In this lab you will complete a series of tasks to ensure your Kubernetes cluster is functioning correctly.
In this section you will verify the ability to encrypt secret data at rest.
Create a generic secret:
kubectl create secret generic kubernetes-the-easy-way \
--from-literal="mykey=mydata"
Create a pod with the secret as an environment variable and print it to the logs:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: secret-env-pod
image: ubuntu
env:
- name: SECRET_MYKEY
valueFrom:
secretKeyRef:
name: kubernetes-the-easy-way
key: mykey
command: ["printenv"]
args: ["SECRET_MYKEY"]
restartPolicy: Never
EOF
Print the logs from running the pod to see the secret:
kubectl logs secret-env-pod
In this section you will verify the ability to create and manage Deployments.
Create a deployment for the nginx web server:
kubectl create deployment nginx --image=nginx
List the pod created by the nginx deployment:
kubectl get pods -l app=nginx
output
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-6lxg2 1/1 Running 0 10s
In this section you will verify the ability to access applications remotely using port forwarding.
Retrieve the full name of the nginx pod:
POD_NAME=$(kubectl get pods -l app=nginx -o jsonpath="{.items[0].metadata.name}")
Forward port 8080 on your local machine to port 80 of the nginx pod:
kubectl port-forward $POD_NAME 8080:80
output
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
In a new terminal make an HTTP request using the forwarding address:
curl --head http://127.0.0.1:8080
output
HTTP/1.1 200 OK
Server: nginx/1.15.4
Date: Sun, 30 Sep 2018 19:23:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 25 Sep 2018 15:04:03 GMT
Connection: keep-alive
ETag: "5baa4e63-264"
Accept-Ranges: bytes
Switch back to the previous terminal and stop the port forwarding to the nginx pod:
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
Handling connection for 8080
^C
In this section you will verify the ability to retrieve container logs.
Print the nginx pod logs:
kubectl logs $POD_NAME
output
127.0.0.1 - - [30/Sep/2018:19:23:10 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.58.0" "-"
In this section you will verify the ability to execute commands in a container.
Print the nginx version by executing the nginx -v command in the nginx container:
kubectl exec -ti $POD_NAME -- nginx -v
output
nginx version: nginx/1.15.4
In this section you will verify the ability to expose applications using a Service.
Expose the nginx deployment using a LoadBalancer service:
kubectl expose deployment nginx --port=80 --type=LoadBalancer
Watch the new service until it gets an address (might take a few minutes), then CTRL-C to get back to the shell:
kubectl get svc nginx --watch -o jsonpath="{.status.loadBalancer}"
Retrieve the external IP address of a worker instance:
EXTERNAL_IP=$(kubectl get service nginx -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
Make an HTTP request using the external IP address:
curl --head http://${EXTERNAL_IP}
output
HTTP/1.1 200 OK
Server: nginx/1.15.4
Date: Sun, 30 Sep 2018 19:25:40 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 25 Sep 2018 15:04:03 GMT
Connection: keep-alive
ETag: "5baa4e63-264"
Accept-Ranges: bytes
These are not yet supported but there is a private alpha for GKE Sandboxes.
Next: Cleaning Up