From b70647894e334e7f9f096058a5153208238b1f3a Mon Sep 17 00:00:00 2001 From: Khalifah Shabazz <619281+b01@users.noreply.github.com> Date: Sun, 1 Jun 2025 22:59:11 -0400 Subject: [PATCH] chg: Hostnames In Documentation Continued Updated more places where the hostnames were not updated to reflect the new hostnames for the jumpbox, controller, and worker nodes. --- ca.conf | 12 ++++++------ docs/04-certificate-authority.md | 13 +++++++++++-- docs/05-kubernetes-configuration-files.md | 8 ++++---- docs/08-bootstrapping-kubernetes-controllers.md | 2 +- docs/10-configuring-kubectl.md | 6 +++--- 5 files changed, 25 insertions(+), 16 deletions(-) diff --git a/ca.conf b/ca.conf index 1c59135..35d9e76 100644 --- a/ca.conf +++ b/ca.conf @@ -165,12 +165,12 @@ L = Redford # from the address range (`10.32.0.0/24`) reserved for internal cluster # services. -[kube-api-server] -distinguished_name = kube-api-server_distinguished_name +[kube-apiserver] +distinguished_name = kube-apiserver_distinguished_name prompt = no -req_extensions = kube-api-server_req_extensions +req_extensions = kube-apiserver_req_extensions -[kube-api-server_req_extensions] +[kube-apiserver_req_extensions] basicConstraints = CA:FALSE extendedKeyUsage = clientAuth, serverAuth keyUsage = critical, digitalSignature, keyEncipherment @@ -179,7 +179,7 @@ nsComment = "Kube API Server Certificate" subjectAltName = @kube-api-server_alt_names subjectKeyIdentifier = hash -[kube-api-server_alt_names] +[kube-apiserver_alt_names] IP.0 = 127.0.0.1 IP.1 = 10.32.0.1 DNS.0 = kubernetes @@ -190,7 +190,7 @@ DNS.4 = kubernetes.svc.cluster.local DNS.5 = controlplane.kubernetes.local DNS.6 = api-server.kubernetes.local -[kube-api-server_distinguished_name] +[kube-apiserver_distinguished_name] CN = kubernetes C = US ST = Michigan diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md index 900e8a0..783c548 100644 --- a/docs/04-certificate-authority.md +++ b/docs/04-certificate-authority.md @@ -1,10 +1,19 @@ # Provisioning a CA and Generating TLS Certificates -In this lab you will provision a [PKI Infrastructure](https://en.wikipedia.org/wiki/Public_key_infrastructure) using openssl to bootstrap a Certificate Authority, and generate TLS certificates for the following components: kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, and kube-proxy. The commands in this section should be run from the `jumpbox`. +In this lab you will provision a [PKI Infrastructure](https://en.wikipedia.org/wiki/Public_key_infrastructure) using openssl to +bootstrap a Certificate Authority, and generate TLS certificates for the +following components: kube-apiserver, kube-controller-manager, kube-scheduler, +kubelet, and kube-proxy. The commands in this section should be run from the +`jumpbox`. ## Certificate Authority -In this section you will provision a Certificate Authority that can be used to generate additional TLS certificates for the other Kubernetes components. Setting up CA and generating certificates using `openssl` can be time-consuming, especially when doing it for the first time. To streamline this lab, I've included an openssl configuration file `ca.conf`, which defines all the details needed to generate certificates for each Kubernetes component. +In this section you will provision a Certificate Authority that can be used to +generate additional TLS certificates for the other Kubernetes components. +Setting up CA and generating certificates using `openssl` can be time-consuming, +especially when doing it for the first time. To streamline this lab, I've +included an openssl configuration file `ca.conf`, which defines all the details +needed to generate certificates for each Kubernetes component. Take a moment to review the `ca.conf` configuration file: diff --git a/docs/05-kubernetes-configuration-files.md b/docs/05-kubernetes-configuration-files.md index 8480bbb..844059b 100644 --- a/docs/05-kubernetes-configuration-files.md +++ b/docs/05-kubernetes-configuration-files.md @@ -19,7 +19,7 @@ for host in node01 node02; do kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ + --server=https://controlplane.kubernetes.local:6443 \ --kubeconfig=${host}.kubeconfig kubectl config set-credentials system:node:${host} \ @@ -54,7 +54,7 @@ Generate a kubeconfig file for the `kube-proxy` service: kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ + --server=https://controlplane.kubernetes.local:6443 \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials system:kube-proxy \ @@ -88,7 +88,7 @@ Generate a kubeconfig file for the `kube-controller-manager` service: kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ + --server=https://controlplane.kubernetes.local:6443 \ --kubeconfig=kube-controller-manager.kubeconfig kubectl config set-credentials system:kube-controller-manager \ @@ -123,7 +123,7 @@ Generate a kubeconfig file for the `kube-scheduler` service: kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ + --server=https://controlplane.kubernetes.local:6443 \ --kubeconfig=kube-scheduler.kubeconfig kubectl config set-credentials system:kube-scheduler \ diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index b27b15b..ed3608b 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -176,7 +176,7 @@ Make a HTTP request for the Kubernetes version info: ```bash curl --cacert ca.crt \ - https://server.kubernetes.local:6443/version + https://controlplane.kubernetes.local:6443/version ``` ```text diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md index 9be4978..65d4046 100644 --- a/docs/10-configuring-kubectl.md +++ b/docs/10-configuring-kubectl.md @@ -8,11 +8,11 @@ In this lab you will generate a kubeconfig file for the `kubectl` command line u Each kubeconfig requires a Kubernetes API Server to connect to. -You should be able to ping `server.kubernetes.local` based on the `/etc/hosts` DNS entry from a previous lab. +You should be able to ping `controlplane.kubernetes.local` based on the `/etc/hosts` DNS entry from a previous lab. ```bash curl --cacert ca.crt \ - https://server.kubernetes.local:6443/version + https://controlplane.kubernetes.local:6443/version ``` ```text @@ -36,7 +36,7 @@ Generate a kubeconfig file suitable for authenticating as the `admin` user: kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ - --server=https://server.kubernetes.local:6443 + --server=https://controlplane.kubernetes.local:6443 kubectl config set-credentials admin \ --client-certificate=admin.crt \