Forem: Jasper Rodda

Python Interview Question - Beginner to Advance

Jasper Rodda — Wed, 28 Aug 2024 21:19:58 +0000

1. Interviewer: Write a Python code to get output as mentioned below.

Time: 15 Min

Level: Beginner

Example:

Input = "AAAABBBCCDAABBB"
Output= A4B3C2D1A2B3

Possible Answer

# define a function() that takes string input and return null if string is null and returns 1st occurrences of character followed by number of occurrences and so on. 

# This function takes a string and returns processed string output. 
def str_skimmer(input_string):
    # Return null string if input is null. 
    if not input_string:
        return ""
    # Store values for 2 parameters - "Reference Character and "Count"
    prev_char=input_string[0]
    op=[]
    count=1

    for i in input_string[1:]:
        if (i==prev_char):
            count += 1 
            print(i, count, op)
        else: 
            op.append(prev_char+str(count))
            prev_char=i
            count=1
    op.append(prev_char+str(count))  
    print(op)

    return ''.join(op)
#O: A4B3C2D1A2B3

ip="AAAABBBCCDAABBB"
op= str_skimmer(ip)
print(op)

2. Interviewer: TBD

Time: 15 Min

Level: Beginner

Example:

Input = "TBD"
Output= TBD

Install Hashicorp Vault to store Secrets and use it in Terraform.

Jasper Rodda — Sun, 11 Feb 2024 03:06:35 +0000

1. Installation Steps

Install gpg

sudo apt update && sudo apt install gpg

Download the signing key to a new keyring

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

Verify the key's fingerprint

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

Add the HashiCorp repo

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

Update packages

sudo apt update

Install Vault

sudo apt install vault

2. Start Vault Server

Start Vault Server

vault server -dev -dev-listen-address="0.0.0.0:8200"

3. Configure Terraform to read the secret from Vault.

Enable AppRole Authentication: > To enable the AppRole authentication method in Vault, you need to use the Vault CLI or the Vault HTTP API.
Run the following command to enable the AppRole authentication method:

vault auth enable approle

Create an AppRole:
2.a) Create Policy

vault policy write terraform - <<EOF
path "*" {
  capabilities = ["list", "read"]
}

path "secrets/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "kv/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}


path "secret/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "auth/token/create" {
capabilities = ["create", "read", "update", "list"]
}
EOF

2.b) Create the AppRole:

vault write auth/approle/role/terraform \
    secret_id_ttl=10m \
    token_num_uses=10 \
    token_ttl=20m \
    token_max_ttl=30m \
    secret_id_num_uses=40 \
    token_policies=terraform

Generate Role ID and Secret ID: > After creating the AppRole, you need to generate a Role ID and Secret ID pair. The Role ID is a static identifier, while the Secret ID is a dynamic credential.
3.a) Generate Role ID:

vault read auth/approle/role/my-approle/role-id

3.b) Generate Secret ID:

vault write -f auth/approle/role/my-approle/secret-id

This command generates a Secret ID and provides it in the response. Save the Secret ID securely, as it will be used for Terraform authentication.

4. Provider.tf file

provider "vault" {
  address = "<>:8200"
  skip_child_token = true

  auth_login {
    path = "auth/approle/login"

    parameters = {
      role_id = "<>"
      secret_id = "<>"
    }
  }
}

5. Main.tf

5.a) Create vault server

# Create vault server - 1 
resource "aws_instance" "vault-server-1" {
  ami                    = "ami-053b0d53c279acc90"
  instance_type          = "t2.micro"
  key_name               = "efronlogin"
  subnet_id              = aws_subnet.sd-snet1.id
  vpc_security_group_ids = [aws_security_group.sd-sg-1.id]
  user_data              = base64encode(file("vault_userdata.sh"))

   tags = {
    name="vault-Master"
    Environment="dev"
  }

}

5.b) Connect to Hashicorp Vault via "data" resource

 data "vault_kv_secret_v2" "example" {
   mount = "secret" // change it according to your mount
   name  = "dev-s3" // change it according to your secret
 }

5.c) Use it to retrieve in Terraform
create EC2 instance with Tag names and Secret Name

resource "aws_instance" "my_instance" {
  ami           = "ami-053b0d53c279acc90"
  instance_type = "t2.micro"

  tags = {
    Name = "test"
    Secret = data.vault_kv_secret_v2.example.data["secret_name"]
  }
}

Credits:-
Thanks to Abhishek Veeramalla

Deploy pods on Kubernetes Cluster in localhost

Jasper Rodda — Tue, 23 Jan 2024 17:34:40 +0000

Pre-requisites:

Below are essentials before you start deploying containers into kubernetes cluster

Install docker
Install Virtual Box (Type II Hypervisor)
Install Minikube (Kubernetes on local)

Verify Docker & Minikube installed correctly:

To verify docker type "docker" in powershell and see if you get below options. PS C:\WINDOWS\system32> docker

PS C:\WINDOWS\system32> docker
Usage:  docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
      --config string      Location of client config files (default
                           "C:\\Users\\Jasper\\.docker")
  -c, --context string     Name of the context to use to connect to the
                           daemon (overrides DOCKER_HOST env var and
                           default context set with "docker context use")

To verify Minikube, type "minikube" in powershell and see if you get below options. PS C:\WINDOWS\system32> minikube

PS C:\WINDOWS\system32> minikube
minikube provisions and manages local Kubernetes clusters optimized for development workflows.
Basic Commands:
  start            Starts a local Kubernetes cluster
  status           Gets the status of a local Kubernetes cluster
  stop             Stops a running local Kubernetes cluster
  delete           Deletes a local Kubernetes cluster

Step 1: Create Kubernetes cluster

1.create Mikikube cluster on VirtualBox VM

minikube start --driver=virtualbox

2.Get cluster information

PS C:\WINDOWS\system32> kubectl cluster-info
Kubernetes control plane is running at https://192.168.XX.XXX:8443
CoreDNS is running at https://192.168.XX.XXX:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

3.get nodes

PS C:\WINDOWS\system32> kubectl get nodes
NAME       STATUS   ROLES           AGE   VERSION
minikube   Ready    control-plane   13m   v1.27.4

4.get namespaces

PS C:\WINDOWS\system32> kubectl get namespaces
NAME              STATUS   AGE
default           Active   14m
kube-node-lease   Active   14m
kube-public       Active   14m
kube-system       Active   14m

5.get All pods

PS C:\WINDOWS\system32> kubectl get pods -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS      AGE
kube-system   coredns-5d78c9869d-df2qj           1/1     Running   0             14m
kube-system   etcd-minikube                      1/1     Running   0             14m
kube-system   kube-apiserver-minikube            1/1     Running   0             14m
kube-system   kube-controller-manager-minikube   1/1     Running   0             14m
kube-system   kube-proxy-8zw65                   1/1     Running   0             14m
kube-system   kube-scheduler-minikube            1/1     Running   0             14m
kube-system   storage-provisioner                1/1     Running   1 (13m ago)   14m

Install Prometheus and Grafana on Kubernetes Cluster.

