Skip to main content

Kubernetes2

 

Challenge 2

ConfigMaps:

Step-1: To create a ConfigMap named 'fresco-config' with the key-value pair SERVER_URL=https://www.fresco.me, use the following command: 

kubectl create configmap fresco-config --from-literal=SERVER_URL=https://www.fresco.me

To verify if the ConfigMap is created, use the following command:

kubectl get configmap fresco-config

Step-2: To create an nginx pod with the environmental variable SERVER_URL_ENV using the ConfigMap created earlier, use the following YAML template: 

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL

Deploy the above file you can name it deployment.yaml and use the command:

kubectl apply -f deployment.yaml

To test your configuration by executing the following command:

kubectl exec -it fresco-nginx-pod -- sh -c env | grep SERVER_URL_ENV
It should display: https://www.fresco.me
Secrets:

Step-1: To create a Secret fresco-secret with the username admin and password pass, use the following command:

kubectl create secret generic fresco-secret --from-literal=user=admin --from-literal=pass=pass

Step-2: To modify the above nginx pod to add the fresco-secret and mountPath: /etc/test, use the following YAML template:

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    volumeMounts:
      - name: test-volume
        mountPath: /etc/test
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL
  volumes:
  - name: test-volume
    secret:
      secretName: fresco-secret

To check if the pod and secret are successfully configured, use the following command:

kubectl exec -it fresco-nginx-pod -- sh -c "cat /etc/test/* | base64 -d"

It should display both the username and password.

Persistence Volume:

To create a PV named fresco-pv using the following parameters: storageClassName - manual, capacity - 100MB, accessMode - ReadWriteOnce, and hostPath - /tmp/fresco, use the following YAML template and create a file deploy-pv.yaml:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: fresco-pv
spec:
  capacity:
    storage: 100Mi
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  hostPath:
    path: /tmp/fresco

To apply use

kubectl apply -f deploy-pv.yaml

To create a PVC named fresco-pvc and request for 50MB, use the following YAML template name the file as deploy-pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: fresco-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi

deploy the pvc using command: 

kubectl apply -f deploy-pvc.yaml

To verify if the PVC is bound to fresco-pv, use the following command:

kubectl describe pvc fresco-pvc

If the output shows the Status as Bound,

RBAC

Create a user called "emp" and assign "read" rights on pods belonging to the "dev" namespace:

kubectl create user emp kubectl create rolebinding emp-read-pods --namespace dev --user emp --role view

Create the "dev" namespace:

kubectl create namespace dev

Generate a private key named "emp.key" using OpenSSL:

openssl genrsa -out emp.key 2048

Create a certificate signing request (CSR) named "emp.csr" using the private key generated earlier:

openssl req -new -key emp.key -out emp.csr -subj "/CN=emp/O=dev"

Create a new context named "dev-ctx" pointing to the "minikube" cluster, with the "emp" user and the "dev" namespace:

kubectl config set-context dev-ctx --cluster=minikube --user=emp --namespace=dev

Set the credentials for the "emp" user using the "emp.key" and "emp.crt" files:
bashCopy codekubectl config set-credentials emp --client-key=emp.key --client-certificate=emp.crt
  1. Create a role named "emp-role" with "get" and "list" access on pods and deployments within the "dev" namespace:
bashCopy codekubectl create role emp-role --verb=get,list --resource=pods,deployments --namespace=dev
  1. Bind the "emp" user to the "emp-role" role using a role binding named "emp-bind":
bashCopy codekubectl create rolebinding emp-bind --role=emp-role --user=emp --namespace=dev
  1. Deploy an NGINX pod under the "dev-ctx" and "dev" namespace:
bashCopy codekubectl --context=dev-ctx create deployment nginx --image=nginx --namespace=dev
  1. Verify that the NGINX pod is deployed:
bashCopy codekubectl --context=dev-ctx get pods -o wide

This should display the information about the NGINX pod, indicating that it is deployed successfully.

Labels:

Comments

Post a Comment

Popular posts from this blog

Build Flask image using docker & docker-compose

 Build Flask Image using docker & docker-compose 1. Create a Dockerfile to build Flask image with Flask application, 'requirements.txt' and expose it in port 5000. 2. Create a 'docker-compose.json' file to create two services named 'python_web_app' and 'db_service' 3. The 'python_web_app' service  should be built from Dockerfile and specify the port as 5000 4. the 'db_service' should be built from image 'redis:alpine' 5. Add a volume to the 'python_web_app' service that mounts the current directory to the working directory inside the container and set the flask envireonment in debug mode. 6. Visit 'http:localhost:5000" to check weather the Flask application is running fine. The container name of 'python_web_app' service should be 'web_container' and container name of 'db_service' should be 'db_container' Here are the instructions for each of the tasks mentioned: Create a file na...
Post a Comment
Read more

Create & Dockerize a Flask app with Redis

  Create & Dockerize a Flask app with Redis For this project we would create everything from scratch. Section 1 : We would create the Flask app Section 2 : We would deploy the app as service, along with redis using docker and docker-compose. Section 1 Creating a flask app that returns the count number of times the page was visited. Create a  requirements.txt file, and paste the following dependency name Flask redis Import dependencies using pip install --no-cache-dir -r requirements.txt Create a  app.py file  from flask import Flask from redis import Redis app = Flask(__name__) redis = Redis(host='db_service', port=6379) @app.route('/') def hello():     visit_count = redis.incr('visit_count')     return f"Hello, this page has been visited {visit_count} times." if __name__ == '__main__':     app.run(host='0.0.0.0') We can test the app locally for this we need to: Install virtualenv if it's not already installed: sudo apt-get up...
Post a Comment
Read more