Minikube on AWS EC2 (Ubuntu 22.02)

# Minikube on AWS EC2 (Ubuntu 22.02) ## 1. install docker ```shell= sudo apt-get update -y sudo apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update -y sudo apt-get install docker-ce docker-ce-cli containerd.io -y sudo docker run hello-world sudo groupadd docker sudo usermod -aG docker $USER sudo chmod 666 /var/run/docker.sock ``` ## 2. install kubectl (K8S CLI) ```shell= sudo apt-get update # apt-transport-https may be a dummy package; if so, you can skip that package sudo apt-get install -y apt-transport-https ca-certificates curl # If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below. # sudo mkdir -p -m 755 /etc/apt/keyrings curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg # This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl ``` ## 3. install minikube ```shell= curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube ``` ## 4. 啟動 & 確認安裝成功 ```= minikube start --network-plugin=cni --cni=calico minikube status ``` ![image](https://hackmd.io/_uploads/Bko6mo4qp.png) ## 5. deploy ping pod 先create pod yaml, 命名為 `pingpod.yaml` ```yaml= apiVersion: v1 kind: Pod metadata: name: ping namespace: default spec: containers: - image: webblu/ping name: ping ``` ```shell= kubectl apply -f pingpod.yaml ``` 確認ping pod log ```shell= kubectl logs -f ping ``` ## 6. install Prisma Cloud defender ### 需求 1. prisma cloud license key & access token 2. prisma cloud 中，建立給admin user的access key & secret key 3. HW: 256MB memory + 8GB storage (要做 registry scanning 需要更多) [detail](https://docs.prismacloud.io/en/classic/compute-admin-guide/install/system-requirements) 4. network outbound要可以連線到 registry-auth.twistlock.com. 5. docker 要先安裝 (or other container runtime CRI-O, CRI-containerd) 6. prisma cloud CLI [twistcli](https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/twistcli) --- ## Ref dockerfile for ping pod ```dockerfile FROM alpine RUN apk add iputils CMD ["ping", "8.8.8.8"] ```