Jasper Rodda — Mon, 22 Jan 2024 20:47:08 +0000

Prometheus is an open-source monitoring and alerting system that helps you collect and store metrics about your software systems and infrastructure and analyze that data to gain insights into their health and performance. It provides a powerful query language, a flexible data model, and a range of integrations with other tools and systems. With Prometheus, you can easily monitor metrics such as CPU usage, memory usage, network traffic, and application-specific metrics, and use that data to troubleshoot issues, optimize performance, and create alerts to notify you when things go wrong.

Install Prometheus via 2 ways.

Helm Charts
Operators

Using operators, using Operator life cycle management (OLM) one can automatically have latest updates without worrying to update manually and therefore securing cluster with zero-day vulnerabilities.

Install using Helm.

1. Add helm repo

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts

2. Update helm repo

helm repo update

3. Install helm

helm install prometheus prometheus-community/prometheus

PS C:\WINDOWS\system32> helm install prometheus prometheus-community/prometheus
NAME: prometheus
LAST DEPLOYED: Mon Jan 22 12:55:19 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-server.default.svc.cluster.local


Get the Prometheus server URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace default port-forward $POD_NAME 9090


The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
prometheus-alertmanager.default.svc.cluster.local


Get the Alertmanager URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace default port-forward $POD_NAME 9093
#################################################################################
######   WARNING: Pod Security Policy has been disabled by default since    #####
######            it deprecated after k8s 1.25+. use                        #####
######            (index .Values "prometheus-node-exporter" "rbac"          #####
###### .          "pspEnabled") with (index .Values                         #####
######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
######            in case you still need it.                                #####
#################################################################################


The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
prometheus-prometheus-pushgateway.default.svc.cluster.local


Get the PushGateway URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace default -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace default port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

- Verify Prometheus Pods Running

$ kubectl get pods
NAME                                                 READY   STATUS    RESTARTS        AGE
prometheus-alertmanager-0                            1/1     Running   0               3m8s
prometheus-kube-state-metrics-745b475957-ngqm7       1/1     Running   0               3m8s
prometheus-prometheus-node-exporter-698nc            1/1     Running   0               3m8s
prometheus-prometheus-pushgateway-6ccd698d79-ld86d   1/1     Running   0               3m8s
prometheus-server-bc7ccb595-jpl7p                    2/2     Running   0               3m8s
sample-python-deployment-99fcf4b6f-rb59w             1/1     Running   2 (5m40s ago)   8d
sample-python-deployment-99fcf4b6f-vcnwt             1/1     Running   2 (5m40s ago)   8d

- Verify Prometheus services via `Kubectl get svc`

$ kubectl get svc
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes                            ClusterIP      10.96.0.1        <none>        443/TCP        8d
prometheus-alertmanager               ClusterIP      10.100.6.213     <none>        9093/TCP       7m38s
prometheus-alertmanager-headless      ClusterIP      None             <none>        9093/TCP       7m38s
prometheus-kube-state-metrics         ClusterIP      10.103.166.42    <none>        8080/TCP       7m38s
prometheus-prometheus-node-exporter   ClusterIP      10.104.211.162   <none>        9100/TCP       7m38s
prometheus-prometheus-pushgateway     ClusterIP      10.100.179.109   <none>        9091/TCP       7m38s
prometheus-server                     ClusterIP      10.105.170.132   <none>        80/TCP         7m38s
sample-python-service                 LoadBalancer   10.101.160.8     <pending>     80:30007/TCP   8d

4. Expose Prometheus Service

This is required to access prometheus-server using your browser.

kubectl expose service prometheus-server --type=NodePort --target-port=9090 --name=prometheus-server-ext

Notice below is created prometheus-server-ext NodePort 10.99.142.160 <none> 80:31401/TCP 3s
Get svc

 kubectl get svc
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes                            ClusterIP      10.96.0.1        <none>        443/TCP        8d
prometheus-alertmanager               ClusterIP      10.100.6.213     <none>        9093/TCP       10m
prometheus-alertmanager-headless      ClusterIP      None             <none>        9093/TCP       10m
prometheus-kube-state-metrics         ClusterIP      10.103.166.42    <none>        8080/TCP       10m
prometheus-prometheus-node-exporter   ClusterIP      10.104.211.162   <none>        9100/TCP       10m
prometheus-prometheus-pushgateway     ClusterIP      10.100.179.109   <none>        9091/TCP       10m
prometheus-server                     ClusterIP      10.105.170.132   <none>        80/TCP         10m
prometheus-server-ext                 NodePort       10.99.142.160    <none>        80:31401/TCP   3s
sample-python-service                 LoadBalancer   10.101.160.8     <pending>     80:30007/TCP   8d

Output:

$ kubectl expose service prometheus-server --type=NodePort --target-port=9090 --name=prometheus-server-ext
service/prometheus-server-ext exposed

Get Minikube IP

minikube ip
192.168.59.107

Open Browser and access Prometheus

- Go to http://192.168.59.107:31401/

Install Grafana

1. Install using Helm

Add helm repo
_Ignore is you already have help and grafana repo added _ helm repo add grafana https://grafana.github.io/helm-charts

$helm repo add grafana https://grafana.github.io/helm-charts
"grafana" has been added to your repositories

2. Update helm repo

helm repo update

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "istio" chart repository
...Successfully got an update from the "grafana" chart repository
...Successfully got an update from the "prometheus-community" chart repository
Update Complete. ⎈Happy Helming!⎈

3. Install Grafana via helm

helm install grafana grafana/grafana

$ helm install grafana grafana/grafana
NAME: grafana
LAST DEPLOYED: Mon Jan 22 13:20:52 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get your 'admin' user password by running:

   kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo


2. The Grafana server can be accessed via port 80 on the following DNS name from within your cluster:

   grafana.default.svc.cluster.local

   Get the Grafana URL to visit by running these commands in the same shell:
     export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=grafana,app.kubernetes.io/instance=grafana" -o jsonpath="{.items[0].metadata.name}")
     kubectl --namespace default port-forward $POD_NAME 3000

3. Login with the password from step 1 and the username: admin
#################################################################################
######   WARNING: Persistence is disabled!!! You will lose your data when   #####
######            the Grafana pod is terminated.                            #####
#################################################################################

4. Get Grafana Login Details

Get password: $ kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo

$ kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
XPhzARnKv93uhRGt8Nu9cimhuAHZoj64ZtCHDeQd

Get Grafana services kubectl get svc Notice its running on Cluster IP

kubectl get svc
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
grafana                               ClusterIP      10.109.8.93      <none>        80/TCP         8m12s
kubernetes                            ClusterIP      10.96.0.1        <none>        443/TCP        8d
prometheus-alertmanager               ClusterIP      10.100.6.213     <none>        9093/TCP       33m
prometheus-alertmanager-headless      ClusterIP      None             <none>        9093/TCP       33m
prometheus-kube-state-metrics         ClusterIP      10.103.166.42    <none>        8080/TCP       33m
prometheus-prometheus-node-exporter   ClusterIP      10.104.211.162   <none>        9100/TCP       33m
prometheus-prometheus-pushgateway     ClusterIP      10.100.179.109   <none>        9091/TCP       33m
prometheus-server                     ClusterIP      10.105.170.132   <none>        80/TCP         33m
prometheus-server-ext                 NodePort       10.99.142.160    <none>        80:31401/TCP   23m
sample-python-service                 LoadBalancer   10.101.160.8     <pending>     80:30007/TCP   8d

5. Expose Grafana Service to Access IT

kubectl expose service grafana --type=NodePort --target-port=3000 --name=grafana-ext

Verify exposed Grafana service

kubectl expose service grafana --type=NodePort --target-port=3000 --name=grafana-ext
service/grafana-ext exposed

Get Grafana-Ext Service at port 30197

 kubectl get svc
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
grafana                               ClusterIP      10.109.8.93      <none>        80/TCP         11m
grafana-ext                           NodePort       10.111.66.82     <none>        80:30197/TCP   51s
kubernetes                            ClusterIP      10.96.0.1        <none>        443/TCP        8d
prometheus-alertmanager               ClusterIP      10.100.6.213     <none>        9093/TCP       37m
prometheus-alertmanager-headless      ClusterIP      None             <none>        9093/TCP       37m
prometheus-kube-state-metrics         ClusterIP      10.103.166.42    <none>        8080/TCP       37m
prometheus-prometheus-node-exporter   ClusterIP      10.104.211.162   <none>        9100/TCP       37m
prometheus-prometheus-pushgateway     ClusterIP      10.100.179.109   <none>        9091/TCP       37m
prometheus-server                     ClusterIP      10.105.170.132   <none>        80/TCP         37m
prometheus-server-ext                 NodePort       10.99.142.160    <none>        80:31401/TCP   26m
sample-python-service                 LoadBalancer   10.101.160.8     <pending>     80:30007/TCP   8d

Access via minikube IP
http://192.168.59.107:30197/

- Login via user=`admin` and password=`XPhzARnKv93uhRGt8Nu9cimhuAHZoj64ZtCHDeQd`

Grafana Dashboard

Configure Prometheus as Datasource to Grafana
Go to Data sources --> Add Prometheus --> Provide IP Address - Save and Test

Import an existing dashboard
Dashboard --> Import --> Enter ID 3662 --> Load

Dashboard

6. Expose `prometheus-kube-state-metrics`

How do we do it by following the steps below.

kubectl expose service prometheus-kube-state-metrics --type=NodePort --target-port=8080 --name=prometheus-kube-state-metrics-ext

Verify kube-state-metrics exposed

kubectl get svc
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
grafana                               ClusterIP      10.109.8.93      <none>        80/TCP           54m
grafana-ext                           NodePort       10.111.66.82     <none>        80:30197/TCP     43m
kubernetes                            ClusterIP      10.96.0.1        <none>        443/TCP          8d
prometheus-alertmanager               ClusterIP      10.100.6.213     <none>        9093/TCP         79m
prometheus-alertmanager-headless      ClusterIP      None             <none>        9093/TCP         79m
prometheus-kube-state-metrics         ClusterIP      10.103.166.42    <none>        8080/TCP         79m
prometheus-kube-state-metrics-ext     NodePort       10.100.12.19     <none>        8080:30229/TCP   15s
prometheus-prometheus-node-exporter   ClusterIP      10.104.211.162   <none>        9100/TCP         79m
prometheus-prometheus-pushgateway     ClusterIP      10.100.179.109   <none>        9091/TCP         79m
prometheus-server                     ClusterIP      10.105.170.132   <none>        80/TCP           79m
prometheus-server-ext                 NodePort       10.99.142.160    <none>        80:31401/TCP     69m
sample-python-service                 LoadBalancer   10.101.160.8     <pending>     80:30007/TCP     8d

Open browser and access via port 30229

- http://192.168.59.107:30229/

Kubectl get cm or configmap

kubectl get cm
NAME                      DATA   AGE
grafana                   1      61m
kube-root-ca.crt          1      8d
prometheus-alertmanager   1      86m
prometheus-server         6      86m

Edit config map of prometheus-server

kubectl edit cm prometheus-server

change scrpe confi from local-host to prometheus-kube-state-metrics-ext service

BEFORE:

scrape_configs:
    - job_name: prometheus
      static_configs:
      - targets:
        - localhost:9090

AFTER: Add config to http://192.168.59.107:30229/ state-metrics-ext

scrape_configs:
    - job_name: prometheus
      static_configs:
      - targets:
        - localhost:9090
    - job_name: prometheus
      static_configs:
      - targets:
        - http://192.168.59.107:30229

Credits:-
Thanks to Abhishek Veeramalla

Deploy ConfigMaps and Secrets in Red Hat OpenShift Kubernetes Cluster

Jasper Rodda — Wed, 17 Jan 2024 20:11:15 +0000

Applications are often written to connect to a database to read and write information. Hardcoding database connection details, port, username and password is the most insecure way and hard to manage at scale. So, Kubernetes solves this problem via ConfigMaps and Secrets.

Two ways to store data

ConfigMap: Used to store insensitive data such as db-port via an Environment variable or a File or Volume Mounts.
Secret: Used to store and encrypt sensitive data at rest such as database username or database password

etcd is a data store in Kubernetes which is used to store all created resources as objects. Resources such a Pod, Deployment, Service, Ingress, ConfigMap are stored in ectcd as plain objects. however, with secrets, etcd stored the information and encrypts the data at rest in base64 encoded.

1. Deploying ConfigMap in Kubernetes

- 1.a) ConfigMap via `Env Variable`

- 1.b) ConfigMap via `File - Volume Mount`

1.a) Deploy ConfigMap via `Env Variable`

create configmap.yml file as below

apiVersion: v1
kind: ConfigMap
metadata: 
  name: py-app-configmap
data: 
db-port: "3306"

oc login --token=sha256~asf9879SDAF987sd987sdf --server=https://api.sandbox-m3.1530.p1.openshiftapps.com:6443

Deploy Configmap

$ kubectl apply -f configmap.yml
configmap/py-app-configmap created

verify ConfigMap - $ kubectl get cm | kubectl get configmap

$ kubectl get configmap
NAME                       DATA   AGE
config-service-cabundle    1      2d15h
config-trusted-cabundle    1      2d15h
kube-root-ca.crt           1      2d15h
openshift-service-ca.crt   1      2d15h
py-app-configmap           1      37s

Kubectl Describe ConfigMap - $kubectl describe cm py-app-configmap

$kubectl describe cm  py-app-configmap
Name:         py-app-configmap
Namespace:    jasper475-dev
Labels:       <none>
Annotations:  <none>

Data
====
db-port:
----
3306

BinaryData
====

Events:  <none>

Deploy Pods and appending configMap using deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata: 
  name: sample-python-deployment
  labels: 
    app: sample-python-app
spec: 
  replicas: 5
  selector: 
    matchLabels: 
      app: sample-python-app
  template: 
    metadata: 
      labels: 
        app: sample-python-app
    spec:
      containers:
      - name: python-app
        image: jasper475/d37-k8s-services-py-django-app:v2
        env:
          - name: DB-PORT
            valueFrom: 
              configMapKeyRef:
                name: py-app-configmap
                key: db-port
        ports:
        - containerPort: 8000

deployed Pods

kubectl apply -f deploy.yaml
deployment.apps/sample-python-deployment created

get Pods and ssh into it to get env variable

$ kubectl get pods
NAME                                        READY   STATUS    RESTARTS   AGE
sample-python-deployment-5787bd6b9f-5n779   1/1     Running   0          69s
sample-python-deployment-5787bd6b9f-h6th2   1/1     Running   0          69s
sample-python-deployment-5787bd6b9f-sft22   1/1     Running   0          69s
sample-python-deployment-5787bd6b9f-w7s56   1/1     Running   0          69s
sample-python-deployment-5787bd6b9f-xncfd   1/1     Running   0          69s

