From a19d9fc9ab2456b2e5253aa5ee0e692ea0813677 Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sat, 3 May 2025 20:15:59 +0200 Subject: [PATCH 1/7] fix spelling in Vagrantfile --- vagrant/Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile index 15ebf67df..703f55d72 100644 --- a/vagrant/Vagrantfile +++ b/vagrant/Vagrantfile @@ -5,7 +5,7 @@ # Larger nodes will be created if you have more. RAM_SIZE = 16 -# Define how mnay CPU cores you have. +# Define how many CPU cores you have. # More powerful workers will be created if you have more CPU_CORES = 8 From 6f3ede4875a982cd504ba0bd5721c203e03f9d54 Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 18:55:47 +0200 Subject: [PATCH 2/7] fix spelling --- docs/04-certificate-authority.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md index f6a63ead3..ceb5dc1ed 100644 --- a/docs/04-certificate-authority.md +++ b/docs/04-certificate-authority.md @@ -84,7 +84,7 @@ The `ca.key` is used by the CA for signing certificates. And it should be secure In this section you will generate client and server certificates for each Kubernetes component and a client certificate for the Kubernetes `admin` user. -To better understand the role of client certificates with respect to users and groups, see [this informative video](https://youtu.be/I-iVrIWfMl8). Note that all the kubenetes services below are themselves cluster users. +To better understand the role of client certificates with respect to users and groups, see [this informative video](https://youtu.be/I-iVrIWfMl8). Note that all the kubernetes services below are themselves cluster users. ### The Admin Client Certificate From a4a00fc4abfd4f69a149a8d8d44eaa210ab1407a Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 19:52:03 +0200 Subject: [PATCH 3/7] fix spelling in load-balancer --- docs/08-bootstrapping-kubernetes-controllers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index b28ea8e5f..b8b9450fa 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -285,7 +285,7 @@ CONTROL02=$(dig +short controlplane02) LOADBALANCER=$(dig +short loadbalancer) ``` -Create HAProxy configuration to listen on API server port on this host and distribute requests evently to the two controlplane nodes. +Create HAProxy configuration to listen on API server port on this host and distribute requests evenly to the two controlplane nodes. We configure it to operate as a [layer 4](https://en.wikipedia.org/wiki/Transport_layer) loadbalancer (using `mode tcp`), which means it forwards any traffic directly to the backends without doing anything like [SSL offloading](https://ssl2buy.com/wiki/ssl-offloading). From f9d7c60d65ab6a76d43118febaf380ea4942da2a Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 20:27:41 +0200 Subject: [PATCH 4/7] fix kubelet 404 url --- docs/10-bootstrapping-kubernetes-workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/10-bootstrapping-kubernetes-workers.md b/docs/10-bootstrapping-kubernetes-workers.md index e302bd455..16dd1511e 100644 --- a/docs/10-bootstrapping-kubernetes-workers.md +++ b/docs/10-bootstrapping-kubernetes-workers.md @@ -3,7 +3,7 @@ In this lab you will bootstrap 2 Kubernetes worker nodes. We already installed `containerd` and its dependencies on these nodes in the previous lab. We will now install the kubernetes components -- [kubelet](https://kubernetes.io/docs/admin/kubelet) +- [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) - [kube-proxy](https://kubernetes.io/docs/concepts/cluster-administration/proxies). ## Prerequisites From 123a86a9288a72ed1b922afa6d59039fc2158dd0 Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 20:29:28 +0200 Subject: [PATCH 5/7] remove 404 url --- docs/10-bootstrapping-kubernetes-workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/10-bootstrapping-kubernetes-workers.md b/docs/10-bootstrapping-kubernetes-workers.md index 16dd1511e..cd871131c 100644 --- a/docs/10-bootstrapping-kubernetes-workers.md +++ b/docs/10-bootstrapping-kubernetes-workers.md @@ -13,7 +13,7 @@ Once this is done, the commands are to be run on first worker instance: `node01` ### Provisioning Kubelet Client Certificates -Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. +Kubernetes uses a special-purpose authorization mode called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. Generate a certificate and private key for one worker node: From cedb9f3fb9d4b9f0abc3a75c1a5e71c089df3d15 Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 20:34:00 +0200 Subject: [PATCH 6/7] Update Node authorizer URL --- docs/10-bootstrapping-kubernetes-workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/10-bootstrapping-kubernetes-workers.md b/docs/10-bootstrapping-kubernetes-workers.md index cd871131c..fb3f7c7e3 100644 --- a/docs/10-bootstrapping-kubernetes-workers.md +++ b/docs/10-bootstrapping-kubernetes-workers.md @@ -13,7 +13,7 @@ Once this is done, the commands are to be run on first worker instance: `node01` ### Provisioning Kubelet Client Certificates -Kubernetes uses a special-purpose authorization mode called Node Authorizer, that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. +Kubernetes uses a special-purpose authorization mode called [Node Authorizer](https://kubernetes.io/docs/reference/access-authn-authz/node/), that specifically authorizes API requests made by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). In order to be authorized by the Node Authorizer, Kubelets must use a credential that identifies them as being in the `system:nodes` group, with a username of `system:node:`. In this section you will create a certificate for each Kubernetes worker node that meets the Node Authorizer requirements. Generate a certificate and private key for one worker node: From 96183e175a9912135f6f66a23b0f67d958f84493 Mon Sep 17 00:00:00 2001 From: Indrit Fejza <57690341+fjolublar@users.noreply.github.com> Date: Sun, 4 May 2025 20:37:30 +0200 Subject: [PATCH 7/7] fix url for Node Authorizer --- docs/10-bootstrapping-kubernetes-workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/10-bootstrapping-kubernetes-workers.md b/docs/10-bootstrapping-kubernetes-workers.md index fb3f7c7e3..82767b465 100644 --- a/docs/10-bootstrapping-kubernetes-workers.md +++ b/docs/10-bootstrapping-kubernetes-workers.md @@ -54,7 +54,7 @@ node01.crt ### The kubelet Kubernetes Configuration File -When generating kubeconfig files for Kubelets the client certificate matching the Kubelet's node name must be used. This will ensure Kubelets are properly authorized by the Kubernetes [Node Authorizer](https://kubernetes.io/docs/admin/authorization/node/). +When generating kubeconfig files for Kubelets the client certificate matching the Kubelet's node name must be used. This will ensure Kubelets are properly authorized by the Kubernetes [Node Authorizer](https://kubernetes.io/docs/reference/access-authn-authz/node/). Get the kube-api server load-balancer IP.