cks-course-environment's People
Forkers
fii johnhowlett vince15dk nabarunsen ricable artisticman kratos81 kainlite vmware-ysung divyesh16 ldynia nitinkansal1984 abhi15sep rock981119 rajkrishnamurthy k21academyuk niscoveanumircea vakkur ashmilhussain yuces dmilan77 quetzalcoatlg djkormo abhigadu venkat8887 bguruprasad prabhuredhat duiniwukenaihe ampacheco samarsinghal vijayrod op317q salah-lahlou evalle bapushinde yelmir chinthakahasakelum gauravbansal17 ykhadilkar emreozkangit d-expired tarun9715m decktecheu ak12a aidoudi1 prakasha4devops jmyung alirezataleghani dramasamy prabhjot806 ampacheco-kubtec usanjayv007 qiang1981cn alexandrust88 jymun ming-ddtechcg vovakaplenko rushrs2 abdennour alyragab vladislavpv jimmyadepeju sujiar37 kumardineshwar mais316 babubalagani viveknidhi dinishkr ghulevishal valentinouberti beepbooprobit prasadkadam36 andrzej-natzka mohamedibrahimabdoun deepakdubey123 hardik-id mahendra-js bahalla mnifr nilesh93 kasunsjc schoudhary22 basakil songford malston akthodu rachlenko rembj naren4b samguan2018 amitnath1991 shinomineko e-n-g-xor gopu84 monbostest nrobertio bearsir balajivelaga nikhil-thomas holasoysolercks-course-environment's Issues
Course Slides
Is it possible to add the course slides as well please? They would also be a good resource for people to have I think
Thanks
Changing shell from /bin/sh to /bin/bash - for lastest/master.sh and latest/worker.sh
Falco docs link out of date
Hello,
In the resource section the link to the Falco docs is outdated and no longer working.
File: https://github.com/killer-sh/cks-course-environment/blob/master/Resources.md
Relevant link: https://v1-16.docs.kubernetes.io/docs/tasks/debug-application-cluster/falco
Thank you very much for the course by the way. It's pretty good!
Worker script failing with Ubuntu 20.04 Focal Fossa LTS when package were held
Hi,
I found little issue with the worker script (https://github.com/killer-sh/cks-course-environment/blob/master/cluster-setup/latest/install_worker.sh).
If packages were installed before and held the script failed.
As improvement script should remove held packages or stop and print some error msg; currently it continues and fail in later stage
LOG:
The following packages will be REMOVED:
kubeadm kubectl kubelet kubernetes-cni
The following held packages will be changed:
kubeadm
0 upgraded, 0 newly installed, 4 to remove and 34 not upgraded.
E: Held packages were changed and -y was used without --allow-change-held-packages.
BR, Silvam
Install_master.sh, install_worker.sh gets stuck when running them inside multipass VMs (ubuntu 20.04)
i guess, It executed up to this line
https://github.com/killer-sh/cks-course-environment/blob/master/cluster-setup/latest/install_master.sh#L54
Logs
root@cks-master:~# bash <(curl -s https://raw.githubusercontent.com/killer-sh/cks-course-environment/master/cluster-setup/latest/install_master.sh)
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
0% [Waiting for headers] [2 InRelease 14.1 kB/114 kB 12%]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2610 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8628 kB]
Get:7 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [402 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [915 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [192 kB]
Get:10 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [19.2 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [23.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/multiverse Translation-en [5504 B]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 c-n-f Metadata [548 B]
Get:14 http://archive.ubuntu.com/ubuntu focal/universe Translation-en [5124 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal/universe amd64 c-n-f Metadata [265 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [144 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal/multiverse Translation-en [104 kB]
Get:18 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 c-n-f Metadata [9136 B]
Get:19 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3017 kB]
Get:20 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [487 kB]
Get:21 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2562 kB]
Get:22 http://archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [358 kB]
Get:23 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1140 kB]
Get:24 http://archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [273 kB]
Get:25 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [25.7 kB]
Get:26 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [25.8 kB]
Get:27 http://archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [7484 B]
Get:28 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 c-n-f Metadata [620 B]
Get:29 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [45.7 kB]
Get:30 http://archive.ubuntu.com/ubuntu focal-backports/main Translation-en [16.3 kB]
Get:31 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 c-n-f Metadata [1420 B]
Get:32 http://archive.ubuntu.com/ubuntu focal-backports/restricted amd64 c-n-f Metadata [116 B]
Get:33 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [25.0 kB]
Get:34 http://archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [16.3 kB]
Get:35 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [880 B]
Get:36 http://archive.ubuntu.com/ubuntu focal-backports/multiverse amd64 c-n-f Metadata [116 B]
Fetched 26.8 MB in 26s (1023 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
bash-completion is already the newest version (1:2.10-1ubuntu1).
bash-completion set to manually installed.
