The 2022 IT Salary & Skills Survey is now open, and you can participate!<\/strong> <\/span><\/p>

This survey is one of the largest studies of IT salary, skills, and certifications. It\u2019s the backbone of Skillsoft\u2019s annual IT Skills and Salary Report, which shares detailed insights on skills and certifications, compensation, skills gaps and challenges, and more for IT professionals at every stage of their career.<\/span><\/p>

The survey typically takes 10-15 minutes to complete. You can bookmark your progress and pick up where you left off within one week of starting the survey. It\u2019s also completely anonymous. Skillsoft doesn\u2019t sell the data or share it with others.\u00a0<\/p>

Participating in the survey is a great way to share how Nutanix certification and training has impacted your career. <\/span>Plus, anyone who completes the survey can enter to win a $100 gift card! <\/em><\/p>

Take the survey today!<\/strong><\/a><\/h3>

\u00a0<\/p>

This article was written by Karlie Beil, Customer Marketing Specialist.\u00a0<\/p><\/div><\/div><\/div><\/div><\/div><\/section>

\u00a0<\/p>

\u00a9\ufe0f\ufe0f\ufe0f\ufe0f\ufe0f\ufe0f 2022 Nutanix, Inc. \u00a0All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.<\/p>","id":40862,"featuredImage":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/1b5db37d-c54b-4002-8bee-065c799897b2_thumb.png","label":"Blog","replyCount":0,"views":228,"post":{"id":61075,"author":{"id":113632,"url":"\/members\/karlie-beil-113632","name":"Karlie Beil","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/1581aab3-bcf6-49f4-b2fb-3d11e8c010dc.png","userTitle":"Community Manager","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Community Manager","color":"#0873ba"},"userLevel":2},"content":"

The 2022 IT Salary & Skills Survey is now open, and you can participate!<\/strong> <\/span><\/p>

This survey is one of the largest studies of IT salary, skills, and certifications. It\u2019s the backbone of Skillsoft\u2019s annual IT Skills and Salary Report, which shares detailed insights on skills and certifications, compensation, skills gaps and challenges, and more for IT professionals at every stage of their career.<\/span><\/p>

The survey typically takes 10-15 minutes to complete. You can bookmark your progress and pick up where you left off within one week of starting the survey. It\u2019s also completely anonymous. Skillsoft doesn\u2019t sell the data or share it with others.\u00a0<\/p>

Participating in the survey is a great way to share how Nutanix certification and training has impacted your career. <\/span>Plus, anyone who completes the survey can enter to win a $100 gift card! <\/em><\/p>

Take the survey today!<\/strong><\/a><\/h3>

\u00a0<\/p>

This article was written by Karlie Beil, Customer Marketing Specialist.\u00a0<\/p><\/div><\/div><\/div><\/div><\/div><\/section>

\u00a0<\/p>

\u00a9\ufe0f\ufe0f\ufe0f\ufe0f\ufe0f\ufe0f 2022 Nutanix, Inc. \u00a0All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.<\/p>","url":"\/education-blog-153\/add-your-voice-to-the-it-skills-and-salary-survey-40862?postid=61075#post61075","creationDate":"2022-05-12T20:00:15+0000","relativeCreationDate":"1 month ago"},"contentType":"article","type":3,"likes":0,"hasCurrentUserLiked":false},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">

解决了

Karbon CSR请求陷入批准状态

  • 2020年10月8日
  • 9回复
  • 716意见
k
徽章

您好,在新部署后,我下载了Kubeconfig并试图批准证书签名请求(CSR)后,CSR只是处于批准的状态,但从未发行。我可能不熟悉默认的kubernetes- 用户是否有限制或其他内容?这或我的过程是错误的,它只是处于批准状态的奇怪之处。任何帮助都将受到赞赏!

图标

最好的答案vshuguet2020年10月12日,14:25

Karbon Clusters (currently, working on it, depends on other parts of the platform too) doesn\u2019t support certificate based authentication. We do support user-based token authentication as explained above (even with directory users, thanks to our integrated auth in Prism Central).<\/p>

We also support ServiceAccounts if you need longer\/persistant token over 24h (for example to integrate with your CI\/CD pipeline). In fact we haven\u2019t changed anything related to token based authentication, we just added a \u201chook\u201d to also enable us to auth users via Prism Central. That way, the \u201cbrowsing account\u201d credentials (the account used to check on the Directory if the credentials supplied by the user\u00a0are correct) aren\u2019t anywhere on the Kubernetes clusters, and are instead centrally managed inside Prism Central.<\/p>

We simply have not enabled Certificate Based authentication (or any kind of certificate issuance) in the Kubernetes clusters, until the platform is able to provide us with a secure source of certificates (as I said, working on it).<\/p>","className":"post__content__best_answer"}">

查看原件
Hello, After a new deployment, I downloaded the kubeconfig and upon trying to approve a Certificate Signing Request (CSR), the csr just sits in an approved state, but never becomes Issued. Is there a restriction or something on the default-kubernetes-<clustername> user that I might not be familiar with? That or maybe my process is wrong, its odd that it just sits in an Approved state. Any help is appreciated!<\/p>","quoteUsername":"Keith33","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
该主题已关闭以供评论

