12 week routine of practice and implementation details
- Kubernetes the hard way
- Create local cluster with kind
- create local cluster with minikube
- Use kubeadm to create a K8s cluster on Ubuntu
- Free courses on ACG Oct 2022
- Creating user and role in K8s
- How HTTPS works
- PKI - part 1
- PKI - part 2
- Chapter 1 - Section 6
Put all YAML files in WEEK2 directory
- Create the YAML for a certificate signing request.
- Create the YAML for a
rolenamed "pod-reader" that allows users to perform get, watch and list on pods. - Create the YAML for a
roleBindingnamed "admin-binding", in the namespace "acme", granting permissions for the "admin" ClusterRole to a user named "bob".
- VIDEO: Create custom image and push to DockerHub
- VIDEO: Deployment vs. StatefulSet
- VIDEO: Pods and Containers
- VIDEO: Pod Lifecycle
- VIDEO: Create Pods & Deployment
Put all YAML files in WEEK3 directory
- Take the image that you built in the first video above and deploy it as a pod in Kubernetes
- Create a deployment with the image used in the previous challenge and scale it to 5 replicas
- Create a second deployment that uses the image "mysql:8" and include an environment variable that is the MYSQL default password
- VIDEO: What is Helm and Helm Charts
- VIDEO: Introduction to Helm
- VIDEO: Hands on w/Helm
- Helm Quickstart
- The Big Three Concepts
- Helm Tutorial
- Helm vs. Kustomize
Put all YAML files in WEEK4 Directory
- Install the nginx ingress controller nginx-stable via https://helm.nginx.com/stable
- Install Hashicorp Vault via helm chart
hashicorp/vaultat https://helm.releases.hashicorp.com - Override the values file for vault using the default here: https://github.com/hashicorp/vault-helm/blob/main/values.yaml
- Create a helm chart from scratch and deploy it to Kubernetes
- VIDEO: Types of Services in K8s
- Services - K8s Documentation
- EXERCISE: Use a service to expose your app
- EXERCISE: Using Source IP
- EXERCISE: Access services running in K8s
Put all the files for these exercises in the WEEK5 directory
- Create a NodePort service in K8s that uses port 30000 on the node and port 8080 on the container
- Only use the kubectl command-line to create a deployment named 'nginx-deploy' that uses the
nginximage, exposed on port 80. Only 1 replica will be used. - Again, only use the kubectl command-line to expose the deployment 'nginx-deploy' and use the target port of 8080.
- Change the service named 'kubernetes' already running in the default namespace to a NodePort type service using the kubectl command line
Put all files in WEEK6 Directory
- Create a deployment named “apache” that uses the image httpd:2.4.54 and contains three pod replicas.
- After the deployment has been created, scale the deployment to five replicas
- Change the image for the "apache" deployment to httpd:alpine
- Look at the rollout history, then go back to the previous rollout (roll back)
- VIDEO: Network Policies
- VIDEO: Network Policy & Service Mesh Differences
- VIDEO + GITHUB REPO: Network Policies
- DOCS: Network Policies
- Network Policy Tutorial
- Deploy the following resources in Kubernetes: https://gist.github.com/chadmcrowell/7e5cbb782bf2b9e90c6abe8cd8cd39b0
- Start a new pod with the image
radial/busyboxplus:curl, get a shell to it, and runcurl http://db:15984to try to communicate from pod to pod - Create a network policy that will deny all traffic from pod to pod
- Create another network policy that applies to pods that have the label
app=db. Allow traffic from pods that have the labelapp=apiand only over port5984. - Create another network policy that applies to pods that have the label
app=web. Allow traffic from pods that have the labelapp=webon port3000. Allow traffic out to pods that have the labelapp=dbover port5984. Also allow traffic to pods in the kube-system namespace that match labelk8s-app=kube-dnson port 53. - Start a new pod with the image
radial/busyboxplus:curland label app=api, get a shell to it, and runcurl http://db:15984to try to communicate from pod to pod