DevOps Training Session 13: Cloud - K8s Overview

tags: `devops` `reliable` `research`

Hello btb again, on this session i will talk about K8s(Kubernetest) for supplied and platform for deployment and manage container inside and it call container orchestration. Let implement –>

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

Overview

On the overview everything with k8s, i want to put the declare and concept for K8s because it will cover anything inside cluster through this –>

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

I just talk about some about concept of type workload inside cluster include

Pods is the minimal thing in cluster
Tt will place run container inside
Pods can run many container
It will association with volume like disk, file to collect data
But so to managing mutiple pods we have multiple method include:
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →

Implement

On this session we will deploy cluster via terraform and deploy pods for building application
So we will construct terraform for cluster via this tree folder
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
With cluster k8s we need 3 module:
- Networking
- IAM
- AKS

## IAM
## main.tf
# Assign the role for k8s
resource "azurerm_role_assignment" "k8s" {
  principal_id                     = var.principal_id
  scope                            = var.container_registry_id
  role_definition_name             = "AcrPull"
  skip_service_principal_aad_check = true
}

resource "azurerm_role_definition" "k8s-fileshare" {
  name        = "Read FileShares"
  scope       = var.resource_group_root_id
  description = "This is a custom role created via Terraform"
  permissions {
    actions     = [ "Microsoft.Storage/storageAccounts/fileServices/shares/action",
                    "Microsoft.Storage/storageAccounts/fileServices/shares/delete",
                    "Microsoft.Storage/storageAccounts/fileServices/shares/read",
                    "Microsoft.Storage/storageAccounts/fileServices/shares/lease/action",
                    "Microsoft.Storage/storageAccounts/fileServices/shares/write",
                    "Microsoft.Storage/storageAccounts/listKeys/action" ]
    not_actions = []
    data_actions = []
    not_data_actions = []
  }                
}

resource "azurerm_role_assignment" "k8s-fileshare" {
  principal_id                     = var.cluster_id
  scope                            = var.storage_account_id
  role_definition_id               = azurerm_role_definition.k8s-fileshare.role_definition_resource_id
  skip_service_principal_aad_check = true
}

## Networking
## main.tf
# Create Virtual Network
resource "azurerm_virtual_network" "main" {
  name                = "${var.environment}-network"
  address_space       = var.address_space
  location            = var.resource_group_location
  resource_group_name = var.resource_group_name
  tags = var.tags
}

resource "azurerm_subnet" "cluster" {
  name                 = "${var.environment}-subnet-cluster"
  resource_group_name  = var.resource_group_name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = var.address_prefixes
  service_endpoints    = var.service_endpoints
}

## AKS
## main.tf
resource "azurerm_kubernetes_cluster" "main" {
  name                = "${var.environment}-k8s"
  location            = var.resource_group_location
  resource_group_name = var.resource_group_name
  dns_prefix          = "${var.environment}-k8s-dns"
  tags = var.tags

  node_resource_group = "${var.resource_group_name}-k8s-infra"
  automatic_channel_upgrade = var.automatic_channel_upgrade
  http_application_routing_enabled = true
  kubernetes_version = var.kubernetes_version

  default_node_pool {
    name       = var.default_node_pool_name
    node_count = var.node_count
    vm_size    = var.vm_size
    vnet_subnet_id = var.subnet_node_pools_id
  }

  identity {
    type = "SystemAssigned"
  }
}

After create all thing with terraform so i will use the pipeline in the Pipeline session for doing deploy this cluster
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
After complete this pipeline you will have
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Go to next step we will using the helm –> HELM is tool using for interact with k8s through chart template. And helm can be provided by terraform so easily
We will create a helm-template for k8s. Notice, do the right syntax it will work if not it will break all
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →

## Chart.yaml
apiVersion: v2
name: web-app1
description: A Helm chart for kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

## values.yaml
# general parameters
namespace: devops
# deployments parameters
replicasCount: 1
image:
  name: app1
  repository: <name of repository>
  tag: latest
  containerPort: 80
resources:
  memory: "256Mi"
  cpu: "0.1"
env:
  valueMessage: "App 1 "
  valuePort: "80"
  secret: mysecret
# service parameters
service:
  protocol: TCP
  portExpose: 80
  portTarget: 80

serviceAccountName: service-account-1

## deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Chart.Name }}
  labels:
    app: {{ .Chart.Name }}
  namespace: {{ .Values.namespace }}
spec:
  replicas: {{ .Values.replicasCount }}
  selector:
    matchLabels:
      app: {{ .Chart.Name }}
  template:
    metadata:
      labels:
        app: {{ .Chart.Name }}
    spec:
      serviceAccountName: {{ .Values.serviceAccountName }}
      containers:
      - name: {{ .Values.image.name }}
        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
        ports:
        - containerPort: {{ .Values.image.containerPort }}
        resources:
          limits: 
            memory: {{ .Values.resources.memory }}
            cpu: {{ .Values.resources.cpu }}
        env:
          - name: MESSAGE
            value: '{{ .Values.env.valueMessage }}'
          - name: PORT
            value: '{{ .Values.env.valuePort }}'

After using helm-release of terraform you have the application from register for wat ever you want.

## main.tf
resource "helm_release" "app1" {
    name = "app1"
    namespace = kubernetes_namespace.deployment.metadata[0].name
    chart = "${dirname(dirname(dirname(dirname(abspath(path.module)))))}/kubernetes/app1/"
    depends_on = [
      helm_release.rbac
    ]
}

Conclusion

This session, i talk about the wat ever you want k8s and what k8s can implement and pods inside it.
Sorry, if it not perfection version because i don't have much time to run and explain every line. So hopefully if i have more time i will reproduce this session

Reference

helm-doc
helm-release
k8s-concept
deployment-k8s

DevOps Training Session 13: Cloud - K8s Overview

tags: devops reliable research

Overview

Implement

Conclusion

Reference

Read more

LFI and Path Traversal

Snyk vs Sonarqube - Securing your code

Devops Training Session 16: Setup Observability for Kubernetes

Hackwekend Session 5 - Cloud Security (AWS IAM Policy)

tags: `devops` `reliable` `research`