Kodekloud Kubernetes Challenge 1 solution | Implementing a Jekyll SSG | pvc | pod | services | rolebinding | context

Question : Deploy the given architecture diagram for implementing a Jekyll SSG.

1. jekyll-site pv is already created. Inspect it before you create the pvc.

2.  jekyll  pvc  : - 

Storage Request: 1Gi

Access modes: ReadWriteMany

pvc name = jekyll-site, namespace = development

jekyll-site' PVC should be bound to the PersistentVolume called 'jekyll-site'

3.  jekyll pod  : - 

pod: 'jekyll' has an initContainer, name: 'copy-jekyll-site', image: 'kodekloud/jekyll'

initContainer: 'copy-jekyll-site', command: [ "jekyll", "new", "/site" ] (command to run: jekyll new /site)

pod: 'jekyll', initContainer: 'copy-jekyll-site', mountPath = '/site'

pod: 'jekyll', initContainer: 'copy-jekyll-site', volume name = 'site'

pod: 'jekyll', container: 'jekyll', volume name = 'site'

pod: 'jekyll', container: 'jekyll', mountPath = '/site'

pod: 'jekyll', container: 'jekyll', image = 'kodekloud/jekyll-serve'

pod: 'jekyll', uses volume called 'site' with pvc = 'jekyll-site'

pod: 'jekyll' uses label 'run=jekyll'

4.  jekyll  Services : - 

Service 'jekyll' uses targetPort: '4000', namespace: 'development'

Service 'jekyll' uses Port: '8080', namespace: 'development'

Service 'jekyll' uses NodePort: '30097', namespace: 'development'

5. set context 'developer' with user = 'martin' and cluster = 'kubernetes' as the current context.

6. developer-rolebinding : -

create rolebinding = developer-rolebinding, role= 'developer-role', namespace = development

 rolebinding = developer-rolebinding associated with user = 'martin'

7. developer-role : -

developer-role', should have all(*) permissions for services in development namespace

developer-role', should have all permissions(*) for persistentvolumeclaims in development namespace

developer-role', should have all(*) permissions for pods in development namespace

8. User Martin : -

Build user information for martin in the default kubeconfig file: User = martin , client-key = /root/martin.key and client-certificate = /root/martin.crt

Create a new context called 'developer' in the default kubeconfig file with 'user = martin' and 'cluster = kubernetes'

Solution: 

1. jekyll-pv - Nothing to do here. The PV is pre-created.

root@controlplane ~ ➜  kubectl get pv NAME          CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS    REASON   AGE jekyll-site   1Gi        RWX            Delete           Available           local-storage            3m36s root@controlplane ~ ➜

2.  Created  YAML  manifest files with all the parameters, Kindly clone repo or you can copy from GitLab 

git clone https://gitlab.com/nb-tech-support/devops.git

 ( Refer Below Video for more clarity )

3. Create jekyll-site pvc & validate the status 

root@controlplane ~ ➜  kubectl apply -f  devops/kubernetes-challenges/challenge-1/jekyll-pvc.yaml persistentvolumeclaim/jekyll-site created root@controlplane ~ ➜  kubectl get pvc -A NAMESPACE     NAME          STATUS   VOLUME        CAPACITY   ACCESS MODES   STORAGECLASS    AGE development   jekyll-site   Bound    jekyll-site   1Gi        RWX            local-storage   3s root@controlplane ~ ➜  root@controlplane ~ ➜  kubectl get pv -n development NAME          CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                     STORAGECLASS    REASON   AGE jekyll-site   1Gi        RWX            Delete           Bound    development/jekyll-site   local-storage            3m57s  root@controlplane ~ ➜

4. Create jekyll pod  & validate the status 

root@controlplane ~ ➜  kubectl apply -f devops/kubernetes-challenges/challenge-1/jekyll-pod.yaml pod/jekyll created root@controlplane ~ ➜  kubectl get pod -n development NAME     READY   STATUS    RESTARTS   AGE jekyll   1/1     Running   0          58s root@controlplane ~ ➜

5. Create jekyll service  & validate the status 

root@controlplane ~ ➜  kubectl apply -f devops/kubernetes-challenges/challenge-1/jekyll-node-service.yaml service/jekyll created root@controlplane ~ ➜ root@controlplane ~ ➜  kubectl get svc -n development NAME     TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE jekyll   NodePort   10.98.111.195   <none>        8080:30097/TCP   14s root@controlplane ~ ➜

6. Create developer role  & validate the status 

root@controlplane ~ ➜  kubectl create role developer-role --resource=pods,svc,pvc --verb="*" -n development role.rbac.authorization.k8s.io/developer-role created root@controlplane ~ ➜  kubectl describe  role -n development Name:         developer-role Labels:       <none> Annotations:  <none> PolicyRule:   Resources               Non-Resource URLs  Resource Names  Verbs   ---------               -----------------  --------------  -----   persistentvolumeclaims  []                 []              [*]   pods                    []                 []              [*]   services                []                 []              [*]  root@controlplane ~ ➜

7. Create developer rolebinding for user martin & validate the status 

root@controlplane ~ ➜  kubectl create rolebinding developer-rolebinding --role=developer-role --user=martin -n development rolebinding.rbac.authorization.k8s.io/developer-rolebinding created root@controlplane ~ ➜ root@controlplane ~ ➜  kubectl describe rolebindings -n development Name:         developer-rolebinding Labels:       <none> Annotations:  <none> Role:   Kind:  Role   Name:  developer-role Subjects:   Kind  Name    Namespace   ----  ----    ---------   User  martin   root@controlplane ~ ➜

8. Build user information for martin in the default kubeconfig file: User = martin , client-key = /root/martin.key and client-certificate = /root/martin.crt

root@controlplane ~ ➜  ls martin.crt  martin.csr  martin.key root@controlplane ~ ➜  root@controlplane ~ ➜  kubectl config set-credentials martin --client-certificate ./martin.crt --client-key ./martin.key User "martin" set. root@controlplane ~ ➜  kubectl config get-users NAME kubernetes-admin martin root@controlplane ~ ➜

9. Create a new context called 'developer' in the default kubeconfig file with 'user = martin' and 'cluster = kubernetes'

root@controlplane ~ ➜  kubectl config set-context developer --cluster kubernetes --user martin Context "developer" created.  root@controlplane ~ ➜  kubectl config get-contexts CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE           developer                     kubernetes   martin             *         kubernetes-admin@kubernetes   kubernetes   kubernetes-admin    root@controlplane ~ ➜

10. Validate the complete deployment of Jekyll SSG

root@controlplane ~ ➜  kubectl get all -n development NAME         READY   STATUS    RESTARTS   AGE pod/jekyll   1/1     Running   0          10m   NAME             TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE service/jekyll   NodePort   10.98.111.195   <none>        8080:30097/TCP   6m55s   root@controlplane ~ ➜

11. Click on Check & Confirm to complete the task successfully

Happy Learning!!!!

Apart from this if you need more clarity,  I have made a  tutorial video on this , please go through and share your comments. Like and share the knowledge