SSH into a pod
Command: kubectl exec -it sample-python-deployment-5787bd6b9f-5n779 -- /bin/bash and Search(grep) for Env variable DB-PORT
Dev inside python app can retrieve via: OS.env("DB-PORT")

$ kubectl exec -it sample-python-deployment-c57769684-749ct -- /bin/bash
groups: cannot find name for group ID 1011150000
1011150000@sample-python-deployment-c57769684-749ct:/app$ ls
db.sqlite3  demo  devops  manage.py  requirements.txt
1011150000@sample-python-deployment-c57769684-749ct:/app$ env | grep DB
DB-PORT=3306
NSS_SDB_USE_CACHE=no

Edit DB-PORT via configmap.yml

apiVersion: v1
kind: ConfigMap
metadata: 
  name: py-app-configmap
data: 
  db-port: "3307"

Apply changes kubectl apply -f configmap.yml

$ kubectl apply -f configmap.yml
configmap/py-app-configmap configured

Notice config map Port changed to 3307
SSH into the POD to get Environment variable value. Notice it is still having OLD Value. DB-PORT=3306

1011150000@sample-python-deployment-c57769684-749ct:/app$ env | grep DB
DB-PORT=3306
NSS_SDB_USE_CACHE=no
1011150000@sample-python-deployment-c57769684-749ct:/app$

We cannot afford to restart pod in production - to Fix this issue we use Volume Mounts and persist config values and decouple it from pod application restarts and config changes.

1.b) Deploy ConfigMap via `File - Volume Mount`

deploy_volume_Mount.yaml file
create volume under container

spec: 
      containers: 
      |
      |
      volumes: 
        - name: db-connection
          configMap: 
            name: py-app-configmap

Mount volume: provide volume name and volume path

    spec:
      containers:
      - name: python-app
        image: jasper475/d37-k8s-services-py-django-app:v2
        volumeMounts:
          - name: db-connection
          mountPath: /opt

apply deployment changes

$ kubectl apply -f deploy_volume_mount.yaml
deployment.apps/sample-python-deployment configured

Get Pods kubectl get pods

$ kubectl get pods
NAME                                        READY   STATUS    RESTARTS   AGE
sample-python-deployment-7b67d95fdc-56p4g   1/1     Running   0          37s
sample-python-deployment-7b67d95fdc-5sdcx   1/1     Running   0          37s
sample-python-deployment-7b67d95fdc-5v2r8   1/1     Running   0          35s
sample-python-deployment-7b67d95fdc-74sb8   1/1     Running   0          35s
sample-python-deployment-7b67d95fdc-cs9px   1/1     Running   0          37s

SSH into pod as see ENV variable:
Notice: There is no environment variable - because deploy_volume_mount.yaml file, since we removed it.

$ kubectl exec -it sample-python-deployment-7b67d95fdc-56p4g -- /bin/bash
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ env | grep DB
NSS_SDB_USE_CACHE=no
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$

Notice : volume is mounted on /opt path and port: 3307

1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ ls /opt
db-port
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ cat /opt/db-port | more
3307

Change Port to 3308 in configmap.yml and apply

apiVersion: v1
kind: ConfigMap
metadata: 
  name: py-app-configmap
data: 
  db-port: "3308"

apply changes: Kubectl apply -f configmap.yml
describe configmap : $ kubectl describe cm py-app-configmap

$ kubectl describe cm py-app-configmap
Name:         py-app-configmap
Namespace:    jasper475-dev
Labels:       <none>
Annotations:  <none>

Data
====
db-port:
----
3308

BinaryData
====

Events:  <none>

SSH into POD and get Port info - kubectl exec -it sample-python-deployment-7b67d95fdc-56p4g -- /bin/bash

$ kubectl exec -it sample-python-deployment-7b67d95fdc-56p4g -- /bin/bash
groups: cannot find name for group ID 1011150000
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ env | grep DB
NSS_SDB_USE_CACHE=no
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ ls  /opt
db-port
1011150000@sample-python-deployment-7b67d95fdc-56p4g:/app$ cat /opt/db-port | more
3308

2. Deploying ConfigMap in Kubernetes

create a Secret via CLI command
kubectl create secret generic - to store passwords
kubectl create secret tls - to store certificates

$ kubectl create secret generic empty-secret
secret/empty-secret created

$ kubectl get secret empty-secret
NAME           TYPE     DATA   AGE
empty-secret   Opaque   0      19s

$ kubectl create secret genericmy-db-secret --from-literal=db-port="3308"

Create secret via basic_secret.yaml file

apiVersion: v1
kind: Secret
metadata:
  name: secret-basic-auth
type: kubernetes.io/basic-auth
stringData:
  username: admin # required field for kubernetes.io/basic-auth
  password: t0p-Secret # required field for kubernetes.io/basic-auth

apply : kubectl apply -f basicsecret.yaml

$ kubectl apply -f basic_secret.yaml                                     
secret/secret-basic-auth created
$  kubectl get secret secret-basic-auth
NAME                TYPE                       DATA   AGE
secret-basic-auth   kubernetes.io/basic-auth   2      17s
PS C:\Users\Jasper\OneDrive\Documents\CodeRepo\kubernetes\d41_ConfigMaps_Secrets>

Verify Secrets

Describe Secret

kubectl describe secret secret-basic-auth
Name:         secret-basic-auth
Namespace:    jasper475-dev
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/basic-auth

Data
====
password:  10 bytes
username:  5 bytes

Edit secret: kubectl edit secret secret-basic-auth

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  password: dDBwLVNlY3JldA==
  username: YWRtaW4=
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"name":"secret-basic-auth","namespace":"jasper475-dev"},"stringData":{"password":"t0p-Secret","username":"admin"},"type":"kubernetes.io/basic-auth"}
  creationTimestamp: "2024-01-17T20:02:39Z"
  name: secret-basic-auth
  namespace: jasper475-dev
  resourceVersion: "1769551165"
  uid: 46bf94fa-c060-4f6b-83d6-9e08a4637b25
type: kubernetes.io/basic-auth

Verify Secrets: By default, they are encoded Base64

Jasper@JASPERS-PC MINGW64 ~/OneDrive/Documents/CodeRepo/kubernetes/d41_ConfigMaps_Secrets
$ echo dDBwLVNlY3JldA== | base64 --decode
t0p-Secret
Jasper@JASPERS-PC MINGW64 ~/OneDrive/Documents/CodeRepo/kubernetes/d41_ConfigMaps_Secrets
$ echo YWRtaW4= | base64 --decode
admin

Credits:-
Thanks to Abhishek Veeramalla

Install/Setup - Service Mesh Capabilities via Istio on Kubernetes Cluster

Jasper Rodda — Tue, 16 Jan 2024 15:35:27 +0000

1. What is a Service Mesh?

Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term “service mesh” describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software. click here to read more.

