본문 바로가기
IT 잡지식/DevOps

[CKA] KodeKloud - KubeConfig

by 쯀리♥️ 2024. 7. 18.

 

안녕하세요, 쯀리입니다.

오늘은 kubeConfig에 관해 알아보겠습니다. 

 

https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/

 

Organizing Cluster Access Using kubeconfig Files

Use kubeconfig files to organize information about clusters, users, namespaces, and authentication mechanisms. The kubectl command-line tool uses kubeconfig files to find the information it needs to choose a cluster and communicate with the API server of a

kubernetes.io

https://kubernetes.io/docs/reference/kubectl/quick-reference/

 

kubectl Quick Reference

This page contains a list of commonly used kubectl commands and flags. Note:These instructions are for Kubernetes v1.30. To check the version, use the kubectl version command. Kubectl autocomplete BASH source <(kubectl completion bash) # set up autocomplet

kubernetes.io

 


 

KubeConfig란?

Kubernetes에서 kubeconfig 파일은 클러스터에 대한 접근 정보를 저장하는 파일입니다. 이 파일은 사용자가 클러스터와 상호작용할 때 사용됩니다. kubectl과 같은 Kubernetes 클라이언트 도구는 이 파일을 사용하여 클러스터의 API 서버에 접근합니다. kubeconfig 파일은 클러스터의 인증, 인증서 및 API 서버 주소와 같은 정보를 포함합니다.

주요 구성 요소

  1. 클러스터 정보
  2. 사용자 정보
  3. 컨텍스트 정보

Quiz.

1. Where is the default kubeconfig file located in the current environment? Find the current home directory by looking at the HOME environment variable.

kubeconfig 파일의 파일 및 경로는 대체로 HOME/.kube/config 에 있습니다.

controlplane ~/.kube ✖ ls
cache  config

 

2. How many clusters are defined in the default kubeconfig file?

controlplane ~/.kube ✖ cat config  | grep cluster
clusters:
- cluster:
    cluster: kubernetes

1개만 설정되어있습니다.

 

3. How many Users are defined in the default kubeconfig file?

controlplane ~/.kube ➜  kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

 user 는 kubernetes-admin하나로 이루어져 있습니다. 

 

4. How many contexts are defined in the default kubeconfig file?

controlplane ~/.kube ➜  kubectl config view  | grep context
contexts:
- context:
current-context: kubernetes-admin@kubernetes

 

5. What is the user configured in the current context?

controlplane ~/.kube ➜  kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

kubernetes-admin

6. What is the name of the cluster configured in the default kubeconfig file?

kubernetes

7. A new kubeconfig file named my-kube-config is created. It is placed in the /root directory. How many clusters are defined in that kubeconfig file?

controlplane ~ ➜  cat my-kube-config 
apiVersion: v1
kind: Config

clusters:
- name: production
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443

- name: development
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443

- name: kubernetes-on-aws
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443

- name: test-cluster-1
  cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443

4개의 cluster name이 있습니다. 

8. How many contexts are configured in the my-kube-config file?

contexts:
- name: test-user@development
  context:
    cluster: development
    user: test-user

- name: aws-user@kubernetes-on-aws
  context:
    cluster: kubernetes-on-aws
    user: aws-user

- name: test-user@production
  context:
    cluster: production
    user: test-user

- name: research
  context:
    cluster: test-cluster-1
    user: dev-user

4개의 context name이 있습니다. 

9. What user is configured in the research context?

- name: research
  context:
    cluster: test-cluster-1
    user: dev-user

 

10. What is the name of the client-certificate file configured for the aws-user?

- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key

aws-user.crt

11. What is the current context set to in the my-kube-config file?

controlplane ~ ➜  kubectl config current-context --kubeconfig my-kube-config
test-user@development
 

current context란? 

Kubernetes에서 "current context"는 현재 kubectl 명령어가 작동하는 클러스터 및 사용자 환경을 정의하는 설정입니다. current context는 kubeconfig 파일에 정의된 여러 컨텍스트 중 하나로, 어떤 클러스터에 어떤 사용자로 접근할지를 결정합니다.

 

12. I would like to use the dev-user to access test-cluster-1. Set the current context to the right one so I can do that.

Once the right context is identified, use the kubectl config use-context command.

controlplane ~ ➜  
cat my-kube-config 
- name: research
  context:
    cluster: test-cluster-1
    user: dev-user
 
controlplane ~ ➜  k config use-context research --kubeconfig=/root/my-kube-config
Switched to context "research".

사용자를 변경하였습니다!

 

13. We don't want to have to specify the kubeconfig file option on each command.

Set the my-kube-config file as the default kubeconfig by overwriting the content of ~/.kube/config with the content of the my-kube-config file.

controlplane ~ ➜  cp my-kube-config ~/.kube/config

controlplane ~ ➜  cat ~/.kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: development
  ...

 

14. With the current-context set to research, we are trying to access the cluster. However something seems to be wrong. Identify and fix the issue.

Try running the kubectl get pods command and look for the error. All users certificates are stored at /etc/kubernetes/pki/users.

controlplane ~ ➜  k get pods
error: unable to read client-cert /etc/kubernetes/pki/users/dev-user/developer-user.crt for dev-user due to open /etc/kubernetes/pki/users/dev-user/developer-user.crt: no such file or directory

controlplane ~ ✖ cd /etc/kubernetes/pki/users/dev-user

controlplane pki/users/dev-user ➜  ls -al
total 20
drwxr-xr-x 2 root root 4096 Jul 18 08:36 .
drwxr-xr-x 5 root root 4096 Jul 18 08:36 ..
-rw-r--r-- 1 root root 1025 Jul 18 08:55 dev-user.crt
-rw-r--r-- 1 root root  924 Jul 18 08:55 dev-user.csr
-rw------- 1 root root 1704 Jul 18 08:55 dev-user.key

### 이름이 잘못 기제된것을 알았으니 config파일을 수정해주겠습니다.
controlplane pki/users/dev-user ➜  vi ~/.kube/config 
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/dev-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
    
controlplane pki/users/dev-user ➜  k get pods
No resources found in default namespace.

  


오늘은 Kubernetes에서 kubeconfig 파일을 사용해 클러스터에 대한 접근 정보를 저장하고 사용하는 실습을 해보았습니다.

다음시간에는 Role Based Access Controls 에 관해 알아보겠습니다.

 


참조

 Udemy Labs - Certified Kubernetes Administrator with Practice Tests