mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

minor updates

pull/482/head
Mumshad 2019-03-20 15:25:38 +08:00
parent 28bd5c62f8
commit 27620baa5b
2 changed files with 40 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/05-kubernetes-configuration-files.md
View File

@ -14,41 +14,6 @@ Each kubeconfig requires a Kubernetes API Server to connect to. To support high
LOADBALANCER_ADDRESS=192.168.5.30 LOADBALANCER_ADDRESS=192.168.5.30
``` ```
### The kubelet Kubernetes Configuration File
When generating kubeconfig files for Kubelets the client certificate matching the Kubelet's node name must be used. This will ensure Kubelets are properly authorized by the Kubernetes [Node Authorizer](https://kubernetes.io/docs/admin/authorization/node/).
Generate a kubeconfig file for the first worker node:
```
for instance in worker-1; do
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://${LOADBALANCER_ADDRESS}:6443 \
--kubeconfig=${instance}.kubeconfig
kubectl config set-credentials system:node:${instance} \
--client-certificate=${instance}.crt \
--client-key=${instance}.key \
--embed-certs=true \
--kubeconfig=${instance}.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:node:${instance} \
--kubeconfig=${instance}.kubeconfig
kubectl config use-context default --kubeconfig=${instance}.kubeconfig
done
```
Results:
```
worker-1.kubeconfig
```
### The kube-proxy Kubernetes Configuration File ### The kube-proxy Kubernetes Configuration File
Generate a kubeconfig file for the `kube-proxy` service: Generate a kubeconfig file for the `kube-proxy` service:

40
docs/09-bootstrapping-kubernetes-workers.md
View File

@ -51,6 +51,46 @@ Copy the appropriate certificates and private keys to the worker node:
scp ca.crt worker-1.crt worker-1.key worker-1:~/ scp ca.crt worker-1.crt worker-1.key worker-1:~/
``` ```
### The kubelet Kubernetes Configuration File
When generating kubeconfig files for Kubelets the client certificate matching the Kubelet's node name must be used. This will ensure Kubelets are properly authorized by the Kubernetes [Node Authorizer](https://kubernetes.io/docs/admin/authorization/node/).
Get the kub-api server load-balancer IP.
```
LOADBALANCER_ADDRESS=192.168.5.30
```
Generate a kubeconfig file for the first worker node:
```
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://${LOADBALANCER_ADDRESS}:6443 \
--kubeconfig=${instance}.kubeconfig
kubectl config set-credentials system:node:worker-1 \
--client-certificate=worker-1.crt \
--client-key=worker-1.key \
--embed-certs=true \
--kubeconfig=worker-1.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:node:worker-1 \
--kubeconfig=worker-1.kubeconfig
kubectl config use-context default --kubeconfig=worker-1.kubeconfig
done
```
Results:
```
worker-1.kubeconfig
```
### Download and Install Worker Binaries ### Download and Install Worker Binaries
``` ```