etcd for Kubernetes)
1
kubectl get nodes
1
cat ~/.kube/config
certificate-authority-dataserverclient-certificate-dataclient-key-datastudent:
1
2
sudo useradd -s /bin/bash -d /home/student -m -G docker student
sudo su - student
kubectl commands now:
1
2
kubectl get nodes
kubectl get svc
student, run the following command:
1
mkdir .kube
config inside .kube with the following contents: COPY_FROM_ABOVE with the corresponding values of the corresponding fields above.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: COPY_FROM_ABOVE
server: COPY_FROM_ABOVE
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: student
name: student@kubernetes
current-context: student@kubernetes
kind: Config
preferences: {}
users:
- name: student
user:
client-certificate-data: COPY_FROM_ABOVE
client-key-data: COPY_FROM_ABOVE
kubectl commands now:
1
2
kubectl get nodes
kubectl get svc
Adding at least another Kubernetes cluster from one of your classmates’ experiment to your student account. In other words, one account can have access to multiple K8S cluster.
rbac.authorization.k8s.io API group to drive RBAC-based authorization decisions,
1
kubectl describe pods kube-apiserver -n kube-system | grep authorization
1
2
kubectl get role --all-namespaces
kubectl describe role system::leader-locking-kube-controller-manager -n kube-system
1
2
kubectl get clusterrole --all-namespaces
kubectl describe clusterrole cluster-admin
1
2
kubectl get RoleBinding --all-namespaces
kubectl get ClusterRoleBinding
resources are available and what verbs are applicable?
1
kubectl api-resources --sort-by name -o wide
NET_BIND_SERVICE.