Skip to main content

Kubernetes2

 

Challenge 2

ConfigMaps:

Step-1: To create a ConfigMap named 'fresco-config' with the key-value pair SERVER_URL=https://www.fresco.me, use the following command:

kubectl create configmap fresco-config --from-literal=SERVER_URL=https://www.fresco.me

To verify if the ConfigMap is created, use the following command:

kubectl get configmap fresco-config

Step-2: To create an nginx pod with the environmental variable SERVER_URL_ENV using the ConfigMap created earlier, use the following YAML template:

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL

Deploy the above file you can name it deployment.yaml and use the command:

kubectl apply -f deployment.yaml

To test your configuration by executing the following command:

kubectl exec -it fresco-nginx-pod -- sh -c env | grep SERVER_URL_ENV
It should display: https://www.fresco.me
Secrets:

Step-1: To create a Secret fresco-secret with the username admin and password pass, use the following command:

kubectl create secret generic fresco-secret --from-literal=user=admin --from-literal=pass=pass

Step-2: To modify the above nginx pod to add the fresco-secret and mountPath: /etc/test, use the following YAML template:

apiVersion: v1
kind: Pod
metadata:
  name: fresco-nginx-pod
spec:
  containers:
  - name: fresco-nginx-container
    image: nginx
    volumeMounts:
      - name: test-volume
        mountPath: /etc/test
    env:
      - name: SERVER_URL_ENV
        valueFrom:
          configMapKeyRef:
            name: fresco-config
            key: SERVER_URL
  volumes:
  - name: test-volume
    secret:
      secretName: fresco-secret

To check if the pod and secret are successfully configured, use the following command:

kubectl exec -it fresco-nginx-pod -- sh -c "cat /etc/test/* | base64 -d"

It should display both the username and password.

Persistence Volume:

To create a PV named fresco-pv using the following parameters: storageClassName - manual, capacity - 100MB, accessMode - ReadWriteOnce, and hostPath - /tmp/fresco, use the following YAML template and create a file deploy-pv.yaml:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: fresco-pv
spec:
  capacity:
    storage: 100Mi
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  hostPath:
    path: /tmp/fresco

To apply use

kubectl apply -f deploy-pv.yaml

To create a PVC named fresco-pvc and request for 50MB, use the following YAML template name the file as deploy-pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: fresco-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi

deploy the pvc using command:

kubectl apply -f deploy-pvc.yaml

To verify if the PVC is bound to fresco-pv, use the following command:

kubectl describe pvc fresco-pvc

If the output shows the Status as Bound,

RBAC

Create a user called "emp" and assign "read" rights on pods belonging to the "dev" namespace:

kubectl create user emp kubectl create rolebinding emp-read-pods --namespace dev --user emp --role view

Create the "dev" namespace:

kubectl create namespace dev

Generate a private key named "emp.key" using OpenSSL:

openssl genrsa -out emp.key 2048

Create a certificate signing request (CSR) named "emp.csr" using the private key generated earlier:

openssl req -new -key emp.key -out emp.csr -subj "/CN=emp/O=dev"

Create a new context named "dev-ctx" pointing to the "minikube" cluster, with the "emp" user and the "dev" namespace:

kubectl config set-context dev-ctx --cluster=minikube --user=emp --namespace=dev

Set the credentials for the "emp" user using the "emp.key" and "emp.crt" files:
bashCopy codekubectl config set-credentials emp --client-key=emp.key --client-certificate=emp.crt
  1. Create a role named "emp-role" with "get" and "list" access on pods and deployments within the "dev" namespace:
bashCopy codekubectl create role emp-role --verb=get,list --resource=pods,deployments --namespace=dev
  1. Bind the "emp" user to the "emp-role" role using a role binding named "emp-bind":
bashCopy codekubectl create rolebinding emp-bind --role=emp-role --user=emp --namespace=dev
  1. Deploy an NGINX pod under the "dev-ctx" and "dev" namespace:
bashCopy codekubectl --context=dev-ctx create deployment nginx --image=nginx --namespace=dev
  1. Verify that the NGINX pod is deployed:
bashCopy codekubectl --context=dev-ctx get pods -o wide

This should display the information about the NGINX pod, indicating that it is deployed successfully.

Comments

Popular posts from this blog

Kubernetes1

  Challenge 1 Welcome to the Kubernetes challenge, your task is to follow the below steps and complete them successfully. Environment Setup Check whether docker & minikube are properly installed and configured. Start Minikube and execute this command to sync host docker with minikube docker minikube -p minikube docker-env and eval $(minikube docker-env) Step-1 Create a pod object using kubectl run command with google's sample image: gcr.io/google-samples/kubernetes-bootcamp:v1 and expose it on port 8080, name the pod as firstapp. Check if the pod creation is successful by running the command: kubectl get pod firstapp Step-2 Expose the application to the local VM by creating a Service object of type NodePort. Check if the service is created by running the command: kubectl get svc firstapp Step-3 Create another deployment using a 'YAML' file, create a deployment.yaml file that contains information of the number of replicas and the images to be ...

Docker + Kubernetes + Ansible

  Docker + Kubernetes + Ansible ----------------------------------------------------------------------------------------------------------------------------- Web Application Deployment using Kubernetes and Ansible A Flask application named "application.py" is given in the path Run the given setup.sh file given in the path to install the required dependencies be the challenge. 1. Start Minikube and sync host Docker with Minikube Docker. Note: If you get any errors while starting Minikube, please do try again by running the command to start Minikube. 2. Create a Dockerfile in the path and dockerize the given 'Flask' application as 'webapp-img' using 'python:alpine3.7' as its base image. 3. Create a 'deployment.yml' file in the path to create a Kubernetes deployment object named "web-deployment" with 3 replicas which uses the 'webapp-img' and runs a container named "webapp-container". Add Label "app=webapp" an...