Completek8s Classroomnotes 12/Aug/2023

Installing kubernetes using kube-spray

  • kube-spray can help us installing k8s cluster using ansible
  • input:
    • atleast 2 instances with ip addresses
    • user should have sudo permission on both instances
  • Steps:
    • Ensure you have keypair in your local system ssh-keygen
    • Now create at least 3 vms with atleast 2 vcpu and 4 GB RAM
    • upload id_rsa from your laptop into master node
    • ensure connectivity is working as shown in the class

Installation

  • clone kube-spray cd ~ && git clone https://github.com/kubernetes-sigs/kubespray.git
  • ensure apt packages are up to date sudo apt update
  • install pip3 and venv
sudo apt install python3-venv python3-pip -y

cd ~
VENVDIR=kubespray-venv
KUBESPRAYDIR=kubespray
python3 -m venv $VENVDIR
source $VENVDIR/bin/activate
cd $KUBESPRAYDIR
pip3 install -U -r requirements.txt
ansible --version
  • Update Ansible inventory file with inventory builder
cp -rfp inventory/sample inventory/mycluster
declare -a IPS=(10.0.0.4 10.0.0.5 10.0.0.6)
CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
  • Review and change parameters under inventory/mycluster/group_vars
cat inventory/mycluster/group_vars/all/all.yml
cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
  • Review generated inventory file
vi inventory/mycluster/hosts.yaml
  • Now lets reset the cluster to remove unncessary components
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root reset.yml
  • Now lets install kubernetes cluster using kube spray
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root cluster.yml

Exercise

  • Find out what step 6 means Refer Here
  • How to use kubectl from a different system like laptop in the case of kubeadm or kubespray ?

Role Based Access control (RBAC)

  • In k8s you need to be authenticated before you are allowed to make a request to an API Resource.
  • A cluster administrator has access to all resources and operations and is easiest way to operate with admin account, but sharing it with everyone poses security risk admin access for everyone
  • RBAC defines policies for users, groups and processes by allowing and disallowing access to manage API resoruces.
  • RBAC helps in implementing use-cases such as
    • Establishing a system for users with different roles to access set of k8s resources
    • Controlling process running in a Pod and Operations they can perform via k8s api
    • Limiting visibility of certain resources in namespaces
  • Three building blocks of k8s RBAC
    • Subject: The user or process that wants to access a resource
    • Resource: The k8s api resource (eg Pod, Deployment, StatefulSet, …)
    • Verb: The Operation that can be performed on a resource
      Preview
  • note: kubectl auth can-i helps in finding whether you have access on resource to perform some operation Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner