Skip to main content

Kubernetes2

 

Challenge 2

ConfigMaps:

Step-1: To create a ConfigMap named 'fresco-config' with the key-value pair SERVER_URL=https://www.fresco.me, use the following command: 

kubectl create configmap fresco-config --from-literal=SERVER_URL=https://www.fresco.me

To verify if the ConfigMap is created, use the following command:

kubectl get configmap fresco-config

Step-2: To create an nginx pod with the environmental variable SERVER_URL_ENV using the ConfigMap created earlier, use the following YAML template: 

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL

Deploy the above file you can name it deployment.yaml and use the command:

kubectl apply -f deployment.yaml

To test your configuration by executing the following command:

kubectl exec -it fresco-nginx-pod -- sh -c env | grep SERVER_URL_ENV
It should display: https://www.fresco.me
Secrets:

Step-1: To create a Secret fresco-secret with the username admin and password pass, use the following command:

kubectl create secret generic fresco-secret --from-literal=user=admin --from-literal=pass=pass

Step-2: To modify the above nginx pod to add the fresco-secret and mountPath: /etc/test, use the following YAML template:

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    volumeMounts:
      - name: test-volume
        mountPath: /etc/test
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL
  volumes:
  - name: test-volume
    secret:
      secretName: fresco-secret

To check if the pod and secret are successfully configured, use the following command:

kubectl exec -it fresco-nginx-pod -- sh -c "cat /etc/test/* | base64 -d"

It should display both the username and password.

Persistence Volume:

To create a PV named fresco-pv using the following parameters: storageClassName - manual, capacity - 100MB, accessMode - ReadWriteOnce, and hostPath - /tmp/fresco, use the following YAML template and create a file deploy-pv.yaml:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: fresco-pv
spec:
  capacity:
    storage: 100Mi
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  hostPath:
    path: /tmp/fresco

To apply use

kubectl apply -f deploy-pv.yaml

To create a PVC named fresco-pvc and request for 50MB, use the following YAML template name the file as deploy-pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: fresco-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi

deploy the pvc using command: 

kubectl apply -f deploy-pvc.yaml

To verify if the PVC is bound to fresco-pv, use the following command:

kubectl describe pvc fresco-pvc

If the output shows the Status as Bound,

RBAC

Create a user called "emp" and assign "read" rights on pods belonging to the "dev" namespace:

kubectl create user emp kubectl create rolebinding emp-read-pods --namespace dev --user emp --role view

Create the "dev" namespace:

kubectl create namespace dev

Generate a private key named "emp.key" using OpenSSL:

openssl genrsa -out emp.key 2048

Create a certificate signing request (CSR) named "emp.csr" using the private key generated earlier:

openssl req -new -key emp.key -out emp.csr -subj "/CN=emp/O=dev"

Create a new context named "dev-ctx" pointing to the "minikube" cluster, with the "emp" user and the "dev" namespace:

kubectl config set-context dev-ctx --cluster=minikube --user=emp --namespace=dev

Set the credentials for the "emp" user using the "emp.key" and "emp.crt" files:
bashCopy codekubectl config set-credentials emp --client-key=emp.key --client-certificate=emp.crt
  1. Create a role named "emp-role" with "get" and "list" access on pods and deployments within the "dev" namespace:
bashCopy codekubectl create role emp-role --verb=get,list --resource=pods,deployments --namespace=dev
  1. Bind the "emp" user to the "emp-role" role using a role binding named "emp-bind":
bashCopy codekubectl create rolebinding emp-bind --role=emp-role --user=emp --namespace=dev
  1. Deploy an NGINX pod under the "dev-ctx" and "dev" namespace:
bashCopy codekubectl --context=dev-ctx create deployment nginx --image=nginx --namespace=dev
  1. Verify that the NGINX pod is deployed:
bashCopy codekubectl --context=dev-ctx get pods -o wide

This should display the information about the NGINX pod, indicating that it is deployed successfully.

Labels:

Comments

Post a Comment

Popular posts from this blog

Kubernetes1

  Challenge 1 Welcome to the Kubernetes challenge, your task is to follow the below steps and complete them successfully. Environment Setup Check whether docker & minikube are properly installed and configured. Start Minikube and execute this command to sync host docker with minikube docker minikube -p minikube docker-env and eval $(minikube docker-env) Step-1 Create a pod object using kubectl run command with google's sample image: gcr.io/google-samples/kubernetes-bootcamp:v1 and expose it on port 8080, name the pod as firstapp. Check if the pod creation is successful by running the command: kubectl get pod firstapp Step-2 Expose the application to the local VM by creating a Service object of type NodePort. Check if the service is created by running the command: kubectl get svc firstapp Step-3 Create another deployment using a 'YAML' file, create a deployment.yaml file that contains information of the number of replicas and the images to be ...
Post a Comment
Read more

Docker + Docker Compose + Ansible

 Docker + Docker Compose + Ansible ----------------------------------------------------------------------------------------------------------------------------- Flask Application Deployment using Ansible roles and Docker-Compose 1. Run the "setup.sh" file given in the path to install the required dependencies before starting the challenge. 2. A Flask application named "app.py" is given in the path . 3. Create an Ansible role named "Installation" in the path "/etc/ansible/roles" to install docker-compose. 4. Write an Ansible playbook named "creation.yaml" in the path , to perform the following tasks: 1. Using "file" and "copy" modules, create a Multi-stage "Dockerfile" in the path to  - Dockerize the given Flask application with "python:alpine3.7" as its base image, using the given 'requirements.txt' file.  - Build an image using "postgres" as its base image. 2. Using ...
Post a Comment
Read more