ALL about Docker/Kubernetes/Ansible

-

<reference links>


Kubernetes- Link


Minikube- Link


Kops- Link

Docker Installation-

1- sudo apt-get update

2- sudo apt-get install -y apt-transport https

3- install docker dependencies by using- sudo apt install docker.io

After that

4- need to start service by using below command-

sudo systemctl start docker

sudo systemctl enable docker


Kubernetes Installation-

Before installing K8 let's install curl command which will use for pull data

5- sudo apt-get install curl 

6- add key(sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add)

7- Now change the permissions for source.list directory

sudo chmod 777 /etc/apt/sources.list.d/

8-Create afile bythe nameof <kubernetes.list> and saveas in /etc/apt/sources.list.d/location

Add below url inthis file before saving it- deb https://apt.kubernetes.io/ kubernetes-xenial main

Let see then- cat /etc/apt/sources.list.d/kubernetes.list

You will get output below like this- deb https://apt.kubernetes.io/ kubernetes-xenial main

 9- Now let check if any updates are available- sudo apt-get update

10- Now let’s install kubernetes components

      sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni


=================^^^Added in script^^===========================

11- Disabled swapping for other devices.

       sudo swapoff -a

       sudo kubeadm init <initializing master node>

12- To start using cluster , you need to run the following commands as a regular user:

        mkdir -p $HOME/.kube

        sudo cp -i /etc/kubernetes/admin.conf $HOME/ .kube/config

        sudo chown $(id -u) :$(id -g) $HOME/ .kube/config

13- Deploying PODS

  1)sudo kubectl apply -f http://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

  2) sudo kubectl apply -f http://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml

14- Get pods:

 sudo kubectl get pods --all-namespaces

 sudo  kubectl get nodes


Let’s create a pod nginx-app

Command- sudo kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=clusters"

Exposing Port- sudo kubectl expose deployment nginx-app --port=80 -- name=nginx-http

Check pod status- sudo kubectl get pods

  

Showing status is pending

Installing virtual box to setup Minikube-

sudo apt-get install -y virtualbox virtualbox-ext-pack

Download and install minikube, which runs a single node Kubernetes cluster on your machine…..

$ curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.28.2/minikube-linux-amd64

$ chmod +x minikube && sudo mv minikube /usr/local/bin/

$ minikube start

$ kubectl api-version





Cluster- 

  • It is a collection of servers that combine available resources

  • It includes RAM,CPU,disk and their devices

Master-

  • It is collection of components that makes up the control panel of Kubernetes

  • Includes both scheduled and cluster events

Node-

  •  It is a single host capable of running on a virtual machine

  •  A node should run both kube-proxy and Kubelet which are a part of the cluster

Container-

  •   The solution is container deployment. Containers work in isolated environments.

  • It makes easy for the developers to edit and deploy apps

Docker Swarm- It is a tool that allows to manage multiple containers

Hardware Components of Kubernetes:-

  1. Nodes

  1. It is the smallest unit of hardware in Kubernetes which is a representation of a single machine in the cluster

  2. A node is a physical machine in a datacenter or virtual machine hosted on a cloud provider 

     2)  Cluster - 

   a)    Kubernetes does not work with individual nodes.It works with the cluster as a whole

   b)   Nodes combine their resources to form a powerful machine known as cluster

   c)   When a node is added or removed, the cluster shifts around the work as necessary


    3)   Persistent Volumes

  1. To store data permanently, Kubernetes uses Persistent Volumes

  2. Local or cloud drives can be attached to the cluster as this volume

  3. Persistent volumes, provide a file system that mounts to the cluster, without being associated with any node



             Software Components-

  1. Container

  1. Containers are used everywhere as they create a self contained environments for the execution of programs

  2. The programs are bundled up into a single file (known as container) and then shared on the internet.Anyone can download the container and deploy it  with easy setup

  3. Multiple programs are added to a single container.Limit to one process per container as it will be easy to deploy updates and diagnose issues


           2. Pods

  1. A Pod represents a group of one or more applications containers bundled up together and are highly scalable

  2. If a pod fails, Kubernetes automatically deploys new replicas of pod to the cluster

  3. Pods provides two different types of shared resources- networking and storage

                      

       

       3. The Deployment

  1.    Pods can not be launched on a cluster directly, instead they are managed by one more layer of abstraction- the deployment

  2. A deployment’s fundamental purpose is to indicate how many pods are running at the same time.Deployment also manages the cluster if a pod fails in the process

  3. The manual management of the pods is eradicated when deployment is used

       

4. Ingress 

  1. Ingress allows access to Kubernetes services from outside the cluster

  2. The multiple ways to add ingress to the cluster can be done through either an ingress controller or a load Balancer

  3. It can provide load balancing,SSL termination and name - based virtual hosting


Mater Node-

  1. The master node is the most vital component responsible for Kubernetes architecture

  2. There is always one node to check for fault tolerance

  3. The master node has various components like-

  • ETCD

  • Controller Manager

  • Scheduler

  • API Server

  1. ETCD (Cluster store)

  • This component stores the configuration details and essential values

  • It communicates with all other components to receive the commands and work in order to perform an action

  • It also manages network rules and post forwarding activity

  1. Controller-

  • It is a daemon (server) that runs in a continuous loop and is responsible for gathering information and sending it to the API server

  • It works to get the shared set of clusters and change them to the desired state of the server


  1. Scheduler

  • The Scheduler assigns the tasks to the slave nodes

  • It is responsible for distributing the workload and, it stores resource usage information of every node

  • It tracks how the working load is used on clusters and, places the workload on the available resources

  1. API server

  •  API server validates and configures data for the api objects which include pods Services,replicationcontrollers, and others

