marko/Learn-Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Marko Oldenburg
2025-11-06 06:41:45 +01:00
commit b8dceaf896
92 changed files with 5382 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
admissioncontrollers/introduction/tls/ca-config.json Normal file
View File

@@ -0,0 +1,13 @@
{
"signing": {
"default": {
"expiry": "175200h"
},
"profiles": {
"default": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "175200h"
}
}
}
}

18
admissioncontrollers/introduction/tls/ca-csr.json Normal file
View File

@@ -0,0 +1,18 @@
{
"hosts": [
"cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "AU",
"L": "Melbourne",
"O": "Example",
"OU": "CA",
"ST": "Example"
}
]
}

8
admissioncontrollers/introduction/tls/example-webhook-tls.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: example-webhook-tls
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCekNDQXUrZ0F3SUJBZ0lVZmxqeWRGNkFCSEtNUTVvdUxlWnhGY0FyY3Y0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qRXdOREU0Ck1qTTBOekF3V2hjTk5ERXdOREV6TWpNME56QXdXakJTTVFzd0NRWURWUVFHRXdKQlZURVFNQTRHQTFVRUNCTUgKUlhoaGJYQnNaVEVTTUJBR0ExVUVCeE1KVFdWc1ltOTFjbTVsTVJBd0RnWURWUVFLRXdkRmVHRnRjR3hsTVFzdwpDUVlEVlFRTEV3SkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLK3EvQ0hTCk1lYzJ4YWdlMTZCcUU0Ni9nQnR1ejRUY1dEd1l3U2FYWmRVaEdBNTBLSU9tWGtCWkN5OVRlci9QakhIc0dSd0UKUnhsWXZvYkdOZlNMZTdFOEhxVjIxRkxtQ0Vjbk5ucldtRDFJZDU1MENYaEVRc2pDSGJXbFhLZVRIbFUrck10cQpsZnd0MHQxUVNzTDdhaFZxQnF3V0FHVGdXcTZoMkY4ODdocDdXK0pqN3FwVUFmamxObXdPYUxGK2U2dW9uNjRHCkNGRWNjbm9XV2hnWDM4M2I3bWQrUFVQejF0aWVIQ242OUFqQUF2UThMdVFxZDQwdVZJbmM0YVNRNXB4OXkxQWQKZ3J5eHE4R3AvUXBqZ2M2MWJPWHFBbFhFQmZsOUVUM0kyaC9Ya2Nwb2R4N1E2b2Fkalo4Z2Q1N3BpRjVkb05MQwpKcHJoTE1UN3hrSG41WDBDQXdFQUFhT0IxRENCMFRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZBZUQKOUZsUUNtOHBTby8wQTlKUkUwUXNRUFFnTUhNR0ExVWRFUVJzTUdxQ0QyVjRZVzF3YkdVdGQyVmlhRzl2YTRJcApaWGhoYlhCc1pTMTNaV0pvYjI5ckxtUmxabUYxYkhRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0cyVjRZVzF3CmJHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZNElKYkc5allXeG9iM04waHdSL0FBQUJNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDQUZNVlpGdEd6SDNZU051eFlzU3pGVm9LTlE5SmtuZkFRZnRhdjlBNnVBRDF5VThFaQo4QS9kUVFEVGVaakdUSUxUZTF0b0hIQzJxamxObkUyeUJLV3dTS2pqT3RNRDljQVRiYmF4VVdqa01lUGh3azMrClFCV3NhaTJMeWNkRnRVZ0hqTDNNcG8wZlY0S1c3QmFSK2pZOHpLNEdaUWVJaVBrdE9wL0w5ZWhBWmEwUWl6MWYKd1V1K1czVTN4S3hoZHMyTXpNb1U4K0tGd2NWcEk5R0w0OExwVHNsS0NJejI4SUhzRU9NTzFhcXd5cUJNNm9EOAo5ZUwyMjJDbjVhUEVqUXcxV2xiWk9CaFMzdkx5eWx5UzdMVUJ1bDRob3JlaXIrZHF1QmNtTC9xeXUvS3ZlbmhlCkZQaktHelkvRGZJaHdJc2NWUFh6bjltdi8wNnA1QnlzeExVVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBcjZyOElkSXg1emJGcUI3WG9Hb1RqcitBRzI3UGhOeFlQQmpCSnBkbDFTRVlEblFvCmc2WmVRRmtMTDFONnY4K01jZXdaSEFSSEdWaStoc1kxOUl0N3NUd2VwWGJVVXVZSVJ5YzJldGFZUFVoM25uUUoKZUVSQ3lNSWR0YVZjcDVNZVZUNnN5MnFWL0MzUzNWQkt3dnRxRldvR3JCWUFaT0JhcnFIWVh6enVHbnRiNG1QdQpxbFFCK09VMmJBNW9zWDU3cTZpZnJnWUlVUnh5ZWhaYUdCZmZ6ZHZ1WjM0OVEvUFcySjRjS2ZyMENNQUM5RHd1CjVDcDNqUzVVaWR6aHBKRG1uSDNMVUIyQ3ZMR3J3YW45Q21PQnpyVnM1ZW9DVmNRRitYMFJQY2phSDllUnltaDMKSHREcWhwMk5ueUIzbnVtSVhsMmcwc0ltbXVFc3hQdkdRZWZsZlFJREFRQUJBb0lCQUFZNkJsUGdrbnBDbThENAp6dVhWdkxtN21mdmU4cVlmOVZTei8reXhReC9KMjROdnBKditBcXMvUE1GQnNVRXBSeTRtazBGRitZc3hkUmRyCjRTKzQzZnFMU2Y3TmRuczF3aWRiZ1hmYk1XeENyRkxHaEN0cUovL2J1WmZkczZvUThldE5uR3hkYTlHVGdqenMKQXFwa3BQNzdVaDg1Ykd3bTg2L3E5ck54Z25NWHl6K2dHSVFCSGhvQWFaSlhNQmsvWWpVT3FpMTdWaG93RlpZMwpjK21XSU5zZzNTTWQwT1FNYXNhVEpoMU5uTnloU3p4MU5nSGxVNXo0WmpIbU9WZ1NLcmRkeEJDSnU5NFhReDU3CkxoK2x4ZDgyNFNiOGVLQTY5bWVXazZxd2hoWXo5bEk5NHlKdnlIN0kwQnlvdUJMaTEvdXBmSWxuSFF0c09MUloKcWU2dFZLRUNnWUVBM0RZbmdlaGtxbTVJNk9jOU5wNjRwKzhrdXhmbXltV0IrSTI1dWxtTGRoYzhZUFVrZUQybApnZ0lLelZURWlTYk5qUUZzK1MyMUxEWVdSY09ObzVacjFCUFVLcEVycnBUVUN4N3c3SFowMklVbzEybDAwbzhsCm1QWEhRVlVwenZoUmJYNjFsaEtYcGVzUFV5WTQ1MS9mSUhRckVVc1NjNFY4QWRXYVlZekg2eVVDZ1lFQXpEZWEKb2QweUFMQmFjdWVWdjRadW0xL1pZaytsWjJpcG1Vdzd4UDBIV1poMWJReWptcmpNd0xvbXl2c20rSk4zUk8rUQpkQk5TYWczTzNYczNNUVRVM2xseFlKTWJPRmxWRUV5Qy83eGpUdXc4Tkw1S1FCNWlvRTdleDRFQ2xMZU5rK2grCllaNUFOOTh2azNhNEdILzFlMTFxMmlZeUlUb1FNQTAwWmxLdmJYa0NnWUJkQ3B5Q3JOZnJrcEZIcG53Y21jOVgKVlJsbDIyRnQzcG1kbFBRR0lsTmtYOGpwQm1xVVN5ZWsySXdMMldiNHMrWmhUMXJscFVSSkc4a3BUTWlKZDhLegpablZjVHQzdjgzM3IvUFM2VkFwbWVVeWFSenBPeEtDVUVqUlFERldQMXlkQVppcis3M2dYYUV1ZlRDVDZ6VzBPCjMwWmJGaWNEbkVDYTNjOU9yQmJENlFLQmdCY0F0R1JESEJ6RHdJeHMxWXRMUXk0eEw3VkpMMkprZ2FZSTFqcXMKSGFYVDdIWXFGRXViUVVUOE10NXVSOGQ4Sk5VWS92WjBMclpQYzl1eXcxYThLcFlaRVJKRnY2MHJNcyt4THBoTAp5Z3ZieERSVXN0eGlEODNxMUdFNGdPZnJmUUVLRVNKQnh3NEVEOEhXZjRvUzc3M0RtZ09VaGRVRVMwcCtVa2FzClRhSlJBb0dBU0M1UXdzZTRVQXh3eFl4UDU3dWNOaUNZbUp4MVZZUUdmR003R2lqaFRiUzJHOCtOL3Q3clBZUXYKRFJBUTRFS1ZBWW4xS0lPY1ljWk85QTBVcE15cWhJYTVTM1VkTlpidWx6Tk0rclBQMXJXVEQ4TURDeGh1U2xMVwpLV1RGRFRkVnpXU3loYk1jYWhwRy9OemVBaVF5MUdhYnRrcm4weHBQOW9tZmtjN0NGQ1U9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

