-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathen.search-data.min.3a31e471ede2134a4a5d76a847cdeabd30416332600e1c825864541ca767d334.js
1 lines (1 loc) · 29.2 KB
/
en.search-data.min.3a31e471ede2134a4a5d76a847cdeabd30416332600e1c825864541ca767d334.js
1
'use strict';(function(){const indexCfg={cache:true};indexCfg.doc={id:'id',field:['title','content'],store:['title','href'],};const index=FlexSearch.create('balance',indexCfg);window.bookSearchIndex=index;index.add({'id':0,'href':'/documentation/','title':"Documentation",'content':"This is test content "});index.add({'id':1,'href':'/documentation/concepts/','title':"Concepts",'content':"Concepts "});index.add({'id':2,'href':'/documentation/concepts/managing-containers/','title':"Managing Containers",'content':"FoOo "});index.add({'id':3,'href':'/documentation/getting-started/','title':"Getting Started",'content':"Getting started This section includes some basic information of how to start using the project, how to download release binaries, what are the requirements etc.\n"});index.add({'id':4,'href':'/documentation/getting-started/installing/','title':"Installing",'content':"Installing Depending how you want to use Flexkube, you should see appropriate installing section:\n CLI for flexkube CLI users Terraform for Terraform users "});index.add({'id':5,'href':'/documentation/getting-started/installing/cli/','title':"Cli",'content':"Flexkube CLI Download the pre-built binary The easiest way to get Flexkube CLI\tis to use one of the pre-built release binaries which are available for macOS and Linux.\nSee Github Releases page for finding the latest available release.\nFor example, to download version v.0.2.2 on Linux, execute the following command:\nVERSION=v0.2.2 TODO It will download the flexkube binary into your current directory. It is recommende to move this binary into one of directories mentioned in your $PATH environment variable, e.g. to ~/.local/bin or /usr/local/bin, to make it easy to access.\nBuilding from source For building from source, make sure you have go and git binaries available in your system.\nUsing go get You can install Flexkube CLI from source using the following command:\ngo get github.com/flexkube/libflexkube/cmd/flexkube Once done, make sure your Go binary path is included in $PATH, so the binary is accessible for execution.\nUsing git and go build To build Flexkube CLI from source, first clone libflexkube repository. This can be done using the following command:\ngit clone https://github.com/flexkube/libflexkube.git \u0026amp;\u0026amp; cd libflexkube Then, to build Terraform Provider binary, run the following command:\ngo build ./cmd/flexkube It will build the flexkube binary into your current directory. It is recommende to move this binary into one of directories mentioned in your $PATH environment variable, e.g. to ~/.local/bin or /usr/local/bin, to make it easy to access.\n"});index.add({'id':6,'href':'/documentation/getting-started/installing/terraform/','title':"Terraform",'content':"Terraform provider Download the pre-built binary The easiest way to get Flexkube Terraform provider is to use one of the pre-built release binaries which are available for macOS and Linux.\nSee Github Releases page for finding the latest available release.\nFor example, to download version v.0.2.2 on Linux, execute the following command:\nVERSION=v0.2.2 wget -qO- https://github.com/flexkube/libflexkube/releases/download/$VERSION/terraform-provider-flexkube_$VERSION_linux_amd64.tar.gz | tar zxvf - terraform-provider-flexkube_$VERSION_x4 It will download the terraform-provider-flexkube binary into your current directory. If you have your Terraform code in the same directory, you can start using it right away, e.g. with terraform init command.\nIf you want the provider to be available in other directories, it is recommended to move the binary into ~/.terraform.d/plugins/ directory. This can be done using the following command:\nmkdir -p ~/.terraform.d/plugins/ \u0026amp;\u0026amp; mv terraform-provider-flexkube_v0.2.2_x4 ~/.terraform.d/plugins/ Building from source For building from source, make sure you have go and git binaries available in your system.