Completek8s Classroomnotes 12/Aug/2023

Installing kubernetes using kube-spray

  • kube-spray can help us installing k8s cluster using ansible
  • input:
    • atleast 2 instances with ip addresses
    • user should have sudo permission on both instances
  • Steps:
    • Ensure you have keypair in your local system ssh-keygen
    • Now create at least 3 vms with atleast 2 vcpu and 4 GB RAM
    • upload id_rsa from your laptop into master node
    • ensure connectivity is working as shown in the class

Installation

  • clone kube-spray cd ~ && git clone https://github.com/kubernetes-sigs/kubespray.git
  • ensure apt packages are up to date sudo apt update
  • install pip3 and venv
sudo apt install python3-venv python3-pip -y

cd ~
VENVDIR=kubespray-venv
KUBESPRAYDIR=kubespray
python3 -m venv $VENVDIR
source $VENVDIR/bin/activate
cd $KUBESPRAYDIR
pip3 install -U -r requirements.txt
ansible --version
  • Update Ansible inventory file with inventory builder
cp -rfp inventory/sample inventory/mycluster
declare -a IPS=(10.0.0.4 10.0.0.5 10.0.0.6)
CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
  • Review and change parameters under inventory/mycluster/group_vars
cat inventory/mycluster/group_vars/all/all.yml
cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
  • Review generated inventory file
vi inventory/mycluster/hosts.yaml
  • Now lets reset the cluster to remove unncessary components
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root reset.yml
  • Now lets install kubernetes cluster using kube spray
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root cluster.yml

Exercise

  • Find out what step 6 means Refer Here
  • How to use kubectl from a different system like laptop in the case of kubeadm or kubespray ?

Role Based Access control (RBAC)

  • In k8s you need to be authenticated before you are allowed to make a request to an API Resource.
  • A cluster administrator has access to all resources and operations and is easiest way to operate with admin account, but sharing it with everyone poses security risk admin access for everyone
  • RBAC defines policies for users, groups and processes by allowing and disallowing access to manage API resoruces.
  • RBAC helps in implementing use-cases such as
    • Establishing a system for users with different roles to access set of k8s resources
    • Controlling process running in a Pod and Operations they can perform via k8s api
    • Limiting visibility of certain resources in namespaces
  • Three building blocks of k8s RBAC
    • Subject: The user or process that wants to access a resource
    • Resource: The k8s api resource (eg Pod, Deployment, StatefulSet, …)
    • Verb: The Operation that can be performed on a resource
  • note: kubectl auth can-i helps in finding whether you have access on resource to perform some operation Refer Here
Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%