2. What is Istio?

Istio is an open-source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes. Its powerful control plane brings vital features, including:

Secure service-to-service communication in a cluster with TLS encryption, strong identity-based authentication and authorization
Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress click here to read more.

Setup Istio on Kubernetes cluster

Go to istio.io and click on Setup.
Click on Installation Guide
Install with Helm

helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update

create namespace

kubectl create namespace istio-system

Install the Istio base chart

which contains cluster-wide Custom Resource Definitions (CRDs) which must be installed prior to the deployment of the Istio control plane:

helm install istio-base istio/base -n istio-system --set defaultRevision=default

Validate the CRD installation with the helm ls command:

$ helm ls -n istio-system
NAME       NAMESPACE    REVISION UPDATED         STATUS   CHART         APP VERSION
istio-base istio-system 1        ... ... ... ... deployed base-1.16.1   1.16.1
istiod     istio-system 1        ... ... ... ... deployed istiod-1.16.1 1.16.1

Get the status of the installed helm chart to ensure it is deployed:

$ helm status istiod -n istio-system
NAME: istiod
LAST DEPLOYED: Fri Jan 20 22:00:44 2023
NAMESPACE: istio-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
"istiod" successfully installed!

To learn more about the release, try:
  $ helm status istiod
  $ helm get all istiod

Next steps:
  * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/
  * Try out our tasks to get started on common configurations:
    * https://istio.io/latest/docs/tasks/traffic-management
    * https://istio.io/latest/docs/tasks/security/
    * https://istio.io/latest/docs/tasks/policy-enforcement/
    * https://istio.io/latest/docs/tasks/policy-enforcement/
  * Review the list of actively supported releases, CVE publications and our hardening guide:
    * https://istio.io/latest/docs/releases/supported-releases/
    * https://istio.io/latest/news/security/
    * https://istio.io/latest/docs/ops/best-practices/security/

Check istiod service is successfully installed and its pods are running:

$ kubectl get deployments -n istio-system --output wide
NAME     READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                         SELECTOR
istiod   1/1     1            1           10m   discovery    docker.io/istio/pilot:1.16.1   istio=pilot

(Optional) Install an ingress gateway:

$ kubectl create namespace istio-ingress
$ helm install istio-ingress istio/gateway -n istio-ingress --wait

Create Redhat Openshift -Shared Kubernetes Cluster - Free 30 Day Access

Jasper Rodda — Mon, 15 Jan 2024 04:20:52 +0000

What you'll do.

Create RedHat Account.
Open Developer Sandbox.
Create Free 30-Day Shared OpenShift Kubernetes Cluster.

1. Create Redhat Account.

Go to Redhat and register by giving your information.
Provide Username, Email Id, Password,
Verify Email - click on link in your email inbox to verify.

2. Open Developer Sandbox

Click on Start your Sandbox for Free
Land on Page and click on Launch Red Hat OpenShift

- Red Hat Developer Sandbox Has 3 services

Red Hat OpenShift:

A cloud-native application platform with everything you need to manage your development life cycle securely, including standardized workflows, support for multiple environments, continuous integration, and release management.
Red Hat Dev Spaces

A collaborative Kubernetes-native solution for rapid application development that delivers consistent developer environments on Red Hat OpenShift to allow anyone with a browser to contribute code in under two minutes.
Red Hat Data Science

Red Hat OpenShift Data Science is a part of the Red Hat OpenShift AI portfolio and provides tools across the AI/ML lifecycle.

Click on Option 1: Red Hat OpenShift
click on Login with DevSandbox
Developer Prespective

Copy Login Command - Go to Top right corner of username dropdown and select option

Download OpenShift CLI (oc)
Login via Command
Login via this command: oc login --token=sha256~123-elkjadsg-325o8-98739487 --server=https://api.sandbox-m3.1530.p1.openshiftapps.com:6443

$ oc login --token=sha256~123-elkjadsg-325o8-98739487 --server=https://api.sandbox-m3.1530.p1.openshiftapps.com:6443
Logged into "https://api.sandbox-m3.1530.p1.openshiftapps.com:6443" as "jasper475" using the token provided.

You have one project on this server: "jasper475-dev"

Using project "jasper475-dev".

use Kubectl to interact with OpenShift Cluster.

3. Red Hat OpenShift Console

Pods

Deployments

Replica Sets

Services

Routes

Ingresses

Credits:-
Thanks to Abhishek Veeramalla

Install Ingress on Kubernetes and Minikube

Jasper Rodda — Thu, 11 Jan 2024 23:23:00 +0000

Kubernetes ingress was introduced to overcome short comings of services. Another version of Kubernetes such as Openshift created similar ingress such as Routes.

Kubernetes Service - Drawbacks

Missing Enterprise Grade Load Bancing Capabilities.
Driving Cloud Cost - for Public IP Address

Kubernetes service [svc] of type=[LoadBalancer] does not support enterprise grade Loadbancing capabilities but rather simple round robin fashion.

To Solve this problem Kubernetes have asked Enterprise Load Balancers such as (F5, NGINX, Ambassador, HA Proxy to name a few) to create Ingress Controllers and user to create a Ingress resources. Its user's responsibilities

Enterprise Load Balancer Offers Advanced Capabilities

Ratio Based Routing
Sticky Session Routing
Host Based
Path Based
Domain Based
White listing IP Addresses
Black Listing IP Addresses

1. Install NGINX controller in Kubernetes.

minikube addons enable ingressto install on Minikube
Verify Ingress Controller installed or not

$minikube addons enable ingress
* ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.
You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS
  - Using image registry.k8s.io/ingress-nginx/controller:v1.8.1
  - Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407
  - Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407
* Verifying ingress addon...
* The 'ingress' addon is enabled

verify by following command kubectl get pods -A | grep nginx

PS C:\Users\Jasper\OneDrive\Documents\CodeRepo\kubernetes\d38_ingress_ctrl> kubectl get pods -A
NAMESPACE       NAME                                        READY   STATUS      RESTARTS       AGE
default         sample-python-deployment-5787bd6b9f-656fn   1/1     Running     1 (16h ago)    20h
default         sample-python-deployment-5787bd6b9f-t9ttj   1/1     Running     1 (16h ago)    20h
ingress-nginx   ingress-nginx-admission-create-vcq7w        0/1     Completed   0              132m
ingress-nginx   ingress-nginx-admission-patch-g6szm         0/1     Completed   1              132m
ingress-nginx   ingress-nginx-controller-7799c6795f-qc9w5   1/1     Running     0              132m
kube-system     coredns-5d78c9869d-nscfc                    1/1     Running     3 (16h ago)    12d
kube-system     etcd-minikube                               1/1     Running     3 (16h ago)    12d
kube-system     kube-apiserver-minikube                     1/1     Running     3 (16h ago)    12d
kube-system     kube-controller-manager-minikube            1/1     Running     3 (16h ago)    12d
kube-system     kube-proxy-gzk52                            1/1     Running     3 (16h ago)    12d
kube-system     kube-scheduler-minikube                     1/1     Running     3 (16h ago)    12d
kube-system     storage-provisioner                         1/1     Running     12 (69m ago)   12d

2. Create Ingress Resource in Kubernetes.

Route foo.bar.com to IP Addresses -- _(To mock it in local, in real time - we do not need to mock is as IP address is mapped to Domain Name by DNS) _
Below ingress.yml file is to route foo.bar.com to Service sample-python-service

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sample-python-service-ingress
spec:
  rules:
  - host: "foo.bar.com"
    http:
      paths:
      - pathType: Prefix
        path: "/bar"
        backend:
          service:
            name: sample-python-service
            port:
              number: 80

Create Ingress resource kubectl apply -f ingress.yml
Notice: Nothing happens if you don't install kubernetes controller. Controller will watch for this resource to be created and they applies the logic.