\nUsing go get You can install Flexkube Terraform Provider from source using the following command:\ngo get github.com/flexkube/libflexkube/cmd/terraform-provider-flexkube Once done, it is recommended to move the binary into ~/.terraform.d/plugins/ directory to make it available for all Terraform environments:\nmkdir -p ~/.terraform.d/plugins/ \u0026amp;\u0026amp; mv $(go env GOPATH)/bin/terraform-provider-flexkube ~/.terraform.d/plugins/terraform-provider-flexkube_v0.2.2_x4 Using git and go build To build Terraform provider from source, first clone libflexkube repository. This can be done using the following command:\ngit clone https://github.com/flexkube/libflexkube.git \u0026amp;\u0026amp; cd libflexkube Then, to build Terraform Provider binary, run the following command:\ngo build ./cmd/terraform-provider-flexkube Once done, it is recommended to move the binary into ~/.terraform.d/plugins/ directory to make it available for all Terraform environments:\nmkdir -p ~/.terraform.d/plugins/ \u0026amp;\u0026amp; mv $(go env GOPATH)/bin/terraform-provider-flexkube ~/.terraform.d/plugins/terraform-provider-flexkube "});index.add({'id':7,'href':'/documentation/getting-started/requirements/','title':"Requirements",'content':"Requirements This section describes various requirements of Flexkube.\nIt is recommended to deploy Flexkube resources (e.g. etcd, kubelet) into dedicated machine, not into local host, as resources will write to some hosts locations like /etc/kubernetes, /var/lib/kubelet or /var/lib/etcd to persist the cluster state across updates. See TODO section to learn how to create VM for testing. Summary Short summary of the requirements for each machine where Kubernetes will be deployed:\n Minimum 2 GB of RAM SSH server configured (if deploying to remote machines) Internet access docker daemon installed and running Hardware requirements To create Kubernetes cluster using Flexkube, you need a machine with at least 2 GB of RAM for controller node and at least 1 GB of RAM for worker nodes.\nConnectivity Containers registry Machines which will be part of the cluster must have access to container registry from where the cluster component images will be pulled. By default public registries are used, so machines must have internet access.\nIf you re-configure the cluster to use images from private repository, internet access should not be required.\nSSH For deploying on remote machines, Flexkube use SSH tunnels to talk to container runtime on remote machine, so make sure SSH daemon is configured on them and is accessible from the host you will be deploying.\nIf you deploy only on local machine, SSH is not required.\nNetwork It is recommended, that all machines which are part of the cluster are connected using private network, to avoid exposing your cluster components to the internet.\nContainer runtime Flexkube runs all of Kubernetes controlplane components as containers, so container runtime must be installed and configured on the machines before deploying.\nAt the moment only Docker runtime is supported. In the future, support for more container runtime might be added.\n"});index.add({'id':8,'href':'/documentation/guides/','title':"Guides",'content':"Guides "});index.add({'id':9,'href':'/documentation/guides/creating-single-node-cluster-on-local-machine-using-flexkube-cli/','title':"Creating Single Node Cluster on Local Machine Using Flexkube Cli",'content':"Creating single-node cluster on local machine using \u0026ldquo;flexkube\u0026rdquo; CLI This guide describes how to create single node Kubernetes cluster using flexkube CLI. It will explain cluster creation process step by step to explain the configuration and provide some insights.\nFor fully automated creation, see Creating cluster with Terraform.\nRequirements For this guide, it is required to have one Linux machine, with Docker daemon installed and running.\nIt is recommended that machine has at least 2 GB of RAM and is a fresh machine, as in tutorial the tools will write to directories like /etc/kubernetes or /var/lib/kubelet without notice.\nThe Docker version should be 18.06+.\nNetwork interfaces setup is not important, however having a private IP address is recommended from security perspective.