The following additional packages will be installed:
binutils-common binutils-x86-64-linux-gnu libbinutils libctf-nobfd0 libctf0
Suggested packages:
binutils-doc
The following NEW packages will be installed:
binutils binutils-common binutils-x86-64-linux-gnu libbinutils libctf-nobfd0 libctf0
0 upgraded, 6 newly installed, 0 to remove and 15 not upgraded.
Need to get 2390 kB of archives.
After this operation, 13.7 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 binutils-common amd64 2.34-6ubuntu1.6 [207 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libbinutils amd64 2.34-6ubuntu1.6 [473 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libctf-nobfd0 amd64 2.34-6ubuntu1.6 [47.4 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libctf0 amd64 2.34-6ubuntu1.6 [46.6 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 binutils-x86-64-linux-gnu amd64 2.34-6ubuntu1.6 [1613 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 binutils amd64 2.34-6ubuntu1.6 [3376 B]
Fetched 2390 kB in 6s (434 kB/s)
Selecting previously unselected package binutils-common:amd64.
(Reading database ... 64080 files and directories currently installed.)
Preparing to unpack .../0-binutils-common_2.34-6ubuntu1.6_amd64.deb ...
Unpacking binutils-common:amd64 (2.34-6ubuntu1.6) ...
Selecting previously unselected package libbinutils:amd64.
Preparing to unpack .../1-libbinutils_2.34-6ubuntu1.6_amd64.deb ...
Unpacking libbinutils:amd64 (2.34-6ubuntu1.6) ...
Selecting previously unselected package libctf-nobfd0:amd64.
Preparing to unpack .../2-libctf-nobfd0_2.34-6ubuntu1.6_amd64.deb ...
Unpacking libctf-nobfd0:amd64 (2.34-6ubuntu1.6) ...
Selecting previously unselected package libctf0:amd64.
Preparing to unpack .../3-libctf0_2.34-6ubuntu1.6_amd64.deb ...
Unpacking libctf0:amd64 (2.34-6ubuntu1.6) ...
Selecting previously unselected package binutils-x86-64-linux-gnu.
Preparing to unpack .../4-binutils-x86-64-linux-gnu_2.34-6ubuntu1.6_amd64.deb ...
Unpacking binutils-x86-64-linux-gnu (2.34-6ubuntu1.6) ...
Selecting previously unselected package binutils.
Preparing to unpack .../5-binutils_2.34-6ubuntu1.6_amd64.deb ...
Unpacking binutils (2.34-6ubuntu1.6) ...
Setting up binutils-common:amd64 (2.34-6ubuntu1.6) ...
Setting up libctf-nobfd0:amd64 (2.34-6ubuntu1.6) ...
Setting up libbinutils:amd64 (2.34-6ubuntu1.6) ...
Setting up libctf0:amd64 (2.34-6ubuntu1.6) ...
Setting up binutils-x86-64-linux-gnu (2.34-6ubuntu1.6) ...
Setting up binutils (2.34-6ubuntu1.6) ...
Processing triggers for libc-bin (2.31-0ubuntu9.12) ...
Processing triggers for man-db (2.9.1-1) ...
/dev/fd/63: line 42: kubeadm: command not found
/dev/fd/63: line 43: crictl: command not found
/dev/fd/63: line 43: crictl: command not found
E: Unable to locate package kubelet
E: Unable to locate package kubeadm
E: Unable to locate package kubectl
E: Unable to locate package kubernetes-cni
E: No packages found
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package kubelet
E: Unable to locate package kubeadm
E: Unable to locate package kubectl
E: Unable to locate package kubernetes-cni
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1093 100 1093 0 0 1624 0 --:--:-- --:--:-- --:--:-- 1621
OK
OPA Gatekeeper should be updated to support Kubernetes 1.22
The current OPA Gatekeeper deploy file uses API objects that are removed in Kubernetes 1.22, specifically apiextensions.k8s.io/v1beta1. Updating the name of the API obgject to apiextensions.k8s.io/v1 is not enough since the schema has changed.
The workaround to continue the course was using the official latest release:
https://raw.githubusercontent.com/open-policy-agent/gatekeeper/v3.5.2/deploy/gatekeeper.yaml
The course YAML should be updated accordingly.
