Minikube: Exemplo com Autenticação: Difference between revisions

From Wiki
(Criou a página com "1) Levantando o Minikube minikube start --extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \ --extra-config=controller-manager.C...")
 
No edit summary
Line 53: Line 53:
     client-key: /Users/ebasso/.minikube/client.key
     client-key: /Users/ebasso/.minikube/client.key
</nowiki>
</nowiki>
) Criando uma namespace
kubectl create namespace lfs158
)
cd
mkdir .rbac
cd .rbac
openssl genrsa -out ebasso.key 2048
openssl req -new -key ebasso.key -out ebasso.csr -subj "/CN=ebasso/O=company"\n
)
cat ebasso.csr | base64 -
Resultado
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV
...
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
<nowiki>
cat > signing-request.yml << EOF
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
  name: ebasso-csr
spec:
  groups:
  - system:authenticated
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV
          ...
          0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
  usages:
  - digital signature
  - key encipherment
  - client auth
EOF
</nowiki>
)
kubectl create -f signing-request.yml


= Ver também =
= Ver também =

Revision as of 00:42, 26 February 2019

1) Levantando o Minikube

minikube start --extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \
  --extra-config=controller-manager.ClusterSigningKeyFile="/var/lib/localkube/certs/ca.key" \
  --extra-config=apiserver.authorization-mode=RBAC

Resultado:

😄  minikube v0.34.1 on darwin (amd64)
💡  Tip: Use 'minikube start -p <name>' to create a new cluster, or 'minikube delete' to delete this one.
🏃  Re-using the currently running virtualbox VM for "minikube" ...
⌛  Waiting for SSH access ...
📶  "minikube" IP address is 192.168.99.100
🐳  Configuring Docker as the container runtime ...
✨  Preparing Kubernetes environment ...
    ▪ controller-manager.ClusterSigningCertFile=/var/lib/localkube/certs/ca.crt
    ▪ controller-manager.ClusterSigningKeyFile=/var/lib/localkube/certs/ca.key
    ▪ apiserver.authorization-mode=RBAC
🚜  Pulling images required by Kubernetes v1.13.3 ...
🔄  Relaunching Kubernetes v1.13.3 using kubeadm ...
⌛  Waiting for kube-proxy to come back up ...
🤔  Verifying component health .....
💗  kubectl is now configured to use "minikube"
🏄  Done! Thank you for using minikube!

2) Verificando a configuração, executando o comando:

kubectl config view

Resultado:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/ebasso/.minikube/ca.crt
    server: https://192.168.99.100:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/ebasso/.minikube/client.crt
    client-key: /Users/ebasso/.minikube/client.key


) Criando uma namespace

kubectl create namespace lfs158


)

cd
mkdir .rbac
cd .rbac
openssl genrsa -out ebasso.key 2048
openssl req -new -key ebasso.key -out ebasso.csr -subj "/CN=ebasso/O=company"\n

)

cat ebasso.csr | base64 -

Resultado

LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV
...
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=


cat > signing-request.yml << EOF apiVersion: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest metadata: name: ebasso-csr spec: groups: - system:authenticated request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV ... 0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= usages: - digital signature - key encipherment - client auth EOF

)

kubectl create -f signing-request.yml



Ver também