github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.9.md#optional-self-hosting

 

kubernetes/kubeadm

Aggregator for issues filed against kubeadm. Contribute to kubernetes/kubeadm development by creating an account on GitHub.

github.com

kubeadm 은 kubenetes cluster 를 구성하기위한 간편한 solution 이지만, 내부 구성에 대한부분이 감춰져 있다. 이 문서는 이러한 부분을 설명하기 위한 문서 이다. 

 

kubeadm init 및 kubeadm join 과정중에서 발생하는 내부구성요소

 

Secure
 - enforcing RBAC
 - Node Authorizer 사용
 - control plane components 간의 보안통신
 - API server and the kubelets 간의 보안통신
 - kubelet API lock-down 가능
 - kube-proxy, kube-dns 등과 같은 API system components 에 대한 access locking down 
 - Bootstrap Token 에 Access 할수있는것에 대한 locking down

 

kubeadm 을 사용하면 몇가지 command 만을 사용해서 k8s cluster 를 구성
 - kubeadm init on the master
 - export KUBECONFIG=/etc/kubernetes/admin.conf

 - kubectl apply -f <network-of-choice.yaml>

 - kubeadm join --token <token> <master-ip>:<master-port>
 - The kubeadm join request to add a node should be automatically approved

 

Kubeadm 으로 구성을 하는경우 /etc/kubenetes 디렉토리가 기준이되어 구성이 된다. 

 

We've decided to make the Kubernetes directory /etc/kubernetes a constant in the application, since it is clearly the given path in a majority of cases, and the most intuitive location. Having that path configurable would confuse readers of an on-top-of-kubeadm-implemented deployment solution.

 

kubelet 이 Pod manifest 를 찾는 Path는 "/etc/kubernetes/manifests" 여기에 구성이 된다.

etcd.yaml, kube-apiserver.yaml, kube-controller-manager.yaml, kube-scheduler.yaml

 

/etc/kubernetes/kubelet.conf - kubelet 이API server credintials 을 정의하는 파일

/etc/kubernetes/admin.conf - admin 이 superuser 권한을 가져올수 있는 경로

 

Certificate 파일의 이름

ca.crt, ca.key (CA certificate)

apiserver.crt, apiserver.key (API server certificate)

apiserver-kubelet-client.crt, apiserver-kubelet-client.key (client certificate for the apiservers to connect to the kubelets securely)

sa.pub, sa.key (a private key for signing ServiceAccount )

front-proxy-ca.crt, front-proxy-ca.key (CA for the front proxy)

front-proxy-client.crt, front-proxy-client.key (client cert for the front proxy client)

 

Kubeconfig 파일 이름

 

admin.conf

kubelet.conf (bootstrap-kubelet.conf during TLS bootstrap)

controller-manager.conf

scheduler.conf

 

'kubernetes > kubeadm' 카테고리의 다른 글

[KUBEADM] Implementation design for kubeadm (Generate kubeconfig files for the master components)  (0) 2020.11.10
[KUBEADM] Implementation design for kubeadm (Generate the necessary certificates)  (0) 2020.11.10
[KUBEADM] Implementation design for kubeadm (kubeadm init phases/Preflight checks) (kubeadm alpha phase preflight 실행결과 추가 필요)  (0) 2020.11.09
[Kubernetes] Kubernetes Container runtimes 분석 (Production environment)  (0) 2020.11.06
[TEST LAB] kubeadm 으로 PC 에서 실습환경 구성하기  (0) 2020.11.05

+ Recent posts

티스토리툴바