saiyam1814

Pod Security Policy Demo 
civo k3s create --wait --version=development
--enable-admission-plugins=...,PodSecurityPolicy
-------------
apiVersion: v1
kind: Pod
metadata:
  name: sammy
spec:
  containers:

saiyam1814

Ingress - https://kubernetes.io/docs/concepts/services-networking/ingress/
Ingress controller - https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
DEMO 1
=======================
Centos 7 system 
yum install docker -y
systemctl start docker 
systemctl enable docker 
#install docker-compose 
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

saiyam1814

Katakoda Ubuntu Playground 
https://www.katacoda.com/courses/ubuntu/playground

Install k3s
curl -sfL https://get.k3s.io | sh - 
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

Rancher deployment:
---
kind: Namespace

saiyam1814

#Helm is package manager: same kind of apps getting deployed to varous platforms by. various teams with similar configs.
#Helm is templating engine: when most of the app values are same except for image name port helm can prove to be useful.
#Helm hub: https://hub.helm.sh/
#Helm charts GitHub Project: https://github.com/helm/charts
#Helm v3: https://helm.sh/blog/helm-3-released/

curl -sfL https://get.k3s.io | sh -
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh

saiyam1814

DEMO 1:
https://www.katacoda.com/courses/kubernetes/playground
git clone https://github.com/saiyam1814/influxdb-examples.git
cd influxdb-examples/kubernetes/
make
kubectl get svc --all-namespaces | grep influx
kubectl run nginx --image=nginx --replicas=10

DEMO 2:
https://www.katacoda.com/courses/kubernetes/playground

saiyam1814

docker container run -d --name broken nginx
docker container exec -it broken sh
docker container run -it --network container:broken alpine
apk add --update-cache iproute2 bind-tools net-tools

commands to run : 
nslookup localhost
ip address
netstat -tuna

saiyam1814

Katakoda Ubuntu Playground 
https://www.katacoda.com/courses/ubuntu/playground

Install k3s
curl -sfL https://get.k3s.io | sh - 

Rancher deployment:
---
kind: Namespace
apiVersion: v1

saiyam1814

#Docker content trust
export DOCKER_CONTENT_TRUST=1
docker pull nginx 
#see the key for the image pulled 
docker trust inspect --pretty nginx
#pull image from some other non trusted repository 
docker pull saiyam911/red

==================================================
#getting the image ID's 

saiyam1814

kubectl get nodes --no-headers=true  -owide | awk '{print $6}'  | xargs
arr=(iplist from above command)
for a in "${arr[@]}"; do echo $a; ssh -o StrictHostKeyChecking=no -t app@$a "sudo /etc/kubernetes;  sudo sed -i -e 's/max-pods=14/max-pods=24/g' kubelet.env ; sudo service kubelet restart"; done

saiyam1814

NAMESPACE=irritating-namespace
kubectl proxy
open other terminal for same instance 
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize