From fbb3b73b1f3d78292bfe808ce46b099c22246b30 Mon Sep 17 00:00:00 2001 From: Kevin Gottsman Date: Tue, 18 May 2021 04:25:52 -0400 Subject: [PATCH 1/4] Fix haproxy install on load balancer --- docs/08-bootstrapping-kubernetes-controllers.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 8b3d358..7b937f3 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -221,7 +221,6 @@ In this section you will provision an external load balancer to front the Kubern Login to `loadbalancer` instance using SSH Terminal. ``` -#Install HAProxy loadbalancer# sudo apt-get update && sudo apt-get install -y haproxy ``` From c2a902f05535a52027dc5f2dc8b6902eee34841c Mon Sep 17 00:00:00 2001 From: Kevin Gottsman Date: Tue, 18 May 2021 04:28:08 -0400 Subject: [PATCH 2/4] More cleanup to the haproxy setup --- docs/08-bootstrapping-kubernetes-controllers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 7b937f3..80d8233 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -221,12 +221,12 @@ In this section you will provision an external load balancer to front the Kubern Login to `loadbalancer` instance using SSH Terminal. ``` -loadbalancer# sudo apt-get update && sudo apt-get install -y haproxy +sudo apt-get update && sudo apt-get install -y haproxy ``` ``` -loadbalancer# cat < Date: Tue, 18 May 2021 04:32:28 -0400 Subject: [PATCH 3/4] Remove prompts from cut/paste --- docs/08-bootstrapping-kubernetes-controllers.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 80d8233..ddbb30b 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -222,7 +222,6 @@ Login to `loadbalancer` instance using SSH Terminal. ``` sudo apt-get update && sudo apt-get install -y haproxy - ``` ``` @@ -243,7 +242,7 @@ EOF ``` ``` -loadbalancer# sudo service haproxy restart +sudo service haproxy restart ``` ### Verification From 95be2e97a708e92a04db19cf08b8dc22b7cb3193 Mon Sep 17 00:00:00 2001 From: Kevin Gottsman Date: Tue, 18 May 2021 04:42:07 -0400 Subject: [PATCH 4/4] Cleanup provisioning of kublet client certs --- docs/09-bootstrapping-kubernetes-workers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 2aff5aa..551620e 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -11,7 +11,7 @@ We will now install the kubernetes components The Certificates and Configuration are created on `master-1` node and then copied over to workers using `scp`. Once this is done, the commands are to be run on first worker instance: `worker-1`. Login to first worker instance using SSH Terminal. -### Provisioning Kubelet Client Certificates +### Provisioning Kubelet Client Certificates Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. @@ -20,7 +20,7 @@ Generate a certificate and private key for one worker node: On master-1: ``` -master-1$ cat > openssl-worker-1.cnf < openssl-worker-1.cnf <