46
admissioncontrollers/introduction/tls/ssl_generate_self_signed.md Normal file
View File

@@ -0,0 +1,46 @@
# Use CFSSL to generate certificates
More about [CFSSL here]("https://github.com/cloudflare/cfssl")
```
cd kubernetes\admissioncontrollers\introduction
docker run -it --rm -v ${PWD}:/work -w /work debian bash
apt-get update && apt-get install -y curl &&
curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o /usr/local/bin/cfssl && \
curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssljson_1.5.0_linux_amd64 -o /usr/local/bin/cfssljson && \
chmod +x /usr/local/bin/cfssl && \
chmod +x /usr/local/bin/cfssljson
#generate ca in /tmp
cfssl gencert -initca ./tls/ca-csr.json | cfssljson -bare /tmp/ca
#generate certificate in /tmp
cfssl gencert \
-ca=/tmp/ca.pem \
-ca-key=/tmp/ca-key.pem \
-config=./tls/ca-config.json \
-hostname="example-webhook,example-webhook.default.svc.cluster.local,example-webhook.default.svc,localhost,127.0.0.1" \
-profile=default \
./tls/ca-csr.json | cfssljson -bare /tmp/example-webhook
#make a secret
cat <<EOF > ./tls/example-webhook-tls.yaml
apiVersion: v1
kind: Secret
metadata:
name: example-webhook-tls
type: Opaque
data:
tls.crt: $(cat /tmp/example-webhook.pem | base64 | tr -d '\n')
tls.key: $(cat /tmp/example-webhook-key.pem | base64 | tr -d '\n')
EOF
#generate CA Bundle + inject into template
ca_pem_b64="$(openssl base64 -A <"/tmp/ca.pem")"
sed -e 's@${CA_PEM_B64}@'"$ca_pem_b64"'@g' <"webhook-template.yaml" \
> webhook.yaml
```