4 posts tagged with "Kubernetes"

In the previous article we assembled the control plane manually: issued certificates, prepared configurations, and launched the management components. The API server is responding, but the cluster still has no worker nodes.

Without worker nodes there is nowhere to run application pods. In this article we will add a Worker node and walk through the entire path from a bare VM to a registered Kubernetes node.

The format is the same as in the first part: prepare the OS, install containerd and kubelet, set up cluster connectivity, and verify node registration. Two approaches are covered: the manual path via bootstrap tokens and the CSR API, or the standard kubeadm join route.

pods/exec is a convenient way to execute commands inside a container for debugging and administration. But here's a challenge right off the bat: how safe do you think the following Kubernetes role is — one that could be granted to any user, assuming the absurd scenario that the Secret resource is not used in the cluster?

Kubernetes is a powerful interaction interface via gRPC and REST API, but it requires significant effort to ensure security and protection against unauthorized access. One of the key tools for this is the audit system, which allows you to track all actions in the cluster. In this article, we will cover the basics of configuring audit in Kubernetes, its capabilities, and configuration examples that will help you build an effective audit policy for your cluster.

This article describes the overall experience of manually deploying Kubernetes without using automated tools such as kubeadm. The presented approach is consistent with our documentation, which we maintain according to best practices and IAC methodologies.

All configuration provided below exactly replicates the behavior of kubeadm. As a result, the final cluster is hard to distinguish — whether it was assembled using kubeadm or manually.