분류 전체보기 (345) 썸네일형 리스트형 Practice Test - Securing Image nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx image: nginx Private Repository $ docker login private-registry.io $ docker run private-registry.io/appsinternal-app nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx image: private-registry.io/appsinternal-app How do you pass the credentials to the do.. Cluster Roles kubectl api-resources --namespaced=true kubectl api-resources --namespaced=false [Practice Test] ㅁ How many ClusterRole do you see defined in the cluster? kubectl get ClusterRoles --no-headers | wc -l ㅁ How many ClusterRoleBindings exsit on the cluster? kubectl get ClusterRoleBindings --no-header | wc -l ㅁ What namespaces is the cluster-admin clusterrole part of? kubectl describe ClusterRole clu.. RBAC (Role Based Access Controls) and Practice Test developer-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: developer rules: - apiGroups: [""] resources: ["pods"] verbs: ["list", "get", "create", "update", "delete"] - apiGroups: [""] resources: ["ConfigMap"] verbs: ["create"] kubectl create -f developer-role.yaml devuser-developer-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: nam.. Authorization Attribute Based Access Control Role Based Access Control API Groups Access the api server at the master nodes address followed by the port which is 6443 by default and the API version curl https://kube-master:6443/version similarly to get the list of pods, you wuold access the url api/v1/pods The kubernetes API is group into multiple APIs are categorized into two The core group and named group kubernetes api 관련 설명 내용 https://kubernetes.io/docs/reference/generate.. Practice Test - KubeConfig we look at kubeconfig in kubernetes so far we have seen how to generate a certificate for a user. we have seen how a client use the certificate file and key to query the kubernetes REST API for list of Pods usin Curl. In this case my cluster is called my-kube-playground, so send a CURL request to the address of the kube-api server while passing in the pair of files along with the ca certifcate a.. Practice Test - Certificates API $ openssl genrsa -out jane.key 2048 jane.key $ openssl req -new -key jane.key -subj "/CN=jane" -out jane.csr cat jane.csr | base64 jane-csr.yaml apiVersion: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest metadata: name: jane spec: groups - system:authenticated usage: - digital signature - key encipherment - server auth request: [cat jane.csr | base64 부분 추가] kubectl get csr kubectl c.. Practice Test - View Certificates cat /etc/kubernetes/manifest/kube-apiserver.yaml spec: containers: - command: - kube-apiserver - --advertise-address=172.17.0.31 - --allow-privileged=true - --authorization-mode=Node,RBAC - --client-ca-file=/etc/kubernetes/pki/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/.. 이전 1 ··· 14 15 16 17 18 19 20 ··· 44 다음
