문제Configure the Apiserver for Audit Logging.The log path should be /etc/kubernetes/audit-logs/audit.log on the host and inside the container.The existing Audit Policy to use is at /etc/kubernetes/audit-policy/policy.yaml . The path should be the same on the host and inside the container.Set argument --audit-log-maxsize=7Set argument --audit-log-maxbackup=2---감사 로깅을 위해 Apiserver를 구성합니다.로그 경로는 호스트..
문제The Kubelet on node01 shouldn't be able to set Node labelsstarting with node-restriction.kubernetes.io/*on other Nodes than itselfVerify this is not restricted atm by performing the following actions as the Kubelet from node01 🟢 분석하기api-server의 구성 변경을 검증(제한)하는 admission 적용하는 방법에 대한 실습. node01과 controlplane 총 2대의 워커노드가 있고, node01에서는 controlplane의 노드 라벨을 추가할 수 없도록 하기 🟠 Step 1. [admission 적용 전]..
문제The idea here is to misconfigure the Apiserver in different ways, then check possible log locations for errors.You should be very comfortable with situations where the Apiserver is not coming back up.Configure the Apiserver manifest with a new argument --this-is-very-wrong .Check if the Pod comes back up and what logs this causes.Fix the Apiserver again.---(구글 번역)여기서의 아이디어는 Apiserver를 다양한 방식으로..
