This tutorial shows you how to run Apache Cassandra on Kubernetes. Cassandra, a database, needs persistent storage to provide data durability (application state). In this example, a custom Cassandra seed provider lets the database discover new Cassandra instances as they join the Cassandra cluster. StatefulSets make it easier to deploy stateful applications into your Kubernetes cluster. For more information on the features used in this tutorial, see StatefulSet. Note:Cassandra and Kubernetes both use the term node to mean a member of a cluster.

This command initializes a new Kubernetes node and joins it to the existing cluster. Run this on any machine you wish to join an existing cluster Synopsis When joining a kubeadm initialized cluster, we need to establish bidirectional trust. This is split into discovery (having the Node trust the Kubernetes Control Plane) and TLS bootstrap (having the Kubernetes Control Plane trust the Node). There are 2 main schemes for discovery.

Production-Grade Container Orchestration

kubeadm certs provides utilities for managing certificates. For more details on how these commands can be used, see Certificate Management with kubeadm. kubeadm certs A collection of operations for operating Kubernetes certificates. overview Synopsis Commands related to handling Kubernetes certificates kubeadm certs [flags] Options -h, --help help for certs Options inherited from parent commands --rootfs string The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

Synopsis Approve a certificate signing request. kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requester with the attributes requested in the CSR. SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.

kubeadm reset phase enables you to invoke atomic steps of the node reset process. Hence, you can let kubeadm do some of the work and you can fill in the gaps if you wish to apply customization. kubeadm reset phase is consistent with the kubeadm reset workflow, and behind the scene both use the same code. kubeadm reset phase phase Synopsis Use this command to invoke single phase of the "reset" workflow

kubeadm join phase enables you to invoke atomic steps of the join process. Hence, you can let kubeadm do some of the work and you can fill in the gaps if you wish to apply customization. kubeadm join phase is consistent with the kubeadm join workflow, and behind the scene both use the same code. kubeadm join phase phase Synopsis Use this command to invoke single phase of the "join" workflow

Synopsis Deny a certificate signing request. kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requester. kubectl certificate deny (-f FILENAME | NAME) Examples # Deny CSR 'csr-sqgzp' kubectl certificate deny csr-sqgzp Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

Before you begin You must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.34 client can communicate with v1.33, v1.34, and v1.35 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. Install kubectl on macOS The following methods exist for installing kubectl on macOS: Install kubectl on macOS Install kubectl binary with curl on macOS Install with Homebrew on macOS Install with Macports on macOS Verify kubectl configuration Optional kubectl configurations and plugins Enable shell autocompletion Install kubectl convert plugin Install kubectl binary with curl on macOS Download the latest release:

This page provides an overview of controlling access to the Kubernetes API. Users access the Kubernetes API using kubectl, client libraries, or by making REST requests. Both human users and Kubernetes service accounts can be authorized for API access. When a request reaches the API, it goes through several stages, illustrated in the following diagram: Transport security By default, the Kubernetes API server listens on port 6443 on the first non-localhost network interface, protected by TLS.