  • The API server services REST operations and provides the fronted to the cluster’s shared state through which all other components interact

Worker/Slave Nodes:

1.Pod- It is a combination of containers that logically run together on nodes

2.Docker- It helps in running the applications in an isolated but lightweight operating.It runs the configured pods

3.Kubelet- 

  •  It is a service responsible for conveying information to and from to the control plane service

  • It gets configuration of a Pod from the API server and ensures that the containers are working efficiently

  • The Kubelet process is responsible for maintaining the work status and the node server

                         4.Kubernetes Proxy-                         

  •  It  acts as a load balancer and network proxy to perform service on a single worker node

  • It manage pods on nodes,volumes,secrets,creation of new containers,health check-ups,etc

  • It is a proxy service that runs on every node and helps in making services available to the external host


Kubernetes v/s Docker 

Orchestration Tools:- Orchestration tools are a set of commands used to deploy and connect an application.These tools focus on the process and not their outcome.There are numerous orchestration tools.The two most important are Docker Swarm and Kubernetes

-Puppet

- AWS ECS

- Ansible

Kops- Kubernetes Operations,- It is production grade K8s installation,upgrades,and management tool


How do rollback deployments work ?

Applying changes to a deployment process with the —record flag then kubernetes by default saves the previous deployment activities in its history


To display all the prior Deployment:

Command- Kubectl rollout history deployment  <deployment>

To restore last deployment :

Command- Kubectl rollout undo deployment <deployment>

Secrets-

Examples- 

# Create files needed for the rest of the example.

echo -n 'admin' > ./username.txt

echo -n '1f2d1e2e67df' > ./password.txt


IMP Commands-

Kubernetes commands-

Minikube service <name of pod> —url (Creating pods web url)

kubectl cluster-info (Checking cluster info)

Kubectl get svc -n default (Checking running pods)

Kubectl get deployment 

Kubectl expose deployment <name of pod>

kubectl get svc

Curl <url pod>:port (to check if it is working or not)

Kubectl delete deployment <name of pod>

kubectl delete sac <name of pod>

kubectl delete cluster

kubectl get nodes -o wide (to check current flavour, version of operating system)


How do rollback deployments work ?

Applying changes to a deployment process with the —record flag then kubernetes by default saves the previous deployment activities in its history


To display all the prior Deployment:

Kubectl rollout history deployment  <deployment>

To restore last deployment :

Kubectl rollout undo deployment <deployment

Kubernetes master is running at https://192.168.99.100:8443

KubeDNS is running at https://192.168.99.100:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy


How SSH Pods- 

 Step 1- check running pods

kubectl get pods

Step2- kubectl exec -it <Pod_Name>  -- /bin/bash

PS:- If /bin/bash is not working try /bin/sh                


Step3- apt-get update (if it is Ubuntu)

#install openssl-server. Below assumes container is on ubuntu

apt-get update 

apt-get -y install openssh-server

#create testuser

useradd testuser

passwd testuser 

Enter password and confirm password (assume password in this case is 'password' as well)

#restart ssh service

service ssh restart


Kubectl get events

Kubectl get nodes

Kubectl describe node <name of node>


ANSIBLE

Step to install ansible in Ubuntu-

$ Sudo apt-get update

$ Sudo apt-get install software-properties-common

$ Sudo apt-add repository ppa:ansible/ansible

$ Sudo apt-get update

$ Sudo apt-get install ansible

$ Ansible --version


Host Inventory- Default path is /etc/ansible/hosts

In this file it manages details of the servers by using dns name or IP address so there could be multiple groups in a hosts

Ansible Module-

$ ansible all -m ping

$ ansible webservers -m command -a “ls”

$ ansible -i inventory all -m command -a “iptables -F” --become --ask-become-pass

$ ansible all -m setup

$ ansible-doc setup

Generating SSH Key-

$ ssh-keygen

$ ssh-copy-id -i <name of node/ipaddress>
















Comments

Post a Comment

Popular posts from this blog

Core 5 Security Epics in AWS Cloud

-
Image
AWS Core Security EPICs refer to the foundational security features and capabilities provided by Amazon Web Services (AWS) to ensure the security of customer data and resources in the cloud. EPICs stands for "Elevated Privileges Isolation and Control," which are key principles of cloud security. Identity and Access Management (IAM) - AWS IAM is a powerful tool that helps users manage access to AWS resources. It provides a centralized view of all users and resources, allowing administrators to create, manage, and enforce security policies. IAM enables administrators to create roles with specific permissions, set up policies that define which actions can be performed on resources, and manage users and groups. IAM also supports multi-factor authentication (MFA), which provides an extra layer of security for users. Network Security - AWS provides a wide range of security controls to help protect the network infrastructure. These include virtual private cloud (VPC), network acces
Read more

How to change Domain account logging password

-
Image
If my system is in domain and we have sufficient privilege for changing password of our account or Server admin has already given us permission for doing this task. We need to follow this process for this. Press Ctrl+Alt+Delete you will gate following screen from here you can change your account password.  
Read more

Why do you need to monitor your network?

-
Image
               Monitoring  your network is essential for several               reasons, including: Security: Monitoring your network can help you identify potential security breaches or threats, such as unauthorized access or suspicious activity. It allows you to take action quickly to prevent or minimize any damage caused by a security incident. Performance: Monitoring your network can help you identify performance issues such as slow network speed or bandwidth constraints. You can then take action to optimize your network to improve its performance. Availability: Network downtime can result in lost productivity and revenue. Monitoring your network can help you identify and resolve issues quickly, reducing the amount of downtime your network experiences.                                                                                     Compliance: Depending on your industry or organization, you may be required to meet specific compliance requirements. Network monitoring can help y
Read more