首页 > 其他分享> > Kubernetes CKS 2021 Complete Course + Simulator笔记【10】---Cluster Hardening - Restrict API Access
Kubernetes CKS 2021 Complete Course + Simulator笔记【10】---Cluster Hardening - Restrict API Access
作者:互联网
介绍
Practice - Anonymous Access
root@master:~/cks/serviceaccount# curl https://localhost:6443
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@master:~/cks/serviceaccount# curl https://localhost:6443 -k
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}root@master:~/cks/serviceaccount# vim /etc/kubernetes/manifests/kube-apiserver.yaml
...
- kube-apiserver
- --anonymous-auth=false
- --advertise-address=192.168.211.40
....
root@master:~/cks/serviceaccount# k get pods | grep api
The connection to the server 192.168.211.40:6443 was refused - did you specify the right host or port?
root@master:~/images# k get pods -n kube-system | grep api
kube-apiserver-master 1/1 Running 0 8m3s
root@master:~/images# k get pods -n kube-system | grep api
kube-apiserver-master 1/1 Running 0 3s
root@master:~/cks/serviceaccount# vim /etc/kubernetes/manifests/kube-apiserver.yaml
...
- kube-apiserver
- --anonymous-auth=true #默认其实为true
- --advertise-address=192.168.211.40
....
root@master:~/cks/serviceaccount# curl https://localhost:6443 -k
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}
Practice - Insecure Access
标签:10,Hardening,Complete,get,serviceaccount,master,curl,kube,root 来源: https://blog.csdn.net/xixihahalelehehe/article/details/116135832