當用戶在云容器引擎中擁有多個Kubernetes（K8s）集群實例時，如何在一個主機終端通過kubectl連接訪問多個集群，請參考如下指引。

前提條件：

擁有多個集群實例，且當前用戶在某一主機網絡能夠連接多個集群的主機。

原理：

在某一主機上，配置多個集群實例的kubectl訪問憑證，通過kubectl命令切換使用不同集群的上下文。

獲取多個集群的kubectl訪問憑證：

打開云容器引擎的集群信息-連接信息tab頁面，可查看到當前集群的訪問憑證，點擊復制按鈕：

apiVersion: v1
clusters:
- cluster:
    server: //xxx.xxx.xxx.xxx:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: "16261"
  name: 16261-17120288662000021
current-context: 16262-17120288662000021
kind: Config
preferences: {}
users:
- name: "16261"
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDR1...
    client-key-data: LS0tLS1CRUdJTiBSU0Eg1...

• clusters：描述集群的信息，我們需要取集群的訪問地址，用于配置多個集群cluster列表。
• users：描述訪問集群訪問用戶的信息，我們需要取client-certificate-data和client-key-data這兩個證書文件內容，用于配置多個集群的user列表。
• contexts：描述集群配置的上下文，每個上下文關聯了user和對應的cluster，用kubectl命令切換上下文，便可指定使用指定的user去訪問對應的集群。

注意
一個集群可能有內網訪問地址和公網訪問地址，有兩個上下文，可配置成兩個cluster及對應的usercontext，通過切換上下文選擇使用不同的地址訪問集群。

配置多個集群的kubectl訪問憑證

下面用2個集群為例演示如何修改config文件訪問多個集群。

• 獲取集群A的訪問憑證，例如：

  apiVersion: v1
  clusters:
  - cluster:
      server: //xxx.xxx.xxx.xx1:6443
    name: kubernetes
  contexts:
  - context:
      cluster: kubernetes
      user: "16261"
    name: 16261-17120288662000021
  current-context: 16261-17120288662000021
  kind: Config
  preferences: {}
  users:
  - name: "16261"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR1...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg1...
  

• 把集群cluster名、用戶user名修改成方便識別的名稱，例如集群名修改成cluster-a，用戶名修改成cluster-a-user：

  apiVersion: v1
  clusters:
  - cluster:
      server: //xxx.xxx.xxx.xx1:6443
    name: cluster-a
  contexts:
  - context:
      cluster: cluster-a
      user: "cluster-a-user"
    name: cluster-a-context
  current-context: cluster-a-context
  kind: Config
  preferences: {}
  users:
  - name: "cluster-a-user"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR1...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg1...
  

• 獲取集群B的訪問憑證，例如：

  apiVersion: v1
  clusters:
  - cluster:
      server: //xxx.xxx.xxx.xx2:6443
    name: kubernetes
  contexts:
  - context:
      cluster: kubernetes
      user: "16262"
    name: 16262-17120288662000022
  current-context: 16262-17120288662000022
  kind: Config
  preferences: {}
  users:
  - name: "16262"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR2...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg2...
  

• 把集群cluster名、用戶user名修改成方便識別的名稱，例如集群名修改成cluster-b，用戶名修改成cluster-b-user：

  apiVersion: v1
  clusters:
  - cluster:
      server: //xxx.xxx.xxx.xx2:6443
    name: cluster-b
  contexts:
  - context:
      cluster: cluster-b
      user: "cluster-b-user"
    name: cluster-b-context
  current-context: cluster-b-context
  kind: Config
  preferences: {}
  users:
  - name: "cluster-b-user"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR2...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg2...
  

• 把兩份憑證合并到同個config文件，把兩份文件中的cluster、user、contenxt合并到同一父路徑下：

  apiVersion: v1
  clusters:
  - cluster:
      server: //xxx.xxx.xxx.xx1:6443
    name: cluster-a
  - cluster:
      server: //xxx.xxx.xxx.xx2:6443
    name: cluster-b
  contexts:
  - context:
      cluster: cluster-a
      user: "cluster-a-user"
    name: cluster-a-context
  - context:
      cluster: cluster-b
      user: "cluster-b-user"
    name: cluster-b-context
  current-context: cluster-a-context
  kind: Config
  preferences: {}
  users:
  - name: "cluster-a-user"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR1...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg1...
  - name: "cluster-b-user"
    user:
      client-certificate-data: LS0tLS1CRUdJTiBDR2...
      client-key-data: LS0tLS1CRUdJTiBSU0Eg2...
  

使用配置憑證

• 把上述config文件配置到home的下面目錄：

  [docker@10 ~]$ mkdir -p $HOME/.kube
  [docker@10 ~]$ mv config $HOME/.kube
  

• 使用kubectl命令切換集群上下文：

  [docker@10 ~]$ kubectl config use-context cluster-a-context
  Switched to context "cluster-a-context".
  [docker@10 ~]$ kubectl cluster-info
  Kubernetes master is running at //xxx.xxx.xxx.97:6443
  KubeDNS is running at //xxx.xxx.xxx.97:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
  
  To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
  [docker@10 ~]$ kubectl config use-context cluster-b-context
  Switched to context "cluster-b-context".
  [docker@10 ~]$ kubectl cluster-info
  Kubernetes master is running at //xxx.xxx.xxx.46:6443
  CoreDNS is running at //xxx.xxx.xxx.46:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
  
  To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.