{"id":70803,"date":"2024-07-25T23:48:49","date_gmt":"2024-07-25T20:18:49","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/40-days-of-kubernetes-2240-533j\/"},"modified":"2024-07-25T23:48:49","modified_gmt":"2024-07-25T20:18:49","slug":"40-days-of-kubernetes-2240-533j","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/40-days-of-kubernetes-2240-533j\/","title":{"rendered":"40 Days Of Kubernetes (22\/40)"},"content":{"rendered":"

Summarize this content to 400 words in Persian Lang <\/p>\n

\u0631\u0648\u0632 22\/40<\/p>\n

\u0644\u06cc\u0646\u06a9 \u0648\u06cc\u062f\u06cc\u0648@piyushsachdeva \u0645\u062e\u0632\u0646 \u06af\u06cc\u062a\u0645\u0646 Git Repo<\/p>\n

\u0645\u0627 \u0646\u06af\u0627\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 authorization\u060c kubeconfig \u0648 \u0628\u0631\u062e\u06cc \u0645\u0641\u0627\u0647\u06cc\u0645 \u062f\u06cc\u06af\u0631\u062f\u0631 \u0648\u0627\u0642\u0639 \u0648\u0642\u062a\u06cc \u0641\u0631\u0645\u0627\u0646 \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u06cc\u062f kubectl get pods\u060c \u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646\u06a9\u0647 \u0628\u0647 \u0646\u062a\u06cc\u062c\u0647 \u0628\u0631\u0633\u06cc\u062f\u060c \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u06cc \u0634\u0648\u06cc\u062f \u0648 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0622\u06cc\u0627 \u0645\u062c\u0627\u0632 \u0647\u0633\u062a\u06cc\u062f \u0648 \u0627\u062c\u0627\u0632\u0647 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u062f\u0633\u062a\u0648\u0631 \u0631\u0627 \u062f\u0631 \u06cc\u06a9 kubernetes \u062e\u0648\u0634\u0647.<\/p>\n

\u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u067e\u0633\u200c\u0632\u0645\u06cc\u0646\u0647\u060c \u0628\u0631\u062e\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0628\u0647 \u062e\u0648\u0634\u0647 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0634\u0645\u0627 \u0645\u062c\u0627\u0632 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0631 \u06cc\u06a9 \u062e\u0648\u0634\u0647 \u0647\u0633\u062a\u06cc\u062f \u06cc\u0627 \u0646\u06cc\u0633\u062a\u06cc\u062f.\u0645\u0627 \u0627\u06cc\u0646 \u06af\u0632\u06cc\u0646\u0647 \u0647\u0627 \u0631\u0627 \u0628\u0627 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u06a9\u0627\u0646\u0641\u06cc\u06af \u0628\u0647 \u0646\u0627\u0645 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc \u06a9\u0646\u06cc\u0645 kubeconfig.<\/p>\n

\u062f\u0633\u062a\u0648\u0631 \u0648\u0627\u0642\u0639\u06cc \u0628\u0647 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0627\u0633\u062a:<\/p>\n

root@localhost:~# kubectl get nodes –kubeconfig .kube\/config
\nNAME STATUS ROLES AGE VERSION
\nlucky-luke-control-plane Ready control-plane 22d v1.30.0
\nlucky-luke-worker Ready 22d v1.30.0
\nlucky-luke-worker2 Ready 22d v1.30.0<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u062c\u0632\u0626\u06cc\u0627\u062a \u062f\u0631 kubeconfig \u0641\u0627\u06cc\u0644 \u0634\u0627\u0645\u0644:<\/p>\n

\u06af\u0648\u0627\u0647\u06cc-\u0645\u0631\u062c\u0639-\u062f\u0627\u062f\u0647
\n\u0633\u0631\u0648\u0631
\n\u0632\u0645\u06cc\u0646\u0647 \u0647\u0627
\n\u06a9\u0644\u0627\u06cc\u0646\u062a-\u06a9\u0644\u06cc\u062f-\u062f\u0627\u062f\u0647 \u0648 \u063a\u06cc\u0631\u0647. \u0631\u0627 context \u0686\u06cc\u0632\u06cc \u0646\u06cc\u0633\u062a \u062c\u0632 \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 user \u0648 cluster.<\/p>\n

(\u0639\u06a9\u0633 \u0627\u0632 \u0648\u06cc\u062f\u06cc\u0648)<\/p>\n


\ncontexts:
\n– context:
\n cluster: kind-lucky-luke
\n user: kind-lucky-luke
\n name: kind-lucky-luke
\n…<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0686\u06cc\u0633\u062a \u0648 \u0645\u062c\u0648\u0632 \u0686\u06cc\u0633\u062a<\/p>\n

