안녕하세요, 쯀리입니다.
오늘은 kubeConfig에 관해 알아보겠습니다.
https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/
https://kubernetes.io/docs/reference/kubectl/quick-reference/
KubeConfig란?
Kubernetes에서 kubeconfig 파일은 클러스터에 대한 접근 정보를 저장하는 파일입니다. 이 파일은 사용자가 클러스터와 상호작용할 때 사용됩니다. kubectl과 같은 Kubernetes 클라이언트 도구는 이 파일을 사용하여 클러스터의 API 서버에 접근합니다. kubeconfig 파일은 클러스터의 인증, 인증서 및 API 서버 주소와 같은 정보를 포함합니다.
주요 구성 요소
- 클러스터 정보
- 사용자 정보
- 컨텍스트 정보
Quiz.
1. Where is the default kubeconfig file located in the current environment? Find the current home directory by looking at the HOME environment variable.
kubeconfig 파일의 파일 및 경로는 대체로 HOME/.kube/config 에 있습니다.
controlplane ~/.kube ✖ ls
cache config
2. How many clusters are defined in the default kubeconfig file?
controlplane ~/.kube ✖ cat config | grep cluster
clusters:
- cluster:
cluster: kubernetes
1개만 설정되어있습니다.
3. How many Users are defined in the default kubeconfig file?
controlplane ~/.kube ➜ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://controlplane:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
user 는 kubernetes-admin하나로 이루어져 있습니다.
4. How many contexts are defined in the default kubeconfig file?
controlplane ~/.kube ➜ kubectl config view | grep context
contexts:
- context:
current-context: kubernetes-admin@kubernetes
5. What is the user configured in the current context?
controlplane ~/.kube ➜ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://controlplane:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
kubernetes-admin
6. What is the name of the cluster configured in the default kubeconfig file?
kubernetes
7. A new kubeconfig file named my-kube-config is created. It is placed in the /root directory. How many clusters are defined in that kubeconfig file?
controlplane ~ ➜ cat my-kube-config
apiVersion: v1
kind: Config
clusters:
- name: production
cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://controlplane:6443
- name: development
cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://controlplane:6443
- name: kubernetes-on-aws
cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://controlplane:6443
- name: test-cluster-1
cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://controlplane:6443
4개의 cluster name이 있습니다.
8. How many contexts are configured in the my-kube-config file?
contexts:
- name: test-user@development
context:
cluster: development
user: test-user
- name: aws-user@kubernetes-on-aws
context:
cluster: kubernetes-on-aws
user: aws-user
- name: test-user@production
context:
cluster: production
user: test-user
- name: research
context:
cluster: test-cluster-1
user: dev-user
4개의 context name이 있습니다.
9. What user is configured in the research context?
- name: research
context:
cluster: test-cluster-1
user: dev-user
10. What is the name of the client-certificate file configured for the aws-user?
- name: aws-user
user:
client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key
aws-user.crt
11. What is the current context set to in the my-kube-config file?
controlplane ~ ➜ kubectl config current-context --kubeconfig my-kube-config
test-user@development
current context란?
Kubernetes에서 "current context"는 현재 kubectl 명령어가 작동하는 클러스터 및 사용자 환경을 정의하는 설정입니다. current context는 kubeconfig 파일에 정의된 여러 컨텍스트 중 하나로, 어떤 클러스터에 어떤 사용자로 접근할지를 결정합니다.
12. I would like to use the dev-user to access test-cluster-1. Set the current context to the right one so I can do that.
Once the right context is identified, use the kubectl config use-context command.
controlplane ~ ➜
cat my-kube-config
- name: research
context:
cluster: test-cluster-1
user: dev-user
controlplane ~ ➜ k config use-context research --kubeconfig=/root/my-kube-config
Switched to context "research".
사용자를 변경하였습니다!
13. We don't want to have to specify the kubeconfig file option on each command.
Set the my-kube-config file as the default kubeconfig by overwriting the content of ~/.kube/config with the content of the my-kube-config file.
controlplane ~ ➜ cp my-kube-config ~/.kube/config
controlplane ~ ➜ cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://controlplane:6443
name: development
...
14. With the current-context set to research, we are trying to access the cluster. However something seems to be wrong. Identify and fix the issue.
Try running the kubectl get pods command and look for the error. All users certificates are stored at /etc/kubernetes/pki/users.
controlplane ~ ➜ k get pods
error: unable to read client-cert /etc/kubernetes/pki/users/dev-user/developer-user.crt for dev-user due to open /etc/kubernetes/pki/users/dev-user/developer-user.crt: no such file or directory
controlplane ~ ✖ cd /etc/kubernetes/pki/users/dev-user
controlplane pki/users/dev-user ➜ ls -al
total 20
drwxr-xr-x 2 root root 4096 Jul 18 08:36 .
drwxr-xr-x 5 root root 4096 Jul 18 08:36 ..
-rw-r--r-- 1 root root 1025 Jul 18 08:55 dev-user.crt
-rw-r--r-- 1 root root 924 Jul 18 08:55 dev-user.csr
-rw------- 1 root root 1704 Jul 18 08:55 dev-user.key
### 이름이 잘못 기제된것을 알았으니 config파일을 수정해주겠습니다.
controlplane pki/users/dev-user ➜ vi ~/.kube/config
- name: dev-user
user:
client-certificate: /etc/kubernetes/pki/users/dev-user/dev-user.crt
client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
controlplane pki/users/dev-user ➜ k get pods
No resources found in default namespace.
오늘은 Kubernetes에서 kubeconfig 파일을 사용해 클러스터에 대한 접근 정보를 저장하고 사용하는 실습을 해보았습니다.
다음시간에는 Role Based Access Controls 에 관해 알아보겠습니다.
참조
※ Udemy Labs - Certified Kubernetes Administrator with Practice Tests
'IT 잡지식 > DevOps' 카테고리의 다른 글
[CKA] KodeKloud - Cluster Roles (0) | 2024.07.20 |
---|---|
[CKA] KodeKloud -Role Based Access Controls (0) | 2024.07.19 |
[CKA] KodeKloud - Certificates API (0) | 2024.07.18 |
[CKA] KodeKloud - View Certificate Details (5) | 2024.07.15 |
[CKA] KodeKloud - Backup and Restore Methods 1,2 (0) | 2024.07.13 |