Practice Test - KubeConfig

we look at kubeconfig in kubernetes so far we have seen how to generate a certificate for a user. we have seen how a client use the certificate file and key to query the kubernetes REST API for list of Pods usin Curl. In this case my cluster is called my-kube-playground, so send a CURL request to the address of the kube-api server while passing in the pair of files along with the ca certifcate as options

curl https://my-kube-playground:6443/api/v1/pods \
  --key admin.key
  --cert admin.crt
  --cacert ca.crt

{
  "kind": "PodList",
  "apiVersion": "v1", 
  "metdadata": {
    "selfLink": "/api/v1/pods",
  }.
  "items":[]
}

Now how do you do that while using the kubectl command?

kubectl get pods

--server my-kube-playground:6443

kubectl get pods
    --server my-kube-playground:6443
    --client-key admin.key
    --client-certificate admin.crt
    --certificate-authority ca.crt

kubectl get pods

kubectl get pods
  --kubeconfig config

KubeConfig File ($HOME/.kube/config)

--server my-kube-playground:6443
--client-key admin.key
--client-certificate admin.crt
--certificate-authority ca.crt

KubeConfig File

apiVersion: v1
kind: Config

clusters:
- name: my-kube-playgroud
  cluster:
    certificate-authority: ca.crt
    server: https://my-kube-playground:6443

contexts:
- name: my-kube-admin@my-kube-playground
  context: my-kube-playground
  user: my-kube-admin

users:
- name: my-kube-admin
  user:
    client-certificate: admin.crt
    cliet-key: admin.key

apiVersion: v1
kind: Config

current-context: dev-user@google

clusters:
- name: my-kube-playground
- name: development
- name: prodcution
- name: google

contexts:
- name: my-kube-admin@my-kube-playground
- name: dev-user@google
- name: prod-user@production

users:
- name: my-kube-admin
- name: admin
- name: dev-user
- name: prod-user

kubectl config view

Practice Test

ㅁ Where is the default kubeconfig file located in the current environment?

find the current home directory by loking at the HOME environment variable

[/home/packer/.kube/config]

[/root/,kube/kubeconfig]

[/root/.kube/config]

[/root/kubeconfig]

echo $HOME

/root

ㅁ How many clusters are defined in the default kubeconfig file?

kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://172.17.0.55:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

ㅁ How many Users are defined in the default kubeconfig file?

kubectl config view

users:

- name

기준으로 수를 세야 함.

ㅁ How many contexts are defined in the default kubeconfig file?

kubectl config view

ㅁ What is the user configured in the current context?

kubectl config view

ㅁ What is the name of the cluster configured in the default kubeconfig file?

kubectl config view

ㅁ A new kubeconfig file named 'my-kube-config' is created. IT is placed in the /root directory.

apiVersion: v1
kind: Config

clusters:
- name: production
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: KUBE_ADDRESS

- name: development
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: KUBE_ADDRESS

- name: kubernetes-on-aws
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: KUBE_ADDRESS

- name: test-cluster-1
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: KUBE_ADDRESS

contexts:
- name: test-user@development
  context:
    cluster: development
    user: test-user

- name: aws-user@kubernetes-on-aws
  context:
    cluster: kubernetes-on-aws
    user: aws-user

- name: test-user@production
  context:
    cluster: production
    user: test-user

- name: research
  context:
    cluster: test-cluster-1
    user: dev-user

users:
- name: test-user
  user:
    client-certificate: /etc/kubernetes/pki/users/test-user/test-user.crt
    client-key: /etc/kubernetes/pki/users/test-user/test-user.key
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/developer-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key

current-context: test-user@development
preferences: {}

ㅁ How many clusters afe defined in the kubeconfig file?

ㅁ How many contexts are configured in the 'my-kube-config' file?

ㅁ What user is configured in the 'research' context?

ㅁ What is the name of the client-certificate file configured for the 'aws-user'

ㅁ What is the current context set to in the 'mu-kube-config' file

ㅁ I would like to use the dev-user to access test-cluster-1. Set the current context to the right one so I can do that.

kubectl config --kubeconfig=/root/my-kube-config use-context research

ㅁ We don't want to have to specify the kubeconfig file option on each command. Make the my-kube-config file the defualt kubeconfig.

cp ./my-kube-config /root/.kube/config

ㅁ With the current-context set to research, we are trying to access the cluster, However something seems to be wrong. Identify and fix the issue.

Try running the kubectl get pods command and lock for the error. All users certificates are stored at /etc/kuberentes/pki/users

/etc/kubernetes/pki/users/ 에서 정상적은 각 user의 crtificate와 key의 경로를 찾아서 수정

'CKA &. CKAD > Security' 카테고리의 다른 글

Authorization (0)	2021.03.29
API Groups (0)	2021.03.29
Practice Test - Certificates API (0)	2021.03.29
Practice Test - View Certificates (0)	2021.03.29
TLS Certificates (0)	2021.03.29

Clark의 IT Container

Practice Test - KubeConfig

'CKA &. CKAD > Security' 카테고리의 다른 글

티스토리툴바

Practice Test - KubeConfig

'CKA &. CKAD > Security' 카테고리의 다른 글

'CKA &. CKAD/Security' Related Articles

티스토리툴바