$ kubectl apply -f ingress.yml
ingress.networking.k8s.io/sample-python-service-ingress created

3. Verify Ingress Resource in Kubernetes.

Run command kubectl get ingress to view ingress resource

kubectl get ingress
NAME                            CLASS   HOSTS         ADDRESS          PORTS   AGE
sample-python-service-ingress   nginx   foo.bar.com   192.168.59.105   80      6m35s

3. Route domain to `Ingress`

Locate Hosts File and update config to point domain name foo.bar.com to created ingress-service --> which points to service
Where is the Hosts File Located?

The location of the hosts file will differ by operating system. The typical locations are noted below.

Windows 10 - "C:\Windows\System32\drivers\etc\hosts"
Linux - "/etc/hosts"
Mac OS X - "/private/etc/hosts"

4. Verify domain is routed to Application (Ingress-> Service-> App)

Credits:-
Thanks to Abhishek Veeramalla

Create and expose Services in Kubernetes

Jasper Rodda — Thu, 11 Jan 2024 06:36:41 +0000

In Kubernetes, a service has following purposes/advantages.

Expose Application to outside world.
Service Discovery: Labels and Selectors.
LoadBalancer or NodePort Mode.
Install Kubeshark

Pre-requisites:

Create deploy.yml file
Create service.yml file
Deploy deploy.yml
Deploy service.yml

1. Expose Application to outside world

- a) Create `deploy.yml` file as below.

apiVersion: apps/v1
kind: Deployment
metadata: 
  name: sample-python-deployment
  labels: 
    app: sample-python-app
spec: 
  replicas: 2
  selector: 
    matchLabels: 
      app: sample-python-app
  template: 
    metadata: 
      labels: 
        app: sample-python-app
    spec:
      containers:
      - name: python-app
        image: jasper475/d37-k8s-services-py-django-app:v2
        ports:
        - containerPort: 8000

- b) Create `service.yml` file as below.

apiVersion: v1
kind: Service
metadata:
  name: sample-python-service
spec:
  type: NodePort
  selector:
    app: sample-python-app
  ports:
    - port: 80
      targetPort: 8000
      nodePort: 30007

- c) Deploy `deploy.yml` file as below.

kubectl apply -f deploy.yaml

$ kubectl apply -f deploy.yaml
deployment.apps/sample-python-deployment created

- d) Deploy `service.yml` file as below.

kubectl apply -f service.yaml

$ kubectl apply -f deploy.yaml
service/sample-python-service configured

- e) NodePort service Type: service deployed as NodePort type

kubectl get svc
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP   10.96.0.1        <none>        443/TCP        11d
sample-python-service   NodePort    10.103.136.137   <none>        80:30007/TCP   2s

- f) Notice `IP` Address of Pod: Notice `IP` below

$ kubectl get pods -o wide
NAME                                        READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE   READINESS GATES
sample-python-deployment-5787bd6b9f-656fn   1/1     Running   0          3h54m   10.244.0.35   minikube   <none>           <none>
sample-python-deployment-5787bd6b9f-t9ttj   1/1     Running   0          3h50m   10.244.0.36   minikube   <none>           <none>

- g) Access Application via `IP Addr:Port`: Note, Python application is exposed via `Port 8000`

$ minikube ssh
curl -L http://10.244.0.35:8000/demo ####Access via Pod IP Address  *** It works ***

2. Service Discovery: Labels and Selectors.

Edit 'service.yml' file

FROM:

 spec:
  type: NodePort
  selector:
    app: sample-python-app***
  ports:
    - port: 80

spec:
  type: NodePort
  selector:
    app: sample-python-a***
  ports:
    - port: 80

3. LoadBalancer or NodePort Mode.

- a) get svc: `kubectl get svc`

$ kubectl get svc                        
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP   10.96.0.1        <none>        443/TCP        11d
sample-python-service   NodePort    10.103.136.137   <none>        80:30007/TCP   33m

- b) SVC Type: NodePort

kubectl get svc
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP   10.96.0.1        <none>        443/TCP        11d
sample-python-service   NodePort    10.103.136.137   <none>        80:30007/TCP   2s

- c) Access SVC: via NodePort Mode

minikube ssh
$ pwd
/home/docker
$ curl -L http://10.103.136.137:8000/demo ####Access via Cluster IP of svc on port 8000 - ******* Doesn't work*********
curl: (28) Failed to connect to 10.103.136.137 port 8000 after 131079 ms: Connection timed out
$ curl -L http://10.103.136.137:80/demo ####Access via Cluster IP of svc on port 80 - ******* Hurray, it works !!! *********
$ curl -L http://10.103.136.137:8000/demo ####Access via Pod IP Address

                         _             _
            _         _ ( )           ( )
  ___ ___  (_)  ___  (_)| |/')  _   _ | |_      __
/' _ ` _ `\| |/' _ `\| || , <  ( ) ( )| '_`\  /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )(  ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)

$ curl -L http://10.103.136.137:80
<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <title>Page not found at /</title>
  <meta name="robots" content="NONE,NOARCHIVE">
  <style type="text/css">
    html * { padding:0; margin:0; }
    body * { padding:10px 20px; }
    body * * { padding:0; }
    body { font:small sans-serif; background:#eee; color:#000; }
    body>div { border-bottom:1px solid #ddd; }
    h1 { font-weight:normal; margin-bottom:.4em; }
    h1 span { font-size:60%; color:#666; font-weight:normal; }
    table { border:none; border-collapse: collapse; width:100%; }
    td, th { vertical-align:top; padding:2px 3px; }
    th { width:12em; text-align:right; color:#666; padding-right:.5em; }
    #info { background:#f6f6f6; }
    #info ol { margin: 0.5em 4em; }
    #info ol li { font-family: monospace; }
    #summary { background: #ffc; }
    #explanation { background:#eee; border-bottom: 0px none; }
    pre.exception_value { font-family: sans-serif; color: #575757; font-size: 1.5em; margin: 10px 0 10px 0; }
  </style>
</head>
<body>
  <div id="summary">
    <h1>Page not found <span>(404)</span></h1>

    <table class="meta">
      <tr>
        <th>Request Method:</th>
        <td>GET</td>
      </tr>
      <tr>
        <th>Request URL:</th>
        <td>http://10.103.136.137/</td>

- d) Edit svc: `kubectl edit svc service-name`

$ kubectl edit svc sample-python-service 
-------------------------------------------------------------------
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"sample-python-service","namespace":"default"},"spec":{"ports":[{"nodePort":30007,"port":80,"targetPort":8000}],"selector":{"app":"sample-python-app"},"type":"NodePort"}}
  creationTimestamp: "2024-01-11T02:51:02Z"
  name: sample-python-service
  namespace: default
  resourceVersion: "16469"
  uid: bd9bd510-e633-4dc1-adc1-1cc4704378d3
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 10.103.136.137
  clusterIPs:
  - 10.103.136.137
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - nodePort: 30007
    port: 80
    protocol: TCP
    targetPort: 8000
  selector:
    app: sample-python-app
  sessionAffinity: None
  type: ***LoadBalancer***
status:
  loadBalancer: {}
-------------------------------------------------------------------
service/sample-python-service edited

