Skip to main content

Kubernetes2

 

Challenge 2

ConfigMaps:

Step-1: To create a ConfigMap named 'fresco-config' with the key-value pair SERVER_URL=https://www.fresco.me, use the following command: 

kubectl create configmap fresco-config --from-literal=SERVER_URL=https://www.fresco.me

To verify if the ConfigMap is created, use the following command:

kubectl get configmap fresco-config

Step-2: To create an nginx pod with the environmental variable SERVER_URL_ENV using the ConfigMap created earlier, use the following YAML template: 

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL

Deploy the above file you can name it deployment.yaml and use the command:

kubectl apply -f deployment.yaml

To test your configuration by executing the following command:

kubectl exec -it fresco-nginx-pod -- sh -c env | grep SERVER_URL_ENV
It should display: https://www.fresco.me
Secrets:

Step-1: To create a Secret fresco-secret with the username admin and password pass, use the following command:

kubectl create secret generic fresco-secret --from-literal=user=admin --from-literal=pass=pass

Step-2: To modify the above nginx pod to add the fresco-secret and mountPath: /etc/test, use the following YAML template:

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    volumeMounts:
      - name: test-volume
        mountPath: /etc/test
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL
  volumes:
  - name: test-volume
    secret:
      secretName: fresco-secret

To check if the pod and secret are successfully configured, use the following command:

kubectl exec -it fresco-nginx-pod -- sh -c "cat /etc/test/* | base64 -d"

It should display both the username and password.

Persistence Volume:

To create a PV named fresco-pv using the following parameters: storageClassName - manual, capacity - 100MB, accessMode - ReadWriteOnce, and hostPath - /tmp/fresco, use the following YAML template and create a file deploy-pv.yaml:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: fresco-pv
spec:
  capacity:
    storage: 100Mi
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  hostPath:
    path: /tmp/fresco

To apply use

kubectl apply -f deploy-pv.yaml

To create a PVC named fresco-pvc and request for 50MB, use the following YAML template name the file as deploy-pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: fresco-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi

deploy the pvc using command: 

kubectl apply -f deploy-pvc.yaml

To verify if the PVC is bound to fresco-pv, use the following command:

kubectl describe pvc fresco-pvc

If the output shows the Status as Bound,

RBAC

Create a user called "emp" and assign "read" rights on pods belonging to the "dev" namespace:

kubectl create user emp kubectl create rolebinding emp-read-pods --namespace dev --user emp --role view

Create the "dev" namespace:

kubectl create namespace dev

Generate a private key named "emp.key" using OpenSSL:

openssl genrsa -out emp.key 2048

Create a certificate signing request (CSR) named "emp.csr" using the private key generated earlier:

openssl req -new -key emp.key -out emp.csr -subj "/CN=emp/O=dev"

Create a new context named "dev-ctx" pointing to the "minikube" cluster, with the "emp" user and the "dev" namespace:

kubectl config set-context dev-ctx --cluster=minikube --user=emp --namespace=dev

Set the credentials for the "emp" user using the "emp.key" and "emp.crt" files:
bashCopy codekubectl config set-credentials emp --client-key=emp.key --client-certificate=emp.crt
  1. Create a role named "emp-role" with "get" and "list" access on pods and deployments within the "dev" namespace:
bashCopy codekubectl create role emp-role --verb=get,list --resource=pods,deployments --namespace=dev
  1. Bind the "emp" user to the "emp-role" role using a role binding named "emp-bind":
bashCopy codekubectl create rolebinding emp-bind --role=emp-role --user=emp --namespace=dev
  1. Deploy an NGINX pod under the "dev-ctx" and "dev" namespace:
bashCopy codekubectl --context=dev-ctx create deployment nginx --image=nginx --namespace=dev
  1. Verify that the NGINX pod is deployed:
bashCopy codekubectl --context=dev-ctx get pods -o wide

This should display the information about the NGINX pod, indicating that it is deployed successfully.

Labels:

Comments

Post a Comment

Popular posts from this blog

Mini-Projects for Docker, Docker Swarm

 Mini-Projects for Docker Challenge 1 Welcome to the Docker challenge, your task is to follow the below steps and complete them successfully. Step 1: Pull latest nginx image Step 2: Create a new bridge 'bridge_sample' Step 3: Run a couple of images (Cont1 and Cont2) and connect these to the new bridge created. Now try to ping from cont1 to cont2 to verify connectivity. Step 4: Stop containers Step 5: Remove network, containers, and images using docker commands Note: Execute "history -w" in the terminal before submitting the scenario. Before moving to Answers try to solve yourself... Let's get started... Step 1: Pull latest nginx image docker pull nginx:latest Step 2: Create a new bridge 'bridge_sample' docker network create bridge_sample Step 3: Run containers and connect them to the new bridge docker run -d --name Cont1 --network bridge_sample nginx:latest docker run -d --name Cont2 --netw...
Read more

Hands-on with Docker and Docker-Compose

  Hands-on with Docker & Docker-Compose (1) Create a "Dockerfile" inside the path "-/Desktop/Project/docker-docker-compose working-with-multiple-services/app", with base image "python:3.7" to dockerize the given Flask application "app.py" (2) Create another "Dockerfile" inside the path "-/Desktop/Project/docker-docker-compose-working-with-multiple-services/db", with base image "postgres" and configure the environment variables postgres user "abc", postgres password "abc@123", postgres db "postgres". (3) Create one more "Dockerfile" inside the path "-/Desktop/Project/docker-docker-compose-working-with-multiple-services/cache", with base image as "redis". (4) Create a "docker-compose.yml" file inside the path "-/Desktop/Project/docker-docker-compose-working-with-multiple-services" with the below specifications,      (4.1) Create three s...
Post a Comment
Read more