\n I don\u0026#39;t have such machine. ↕ If you don\u0026rsquo;t have such machine available, you can create it locally, using VirtualBox and Vagrant. Make sure you have both tools installed by following respective guides:\n Installing VirtualBox Installing Vagrant Once done, create file named Vagrantfile with following content:\nVagrant.configure(\u0026#34;2\u0026#34;) do |config| config.vm.box = \u0026#34;flatcar-stable\u0026#34; config.vm.box_url = \u0026#34;https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_vagrant.box\u0026#34; config.ssh.username = \u0026#39;core\u0026#39; config.vm.provider :virtualbox do |v| v.memory = 2048 end end Then, run the following commands to create and connect to the machine:\nvagrant up \u0026amp;\u0026amp; vagrant ssh Preparation Before we start creating a cluster, we need to gather some information and download required binaries.\nLog in into the machine where you want to deploy Kubernetes before proceeding.\nIP address for deployment To configure cluster components, you need to provide the IP address, which will be used by the cluster. You can find available IP addresses using e.g. ifconfig command.\nYou can try getting the IP address automatically using the following command:\nexport IP=$(ip addr show dev $(ip r | grep default | tr \u0026#39; \u0026#39; \\\\n | grep -A1 dev | tail -n1) | grep \u0026#39;inet \u0026#39; | awk \u0026#39;{print $2}\u0026#39; | cut -d/ -f1); echo $IP On VirtualBox, we can use 10.0.2.15 IP.\nSave the IP address for future use using the following command:\nexport IP=10.0.2.15 Selecting service CIDR and pod CIDR Kubernetes requires 2 network CIDRs to operate, one from each pod will receive the IP address and one for Service objects with type ClusterIP. While selecting the CIDRs, make sure they don\u0026rsquo;t overlap with each other and other networks your machine is connected to.\nOnce decided on CIDRs, we should also save 2 special IP addresses:\n kubernetes Service - This IP address will be used by pods which talk to Kubernetes API. It must be included in kube-apiserver server certificate IP addresses list. This must be first address of Service CIDR. So if your service CIDR is 11.0.0.0/24, it should be 11.0.0.1. DNS Service - This IP address will be used by cluster\u0026rsquo;s DNS service. This IP is usually 10th address of Service CIDR. So if your service CIDR is 11.0.0.0/24, it should be 11.0.0.10. With all this information gathered, you command like this to save this information for later use:\nexport POD_CIDR=10.0.0.0/24 export SERVICE_CIDR=11.0.0.0/24 export KUBERNETES_SERVICE_IP=11.0.0.1 export DNS_SERVICE_IP=11.0.0.10 Downloading flexkube binary Once logged in, execute the following command to download flexkube CLI binary into working directory. This is the binary, which will be used to create a cluster components.\nexport VERSION=v0.3.0 wget -O- https://github.com/flexkube/libflexkube/releases/download/${VERSION}/flexkube_${VERSION}_linux_amd64.tar.gz | tar zxvf - Downloading kubectl binary To verify that cluster is operational it is recommended to have kubectl binary available. You can install it using the following command:\ncurl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl \u0026amp;\u0026amp; chmod +x kubectl Downloading helm binary Parts of cluster provisioning is done using Helm 3 binary, when deploying the cluster using the flexkube CLI. You can install it using the following command:\nwget -O- https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz | tar -zxvf - linux-amd64/helm \u0026amp;\u0026amp; mv linux-amd64/helm ./ \u0026amp;\u0026amp; rmdir linux-amd64 Make downloaded binaries available in $PATH For compatibility with rest of the tutorial, you should make sure that downloaded binaries are in one of the directories in the $PATH environment variable.\nYou can also add working directory to the $PATH using the following command:\nexport PATH=\u0026#34;${PATH}:$(pwd)\u0026#34; Creating the cluster Now that you have all required binaries and information, we can start creating the cluster.\nCreating certificates First step to create a cluster is to generate all certificates required by Kubernetes. As this is not a trivial task to create and manage those certificates, Flexkube provides PKI resource, which does exactly that.\nBefore we create the certificates, we need to provide some configuration to tell PKI resource to create for you both etcd and Kubernetes certificates, as by default it only creates Root CA certificate.