'controlplane' 태그의 글 목록

controlplane

[K8s] CKA 취득 연습문제#7 (kubeconfig view) 2023.05.30

[K8s] CKA 취득 연습문제#7 (kubeconfig view)

2023. 5. 30. 23:34

2023.05.30

★ kubeconfig 파일에 몇 개의 클러스터가 정의되어 있는가?

-> 1개

controlplane ~ ➜ kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

controlplane ~ ➜

★ kubeconfig 파일에 몇명의 사용자가 정의되어 있는가?

-> 1명

controlplane ~ ➜  kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

controlplane ~ ➜

★ kubeconfig 파일에는 몇 개의 컨텍스트가 정의되어 있는가?

-> 1개

controlplane ~ ➜  kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

controlplane ~ ➜

★ 컨텍스트에서 구성된 사용자 이름이 무엇인가요?

-> kubernetes-admin

controlplane ~ ➜  kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

controlplane ~ ➜

★ 컨텍스트에서 구성된 클러스터 이름이 무엇인가요?

-> kubernetes

controlplane ~ ➜  kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://controlplane:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

controlplane ~ ➜

★ my-kube-config 구성된 클러스터는 몇개인가요?

-> 4개

★ my-kube-config 구성된 컨텍스트는 몇개인가요?

-> 4개

★ my-kube-config 구성된 컨텍스트에서 research의 유저는 누구인가요?

-> dev-user

★ my-kube-config 구성된 aws-user의 인증서 파일명은 무엇인가요?

-> aws-user.crt

controlplane ~ ➜  kubectl config view --kubeconfig my-kube-config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: development
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: kubernetes-on-aws
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: production
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: test-cluster-1
contexts:
- context:
    cluster: kubernetes-on-aws
    user: aws-user
  name: aws-user@kubernetes-on-aws
- context:
    cluster: test-cluster-1
    user: dev-user
  name: research
- context:
    cluster: development
    user: test-user
  name: test-user@development
- context:
    cluster: production
    user: test-user
  name: test-user@production
current-context: test-user@development
kind: Config
preferences: {}
users:
- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/developer-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
- name: test-user
  user:
    client-certificate: /etc/kubernetes/pki/users/test-user/test-user.crt
    client-key: /etc/kubernetes/pki/users/test-user/test-user.key

controlplane ~ ➜

★ my-kube-config 파일에서 현재 컨텍스트가 무엇으로 설정되어 있나요?

-> test-user@development

controlplane ~ ➜  kubectl config current-context --kubeconfig my-kube-config 
test-user@development

controlplane ~ ➜

★ dev-user를 사용하여 test-cluster-1에 접근하려고합니다. 현재 컨텍스트를 올바른 컨텍스트로 설정해주세요.

-> research 컨텍스트로 스위칭

controlplane ~ ➜  kubectl config --kubeconfig=/root/my-kube-config use-context research
Switched to context "research".

controlplane ~ ➜

-> 현재 컨텍스트 확인

controlplane ~ ➜  kubectl config --kubeconfig=/root/my-kube-config current-context 
research

controlplane ~ ➜

★ my-kube-config 파일을 기본 kubeconfig로 설정한다.

-> /.kube/config 파일에다가 복사한다.

controlplane  ➜  mv my-kube-config /root/.kube/config

-> 확인한다.

controlplane ~ ➜  kubectl config view 
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: development
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: kubernetes-on-aws
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: production
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://controlplane:6443
  name: test-cluster-1
contexts:
- context:
    cluster: kubernetes-on-aws
    user: aws-user
  name: aws-user@kubernetes-on-aws
- context:
    cluster: test-cluster-1
    user: dev-user
  name: research
- context:
    cluster: development
    user: test-user
  name: test-user@development
- context:
    cluster: production
    user: test-user
  name: test-user@production
current-context: research
kind: Config
preferences: {}
users:
- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/developer-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
- name: test-user
  user:
    client-certificate: /etc/kubernetes/pki/users/test-user/test-user.crt
    client-key: /etc/kubernetes/pki/users/test-user/test-user.key

controlplane ~ ➜

★ 현재 컨텍스트를 연구로 설정한 상태에서 클러스터에 액세스하려고 합니다. 그러나 뭔가 잘못된 것 같습니다. 문제를 식별하고 수정하세요.

-> pod를 확인하려는데 오류 발생 (사용자 인증서를 읽을 수 없음)

controlplane ~ ➜  kubectl get pods
error: unable to read client-cert /etc/kubernetes/pki/users/dev-user/developer-user.crt for dev-user due to open /etc/kubernetes/pki/users/dev-user/developer-user.crt: no such file or directory

controlplane ~ ✖

-> config를 보고 user항목에 키 경로 확인해보기

controlplane ~ ✖ kubectl config view 
users:
- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/developer-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
- name: test-user
  user:
    client-certificate: /etc/kubernetes/pki/users/test-user/test-user.crt
    client-key: /etc/kubernetes/pki/users/test-user/test-user.key

controlplane ~ ➜

-> client-certificate: /etc/kubernetes/pki/users/dev-user/developer-user.crt 고치기

controlplane ~ ➜ kubectl config view

users:
- name: aws-user
  user:
    client-certificate: /etc/kubernetes/pki/users/aws-user/aws-user.crt
    client-key: /etc/kubernetes/pki/users/aws-user/aws-user.key
- name: dev-user
  user:
    client-certificate: /etc/kubernetes/pki/users/dev-user/dev-user.crt
    client-key: /etc/kubernetes/pki/users/dev-user/dev-user.key
- name: test-user
  user:
    client-certificate: /etc/kubernetes/pki/users/test-user/test-user.crt
    client-key: /etc/kubernetes/pki/users/test-user/test-user.key

controlplane ~ ➜

-> pod 확인

controlplane ~ ➜  kubectl get pods -A
NAMESPACE      NAME                                   READY   STATUS    RESTARTS   AGE
kube-flannel   kube-flannel-ds-2mr4z                  1/1     Running   0          54m
kube-system    coredns-787d4945fb-bxctq               1/1     Running   0          54m
kube-system    coredns-787d4945fb-r7hz5               1/1     Running   0          54m
kube-system    etcd-controlplane                      1/1     Running   0          54m
kube-system    kube-apiserver-controlplane            1/1     Running   0          54m
kube-system    kube-controller-manager-controlplane   1/1     Running   0          54m
kube-system    kube-proxy-f27wr                       1/1     Running   0          54m
kube-system    kube-scheduler-controlplane            1/1     Running   0          54m

controlplane ~ ➜

저작자표시

'Kubernetes > Kubernetes Exam' 카테고리의 다른 글

[K8s] CKA 취득 연습문제#9 (clusterrole, clusterrolebinding) (0)	2023.06.06
[K8s] CKA 취득 연습문제#8 (role, rolebinding) (0)	2023.06.06
[K8s] CKA 취득 연습문제#6 (csr approve, reject) (0)	2023.05.30
[K8s] CKA 취득 연습문제#5 (etcd, apiserver 인증서) (0)	2023.05.29
[K8s] CKA 취득 연습문제#4 (etcd backup, recovery) (0)	2023.05.24

PREV 1 NEXT

IT 끄적이는 물고기