https://tonybai.com/tags/%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81/Recent content in 身份验证 on Tony BaiHugozh-cn2004-2026 Tony Bai. 版权所有.Thu, 14 Jun 2018 00:00:00 +0800https://tonybai.com/2018/06/14/the-authentication-and-authorization-of-kubectl-when-accessing-k8s-cluster/Thu, 14 Jun 2018 00:00:00 +0800https://tonybai.com/2018/06/14/the-authentication-and-authorization-of-kubectl-when-accessing-k8s-cluster/kubectl是日常访问和管理Kubernetes集群最为常用的工具。 当我们使用kubeadm成功引导启动(init)一个Kubernetes集群的控制平面后，kubeadm会在init的输出结果中给予我们下面这样的“指示”： ... ... Your Kubernetes master has initialized successfully! To start using your clus...https://tonybai.com/2016/11/25/the-security-settings-for-kubernetes-cluster/Fri, 25 Nov 2016 00:00:00 +0800https://tonybai.com/2016/11/25/the-security-settings-for-kubernetes-cluster/使用kubernetes/cluster/kube-up.sh脚本在装有Ubuntu操作系统的bare metal上搭建的Kubernetes集群并不安全，甚至可以说是“完全不设防的”，这是因为Kubernetes集群的核心组件：kube-apiserver启用了insecure-port。insecure-port背后的api server默认完全信任访问该端口的流量，内部无任何安全机制。并且监...