(\u0639\u06a9\u0633 \u0627\u0632 \u0648\u06cc\u062f\u06cc\u0648)<\/p>\n

ABAC\u060c \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0648\u06cc\u0698\u06af\u06cc\u060c \u06cc\u06a9 \u067e\u0627\u0631\u0627\u062f\u0627\u06cc\u0645 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0645\u0648\u062c\u0628 \u0622\u0646 \u062d\u0642\u0648\u0642 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0627\u0633\u062a \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0648\u06cc\u0698\u06af\u06cc \u0647\u0627 \u0631\u0627 \u0628\u0627 \u0647\u0645 \u062a\u0631\u06a9\u06cc\u0628 \u0645\u06cc \u06a9\u0646\u0646\u062f \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0639\u0637\u0627 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n

RBAC\u060c \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0646\u0642\u0634\u060c \u0631\u0648\u0634\u06cc \u0628\u0631\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0631\u0627\u06cc\u0627\u0646\u0647 \u06cc\u0627 \u0645\u0646\u0627\u0628\u0639 \u0634\u0628\u06a9\u0647 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0646\u0642\u0634 \u062a\u06a9 \u062a\u06a9 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0631 \u0633\u0627\u0632\u0645\u0627\u0646 \u0634\u0645\u0627 \u0627\u0633\u062a. \u0645\u0646\u0628\u0639<\/p>\n

\u06af\u0631\u0647 \u0645\u062c\u0648\u0632 \u06cc\u06a9 \u062d\u0627\u0644\u062a \u0645\u062c\u0648\u0632 \u0628\u0627 \u0647\u062f\u0641 \u0648\u06cc\u0698\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0627\u0635 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc API \u0627\u0631\u0627\u0626\u0647 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 kubelets.source \u0631\u0627 \u0645\u062c\u0627\u0632 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n

\u0622 \u0648\u0628 \u0647\u0648\u06a9 \u06cc\u06a9 \u067e\u0627\u0633\u062e \u062a\u0645\u0627\u0633 HTTP \u0627\u0633\u062a: \u06cc\u06a9 HTTP POST \u06a9\u0647 \u0632\u0645\u0627\u0646\u06cc \u0627\u062a\u0641\u0627\u0642 \u0645\u06cc \u0627\u0641\u062a\u062f \u06a9\u0647 \u0627\u062a\u0641\u0627\u0642\u06cc \u0645\u06cc \u0627\u0641\u062a\u062f. \u06cc\u06a9 \u0627\u0639\u0644\u0627\u0646 \u0631\u0648\u06cc\u062f\u0627\u062f \u0633\u0627\u062f\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 HTTP POST. \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648\u0628 \u06a9\u0647 WebHooks \u0631\u0627 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0645\u0648\u0627\u0631\u062f \u062e\u0627\u0635\u06cc \u0627\u062a\u0641\u0627\u0642 \u0645\u06cc\u200c\u0627\u0641\u062a\u062f\u060c \u067e\u06cc\u0627\u0645\u06cc \u0631\u0627 \u0628\u0647 URL \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.\u0648\u0642\u062a\u06cc \u0645\u0634\u062e\u0635 \u0634\u062f\u060c \u062d\u0627\u0644\u062a Webhook \u0628\u0627\u0639\u062b \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 Kubernetes \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u062a\u0639\u06cc\u06cc\u0646 user privileges.source \u0627\u0632 \u06cc\u06a9 \u0633\u0631\u0648\u06cc\u0633 REST \u062e\u0627\u0631\u062c \u067e\u0631\u0633 \u0648 \u062c\u0648 \u06a9\u0646\u062f<\/p>\n

\u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0645\u0627 \u0627\u0632 a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 kind \u062e\u0648\u0634\u0647\u060c \u0645\u0627 \u0646\u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0647 \u06af\u0631\u0647 \u062e\u0648\u062f ssh \u06a9\u0646\u06cc\u0645\u060c \u0632\u06cc\u0631\u0627 \u06cc\u06a9 \u0638\u0631\u0641 \u062f\u0627\u06a9\u0631 \u0627\u0633\u062a. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u0645 \u0622\u0646 \u0631\u0627 \u0627\u062f\u0627\u0631\u0647 \u06a9\u0646\u06cc\u0645 exec \u0641\u0631\u0645\u0627\u0646<\/p>\n