SVC Type: LoadBalancer - notice EXTERNAL-IP is <pending> state. Because, in Minikube this won't be creating an IP address whereas, in any cloud providers such as AWS EC2 or Azure VM or GCP Engine - EXTERNAL-IP will be assigned via Cloud-Control Manager

kubectl get svc
NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP      10.96.0.1        <none>        443/TCP        11d
sample-python-service   LoadBalancer   10.103.136.137   <pending>     80:30007/TCP   34m

Get `Minikube ip'

$ minikube ip 192.168.59.105

Access via browser http://192.168.59.105:30007/demo
or curl -L http://192.168.59.105:30007/demo

4. Install Kubeshark

- a) Install Kubeshark as below

git clone: git clone https://github.com/kubeshark/kubeshark

PS C:\Users\Jasper> git clone https://github.com/kubeshark/kubeshark Cloning into 'kubeshark'... remote: Enumerating objects: 20781, done. remote: Counting objects: 100% (1668/1668), done. remote: Compressing objects: 100% (262/262), done. remote: Total 20781 (delta 1525), reused 1491 (delta 1406), pack-reused 19113 Receiving objects: 100% (20781/20781), 26.38 MiB | 19.53 MiB/s, done. Resolving deltas: 100% (14618/14618), done. PS C:\Users\Jasper>

Install Kubernetes Controllers via Operators - ARGO CD

Jasper Rodda — Tue, 07 Nov 2023 22:38:54 +0000

Install Operator

Go to operatorhub.io
Install Operator

curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh | bash -s v0.26.0

Install ArgoCD Operator
kubectl create -f https://operatorhub.io/install/argocd-operator.yaml

PS C:\WINDOWS\system32> kubectl create -f https://operatorhub.io/install/argocd-operator.yaml
subscription.operators.coreos.com/my-argocd-operator created

Verify ArgoCD Operator Installed or not
kubectl get csv -n operators

PS C:\WINDOWS\system32> kubectl get csv -n operators
NAME                     DISPLAY   VERSION   REPLACES                 PHASE
argocd-operator.v0.7.0   Argo CD   0.7.0     argocd-operator.v0.6.0   Pending
argocd-operator.v0.7.0   Argo CD   0.7.0     argocd-operator.v0.6.0   Installing
argocd-operator.v0.7.0   Argo CD   0.7.0     argocd-operator.v0.6.0   Succeeded

Create ARGOCD Controller: Use manifest to create a new Argo CD cluster

source: ARGOCD documentation

Go to Usage > Basic > save below in argo-cd-manifest.yml

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: my-argocd
  labels:
    example: basic
spec: {}

Warning: ArgoCD v1alpha1 version is deprecated and will be converted to v1beta1 automatically. Moving forward, please use v1beta1 as the ArgoCD API version.

Run Manifest command kubectl apply -f argo-cd-manifest.yml

$ kubectl apply -f argo-cd-manifest.yml
$ kubectl apply -f argoctl.yml
argocd.argoproj.io/my-argocd created
OR 
argocd.argoproj.io/example-argocd created

Verify operator pods are created kubectl get pods

PS C:\WINDOWS\system32> kubectl get pods
NAME                                          READY   STATUS    RESTARTS       AGE
my-argocd-application-controller-0       1/1     Running   3              21h
my-argocd-redis-6b8667cdb8-jnmm6         1/1     Running   2 (31m ago)    21h
my-argocd-repo-server-5d547c6f69-mgsnn   1/1     Running   22 (31m ago)   21h
my-argocd-server-bbdf5fdff-ccc2w         1/1     Running   23 (19h ago)   21h

Get service server Run list of services kubectl get svc
Expose my-argocd-server from ClusterIP to NodePort to access via browser
kubectl edit svc my-argocd-server

PS C:\WINDOWS\system32> kubectl edit svc example-argocd-server
service/example-argocd-server edited

PS C:\WINDOWS\system32> kubectl get svc
NAME                            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
example-argocd-metrics          ClusterIP   10.106.206.190   <none>        8082/TCP                     21h
example-argocd-redis            ClusterIP   10.98.228.6      <none>        6379/TCP                     21h
example-argocd-repo-server      ClusterIP   10.104.167.116   <none>        8081/TCP,8084/TCP            21h
example-argocd-server           NodePort    10.108.236.251   <none>        80:30904/TCP,443:31659/TCP   21h
example-argocd-server-metrics   ClusterIP   10.104.220.61    <none>        8083/TCP                     21h
kubernetes                      ClusterIP   10.96.0.1        <none>        443/TCP                      22h

Get the list of services and its URL to open in browser minikube service list

PS C:\WINDOWS\system32> minikube service list
|-------------|----------------------------------------------------|--------------|-----------------------------|
|  NAMESPACE  |                        NAME                        | TARGET PORT  |             URL             |
|-------------|----------------------------------------------------|--------------|-----------------------------|
| default     | example-argocd-metrics                             | No node port |                             |
| default     | example-argocd-redis                               | No node port |                             |
| default     | example-argocd-repo-server                         | No node port |                             |
| default     | example-argocd-server                              | http/80      | http://192.168.59.102:30904 |
|             |                                                    | https/443    | http://192.168.59.102:31659 |
| default     | example-argocd-server-metrics                      | No node port |                             |
| default     | kubernetes                                         | No node port |                             |
| default     | spring-boot-app-service                            | http/80      | http://192.168.39.101:30296 |
| kube-system | kube-dns                                           | No node port |                             |
| olm         | operatorhubio-catalog                              | No node port |                             |
| olm         | packageserver-service                              | No node port |                             |
| operators   | argocd-operator-controller-manager-metrics-service | No node port |                             |
|-------------|----------------------------------------------------|--------------|-----------------------------|

Open browser and access via local server/port forwarded http://192.168.59.102:32600 as seen in below picture.

Enter: username=admin password=''
To get password run
kubectl get secret - secret is stored in my-argocd-cluster
kubectl edit secret my-argocd-cluster

PS C:\WINDOWS\system32> kubectl get secret
NAME                               TYPE                DATA   AGE
argocd-secret                      Opaque              5      11m
my-argocd-ca                       kubernetes.io/tls   3      11m
my-argocd-cluster                  Opaque              1      11m
my-argocd-default-cluster-config   Opaque              4      11m
my-argocd-tls                      kubernetes.io/tls   2      11m
PS C:\WINDOWS\system32> kubectl edit secret my-argocd-cluster

By default, password in store in base64 encoded format, run below command to get password from base64 encode to text
convert base64 to plain text
echo echo enlkaXd1UEZCNVhoSXJUNGo3UXBvMkpNV2dTdmFaOUU= | base64 -d
To reset password to password

#bcrypt(password)=$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa
kubectl -n argocd patch secret argocd-secret \
  -p '{"stringData": {
    "admin.password": "$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa",
    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
  }}'

PS C:\WINDOWS\system32> kubectl get secret
NAME                                    TYPE                DATA   AGE
argocd-secret                           Opaque              5      22h
example-argocd-ca                       kubernetes.io/tls   3      22h
example-argocd-cluster                  Opaque              1      22h
example-argocd-default-cluster-config   Opaque              4      22h
example-argocd-tls                      kubernetes.io/tls   2      22h

ARGO CD - App configuration:

Dashboard

How to Login/Authenticate Terraform via Azure CLI

Jasper Rodda — Thu, 19 Oct 2023 19:24:14 +0000

There are multiple ways for authenticating.

