更多关于kubernetes的深入文章,请看我csdn或者oschina的博客主页。
这两天在梳理Kubernetes集群的安全配置,涉及到各个组件的配置,最终决定画一个图来展现,应该会更清晰。
涉及以下配置:
其他各个组件作为client,访问kube-apiserver时,各个组件的配置,参考图中黑色线条对应的配置:
kube-apiserver
--secure-port=443 --client_ca_file=/var/run/kubernetes/dd_ca.crt --tls-private-key-file=/var/run/kubernetes/dd_server.key
kube-controller-manager
``` --kubeconfig=/etc/kubernetes/cmkubeconfig apiVersion: v1 kind: Config users - name: controllermanager user: client-certificate: /var/run/kubernetes/dd_cs_client.crt client-key: /var/run/kubernetes/dd_cs_client.key clusters: - name: local cluster: certificate-authority: /var/run/kubernetes/dd_ca.crt contexts: - context: cluster: local user: controllermanager name: my-context current-context: my-context ```
kube-scheduler
kube-scheduler访问apiserver的安全配置同kube-controller-manager。kubelet
--kubeconfig=/var/lib/kubelet