191b184763
This change replaces the usage of Service Tokens by OIDC tokens in the instructions of Kubernetes cluster local and remote access. Some other changes were made, like the deletion of redundant pages. Story: 2010738 Task: 49561 Change-Id: Ie8206ecd316efd356a5889899a68f9a9ddbcdfa6 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
79 lines
2.9 KiB
ReStructuredText
79 lines
2.9 KiB
ReStructuredText
|
|
.. begin-install-proc
|
|
|
|
#. On the controller, create a rolebinding for the **admin-user** user.
|
|
Alternatively, to use group rolebinding and user group membership for
|
|
authorization, see :ref:`Configure Users, Groups, and Authorization
|
|
<configure-users-groups-and-authorization>` for more information.
|
|
|
|
.. code-block:: none
|
|
|
|
% MYUSER="admin-user"
|
|
% cat <<EOF > admin-user-rolebinding.yaml
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: ${MYUSER}-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: User
|
|
name: ${MYUSER}
|
|
EOF
|
|
% kubectl apply -f admin-user-rolebinding.yaml
|
|
|
|
#. On the remote workstation, install the :command:`kubectl` client, set up the
|
|
Kubernetes configuration and get a token. Follow the steps of section
|
|
`Kubernetes Remote Client Access using the Host Directly` at :ref:`Configure
|
|
Kubernetes Client Access <configure-kubernetes-client-access>`, then test
|
|
the :command:`kubectl` access with the command below.
|
|
|
|
.. code-block:: none
|
|
|
|
% kubectl get nodes -o wide
|
|
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE ...
|
|
controller-0 Ready master 15h v1.12.3 192.168.204.3 <none> CentOS L ...
|
|
controller-1 Ready master 129m v1.12.3 192.168.204.4 <none> CentOS L ...
|
|
worker-0 Ready <none> 99m v1.12.3 192.168.204.201 <none> CentOS L ...
|
|
worker-1 Ready <none> 99m v1.12.3 192.168.204.202 <none> CentOS L ...
|
|
%
|
|
|
|
#. On the workstation, install the :command:`helm` client on an Ubuntu
|
|
host by taking the following actions on the remote Ubuntu system.
|
|
|
|
#. Install :command:`helm`. See the following reference:
|
|
`https://helm.sh/docs/intro/install/
|
|
<https://helm.sh/docs/intro/install/>`__. Helm accesses the Kubernetes
|
|
cluster as configured in the previous step, using the default ~/.kube/config.
|
|
|
|
.. code-block:: none
|
|
|
|
% wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz
|
|
% tar xvf helm-v3.2.1-linux-amd64.tar.gz
|
|
% sudo cp linux-amd64/helm /usr/local/bin
|
|
|
|
|
|
#. Verify that :command:`helm` installed correctly.
|
|
|
|
.. code-block:: none
|
|
|
|
% helm version
|
|
version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}
|
|
|
|
#. Run the following commands:
|
|
|
|
.. code-block:: none
|
|
|
|
% helm repo add bitnami https://charts.bitnami.com/bitnami
|
|
% helm repo update
|
|
% helm repo list
|
|
% helm search repo
|
|
% helm install wordpress bitnami/wordpress
|
|
|
|
|
|
.. end-install-proc
|
|
|