Official Terraform documentation recommends authenticating via Azure CLI when using locally and They recommend using either a Service Principal or Managed Service Identity when running Terraform non-interactively (such as when running Terraform in a CI server)

Pre-requisites

Install Azure CLI

Step 1: Login

Step 2: Microsoft prompt

A prompt is opened in browser, and you can login using the credentials.

Step 3: PowerShell Json Response

Notice you will get below response after authorization.

PS C:\Users\Jasper> az login
A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "3hfdg567-4564-6u78-k898-asdgesr34523",
    "id": "3hfdg567-4564-6u78-k898-asde8sr34523",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Azure subscription 1",
    "state": "Enabled",
    "tenantId": "3hfdg567-4564-6u78-k898-asdgesr34523",
    "user": {
      "name": "pemail@gmail.com",
      "type": "user"
    }
  }
]

Install Azure CLI using Powershell on Windows

Jasper Rodda — Thu, 19 Oct 2023 17:11:51 +0000

If you want to interact with Microsoft Azure resources from your machine, you need an Azure CLI installed.

*Pre-Requisites: *

Host Laptop (Windows, Mac, Linux)
Azure CLI Installation documentation.

In this tutorial, I will share specific steps for installing Azure CLI using PowerShell.

Step 1: Installation using Powershell

Open PowerShell and copy paste the following commands

- For Windows 32 Bit

$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi

- For Windows 64 Bit

$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindowsx64 -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi

Step 2: Verify Installation

you can enter in powershell by typing 'az --version'

az --version

PS C:\WINDOWS\system32> az --version
azure-cli                         2.53.0

core                              2.53.0
telemetry                          1.1.0

Dependencies:
msal                            1.24.0b2
azure-mgmt-resource             23.1.0b2

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'

Once you see this post - that's it. you are able to install Azure CLI successfully.

Step 3: Update the Azure CLI Uninstall

type - az upgrade

PS C:\WINDOWS\system32> az upgrade
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
You already have the latest azure-cli version: 2.53.0
Upgrade finished.You can enable auto-upgrade with 'az config set auto-upgrade.enable=yes'. More details in https://docs.microsoft.com/cli/azure/update-azure-cli#automatic-update

Step 4: Uninstall Azure CLI

Platform Instructions

Windows 11 Start > Settings > Apps > Installed apps
Windows 10 Start > Settings > System > Apps & Features
Windows 8 and Windows 7 Start > Control Panel > Programs > Uninstall a program

Forem: Jasper Rodda

Python Interview Question - Beginner to Advance

1. Interviewer: Write a Python code to get output as mentioned below.

Time: 15 Min

Level: Beginner

Example:

Possible Answer

2. Interviewer: TBD

Time: 15 Min

Level: Beginner

Example:

Install Hashicorp Vault to store Secrets and use it in Terraform.

1. Installation Steps

2. Start Vault Server

3. Configure Terraform to read the secret from Vault.

4. Provider.tf file

5. Main.tf

Deploy pods on Kubernetes Cluster in localhost

Pre-requisites:

Verify Docker & Minikube installed correctly:

Step 1: Create Kubernetes cluster

Install Prometheus and Grafana on Kubernetes Cluster.

Install using Helm.

1. Add helm repo

2. Update helm repo

3. Install helm

- Verify Prometheus Pods Running

- Verify Prometheus services via Kubectl get svc

4. Expose Prometheus Service

Get Minikube IP

Open Browser and access Prometheus

- Go to http://192.168.59.107:31401/

Install Grafana

1. Install using Helm

2. Update helm repo

3. Install Grafana via helm

4. Get Grafana Login Details

5. Expose Grafana Service to Access IT

- Login via user=admin and password=XPhzARnKv93uhRGt8Nu9cimhuAHZoj64ZtCHDeQd

6. Expose prometheus-kube-state-metrics

- http://192.168.59.107:30229/

Deploy ConfigMaps and Secrets in Red Hat OpenShift Kubernetes Cluster

Two ways to store data

1. Deploying ConfigMap in Kubernetes

- 1.a) ConfigMap via Env Variable

- 1.b) ConfigMap via File - Volume Mount

1.a) Deploy ConfigMap via Env Variable

1.b) Deploy ConfigMap via File - Volume Mount

2. Deploying ConfigMap in Kubernetes

Install/Setup - Service Mesh Capabilities via Istio on Kubernetes Cluster

1. What is a Service Mesh?

2. What is Istio?

Setup Istio on Kubernetes cluster

Create Redhat Openshift -Shared Kubernetes Cluster - Free 30 Day Access

1. Create Redhat Account.

2. Open Developer Sandbox

- Red Hat Developer Sandbox Has 3 services

3. Red Hat OpenShift Console

Install Ingress on Kubernetes and Minikube

Kubernetes Service - Drawbacks

Enterprise Load Balancer Offers Advanced Capabilities

1. Install NGINX controller in Kubernetes.

2. Create Ingress Resource in Kubernetes.

3. Verify Ingress Resource in Kubernetes.

3. Route domain to Ingress

4. Verify domain is routed to Application (Ingress-> Service-> App)

Create and expose Services in Kubernetes

Pre-requisites:

1. Expose Application to outside world

- a) Create deploy.yml file as below.

- b) Create service.yml file as below.

- c) Deploy deploy.yml file as below.

- d) Deploy service.yml file as below.

- e) NodePort service Type: service deployed as NodePort type

- f) Notice IP Address of Pod: Notice IP below

- g) Access Application via IP Addr:Port: Note, Python application is exposed via Port 8000

2. Service Discovery: Labels and Selectors.

3. LoadBalancer or NodePort Mode.

- a) get svc: kubectl get svc

- b) SVC Type: NodePort

- Verify Prometheus services via `Kubectl get svc`

- Login via user=`admin` and password=`XPhzARnKv93uhRGt8Nu9cimhuAHZoj64ZtCHDeQd`

6. Expose `prometheus-kube-state-metrics`

- 1.a) ConfigMap via `Env Variable`

- 1.b) ConfigMap via `File - Volume Mount`

1.a) Deploy ConfigMap via `Env Variable`

1.b) Deploy ConfigMap via `File - Volume Mount`

3. Route domain to `Ingress`

- a) Create `deploy.yml` file as below.

- b) Create `service.yml` file as below.

- c) Deploy `deploy.yml` file as below.

- d) Deploy `service.yml` file as below.

- f) Notice `IP` Address of Pod: Notice `IP` below

- g) Access Application via `IP Addr:Port`: Note, Python application is exposed via `Port 8000`

- a) get svc: `kubectl get svc`

- d) Edit svc: `kubectl edit svc service-name`