9回复

Mikkisse
UserLevel 3
徽章 +3

当计划使用证书作为身份验证方法时,面临同一问题,但没有解决。

现在,我正在使用Prism Central用户进行身份验证,K8S RBAC。这对我来说是最简单,最灵活的方式。

Faced same issue when planned to use certificates as authentication method but didn\u2019t solwed it.\u00a0<\/p>

Now I\u2019m using Prism Central users to authenticate, and k8s RBAC. This\u00a0is the most easy and flexible way for me.\u00a0<\/p>","quoteUsername":"mikkisse","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

k
徽章

感谢您的快速回复 @mikkisse

我不相信我对PC用户和K8S RBAC的集成不熟悉。我想在写这篇文章之前,我在搜索之前就看到了博客或帖子,所以让我看看是否可以回去找到它。很高兴理解为什么我们俩都遇到了同一问题。诚然,我不是证书的专家,所以我不知道问题可能在哪里。

Thanks for the quick reply\u00a0@mikkisse<\/user-mention>\u00a0<\/p>

I don\u2019t believe I am familiar with the integration of PC Users and k8s RBAC. I think I saw a blog or post on that while I was searching before I wrote this so let me see if I can go back and find it. Would be nice to understand why we both hit the same issue. Admittedly, I am not an expert with certificates so I don\u2019t know where the issue might lie.\u00a0<\/p>","quoteUsername":"Keith33","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

Mikkisse
UserLevel 3
徽章 +3

我在博客中写了关于T的文章。它是在俄语中,但您可以翻译它:连接到使用Nutanix Karbon部署的Kubernetes群集。自动化kubeconfig文件请求过程

k
徽章

谢谢,

我只是经历了那个。虽然我可以击中karbon URL并使用我在Prism Central中映射为用户管理员的广告用户名登录,但它为群集下载的Kubeconfig文件仍然只是说Default-user- - 这是否应该是我的用户名?我在网上找到了一个帖子,该帖子与证书有关的人遇到了相同的问题,他们添加了这一点:

我有类似的问题。当我检查以下命令时:

Kubectl获得SVC

CSR的状况似乎已获得批准,但未获得。知道如何解决吗?

[更新]我发现了这个问题。这是因为Kube-Controller-Manager错过了以下选项:

- 集群签名文件和 - 群体签名 - 钥匙文件

我可以在主节点上找到kube-aperver.yaml,该节点似乎在其中包含了控制器的配置,并且这些选项不在其中。但是,我不确定将它们指向测试是什么,因为那时我已经掌握了证书。有什么想法,为什么我的用户名可能不会在下载的kubeconfig文件中显示?我在PC中映射的用户名与我在K8S中创建的群集匹配。他们是广告用户,但是该域已在每种配置中都排除在用户名中,因此它们匹配。

谢谢!顺便说一句,写得很好!

Thanks,\u00a0<\/p>

I just went through that. While I can hit the Karbon URL and login with my AD username that I mapped in prism central as a User Admin, the kubeconfig file it downloads for the cluster still just says default-user-<clustername> - should that be my username instead? I found a post online where the person had the same issues as we did around certs and they added this:<\/p>

I got similar problem. When I check with the following command:<\/em><\/p>

kubectl get svc<\/em><\/p>

It seems that the status of the csr is approved, but not issued. Any idea how to fix it?<\/em><\/p>

[Updated] I found the problem. It is because the kube-controller-manager missed these options:<\/em><\/p>

--cluster-signing-cert-file and --cluster-signing-key-file<\/em><\/p>

I could find the kube-apiserver.yaml on the master node which seemed to have the config in there for the controller and those options weren\u2019t in there. However, I am not sure what to point them to as a test since I\u2019m over my head at that point with certificates. Any thoughts to why my username might not be showing in the downloaded kubeconfig file? The username I mapped in PC matches the clusterrolebinding I created in K8S. They are AD users, but the domain has been left off of the username in each configuration so they match.<\/p>

Thanks! Nicely written blog by the way!<\/p>","quoteUsername":"Keith33","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

vshuguet
秩
Userlevel 1
徽章 +4

@keith33,,,,

您的用户名实际上是在您的令牌中编码的,因此不用担心,Karbon/PC会在您的背景下为您处理。

只要您与广告用户一起登录PC,您从那里下载的Kubeconfig确实是“您自己的”并代表您自己的用户。您可以使用(例如)“ Whoami”插件克鲁

√[shuguet @ mac:〜]%ssh pcvm karbonctl cluster kubeconfig -cluster-name shu-prod-calico>〜/.kube/config
√[shuguet @ mac:〜]%kubectl获取节点
名称状态角色年龄版本
karbon-shu-prod-calico-a35db6-k8s-master-0准备大师35d v1.16.13
karbon-shu-prod-calico-a35db6-k8s-master-1准备大师35d v1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-0准备节点35D v1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-1 Ready节点35D V1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-2 Ready节点35D V1.16.13
√[shuguet @ mac:〜]%kubectl whoami
shu@karbondemo.local

