mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 06362e0764 into 52eb26dad1

pull/869/merge
Lee Gaines 2025-04-29 15:49:15 -04:00 committed by GitHub
parent 52eb26dad1 06362e0764
commit 5277f59497
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -49,3 +49,4 @@ service-account.pem
service-account-csr.json service-account-csr.json
*.swp *.swp
.idea/ .idea/
.DS_Store

6
ca.conf
View File

@ -26,7 +26,7 @@ O = system:masters
# #
# The Kubernetes Controller Manager leverages a key pair to generate # The Kubernetes Controller Manager leverages a key pair to generate
# and sign service account tokens as described in the # and sign service account tokens as described in the
# [managing service accounts](https://kubernetes.io/docs/admin/service-accounts-admin/) # [managing service accounts](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
# documentation. # documentation.
[service-accounts] [service-accounts]
@ -39,9 +39,9 @@ CN = service-accounts
# Worker Nodes # Worker Nodes
# #
# Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) # Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/reference/access-authn-authz/node/)
# called Node Authorizer, that specifically authorizes API requests made # called Node Authorizer, that specifically authorizes API requests made
# by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). # by [Kubelets](https://kubernetes.io/docs/concepts/architecture/#kubelet).
# In order to be authorized by the Node Authorizer, Kubelets must use a credential # In order to be authorized by the Node Authorizer, Kubelets must use a credential
# that identifies them as being in the `system:nodes` group, with a username # that identifies them as being in the `system:nodes` group, with a username
# of `system:node:<nodeName>`. # of `system:node:<nodeName>`.

2
docs/02-jumpbox.md
View File

@ -14,7 +14,7 @@ All commands will be run as the `root` user. This is being done for the sake of
### Install Command Line Utilities ### Install Command Line Utilities
Now that you are logged into the `jumpbox` machine as the `root` user, you will install the command line utilities that will be used to preform various tasks throughout the tutorial. Now that you are logged into the `jumpbox` machine as the `root` user, you will install the command line utilities that will be used to perform various tasks throughout the tutorial.
```bash ```bash
{ {

2
docs/06-data-encryption-keys.md
View File

@ -21,7 +21,7 @@ envsubst < configs/encryption-config.yaml \
> encryption-config.yaml > encryption-config.yaml
``` ```
Copy the `encryption-config.yaml` encryption config file to each controller instance: Copy the `encryption-config.yaml` encryption config file to the server instance:
```bash ```bash
scp encryption-config.yaml root@server:~/ scp encryption-config.yaml root@server:~/

3
docs/09-bootstrapping-kubernetes-workers.md
View File

@ -14,9 +14,6 @@ for HOST in node-0 node-1; do
sed "s|SUBNET|$SUBNET|g" \ sed "s|SUBNET|$SUBNET|g" \
configs/10-bridge.conf > 10-bridge.conf configs/10-bridge.conf > 10-bridge.conf
sed "s|SUBNET|$SUBNET|g" \
configs/kubelet-config.yaml > kubelet-config.yaml
scp 10-bridge.conf kubelet-config.yaml \ scp 10-bridge.conf kubelet-config.yaml \
root@${HOST}:~/ root@${HOST}:~/
done done