\nFor this guide, you can create configuration using the following command:\ncat \u0026lt;\u0026lt;EOF | sed \u0026#39;/^$/d\u0026#39; \u0026gt; config.yaml pki: etcd: clientCNs: - kube-apiserver peers: testing: ${IP} kubernetes: kubeAPIServer: serverIPs: - ${IP} - ${KUBERNETES_SERVICE_IP} EOF See PKI configuration reference to see all available configuration options. Once created, run the following command to generate the certificates:\nflexkube pki If everything succeeded, you should find many certificates in newly created state.yaml file.\nCreating etcd cluster Before we start Kubernetes containers, we need etcd cluster. Flexkube provides etcd resource to manage such clusters.\nTo create etcd cluster, we need to configure it\u0026rsquo;s members in config.yaml file. This can be done using the following:\ncat \u0026lt;\u0026lt;EOF \u0026gt;\u0026gt; config.yaml etcd: members: testing: peerAddress: ${IP} EOF See etcd configuration reference to see all available configuration options. Now, you can run the following command to create etcd cluster:\nflexkube etcd Once finished, you should see etcd container running, if you run docker ps.\nCreating static Kubernetes controlplane With etcd running, you can now create static Kubernetes controlplane. Static, before Flexkube recommend to run Kubernetes controlplane self-hosted, so managed using Kubernetes itself. However, before this can be done, temporary, or static controlplane is needed. And this is exactly what Controlplane resource provides.\nYou can configure it by running the following command:\ncat \u0026lt;\u0026lt;EOF \u0026gt;\u0026gt; config.yaml controlplane: apiServerAddress: ${IP} apiServerPort: 6443 kubeAPIServer: serviceCIDR: ${SERVICE_CIDR} etcdServers: - https://${IP}:2379 kubeControllerManager: flexVolumePluginDir: /var/lib/kubelet/volumeplugins EOF See Controlplane configuration reference to see all available configuration options. Make sure that serviceCIDR does not collide with any networks you have configured on your machine. Now, you can create Kubernetes controlplane using the following command:\nflexkube controlplane Execution can take a while, as Kubernetes docker images must be now pulled.\nOnce finished, you should see 3 new containers running when you run docker ps.\nGetting kubeconfig file To access the Kubernetes cluster, you need kubeconfig file. flexkube CLI provides flexkube kubeconfig command, which will read information about the cluster from configuration and state files and print it to you.\nTo generate kubeconfig file, run the following command:\nflexkube kubeconfig | tail -n +2 \u0026gt; kubeconfig kubeconfig file should be created.\nNow, you need to configure Kubernetes clients to use this file. This can be done using the following command:\nexport KUBECONFIG=$(pwd)/kubeconfig You can now run kubectl version to verify, that the cluster is accessible.\nAdding nodes to the cluster Having a cluster without nodes is not very useful. This section describes how to add nodes to your cluster.\nCreating TLS bootstrapping RBAC rules and bootstrap tokens Flexkube requires TLS bootstrapping process to be used while adding new nodes to the cluster. To enable that, extra RBAC rules must be created before nodes tries to join the cluster.\nThis step is handled by tls-bootstrapping helm chart, which creates RBAC rules and allows to create bootstrap tokens.\nFirst, we need to generate bootstrap token, which will be used in next steps. You can do it by running the following commands:\nexport TOKEN_ID=$(cat /dev/urandom | tr -dc \u0026#39;a-z0-9\u0026#39; | fold -w 6 | head -n 1) export TOKEN_SECRET=$(cat /dev/urandom | tr -dc \u0026#39;a-z0-9\u0026#39; | fold -w 16 | head -n 1) Then, install the chart to create RBAC rules and bootstrap token, by running this command:\nhelm upgrade --install -n kube-system tls-bootstrapping flexkube/tls-bootstrapping --set tokens[0].token-id=$TOKEN_ID --set tokens[0].token-secret=$TOKEN_SECRET Creating kubelet pool With Flexkube, kubelets are managed in pools by Kubelet Pool resource. This allows to group them to share the configuration. Usually clusters have one group called controllers with controlplane nodes and one or more worker pools, which might characterize with e.g. different hardware.