update kubernetes controller docs

jamesward · Jul 9, 2016 · 1d116cb · 1d116cb
1 parent e9e40ff
commit 1d116cb
Showing 1 changed file with 22 additions and 10 deletions.
diff --git a/docs/04-kubernetes-controller.md b/docs/04-kubernetes-controller.md
@@ -65,32 +65,44 @@ chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl
 sudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/bin/
 ```
 
-#### Kubernetes API Server
+### Kubernetes API Server
+
+#### Setup Authentication and Authorization
+
+##### Authentication
+
+[Token based authentication](http://kubernetes.io/docs/admin/authentication) will be used to limit access to Kubernetes API.
 
 ```
-wget https://storage.googleapis.com/hightowerlabs/authorization-policy.jsonl
+wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/token.csv
 ```
 
 ```
-cat authorization-policy.jsonl
+cat token.csv
 ```
 
 ```
-sudo mv authorization-policy.jsonl /var/lib/kubernetes/
+sudo mv token.csv /var/lib/kubernetes/
 ```
 
+##### Authorization
+
+Attribute-Based Access Control (ABAC) will be used to authorize access to the Kubernetes API. In this lab ABAC will be setup using the Kuberentes policy file backend as documented in the [Kubernetes authorization guide](http://kubernetes.io/docs/admin/authorization).
+
 ```
-wget https://storage.googleapis.com/hightowerlabs/token.csv
+wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/authorization-policy.jsonl
 ```
 
 ```
-cat token.csv
+cat authorization-policy.jsonl
 ```
 
 ```
-sudo mv token.csv /var/lib/kubernetes/
+sudo mv authorization-policy.jsonl /var/lib/kubernetes/
 ```
 
+### Create the systemd unit file 
+
 Capture the internal IP address:
 
 ```
@@ -154,7 +166,7 @@ sudo systemctl start kube-apiserver
 sudo systemctl status kube-apiserver --no-pager
 ```
 
-#### Kubernetes Controller Manager
+### Kubernetes Controller Manager
 
 ```
 cat > kube-controller-manager.service <<"EOF"
@@ -200,7 +212,7 @@ sudo systemctl start kube-controller-manager
 sudo systemctl status kube-controller-manager --no-pager
 ```
 
-#### Kubernetes Scheduler
+### Kubernetes Scheduler
 
 ```
 cat > kube-scheduler.service <<"EOF"
@@ -240,7 +252,7 @@ sudo systemctl status kube-scheduler --no-pager
 ```
 
 
-#### Verification 
+### Verification
 
 ```
 kubectl get componentstatuses