root@localhost:~# docker ps | grep control-plane
\nf791fa85c269 kindest\/node:v1.30.0 “\/usr\/local\/bin\/entr\u2026” 3 weeks ago Up 11 hours 0.0.0.0:30001->30001\/tcp, 127.0.0.1:39283->6443\/tcp lucky-luke-control-plane
\nroot@localhost:~# docker exec -it lucky-luke-control-plane bash
\nroot@lucky-luke-control-plane:\/# cd \/etc\/kubernetes\/manifests\/
\nroot@lucky-luke-control-plane:\/etc\/kubernetes\/manifests# ls -l
\ntotal 16
\n-rw——- 1 root root 2418 Jul 23 06:26 etcd.yaml
\n-rw——- 1 root root 3896 Jul 23 06:26 kube-apiserver.yaml
\n-rw——- 1 root root 3434 Jul 23 06:26 kube-controller-manager.yaml
\n-rw——- 1 root root 1463 Jul 23 06:26 kube-scheduler.yaml<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u06af\u0631 \u0628\u0628\u06cc\u0646\u06cc\u0645 kube-apiserver.yaml \u0641\u0627\u06cc\u0644\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u0631\u0627 \u0628\u0628\u06cc\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0634\u0631\u0648\u0639 \u0641\u0631\u0645\u0627\u0646 \u0633\u0631\u0648\u06cc\u0633 \u0639\u0628\u0648\u0631 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0645\u0627\u0646\u0646\u062f:<\/p>\n


\nspec:
\n containers:
\n – command:
\n – kube-apiserver
\n – –advertise-address=172.19.0.4
\n – –allow-privileged=true
\n – –authorization-mode=Node,RBAC
\n…<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0631\u0627 authorization-mode \u0627\u0633\u062a Node \u0648 RBAC.\u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u067e\u06cc\u0634 \u0641\u0631\u0636 \u0628\u0647 AlwaysAllow \u0627\u06af\u0631 –authorization-config \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u06cc \u0634\u0648\u062f. \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0628\u0631\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0645\u0648\u0631\u062f \u06af\u0632\u06cc\u0646\u0647 \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631.<\/p>\n

\u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u067e\u06cc\u0634 \u0641\u0631\u0636 \u0647\u0645\u0647 \u06af\u0648\u0627\u0647\u06cc \u06a9\u0647 \u062a\u0648\u0633\u0637 kube-apiserver \u0627\u0633\u062a:<\/p>\n

root@lucky-luke-control-plane:~# ls -l \/etc\/kubernetes\/pki\/
\ntotal 60
\n-rw-r–r– 1 root root 1123 Jul 1 16:16 apiserver-etcd-client.crt
\n-rw——- 1 root root 1675 Jul 1 16:16 apiserver-etcd-client.key
\n-rw-r–r– 1 root root 1176 Jul 1 16:16 apiserver-kubelet-client.crt
\n-rw——- 1 root root 1679 Jul 1 16:16 apiserver-kubelet-client.key
\n-rw-r–r– 1 root root 1334 Jul 23 06:26 apiserver.crt
\n-rw——- 1 root root 1675 Jul 23 06:26 apiserver.key
\n-rw-r–r– 1 root root 1107 Jul 1 16:16 ca.crt
\n-rw——- 1 root root 1675 Jul 1 16:16 ca.key
\ndrwxr-xr-x 2 root root 4096 Jul 1 16:16 etcd
\n-rw-r–r– 1 root root 1123 Jul 1 16:16 front-proxy-ca.crt
\n-rw——- 1 root root 1679 Jul 1 16:16 front-proxy-ca.key
\n-rw-r–r– 1 root root 1119 Jul 1 16:16 front-proxy-client.crt
\n-rw——- 1 root root 1675 Jul 1 16:16 front-proxy-client.key
\n-rw——- 1 root root 1679 Jul 1 16:16 sa.key
\n-rw——- 1 root root 451 Jul 1 16:16 sa.pub<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0686\u0646\u062f\u06cc\u0646 \u062c\u0641\u062a \u06af\u0648\u0627\u0647\u06cc \u0648 \u06a9\u0644\u06cc\u062f \u0628\u0631\u0627\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f apiserver\u060c \u0632\u06cc\u0631\u0627 \u06af\u0627\u0647\u06cc \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0648 \u06af\u0627\u0647\u06cc \u0645\u0627\u0646\u0646\u062f \u06cc\u06a9 \u06a9\u0644\u0627\u06cc\u0646\u062a \u0639\u0645\u0644 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n

\n
\n
\n

\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\nToggle<\/span><\/path><\/svg><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n