title: “Kubernetes Metrics Server”
date: 2020-04-05T12:55:07
slug: kubernetes-metrics-server

git clone https://github.com/kubernetes-incubator/metrics-server.git
kubectl create -f .
kubectl top node
kubectl top pod

Bei x509 Fehlern:

spec:
 containers:
 - args:
 - --cert-dir=/tmp
 - --secure-port=4443
 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
 - --kubelet-use-node-status-port
 - --kubelet-insecure-tls

title: “Create Certificate Request”
date: 2020-04-04T13:18:52
slug: 1207-2

apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
 name: akshay
spec:
 groups:
 - system:authenticated
 request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBNQTBHQTFVRUF3d0dZV3R6YUdGNU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQXgrVkQ4MjJVZEhXMzhMTVc3S0xxVlBPaHZqaUFmV0paVjUwa0tDTEZQSnIzCnJTUEVPM0JNUFAwcnI5QU16RDNFaXpoOUtTNndzQjRjbHk4NUtzOWxwT2puMkhCODhlTVRYOEhBWUdmTjA0V2cKL3g4Z2MrMWw3QzNhT3JnbUNNaTVOYzVqVVhPQ01pTldkcGRBbWk4MHNXRy9BVUJuYnpqdjNvaGE5ODZvdlhMUApJQ29tSFNuQjBkVkE1ZmNyWWlZN21IZHV4ZlBBbFBFUXA4allaTEV4MEZ0cDBnMWJWTkRybEY5Zm5SQVBFbzlZClNLcjBmdEJpYUpWejJSSTl2YUR5QTlqYU5vbGN4OVdiTjBqUVR5eFhyc0xHMVVReFdvdk5WejM2TFNXd2NYc3EKQnhmWEk3NVFXeXBDYnpmNitVaG8wRk41TkptNDhmMXNwcWdKSVhFd1Z3SURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBRXFnclN5UTZNRUM4dnc1ekp1YU5ScVo3NEhzK0htNlJxOG1sSnBCdmg4ck9KYnp5cjFTCm1LZUZqMVNlcVF2Q2s1czJld0tBYUJrczRwVHNRSWlNa2FOZXgweE9yUTVUQTB0RHlrZUpZcjRPalA5cmVRRDUKeUFKalp0MnVYeFNmY0wwdkM0WTNZQlRqUWd3U3FCQXJlUzgvWjFWT3draHVpbmtuZU1Oa1U3RlJkQ1hCcHh0ZQpDRE1naXlYa3lpbVh5U3RVZVhFNDJweUlJQjgyeTRNYjQrYURyOGR6MkhCRmpzcE10RVJOaUtrTkFCLzErc3hOCnA5MDZaQTNsRmdVRENNUjdVY29VSUMvTjN4SUExVDM5cTBFZzI4RENTYzNMWGZWTFlsL3NSeVdvdVd6eUFwZTMKcldFSDRhREltTTdXRjNGYjFHWlpUSHlBRElvZXR1cGdNdGc9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
 usages:
 - digital signature
 - key encipherment
 - server auth

title: “Authentication with Password File”
date: 2020-04-04T12:30:30
slug: authentication-with-password-file

/tmp/users/user-details.csv

# User File Contents
password123,user1,u0001
password123,user2,u0002
password123,user3,u0003
password123,user4,u0004
password123,user5,u0005

/etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1
kind: Pod
metadata:
 name: kube-apiserver
 namespace: kube-system
spec:
 containers:
 - command:
 - kube-apiserver
 - --basic-auth-file=/tmp/users/user-details.csv
 image: k8s.gcr.io/kube-apiserver-amd64:v1.11.3
 name: kube-apiserver
 volumeMounts:
 - mountPath: /tmp/users
 name: usr-details
 readOnly: true
 volumes:
 - hostPath:
 path: /tmp/users
 type: DirectoryOrCreate
 name: usr-details

Create the necessary roles and role bindings for these users:

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 namespace: default
 name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
 resources: ["pods"]
 verbs: ["get", "watch", "list"]

---
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 name: read-pods
 namespace: default
subjects:
- kind: User
 name: user1 # Name is case sensitive
 apiGroup: rbac.authorization.k8s.io
roleRef:
 kind: Role #this must be Role or ClusterRole
 name: pod-reader # this must match the name of the Role or ClusterRole you wish to bind to
 apiGroup: rbac.authorization.k8s.io

Once created, you may authenticate into the kube-api server using the users credentials

curl -v -k https://localhost:6443/api/v1/pods -u "user1:password123"