mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added ssh config setup

pull/709/head
Xander Grzywinski 2019-05-30 12:59:09 -07:00
parent 4dcac5c197
commit 56adbb106d
7 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/03-compute-resources.md
View File

@ -53,7 +53,7 @@ az network nsg rule create \
--protocol Tcp \ --protocol Tcp \
--direction Inbound \ --direction Inbound \
--priority 100 \ --priority 100 \
--source-address-prefix Any \ --source-address-prefix "*" \
--source-port-range "*" \ --source-port-range "*" \
--destination-port-ranges 22 6443 --destination-port-ranges 22 6443
``` ```
@ -303,11 +303,25 @@ worker-2 kubernetes-the-hard-way westus2
SSH will be used to configure the controller and worker instances. When building the compute instances, if you don't currently have an SSH keypair, one will be generated for you and stored in your ~/.ssh directory SSH will be used to configure the controller and worker instances. When building the compute instances, if you don't currently have an SSH keypair, one will be generated for you and stored in your ~/.ssh directory
Test SSH access to the `controller-0` compute instances using the VMs public IP address (this can be found by list your VMs with the CLI, or by looking at the VM in the Azure portal): Let's build an SSH config file to easily be able to SSH to all our controller and worker nodes throughout the lab:
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n controller-0 --output tsv | cut -f19) for instance in controller-0 controller-1 controller-2 worker-0 worker-1 worker-2; do
ssh azureuser@${EXTERNAL_IP} EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19)
cat <<EOF | tee -a ~/.ssh/config
Host ${instance}
User azureuser
HostName ${EXTERNAL_IP}
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 120
EOF
done
```
Test SSH access to the `controller-0` compute instances:
```
ssh controller-0
``` ```
``` ```

6
docs/04-certificate-authority.md
View File

@ -364,8 +364,7 @@ Copy the appropriate certificates and private keys to each worker instance:
``` ```
for instance in worker-0 worker-1 worker-2; do for instance in worker-0 worker-1 worker-2; do
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19) scp ca.pem ${instance}-key.pem ${instance}.pem ${instance}:~/
scp ca.pem ${instance}-key.pem ${instance}.pem azureuser@${EXTERNAL_IP}:~/
done done
``` ```
@ -373,8 +372,7 @@ Copy the appropriate certificates and private keys to each controller instance:
``` ```
for instance in controller-0 controller-1 controller-2; do for instance in controller-0 controller-1 controller-2; do
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19) scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem service-account-key.pem service-account.pem ${instance}:~/
scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem service-account-key.pem service-account.pem azureuser@${EXTERNAL_IP}:~/
done done
``` ```

6
docs/05-kubernetes-configuration-files.md
View File

@ -187,8 +187,7 @@ Copy the appropriate `kubelet` and `kube-proxy` kubeconfig files to each worker
``` ```
for instance in worker-0 worker-1 worker-2; do for instance in worker-0 worker-1 worker-2; do
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19) scp ${instance}.kubeconfig kube-proxy.kubeconfig ${instance}:~/
scp ${instance}.kubeconfig kube-proxy.kubeconfig azureuser@${EXTERNAL_IP}:~/
done done
``` ```
@ -196,8 +195,7 @@ Copy the appropriate `kube-controller-manager` and `kube-scheduler` kubeconfig f
``` ```
for instance in controller-0 controller-1 controller-2; do for instance in controller-0 controller-1 controller-2; do
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19) scp admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig ${instance}:~/
scp admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig azureuser@${EXTERNAL_IP}:~/
done done
``` ```

3
docs/06-data-encryption-keys.md
View File

@ -36,8 +36,7 @@ Copy the `encryption-config.yaml` encryption config file to each controller inst
``` ```
for instance in controller-0 controller-1 controller-2; do for instance in controller-0 controller-1 controller-2; do
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19) scp encryption-config.yaml ${instance}:~/
scp encryption-config.yaml azureuser@${EXTERNAL_IP}:~/
done done
``` ```

3
docs/07-bootstrapping-etcd.md
View File

@ -7,8 +7,7 @@ Kubernetes components are stateless and store cluster state in [etcd](https://gi
The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using `ssh`. Example: The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using `ssh`. Example:
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n controller-0 --output tsv | cut -f19) ssh controller-0
ssh azureuser@${EXTERNAL_IP}
``` ```
### Running commands in parallel with tmux ### Running commands in parallel with tmux

6
docs/08-bootstrapping-kubernetes-controllers.md
View File

@ -7,8 +7,7 @@ In this lab you will bootstrap the Kubernetes control plane across three compute
The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using `ssh`. Example: The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using `ssh`. Example:
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n controller-0 --output tsv | cut -f19) ssh controller-0
ssh azureuser@${EXTERNAL_IP}
``` ```
### Running commands in parallel with tmux ### Running commands in parallel with tmux
@ -284,8 +283,7 @@ In this section you will configure RBAC permissions to allow the Kubernetes API
> This tutorial sets the Kubelet `--authorization-mode` flag to `Webhook`. Webhook mode uses the [SubjectAccessReview](https://kubernetes.io/docs/admin/authorization/#checking-api-access) API to determine authorization. > This tutorial sets the Kubelet `--authorization-mode` flag to `Webhook`. Webhook mode uses the [SubjectAccessReview](https://kubernetes.io/docs/admin/authorization/#checking-api-access) API to determine authorization.
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n controller-0 --output tsv | cut -f19) ssh controller-0
ssh azureuser@${EXTERNAL_IP}
``` ```
Create the `system:kube-apiserver-to-kubelet` [ClusterRole](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) with permissions to access the Kubelet API and perform most common tasks associated with managing pods: Create the `system:kube-apiserver-to-kubelet` [ClusterRole](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) with permissions to access the Kubelet API and perform most common tasks associated with managing pods:

8
docs/09-bootstrapping-kubernetes-workers.md
View File

@ -4,11 +4,10 @@ In this lab you will bootstrap three Kubernetes worker nodes. The following comp
## Prerequisites ## Prerequisites
The commands in this lab must be run on each worker instance: `worker-0`, `worker-1`, and `worker-2`. Login to each worker instance using the `gcloud` command. Example: The commands in this lab must be run on each worker instance: `worker-0`, `worker-1`, and `worker-2`. Login to each worker instance using `ssh`. Example:
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n worker-0 --output tsv | cut -f19) ssh worker-0
ssh azureuser@${EXTERNAL_IP}
``` ```
### Running commands in parallel with tmux ### Running commands in parallel with tmux
@ -288,8 +287,7 @@ EOF
List the registered Kubernetes nodes: List the registered Kubernetes nodes:
``` ```
EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n controller-0 --output tsv | cut -f19) ssh controller-0
ssh azureuser@${EXTERNAL_IP}
``` ```
``` ```
kubectl get nodes --kubeconfig admin.kubeconfig kubectl get nodes --kubeconfig admin.kubeconfig