\nFor this tutorial, we will just create single pool default.\nYou can configure this pool by running the following command:\ncat \u0026lt;\u0026lt;EOF \u0026gt;\u0026gt; config.yaml kubeletPools: default: bootstrapConfig: token: ${TOKEN_ID}.${TOKEN_SECRET} server: ${IP}:6443 adminConfig: server: ${IP}:6443 privilegedLabels: node-role.kubernetes.io/master: \u0026#34;\u0026#34; volumePluginDir: /var/lib/kubelet/volumeplugins kubelets: - name: testing address: ${IP} EOF Now, to create default pool, run the following command:\nflexkube kubelet-pool default Once finished, you should see that node testing has been added to the cluster by running kubectl get nodes.\nInstalling CNI, CoreDNS and other packages Now that you have cluster running with nodes, you need to install some extra packages to make the cluster fully functional.\nAdding helm repositories Before proceeding, make sure you have stable and flexkube Helm repositories configured, as it is the recommended source for installing the charts mentioned in next sections. You can add required repositories by running the following commands:\nhelm repo add stable https://kubernetes-charts.storage.googleapis.com/ helm repo add flexkube https://flexkube.github.io/charts/ Installing kube-proxy kube-proxy is not required for bare Kubernetes cluster, so it can be fully managed using Kubernetes itself.\nkube-proxy handles load balancing traffic to service CIDR in the cluster.\nTo install it, run the following command:\nhelm upgrade --install -n kube-system kube-proxy flexkube/kube-proxy --set \u0026#34;podCIDR=${POD_CIDR}\u0026#34; --set apiServers=\u0026#34;{${IP}:6443}\u0026#34; Installing Calico chart as CNI plugin While not necessarily required for this guide, as we only run one node, it is recommended to install some CNI plugin on the cluster, as without that, kubelet will stay in NotReady state.\nFlexkube recommends using Calico, as it works on variety of platforms and provides both CNI plugin and NetworkPolicies implementation. Flexkube also provides calico helm chart, so Calico can be installation can be easily configured and managed.\nTo install it, run the following command:\nhelm upgrade --install -n kube-system calico flexkube/calico --set flexVolumePluginDir=/var/lib/kubelet/volumeplugins --set podCIDR=$POD_CIDR We specify flexVolumePluginDir, as default path is on /usr partition, which is read-only in Flatcar Container Linux. Installing CoreDNS as Cluster DNS To provide DNS resolving for pods and service names it is recommended to run CoreDNS on your cluster. It can be installed from upstream Helm chart.\nTo install it, run the following command:\nhelm upgrade --install -n kube-system coredns stable/coredns --set rbac.pspEnable=true --set service.ClusterIP=$DNS_SERVICE_IP Installing kubelet-rubber-stamp As part of kubelet TLS bootstrapping process, kubelet requests serving certificate from Kubernetes API, to be able to use it for serving logs and metrics securely to kube-apiserver.\nAt the time of writing, kube-controller-manager does not approve those certificates and 3rd party controller needs to be used to automate this process. This is what kubelet-rubber-stamp does.\nIt can be installed by running the following command:\nhelm upgrade --install -n kube-system kubelet-rubber-stamp flexkube/kubelet-rubber-stamp Verifying cluster functionality Cleaning up To clean up the host, first, uninstall all helm releases, so kubelet removes all the pods. This can be done using the following command:\nhelm uninstall -n kube-system calico coredns kube-proxy kubelet-rubber-stamp tls-bootstrapping Then, rename or remove config.yaml file, so CLI will be able to clean up the resources. For example, execute:\nmv config.yaml config.yaml.old Now you can remove all containers managed by flexkube using following commands:\nflexkube kubelet-pool default flexkube controlplane flexkube etcd Finally, following directories can be removed as well:\nsudo rm -rf /etc/kubernetes/ /var/lib/etcd/ /var/lib/kubelet/ /var/lib/calico/ "});index.add({'id':10,'href':'/documentation/helm-charts/','title':"Helm Charts",'content':"Helm Charts Resources provided by Flexkube only allow to run minimal Kubernetes cluster, without many essential services like kube-proxy, CoreDNS or Network Plugin. However, those processes can be easily managed using Kubernetes itself, which allows to manage them as any other Kubernetes workload.