mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add details regarding the auth token

pull/49/head
Kelsey Hightower 2016-09-11 07:31:04 -07:00
parent ce7eef3210
commit b614d3b222
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/04-kubernetes-controller.md
View File

@ -60,16 +60,27 @@ sudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/bin/
##### Authentication
[Token based authentication](http://kubernetes.io/docs/admin/authentication) will be used to limit access to Kubernetes API.
[Token based authentication](http://kubernetes.io/docs/admin/authentication) will be used to limit access to the Kubernetes API. The authentication token is used by the following components:
* The Kubernetes kubelet which runs on the worker nodes
* The kubectl commandline tool
The other components, mainly the scheduler and controller manager, access the Kubernetes API server locally over the insecure API port which does not require authentication. The insecure port is only enabled for local access.
Download the example token file:
```
wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/token.csv
```
Review the example token file and replace the default token.
```
cat token.csv
```
Move the token file into the Kubernetes configuration directory so it can be read by the Kubernetes API server.
```
sudo mv token.csv /var/lib/kubernetes/
```
@ -78,14 +89,20 @@ sudo mv token.csv /var/lib/kubernetes/
Attribute-Based Access Control (ABAC) will be used to authorize access to the Kubernetes API. In this lab ABAC will be setup using the Kubernetes policy file backend as documented in the [Kubernetes authorization guide](http://kubernetes.io/docs/admin/authorization).
Download the example authorization policy file:
```
wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/authorization-policy.jsonl
```
Review the example authorization policy file. No changes are required.
```
cat authorization-policy.jsonl
```
Move the authorization policy file into the Kubernetes configuration directory so it can be read by the Kubernetes API server.
```
sudo mv authorization-policy.jsonl /var/lib/kubernetes/
```