s-master admin]# kubectl config use-context kubernetes --kubeconfig=kubectl.kubeconfig
Switched to context "kubernetes".

2.
kubectl config set-cluster

Refer to the following command:

kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kubectl.kubeconfig

//For command help, see the following:
kubectl config set-cluster  -h
Sets a cluster entry in kubeconfig.

Specifying a name that already exists will merge new fields on top of existing
values for those fields.

Examples:
  # Set only the server field on the e2e cluster entry without touching other
values.
  kubectl config set-cluster e2e --server=https://1.2.3.4

  # Embed certificate authority data for the e2e cluster entry
  kubectl config set-cluster e2e
--certificate-authority=~/.kube/e2e/kubernetes.ca.crt

  # Disable cert checking for the dev cluster entry
  kubectl config set-cluster e2e --insecure-skip-tls-verify=true

Options:
      --embed-certs=false: embed-certs for the cluster entry in kubeconfig

Usage:
  kubectl config set-cluster NAME [--server=server]
[--certificate-authority=path/to/certificate/authority]
[--insecure-skip-tls-verify=true] [options]

Use "kubectl options" for a list of global command-line options (applies to all
commands).

Parameter Description:

kubernetes                                                                                      ##Cluster name
--certificate-authority=/etc/kubernetes/cert/ca.pem                        ##Cluster certificate issuing ca
--embed-certs=true --server=${KUBE_APISERVER}                    ##Cluster service ip
--kubeconfig=kubectl.kubeconfig                                                   ##Write the information generated by the command to kubeconfig, and write the kubectl.kubeconfig file at the same time

3.
kubectl config set-credentials

Refer to the following command:

kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kubectl.kubeconfig

For command help, see the following:

[root@k8s-master1 admin]# kubectl config set-credentials -h
Sets a user entry in kubeconfig

Specifying a name that already exists will merge new fields on top of existing
values.

  Client-certificate flags:
  --client-certificate=certfile --client-key=keyfile

  Bearer token flags:
    --token=bearer_token

  Basic auth flags:
    --username=basic_user --password=basic_password

Bearer token and basic auth are mutually exclusive.

Examples:
  # Set only the "client-key" field on the "cluster-admin"
  # entry, without touching other values:
  kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key

  # Set basic auth for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --username=admin
--password=uXFGweU9l35qcif

  # Embed client certificate data in the "cluster-admin" entry
  kubectl config set-credentials cluster-admin
--client-certificate=~/.kube/admin.crt --embed-certs=true

  # Enable the Google Compute Platform auth provider for the "cluster-admin"
entry
  kubectl config set-credentials cluster-admin --auth-provider=gcp

  # Enable the OpenID Connect auth provider for the "cluster-admin" entry with
additional args
  kubectl config set-credentials cluster-admin --auth-provider=oidc
--auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar

  # Remove the "client-secret" config value for the OpenID Connect auth provider
for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --auth-provider=oidc
--auth-provider-arg=client-secret-

Options:
      --auth-provider='': Auth provider for the user entry in kubeconfig
      --auth-provider-arg=[]: 'key=value' arguments for the auth provider
      --embed-certs=false: Embed client cert/key for the user entry in
kubeconfig

Usage:
  kubectl config set-credentials NAME [--client-certificate=path/to/certfile]
[--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user]
[--password=basic_password] [--auth-provider=provider_name]
[--auth-provider-arg=key=value] [options]

Use "kubectl options" for a list of global command-line options (applies to all
commands).

Parameter Description:

admin                                                                                    ##User name
--client-certificate=admin.pem                                              ##Certificate used
--client-key=admin-key.pem                                                 ##Private key used
--embed-certs=true                                                              ##Write the client's certificate and private key to the kubeconfig file

4.
kubectl config set-context 

Refer to the following command:

kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=kubectl.kubeconfig

For command help, see the following:

[root@k8s-master1 admin]# kubectl config set-context -h
Sets a context entry in kubeconfig

Specifying a name that already exists will merge new fields on top of existing
values for those fields.

Examples:
  # Set the user field on the gce context entry without touching other values
  kubectl config set-context gce --user=cluster-admin

Usage:
  kubectl config set-context NAME [--cluster=cluster_nickname]
[--user=user_nickname] [--namespace=namespace] [options]

Use "kubectl options" for a list of global command-line options (applies to all
commands).

Parameter Description:

kubernetes                                                                    ##context name
--cluster=kubernetes                                                    ##Cluster name
--user=admin                                                               ##Name of the user accessing the cluster

5.
kubectl config use-context 

The reference command is as follows:

kubectl config use-context kubernetes --kubeconfig=kubectl.kubeconfig

For command help, see the following:

[root@k8s-master1 admin]# kubectl config use-context -h
Sets the current-context in a kubeconfig file

Aliases:
use-context, use

Examples:
  # Use the context for the minikube cluster
  kubectl config use-context minikube

Usage:
  kubectl config use-context CONTEXT_NAME [options]

Use "kubectl options" for a list of global command-line options (applies to all
commands).

Parameter Description:

kubernetes                                       ##context name used

6. Clear previous configuration
Before emptying:

[root@k8s-master1 admin]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://192.168.32.127:8443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
[root@k8s-master1 admin]#

Emptying:

[root@k8s-master1 admin]# kubectl config delete-context kubernetes
warning: this removed your active context, use "kubectl config use-context" to select a different one
deleted context kubernetes from /root/.kube/config
[root@k8s-master1 admin]# kubectl config delete-cluster kubernetes
deleted cluster kubernetes from /root/.kube/config
[root@k8s-master1 admin]#
[root@k8s-master1 admin]# kubectl config unset  current-context
Property "current-context" unset.
[root@k8s-master1 .kube]# rm -rf config

Execute kubectl config view again

[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s-master1 .kube]#

7. Execute command again
 

# Set the cluster parameter × × × × × × × × × × × × × × × × × × × × ×
[root@k8s-master1 .kube]#  kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=https://192.168.32.127:8443 --kubeconfig=config
Cluster "kubernetes" set.

Be careful:

--server=https=//192.168.32.127:8443 I used my real address here
--kubeconfig=config                                       ##I am under the. kube directory, so I generate the config file directly

[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https=//192.168.32.127:8443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s-master1 .kube]#

#Comparison: after executing this command, the cluster information and the certificate used have been written

#Set client authentication parameters

[root@k8s-master1 .kube]# kubectl config set-credentials admin --client-certificate=/root/k8s/key/admin/admin.pem --client-key=/root/k8s/key/admin/admin-key.pem --embed-certs=true --kubeconfig=config
User "admin" set.

[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https=//192.168.32.127:8443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
[root@k8s-master1 .kube]#

#Comparison: after executing this command, the user information and the used certificate and private key have been written

#Set context parameters

[root@k8s-master1 .kube]# kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=config
Context "kubernetes" created.
[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https=//192.168.32.127:8443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

[root@k8s-master1 .kube]# kubectl config get-contexts
CURRENT   NAME         CLUSTER      AUTHINFO   NAMESPACE
          kubernetes   kubernetes   admin     
[root@k8s-master1 .kube]#

#Comparison: context has been written

#Use context parameters

[root@k8s-master1 .kube]# kubectl config use-context kubernetes --kubeconfig=config
Switched to context "kubernetes".
[root@k8s-master1 .kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https=//192.168.32.127:8443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

[root@k8s-master1 .kube]# kubectl config current-context
kubernetes

#Contrast: note that current context: kubernetes has been used