Minikube: Exemplo com Autenticação

From Wiki
Revision as of 00:42, 26 February 2019 by Ebasso (talk | contribs)

1) Levantando o Minikube 

minikube start --extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \
  --extra-config=controller-manager.ClusterSigningKeyFile="/var/lib/localkube/certs/ca.key" \
  --extra-config=apiserver.authorization-mode=RBAC

Resultado: 

😄  minikube v0.34.1 on darwin (amd64)
💡  Tip: Use 'minikube start -p <name>' to create a new cluster, or 'minikube delete' to delete this one.
🏃  Re-using the currently running virtualbox VM for "minikube" ...
⌛  Waiting for SSH access ...
📶  "minikube" IP address is 192.168.99.100
🐳  Configuring Docker as the container runtime ...
✨  Preparing Kubernetes environment ...
    ▪ controller-manager.ClusterSigningCertFile=/var/lib/localkube/certs/ca.crt
    ▪ controller-manager.ClusterSigningKeyFile=/var/lib/localkube/certs/ca.key
    ▪ apiserver.authorization-mode=RBAC
🚜  Pulling images required by Kubernetes v1.13.3 ...
🔄  Relaunching Kubernetes v1.13.3 using kubeadm ...
⌛  Waiting for kube-proxy to come back up ...
🤔  Verifying component health .....
💗  kubectl is now configured to use "minikube"
🏄  Done! Thank you for using minikube!

2) Verificando a configuração, executando o comando: 

kubectl config view

Resultado: 

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/ebasso/.minikube/ca.crt
    server: https://192.168.99.100:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/ebasso/.minikube/client.crt
    client-key: /Users/ebasso/.minikube/client.key


) Criando uma namespace 

kubectl create namespace lfs158


) 

cd
mkdir .rbac
cd .rbac
openssl genrsa -out ebasso.key 2048
openssl req -new -key ebasso.key -out ebasso.csr -subj "/CN=ebasso/O=company"\n

) 

cat ebasso.csr | base64 -

Resultado 

LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV
...
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=


cat > signing-request.yml << EOF apiVersion: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest metadata: name: ebasso-csr spec: groups: - system:authenticated request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV ... 0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= usages: - digital signature - key encipherment - client auth EOF

) 

kubectl create -f signing-request.yml



Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=Minikube:_Exemplo_com_Autenticação&oldid=5224"