|
1 | 1 | --- |
2 | | -title: "Cluster Administration" |
| 2 | +title: Cluster Administration |
| 3 | +reviewers: |
| 4 | +- davidopp |
| 5 | +- lavalamp |
3 | 6 | weight: 100 |
| 7 | +content_type: concept |
4 | 8 | description: > |
5 | 9 | Lower-level detail relevant to creating or administering a Kubernetes cluster. |
6 | 10 | --- |
7 | 11 |
|
| 12 | +<!-- overview --> |
| 13 | +The cluster administration overview is for anyone creating or administering a Kubernetes cluster. |
| 14 | +It assumes some familiarity with core Kubernetes [concepts](/docs/concepts/). |
| 15 | + |
| 16 | + |
| 17 | +<!-- body --> |
| 18 | +## Planning a cluster |
| 19 | + |
| 20 | +See the guides in [Setup](/docs/setup/) for examples of how to plan, set up, and configure Kubernetes clusters. The solutions listed in this article are called *distros*. |
| 21 | + |
| 22 | +Before choosing a guide, here are some considerations: |
| 23 | + |
| 24 | + - Do you just want to try out Kubernetes on your computer, or do you want to build a high-availability, multi-node cluster? Choose distros best suited for your needs. |
| 25 | + - Will you be using **a hosted Kubernetes cluster**, such as [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/), or **hosting your own cluster**? |
| 26 | + - Will your cluster be **on-premises**, or **in the cloud (IaaS)**? Kubernetes does not directly support hybrid clusters. Instead, you can set up multiple clusters. |
| 27 | + - **If you are configuring Kubernetes on-premises**, consider which [networking model](/docs/concepts/cluster-administration/networking/) fits best. |
| 28 | + - Will you be running Kubernetes on **"bare metal" hardware** or on **virtual machines (VMs)**? |
| 29 | + - Do you **just want to run a cluster**, or do you expect to do **active development of Kubernetes project code**? If the |
| 30 | + latter, choose an actively-developed distro. Some distros only use binary releases, but |
| 31 | + offer a greater variety of choices. |
| 32 | + - Familiarize yourself with the [components](/docs/admin/cluster-components/) needed to run a cluster. |
| 33 | + |
| 34 | +Note: Not all distros are actively maintained. Choose distros which have been tested with a recent version of Kubernetes. |
| 35 | + |
| 36 | +## Managing a cluster |
| 37 | + |
| 38 | +* [Managing a cluster](/docs/tasks/administer-cluster/cluster-management/) describes several topics related to the lifecycle of a cluster: creating a new cluster, upgrading your cluster’s master and worker nodes, performing node maintenance (e.g. kernel upgrades), and upgrading the Kubernetes API version of a running cluster. |
| 39 | + |
| 40 | +* Learn how to [manage nodes](/docs/concepts/nodes/node/). |
| 41 | + |
| 42 | +* Learn how to set up and manage the [resource quota](/docs/concepts/policy/resource-quotas/) for shared clusters. |
| 43 | + |
| 44 | +## Securing a cluster |
| 45 | + |
| 46 | +* [Certificates](/docs/concepts/cluster-administration/certificates/) describes the steps to generate certificates using different tool chains. |
| 47 | + |
| 48 | +* [Kubernetes Container Environment](/docs/concepts/containers/container-environment/) describes the environment for Kubelet managed containers on a Kubernetes node. |
| 49 | + |
| 50 | +* [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/) describes how to set up permissions for users and service accounts. |
| 51 | + |
| 52 | +* [Authenticating](/docs/reference/access-authn-authz/authentication/) explains authentication in Kubernetes, including the various authentication options. |
| 53 | + |
| 54 | +* [Authorization](/docs/reference/access-authn-authz/authorization/) is separate from authentication, and controls how HTTP calls are handled. |
| 55 | + |
| 56 | +* [Using Admission Controllers](/docs/reference/access-authn-authz/admission-controllers/) explains plug-ins which intercepts requests to the Kubernetes API server after authentication and authorization. |
| 57 | + |
| 58 | +* [Using Sysctls in a Kubernetes Cluster](/docs/concepts/cluster-administration/sysctl-cluster/) describes to an administrator how to use the `sysctl` command-line tool to set kernel parameters . |
| 59 | + |
| 60 | +* [Auditing](/docs/tasks/debug-application-cluster/audit/) describes how to interact with Kubernetes' audit logs. |
| 61 | + |
| 62 | +### Securing the kubelet |
| 63 | + * [Master-Node communication](/docs/concepts/architecture/master-node-communication/) |
| 64 | + * [TLS bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/) |
| 65 | + * [Kubelet authentication/authorization](/docs/admin/kubelet-authentication-authorization/) |
| 66 | + |
| 67 | +## Optional Cluster Services |
| 68 | + |
| 69 | +* [DNS Integration](/docs/concepts/services-networking/dns-pod-service/) describes how to resolve a DNS name directly to a Kubernetes service. |
| 70 | + |
| 71 | +* [Logging and Monitoring Cluster Activity](/docs/concepts/cluster-administration/logging/) explains how logging in Kubernetes works and how to implement it. |
0 commit comments