\nIt is also recommended to run Kubernetes control plane components (kube-apiserver, kube-scheduler etc.) as Kubernetes workloads, as this allows easy integration with metrics collection, centralized logging, auto-scaling etc.\nThe recommended way of installing remaining components is trough helm 3.x, which no longer require Tiller for operating. This allows installing Helm charts directly into the Kubernetes temporary control plane.\nUpstream charts Following charts can be used directly from upstream and it is recommended to install them on every cluster:\n coredns - provides Cluster DNS service metrics-server - provides API for Pods and Nodes metrics, which is required by kubectl top command and auto-scaling Those charts can be installed from the stable repository e.g. using the following command:\nhelm repo add stable https://kubernetes-charts.storage.googleapis.com/ \u0026amp;\u0026amp; \\ helm install -n kube-system coredns stable/coredns Flexkube charts For the charts, which are not available in upstream projects, Flexkube maintains it\u0026rsquo;s own charts and provides user a repository, from where the charts can be deployed. Here is the list of charts provided by Flexkube:\n kubernetes - provides kube-proxy, kube-scheduler, kube-controller-manager, extra roles etc. kube-apiserver - provides kube-apiserver, separately from other Kubernetes components to be able to enforce Kubernetes version skew policy calico - provides Calico CNI kubelet-rubber-stamp - provides daemon, which approves Kubelet serving certificates, which is not done by kube-controller-manager as for other Kubelet certificates Those charts can be installed from the flexkube repository e.g. using the following command:\nhelm repo add flexkube https://flexkube.github.io/charts/ \u0026amp;\u0026amp; \\ helm install -n kube-system calico flexkube/calico "});index.add({'id':11,'href':'/documentation/overview/','title':"Overview",'content':"Overview "});index.add({'id':12,'href':'/documentation/reference/','title':"Reference",'content':"Reference This section includes the reference documentation for the Flexkube Go API, Terraform provider, CLI and configuration options.\n"});index.add({'id':13,'href':'/documentation/reference/cli/','title':"Cli",'content':"Flexkube CLI (flexkube) This section includes the reference documentation for the Flexkube CLI (flexkube), it\u0026rsquo;s subcommands and flags and configuration syntax and options.\n"});index.add({'id':14,'href':'/documentation/reference/go/','title':"Go",'content':"Go For Go language reference documentation, see https://godoc.org/github.com/flexkube/libflexkube.\n"});index.add({'id':15,'href':'/documentation/reference/terraform/','title':"Terraform",'content':"Terraform This page contains reference documentation for all Terraform resources provided by Flexkube.\n"});index.add({'id':16,'href':'/documentation/reference/terraform/flexkube-provider/','title':"Flexkube Provider",'content':"Flexkube Provider The Flexkube (flexkube) provider is used to interact with the resources supported by libflexkube. The provider itself do not require any configuration.\nUse the navigation to the left to read about the available resources.\nExample Usage provider \u0026#34;flexkube\u0026#34; {} "});index.add({'id':17,'href':'/documentation/reference/terraform/resources/','title':"Resources",'content':"Resources Here is the list of all Terraform resources provided by Flexkube provider.\n"});index.add({'id':18,'href':'/documentation/reference/terraform/resources/flexkube_api_loadbalancer_pool/','title':"Flexkube Api Loadbalancer Pool",'content':""});index.add({'id':19,'href':'/documentation/reference/terraform/resources/flexkube_controlplane/','title':"Flexkube Controlplane",'content':"flexkube_controlplane "});index.add({'id':20,'href':'/documentation/reference/terraform/resources/flexkube_etcd_cluster/','title':"Flexkube Etcd Cluster",'content':"flexkube_etcd_cluster "});index.add({'id':21,'href':'/documentation/reference/terraform/resources/flexkube_helm_release/','title':"Flexkube Helm Release",'content':"flexkube_helm_release "});index.add({'id':22,'href':'/documentation/reference/terraform/resources/flexkube_kubelet_pool/','title':"Flexkube Kubelet Pool",'content':"flexkube_kubelet_pool "});index.add({'id':23,'href':'/documentation/reference/terraform/resources/flexkube_pki/','title':"Flexkube Pki",'content':"flexkube_pki "});index.add({'id':24,'href':'/documentation/resources/','title':"Resources",'content':"Resources This section describes all resources, which can be managed using Flexkube.