Kubernetes Web UI Web UI By default, dashboard can access in the Cluster including your laptop. Kubernetes Web UI Deploying 1 kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml Run Proxy 1 kubectl proxy Access Dashboard http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ Dashboard Authentication Web UI You can find the way to authenticate with dashboard.

kubectl Certificate Config 1 cat ~/.kube/config API Calling Ways kubectl 1 kubectl get nodes Webhook 1 curl http://<kube-api-server-ip>:6443 -k 1 2 3 4 curl http://<kube-api-server-ip>:6443 –k \\ --key admin.key \\ --cert admin.crt \\ --cacert ca.crt kubectl Proxy Start Proxy 1 kubectl proxy 1 Starting to serve on 127.0.0.1:8001 Call API 1 curl http://localhost:8001 -k 1 curl http://localhost:8001/api/v1/namespaces/default/services/nginx/proxy/ kubectl Port Forward 1 kubectl port-forward service/nginx 28080:80 1 curl http://localhost:28080/ Summary

kubelet Port Port Description 10250 Serves API that allows full access 10255 Serves API that allows unauthenticated read-only access 10250 1 curl -sk https://localhost:10250/pods/ 1 curl -sk https://localhost:10255/metrics 10255 1 curl -sk https://localhost:10255/pods/ 1 curl -sk https://localhost:10255/metrics kubelet Authentication Anonymous kubelet.service 1 2 3 4 ExecStart=/usr/local/bin/kubelet \\ ... --anonymous-auth=false ... kubelet-config.yaml 1 2 3 4 5 apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration authentication: anonymous: enabled: false Certificates kubelet.service 1 2 3 4 ExecStart=/usr/local/bin/kubelet \\ .

CIS(Center for Internet Security) Benchmark CIS-CAT Pro CIS-CAT Pro is supporting Kubernetes assessment. 1 ./Assessor-CLI.sh -i -nts -rd /var/www/html -rp index Kube-Bench of aqua Kube-Bench kube-bench is tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Installation Installation You can check Installation document. 1 ./kube-bench --config-dir `pwd`/cfg --config `pwd`/cfg/config.yaml

Kubernetes Usage Config Alias in ~/.bashrc 1 2 3 alias k="kubectl" alias kc="kubectl config get-contexts" alias kn="kubectl config set-context --current --namespace" Output YAML in ~/.bashrc 1 export do="--dry-run=client -o=yaml" Vim Config in ~/.vimrc 1 2 3 set tabstop=2 set expandtab set shiftwidth=2 After editing *.service 1 systemctl daemon-reload StatefulSet 1 k get sts Kubernetes Resource Usage 1 2 k top node k top pod --container=true Manually Scheduling without Scheduler nodeName The nodeName field is for that.

Set Default Namespace 1 kubectl config set-context --current --namespace=alpha Create a POD 1 kubectl run nginx-pod --image=nginx:alpine --restart=Never --namespace=alpha Create a Deployment 1 kubectl create deploy webapp --image=nginx:alpine --replicas=3 Scale 1 kubectl scale deploy webapp --replicas=1 History 1 kubectl rollout history development webapp Create a Service 1 kubectl expose deploy/webapp --port=8080 --target-port=8080 --type=ClusterIP Create a Role & RoleBinding 1 kubectl create role developer-role --resource=pods --verb=create,list,get,update,delete --namespace=delta 1 kubectl create rolebinding developer-role-binding --role=developer-role --user=john --namespace=delta Create a ClusterRole & ClusterRoleBinding 1 kubectl create clsuterrole dev-cluster-role --resource=developments --verb=create,list,get,update,delete 1 kubectl create clusterrolebinding dev-cluster-role-binding --clusterrole=dev-cluster-role --user=john ETCD Backup 1 2 3 4 ETCDCTL_API=3 etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.