본문 바로가기

분류 전체보기

(345)
TLS Certificates $ cat /etc/kuernetes/manifests/kube-apiserver.yaml spec: containers: - command: - kube-apiserver - --authorization-mode=Node,RBAC - --advertise-address=172.17.0.32 - --allow-privileged=true - --client-ca-file=/etc/kubernetes/pki/ca.crt - --disable-admission-plugins=PersistentVolumeLabel - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kuberne..
TLS in Kubernetes Open SSL을 통한 인증서 Pair 생성 ㅁ Certificate Authority (CA) ㅇ Generate Keys (ca.key) $ openssl genrsa -out ca.key 2048 ca.key ㅇ Certificate Signing Request $ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr ca.csr ㅇ Sign Certificates $ openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt ca.crt ㅁ ADMIN USER ㅇ Generate Keys $ openssl genrsa -out admin.key 2048 admin.key ㅇ Certific..
TLS A certificate is used to guarantee trust between two parties during a transaction Scenario we're going to refer to the public lock as public key going forward now that you have got the idea that the ssh-keygen command we used earlier create a pair of keys for SSH purposes. so the format is bit different here we use the openssl command to generate a private and public key pair. and that's how the..
Authentication Focusing on securing access to the communicties cluster with authentication mechanisms kubectl create serviceaccount sa1 kubectl get serviceaccount kube-apiserver.service ExecStart=/usr/local/bin/kube-apiserver \\ --advertise-address=${INTERNAL_IP} \\ --allow-privileged=true \\ --apiserver-count=3 \\ --authroization-mode=Node,RBAC \\ --bind-address=0.0.0.0 \\ --enable-swagger-ui=true \\ --etcd-s..
Practice Test - Backup and Restore Methods ㅁ We have a working kuberentes cluster with a set of application running. Let us first explore the setup How many deployments exsit in the cluster? kubectl get deploymnets ㅁ What is the version of ETCD running on the cluster? Check the ETCD Pod or Process [v3.4.9], [v1.11], [v2.5], [v3.4], [v1.13] kubectl describe pod etcd-controlplane --namespace=kube-system or kubectl exec etcd-controlplane --..
Working with ETCDCTL etcdctl은 etcd용 command line cliet 이다. 모든 kubernetes hands-on lab에서 ETCD key-value database는 마스터의 Static Pod로 배포된다. 사용된 버전은 v3 이다. Backup 및 Restore와 같은 작업에 etcdctl을 사용하려면 ETCDCTL_AI를 3으로 설정해야 한다. etcdctl 클라이언트를 사용하기 전에 ETCDCTL_API 변수를 내 보내면 된다. 다음과 같이 수행할 수 있다. export ETCDCTL_API=3 Master Node에서 특정 하위 명령에 대한 모든 옵션을 보려면 -h 또는 -help 플래그를 사용해야 한다. 예를 들어, etcd의 snapshot을 작성하려면 다음을 사용해라 etcdctl snapsh..
Backup and Restore Methods Backup Candidated Declarative File Backup Backup - Resouce Configs kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml Backup - ETCD ETCDCTL_API=3 etcdctl \ snapshot save snapshot.db $ ls snapshot.db ETCDCTL_API=3 etcdctl \ snapshot status snapshot.db Restore - ETCD $ service kube-apiserver stop Service kube-apiserver stopped ETCDCTL_API=3 etcdctl \ snapshot restore snapshot.db \..
Kuberenetes Upgrade Process [Kubernetes Release] https://kubernetes.io/docs/concepts/overview/kubernetes-api/ The Kubernetes API The Kubernetes API lets you query and manipulate the state of objects in Kubernetes. The core of Kubernetes' control plane is the API server and the HTTP API that it exposes. Users, the different parts of your cluster, and external components all communica kubernetes.io Here is a link to kubernet..