- Configure
kube-controller-manager
, which runs the different controller processes. - The ServiceAccount admission controller is now enabled.
- Default service accounts and their tokens are created by the Service Account controller process.
kube-controller-manager
is configured with a key to sign Service Account tokens.
- A Deployment definition is now used instead of a Pod.
- The control plane components will create the corresponding Replica Set and Pods.
- No need to tolerate taints anymore, since the control plane is complete.
- Start the VM and wait for the configuration. Then SSH into it.
vagrant up vagrant ssh
- Check that
etcd
,kube-apiserver
,kube-scheduler
andkube-controller-manager
are running as Docker containers.docker ps
- Check that there is a
default
service account and that it has one secret (its token).- This means that
kube-controller-manager
detected that there was nodefault
service account and created it. - Actually, the
serviceaccount
controller created the service account and theserviceaccount-token
controller created the token/secret.
kubectl get sa
- This means that
- Create the test Deployment using
kubectl
and check that the 2 Pods are running. It may take a while for containers to be created due to image downloads.- This means that
kube-controller-manager
picked up the new Deployment and created the Replica Set and the Pods (this is actually done by thedeployment
,replicaset
andreplication
controllers). - Then
kube-scheduler
picked up the pods and assigned a node to them.
kubectl apply -f deployment.yaml kubectl get deployments kubectl get replicasets kubectl get pods docker ps
- This means that
- Change the number of replicas to 1 in the Deployment and update it.
sed 's/^ replicas:.*/ replicas: 1/' deployment.yaml > deployment-1-replica.yaml kubectl apply -f deployment-1-replica.yaml kubectl get deployments kubectl get pods
- Close the SSH connection and destroy the VM
logout vagrant destroy -f