mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #231 from gottsman/master 

Cleanup code to deploy the haproxy load balancer
pull/634/head
Mohamed Ayman 2021-07-04 06:12:04 +02:00 committed by GitHub
parent e695945532 95be2e97a7
commit 385412cbd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/08-bootstrapping-kubernetes-controllers.md
View File

@ -221,13 +221,11 @@ In this section you will provision an external load balancer to front the Kubern
Login to `loadbalancer` instance using SSH Terminal. Login to `loadbalancer` instance using SSH Terminal.
``` ```
#Install HAProxy sudo apt-get update && sudo apt-get install -y haproxy
loadbalancer# sudo apt-get update && sudo apt-get install -y haproxy
``` ```
``` ```
loadbalancer# cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg
frontend kubernetes frontend kubernetes
bind 192.168.5.30:6443 bind 192.168.5.30:6443
option tcplog option tcplog
@ -244,7 +242,7 @@ EOF
``` ```
``` ```
loadbalancer# sudo service haproxy restart sudo service haproxy restart
``` ```
### Verification ### Verification

4
docs/09-bootstrapping-kubernetes-workers.md
View File

@ -11,7 +11,7 @@ We will now install the kubernetes components
The Certificates and Configuration are created on `master-1` node and then copied over to workers using `scp`. The Certificates and Configuration are created on `master-1` node and then copied over to workers using `scp`.
Once this is done, the commands are to be run on first worker instance: `worker-1`. Login to first worker instance using SSH Terminal. Once this is done, the commands are to be run on first worker instance: `worker-1`. Login to first worker instance using SSH Terminal.
### Provisioning Kubelet Client Certificates ### Provisioning Kubelet Client Certificates
Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:<nodeName>`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:<nodeName>`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements.
@ -20,7 +20,7 @@ Generate a certificate and private key for one worker node:
On master-1: On master-1:
``` ```
master-1$ cat > openssl-worker-1.cnf <<EOF cat > openssl-worker-1.cnf <<EOF
[req] [req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name