Falco scenario does not evaluate correctly
Hello,
I've tried working through one of the Falco scenario's on Killercoda. Unfortunately the verification does not work as /var/log/syslog contains a binary file.
Link: https://killercoda.com/killer-shell-cks/scenario/falco-change-rule
Steps performed:
- created pod, entered bash through kubectl exec, checked falco logs
- did the same steps again on newly loaded scenario using the solution provided.
kubernetes repository address need update
Hi,
https://github.com/killer-sh/cks-course-environment/blob/master/cluster-setup/latest/install_master.sh#L68
This line in cluster setup script need update following a blog post here
https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/
Use the Kubic repo for podman installation
For Ubuntu 20.04 the PPA no longer works and has been deprecated.
sudo add-apt-repository -y ppa:projectatomic/ppa
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Ign:2 http://ppa.launchpad.net/projectatomic/ppa/ubuntu focal InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:5 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 InRelease
Hit:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Err:7 http://ppa.launchpad.net/projectatomic/ppa/ubuntu focal Release
404 Not Found [IP: 91.189.95.85 80]
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/projectatomic/ppa/ubuntu focal Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
The recommended way to install on Ubuntu 20.04 and earlier is now to use the Kubic repo:
. /etc/os-release
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key" | sudo apt-key add -
sudo apt-get update
sudo apt-get -y upgrade
sudo apt-get -y install podman containers-common
This was tested on the latest Ubuntu 20.04 installed via multipass on a Linux host with the libvirt backend.
The instrumenta/conftest image is deprecated and will no longer be updated.
In the lectures 115 and 116, instrumenta/conftest
image is used, but it is deprecated.
NOTE: The instrumenta/conftest image is deprecated and will no longer be updated. Please use the openpolicyagent/conftest image.
https://github.com/open-policy-agent/conftest/blob/master/docs/install.md#docker
critctl stop before remove containers
The various cluster-setup scripts invoke:
crictl rm $(crictl ps -a -q).
There should be a line before to stop the containers, otherwise they can't be removed correctly:
crictl stop $(crictl ps -a -q).
Noticed the error during the cluster downgrade:
ERRO[0000] container "f85f0ab92bab95421a6069e3dae6103fc583edcd3ccbf7300a326c7c2fabb568" is running, please stop it first
ERRO[0000] container "3b2d4ad9d6c41f7d3013426a7591b472e0b04c8f9ba785f40cf29807b19e5f25" is running, please stop it first
ERRO[0000] container "290707f84e50e544f880d1b383be06cc485b9d8455753723c544ec8e10060ed9" is running, please stop it first
ERRO[0000] container "335a7afe1b3e9cd60fe5f2d0d359f04478322fa0157a14a3d7947fa6046b7184" is running, please stop it first
ERRO[0000] container "50801ad4720e1b7abc0ece7e6b26ad8a087c70ec37ddd7a330726be13a869c54" is running, please stop it first
ERRO[0000] container "2441d7be1424abc5ec70ecf23078b469605e4bc4fd7dcf49860f6c70941145e8" is running, please stop it first
FATA[0000] unable to remove container(s)
followed by errors, as the new containers weren't able to use the 6443 ports on the host.
Section 7: Cluster Setup - Secure Ingress
During the "Section 7: Cluster Setup - Secure Ingress > Practice - Create Ingress" lecture, we created an Ingress resource with 2 paths to service1
and service2
.
I had an issue resolving these routes. For example, curl http://<node IP>:<node port>/service1
would display the nginx standard 404 message instead of the welcome text.
To resolve this, the NGINX Ingress Controller docs state that the kubernetes.io/ingress.class: "nginx"
annotation needs to be added to our Ingress resource, which makes it discoverable by NGINX Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: secure-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /service1
pathType: Prefix
backend:
service:
name: service1
port:
number: 80
- path: /service2
pathType: Prefix
backend:
service:
name: service2
port:
number: 80
It might be worth testing this yourself to see if it's a general problem (not just one for me).
Missing etcd-client package from the cluster scripts
Hello,
The etcd client package on ubuntu could be added in the master setup scripts, for convenience (section 76).
apt-get install etcd-client
Regards,
Fabrice.
PS: added later manually on in section 78, however. Feel free to archive.
Network Polices Lecure:21
I really liked the example. It would be cool to add video with explenation of the problem and solution for kube-dns and opening port 53 as Amer pointed
apiKind: NetworkPolicy
metadata:
name: frontend-with-kube-dns
namespace: default
spec:
podSelector:
matchLabels:
run: frontend
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
run: backend
ports:
- protocol: TCP
port: 80
- to:
ports:
- protocol: UDP
port: 53
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.