\n"});index.add({'id':25,'href':'/documentation/resources/api-loadbalancer/','title':"Api Loadbalancer",'content':""});index.add({'id':26,'href':'/documentation/resources/controlplane/','title':"Controlplane",'content':""});index.add({'id':27,'href':'/documentation/resources/etcd/','title':"Etcd",'content':"etcd "});index.add({'id':28,'href':'/documentation/resources/kubelet-pool/','title':"Kubelet Pool",'content':""});index.add({'id':29,'href':'/documentation/resources/pki/','title':"Pki",'content':"PKI PKI (Public Key Infrastructure) resource is responsible for generating all X.509 certificates and RSA key pairs which are required by Kubernetes cluster. Kubernetes requires several certificates to be generated, with specific CNs, different CAs etc, which is difficult to manage, so Flexkube provides configurable and convenient interface to manage them.\nAll certificates are generated by following Kubernetes PKI certificates and requirements best practices.\nCurrent implementation of PKI is experimental and only supports generating the certificates. Renewing the certificates or changing certificate properties is currently not implemented. Example configuration: CLI To generate the certificates using flexkube CLI, create the following config.yaml file:\npki: certificate: organization: \u0026#34;example\u0026#34; etcd: peers: controller01: \u0026#34;192.168.1.10\u0026#34; clientCNs: - \u0026#34;root\u0026#34; - \u0026#34;kube-apiserver\u0026#34; - \u0026#34;prometheus\u0026#34; kubernetes: kubeAPIServer: externalNames: \u0026#34;kube-apiserver.example.com\u0026#34; serverIPs: - \u0026#34;192.168.1.10\u0026#34; Then, run the following command:\nflexkube pki If the configuration is correct, PKI will be created in state.yaml file.\nGo To generate Kubernetes PKI using Go, for example create file main.go with following content:\npackage main import ( \u0026#34;fmt\u0026#34; \u0026#34;github.com/flexkube/libflexkube/pkg/pki\u0026#34; ) func main() { p := \u0026amp;pki.PKI{ Certificate: pki.Certificate{ Organization: \u0026#34;example\u0026#34;, }, Etcd: \u0026amp;pki.Etcd{ Peers: map[string]string{ \u0026#34;controller01\u0026#34;: \u0026#34;192.168.1.10\u0026#34;, }, ClientCNs: []string{ \u0026#34;root\u0026#34;, \u0026#34;kube-apiserver\u0026#34;, \u0026#34;prometheus\u0026#34;, }, }, Kubernetes: \u0026amp;pki.Kubernetes{ KubeAPIServer: \u0026amp;pki.KubeAPIServer{ ExternalNames: []string{\u0026#34;kube-apiserver.example.com\u0026#34;}, ServerIPs: []string{\u0026#34;192.168.1.10\u0026#34;}, }, }, } p.Generate() fmt.Printf(\u0026#34;%+v\u0026#34;, p) } Then run the following command:\ngo run main.go If everything went successfully, you should get all generated certificates with their properties printed. Please not, that it is up to the user to persist generated certificates when using Go interface.\nTerraform To create Kubernetes PKI using Terraform, create main.tf file with the following content:\nresource \u0026#34;flexkube_pki\u0026#34; \u0026#34;pki\u0026#34; { certificate { organization = \u0026#34;example\u0026#34; } etcd { peers = { \u0026#34;controller01\u0026#34; = \u0026#34;192.168.1.10\u0026#34; } client_cns = [ \u0026#34;root\u0026#34;, \u0026#34;kube-apiserver\u0026#34;, \u0026#34;prometheus\u0026#34;, ] } kubernetes { kube_api_server { external_names = [\u0026#34;kube-apiserver.example.com\u0026#34;] server_ips = [\u0026#34;192.168.1.10\u0026#34;] } } } output \u0026#34;kubernetes_ca\u0026#34; { value = flexkube_pki.pki.kubernetes[0].ca[0].x509_certificate } Then, run following commands:\nterraform init \u0026amp;\u0026amp; terraform apply If everything went successfully, you should see Kubernetes CA certificate in PEM format printed as Terraform output.\nTo see all available parameters, see flexkube_pki page in Reference section.\n "});})();