Adding systemd integration.

domain-1-cluster-setup/configure-apiserver.md

@@ -0,0 +1,68 @@
+
+#### Step 1: Download Kubernetes Server Binaries
+```sh
+cd /root/binaries
+wget https://dl.k8s.io/v1.24.2/kubernetes-server-linux-amd64.tar.gz
+tar -xzvf kubernetes-server-linux-amd64.tar.gz
+cd /root/binaries/kubernetes/server/bin/
+cp kube-apiserver kubectl /usr/local/bin/
+```
+
+#### Step 2 - Generate Client Certificate for API Server (ETCD Client):
+```sh
+cd /root/certificates
+```
+```sh
+openssl genrsa -out apiserver.key 2048
+openssl req -new -key apiserver.key -subj "/CN=kube-apiserver" -out apiserver.csr
+openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -extensions v3_req  -days 1000
+```
+
+#### Step 3 - Generate Service Account Certificates
+```sh
+openssl genrsa -out service-account.key 2048
+openssl req -new -key service-account.key -subj "/CN=service-accounts" -out service-account.csr
+openssl x509 -req -in service-account.csr -CA ca.crt -CAkey ca.key -CAcreateserial  -out service-account.crt -days 100
+```
+#### Step 4 - Start kube-apiserver:
+```sh
+/usr/local/bin/kube-apiserver --advertise-address=159.65.147.161 --etcd-cafile=/root/certificates/ca.crt --etcd-certfile=/root/certificates/apiserver.crt --etcd-keyfile=/root/certificates/apiserver.key --service-cluster-ip-range 10.0.0.0/24 --service-account-issuer=https://127.0.0.1:6443 --service-account-key-file=/root/certificates/service-account.crt --service-account-signing-key-file=/root/certificates/service-account.key --etcd-servers=https://127.0.0.1:2379
+```
+#### Step 5 - Verify
+
+```sh
+netstat -ntlp
+curl -k https://localhost:6443
+```
+
+#### Step 6 - Integrate Systemd with API server
+
+Change the IP address in --advertise-address
+
+```sh
+cat <<EOF | sudo tee /etc/systemd/system/kube-apiserver.service
+[Unit]
+Description=Kubernetes API Server
+Documentation=https://github.com/kubernetes/kubernetes
+
+[Service]
+ExecStart=/usr/local/bin/kube-apiserver \
+--advertise-address=159.65.147.161 \
+--etcd-cafile=/root/certificates/ca.crt \
+--etcd-certfile=/root/certificates/apiserver.crt \
+--etcd-keyfile=/root/certificates/apiserver.key \
+--etcd-servers=https://127.0.0.1:2379 \
+--service-account-key-file=/root/certificates/service-account.crt \
+--service-cluster-ip-range=10.0.0.0/24 \
+--service-account-signing-key-file=/root/certificates/service-account.key \
+--service-account-issuer=https://127.0.0.1:6443 
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+#### Step 7 - Start kube-api server
+```sh
+systemctl start kube-apiserver
+```

domain-1-cluster-setup/etcd-systemd.md

@@ -0,0 +1,46 @@
+
+#### Step 1: Create Data Directory for ETCD
+
+```sh
+mkdir /var/lib/etcd
+chmod 700 /var/lib/etcd
+```
+
+#### Step 2: Created Systemd file for ETCD
+```sh
+cat <<EOF | sudo tee /etc/systemd/system/etcd.service
+[Unit]
+Description=etcd
+Documentation=https://github.com/coreos
+
+[Service]
+ExecStart=/usr/local/bin/etcd \\
+  --cert-file=/root/certificates/etcd.crt \\
+  --key-file=/root/certificates/etcd.key \\
+  --trusted-ca-file=/root/certificates/ca.crt \\
+  --client-cert-auth \\
+  --listen-client-urls https://127.0.0.1:2379 \\
+  --advertise-client-urls https://127.0.0.1:2379 \\
+  --data-dir=/var/lib/etcd
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+#### Step 3: Start ETCD
+```sh
+systemctl start etcd
+```
+#### Step 4: Verify the status
+```sh
+systemctl status etcd
+```
+
+#### Step 5: Check ETCD Logs
+```sh
+journalctl -u etcd
+
+systemctl restart systemd-journald.service
+```

domain-1-cluster-setup/tmp-removed.md

@@ -0,0 +1,18 @@
+apiserver-secure-01.md
+
+#### Step 5 - Create a Secret:
+```sh
+kubectl create secret generic my-secret --from-literal=passphrase=topsecret --server http://localhost:8080
+```
+#### Step 6 - Check the contents from ETCD:
+```sh
+cd /root/certificates
+```
+```sh
+ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --insecure-skip-tls-verify  --insecure-transport=false --cert ./client.crt --key ./client.key get /registry/secrets/default/my-secret | hexdump -C
+```
+To verify the secret data directly from the etcd data store:
+```sh
+cd /var/lib/etcd
+grep -R "topsecret" .
+```