产品经理-Karbon Clusters&Kubernetes @ nutanix
Hey\u00a0@Keith33<\/user-mention>\u00a0,<\/p>

Your username is actually encoded in your token, so don\u2019t worry about that part, Karbon\/PC will take care of that in the background for you.<\/p>

As long as you are logged into PC with your AD user, the Kubeconfig you download from there is indeed \u201cyour own\u201d and represent your own user. You can check that using (for example) the \u201cwhoami\u201d plugin<\/a> from Krew<\/a><\/p>

\u221a [shuguet @ mac:~] % ssh pcvm karbonctl cluster kubeconfig --cluster-name shu-prod-calico > ~\/.kube\/config
\u221a [shuguet @ mac:~] % kubectl get nodes
NAME                                         STATUS   ROLES    AGE   VERSION
karbon-shu-prod-calico-a35db6-k8s-master-0   Ready    master   35d   v1.16.13
karbon-shu-prod-calico-a35db6-k8s-master-1   Ready    master   35d   v1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-0   Ready    node     35d   v1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-1   Ready    node     35d   v1.16.13
karbon-shu-prod-calico-a35db6-k8s-worker-2   Ready    node     35d   v1.16.13
\u221a [shuguet @ mac:~] % kubectl whoami             
shu@karbondemo.local<\/code><\/pre>
\u00a0<\/p>","quoteUsername":"vshuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
Mikkisse
UserLevel 3
徽章 +3

@vshuguet因此,批准的证书且从未签发状态,在karbon部署中还可以吗?

Hey @vshuguet<\/user-mention>\u00a0so certificates in approved and never issued state it\u2019s ok in Karbon deployments?\u00a0<\/p>","quoteUsername":"mikkisse","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
k
徽章

谢谢 @vshuguet。这样可行。

我最初的需求是弄清楚我们如何获得CSR的批准 - Karbon会这样做吗?

我想做的就是设置基于证书的用户访问:Kubernetes提示:通过客户证书访问您的群集

但是,我无法超越CSR部分,因为它永远不会发行,因此我永远看不到客户端证书。我在这里的最终目标(我可能对证书的精明程度不足)是通过证书允许远程身份验证到karbon群集。

vshuguet
秩
Userlevel 1
徽章 +4

Karbon Clusters(目前,在此方面也取决于平台的其他部分)不支持基于证书的身份验证。如上所述,我们确实支持基于用户的令牌身份验证(即使是目录用户,这要归功于我们在Prism Central中的集成验证)。

如果您需要超过24小时以上(例如,与CI/CD管道集成),我们还支持ServiceAccounts。实际上,我们没有更改与基于令牌的身份验证相关的任何内容,我们只是添加了一个“钩子”,也使我们能够通过Prism Central验证用户。这样,“浏览帐户”凭据(如果用户提供的凭据正确,用于检查目录的帐户)就不在Kubernetes群集上的任何地方,而是在Prism Central中进行集中管理。

我们根本没有在Kubernetes群集中启用基于证书的身份验证(或任何类型的证书发行),直到平台能够为我们提供安全的证书来源(正如我所说,正在努力)。

产品经理-Karbon Clusters&Kubernetes @ nutanix
Karbon Clusters (currently, working on it, depends on other parts of the platform too) doesn\u2019t support certificate based authentication. We do support user-based token authentication as explained above (even with directory users, thanks to our integrated auth in Prism Central).<\/p>

We also support ServiceAccounts if you need longer\/persistant token over 24h (for example to integrate with your CI\/CD pipeline). In fact we haven\u2019t changed anything related to token based authentication, we just added a \u201chook\u201d to also enable us to auth users via Prism Central. That way, the \u201cbrowsing account\u201d credentials (the account used to check on the Directory if the credentials supplied by the user\u00a0are correct) aren\u2019t anywhere on the Kubernetes clusters, and are instead centrally managed inside Prism Central.<\/p>

We simply have not enabled Certificate Based authentication (or any kind of certificate issuance) in the Kubernetes clusters, until the platform is able to provide us with a secure source of certificates (as I said, working on it).<\/p>","quoteUsername":"vshuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

k
徽章

谢谢 @vshuguet

这是我想确认的信息。我可以让服务帐户和携带者令牌工作。这是我想测试的基于证书的身份验证,但是由于不支持它,这将表明为什么我能够批准请求但看不到发出的任何内容。

谢谢你们的所有答复。在这里了解PC挂钩非常有价值。

谢谢!

Thanks @vshuguet<\/user-mention>\u00a0<\/p>

This is the info I was looking to confirm. I can get things working with the service accounts and bearer tokens. It was the certificate-based authentication I was looking to test out, but since it isn\u2019t supported, this would indicate why I am able to approve a request but not see anything issued.\u00a0<\/p>

Thank you both for all the replies. Understanding the PC hook was very valuable here.\u00a0<\/p>

Thanks!<\/p>","quoteUsername":"Keith33","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">

Baidu