Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Latest commit

 

History

History
22 lines (18 loc) · 984 Bytes

4.Expose-secure-api-server.md

File metadata and controls

22 lines (18 loc) · 984 Bytes
Raw

4. Expose secure API Server

As mentioned earlier in the lab, pod security policies requires kubernetes api to be safely exposed *(https)*. To enable this behavior we must follow the following guide:

  • Add --bind-address=0.0.0.0 at the end of the /var/snap/microk8s/current/args/kube-apiserver file.
  • Add --secure-port=8443 at the end of the /var/snap/microk8s/current/args/kube-apiserver file.
  • Add --insecure-port=8080 at the end of the /var/snap/microk8s/current/args/kube-apiserver file.
  • Restart the kube-apiserver: sudo systemctl restart snap.microk8s.daemon-apiserver.
  • Append kubernetes to 127.0.0.1 /etc/hosts file line.

Now you should have the following outputs:

$ tail -3 /var/snap/microk8s/current/args/kube-apiserver 
--bind-address=0.0.0.0
--secure-port=8443
--insecure-port=8080
$ grep kubernetes /etc/hosts
127.0.0.1       localhost kubernetes
$ nc -zv kubernetes 8443
Connection to kubernetes 8443 port [tcp/*] succeeded!