A Step-by-Step Guide to Creating Users in Kubernetes

1. Create a User Account

openssl req -new -newkey rsa:4096 -nodes -keyout pravin.key -out pravin.csr -subj "/CN=pravin/O=Infosys"

Now we have pravin.csr, we need to have it signed by the cluster CA. for that we create CertificateSigningRequest object.

cat <<EOF | kubectl apply -f -

apiVersion: certificates.k8s.io/v1

kind: CertificateSigningRequest

metadata:

  name: pravin

spec:

  request: $(cat pravin.csr | base -w 0)

  signerName: kubernetes.io/kube-apiserver-client

  expirationSeconds: 86400  # one day

  usages:

  - client auth

EOF

Once the CSR has been created, it enters a Pending' condition

kubectl get csr

Now, we want to approve CSR object.

kubectl certificate approve pravin.

Now if we check the CSR again we see that it is in a Approved, Issued state.

kubectl get csr

To retrieve the certificate, we can run the following command

kubectl get csr pravin -o jsonpath='{.status.certificate}' | base64 --decode > pravin-access.crt

or

openssl x509 -req -in pravin.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out pravin-access.crt

Let's verify that we have a certificate for pravin

cat pravin-access.crt

Next requiremnt is pravin kubeconfig file is the clustr CA certificate. To retrieve it, use folowing command.

kubectl config view -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' --raw | base64 --decode - > k8s-ca.crt

Now, we can start creating pravin's kubeconfig file.

2. Configure Your Kubernetes Cluster

Let's set up the cluster configuration in pravin's kubeconfig file. pull these details from our existing kubeconfig using the command below.

kubectl config set-cluster $(kubectl config view -o jsonpath='{.clusters[0].name}') --server=$(kubectl config view -o jsonpath='{.clusters[0].cluster.server}') --certificate-authority=k8s-ca.crt --kubeconfig=pravin-config --embed-cert

look at the contents of the pravin-config, we see that the cluster configuration has been set.

cat pravin-config

We can see that the userand context list are empty. Let's set up the user next which will import pravin's key and cert into the file.

kubectl config set-credentials pravin --client-certificate=pravin-access.crt --client-key=pravin.key --embed-certs --kubeconfig=pravin-config

Final kubeconfig requirement is to create a context.

kubectl config set-context pravin --cluster=$(kubectl config view -o jsonpath='{.clusters[0].name}') --namespace=infosys --user=pravin --kubeconfig=pravin-config

Finally, we will want to specify the context that pravin will use for his kubectl commands.

kubectl config use-context pravin --kubeconfig=pravin-config

Now, Let's test the pravin's kubeconfig by running the 'kubectl version' command.

kubectl version --kubeconfig=pravin-config

Now lets's go and list the running pods using pravin's kubeconfig

kubectl get pods --kubeconfig=pravin-config

3. Assign Roles Within a Namespace

Introduction To VI Editor

VI Editor

VI Editor has two modes insertion mode and command mode. The editor begins in command mode, where the cursor movement and text deletion and pasting occur.

Insertion mode begins upon entering an insertion or change command. return the editor to command mode (where you can quit, for example by typing :q!).

Most commands execute as soon as you type them except for "colon" commands which execute when you press the return key.

Input Commands (End with Esc)

a                Append after cursor
i                Insert Before cursor
o               Open line below

O              Open line above

:r file        Insert file after current line

All the above commands will make vi in input mode press Esc to come back to command mode. 

Change Commands (Input Mode)

cw               Change word (Esc)
cc                Change line (Esc) - blanks line
c$                Change to end of line
rc                 Replace character with c
R                 Replace (Esc) - typeover
s                  Substitute (Esc) - 1 char with string
S                 Substitute (Esc) - Rest of line with text

.                  Repeat last change

~                Toggle upper and lower case 

Deletion Commands

dd or ndd         Delete n lines to general buffer       
dw                    Delete word to general buffer 
dnw                 Delete n word
db                    Delete previous word
D                     Delete to end of line

x                      Delete character

File Management Commands  

:w name                Write edit buffer to file name
:wq                       Write to file and quit
:q!                        Quite without saving changes
ZZ                        Same as :wq

:sh                        Execute shell commands (<ctrl>d)

 

Window Motions 

<ctrl>d                Scroll down (Half a screen)
<ctrl>u               Scroll up (Half a screen)
<ctrl>f                page forward
<ctrl>b                page backward
/string                 Search forward
?string                Search backward
<ctrl>l                Redraw screen
<ctrl>g                Display current line number and file information
n                          Repeat search
N                         Repeat search reverse    
G                         Go to last line
nG                       Go to last line n
:n                         Go to last line n
z<CR>                Reposition window: curser at top
z .               Reposition window: curser in middle

z -               Reposition window: curser at bottom

Cursor Motions

H                Upper left corner (home)
M                Middle line
L                Lower left corner
h                Back a character
j                Down a line
k                Up a line
^               Beginning of line
$                End of line
l               Forward a character
w             One word Forward 
b             back One word
fc            find c 

;                Repeat find (find next c)

Undo Commands

u                    Undo last change
U                    Return the last line which was modified to its original state (reverse all changes in last modified line)
:q!                Quite vi without writting
:e!                Re-edit a messed up file

Ctrl-R:                Redo changes which were undone (undo the undos)

Rearrangement commands

yy or y               ank (copy) line to general buffer
nyy                    Yank n line to buffer
yw                     Yank word to general buffer
ndd                    Delete n lines to buffer
p                        Put general buffer after cursor
P                        Put general buffer before cursor
J                         Join lines

nJ                       Join the next n lines together; omitting n joins the beginning of the next line to                               the end of the current line.

 Playing with multiple files

:n

:rew

Move text from file old to file new

vi oldfile.txt
10yy                yank 10 lines to buffer a
:e newfile.txt

p                put text from a after cursor

#Write it to newfile.txt

:m,nw newfile.txt    Write lines m to n in file newfile.txt

:m,nw>> file             Saves lines m through n to the end of file

Regular Expressions (Search Strings) 

^                Matches beginning of line
$                Matches end of line
.                Matches any single character
*               Matches any previous character 
.*              Matches any character

Search and replace commands

:[address]s/old_test/new_test/gic

Address components:

.                Current line

n                Line    number    n

.+m                Current line plus m lines

$                Last line

/string/        A line that contains "string"

%                Entire file

[addr1],[addr2]        Specifies a range

Example:

Remove last character

:%s/.$//

^M

Change some vi Parameters

:set list                Show invisible character
:set nolist            Don't show invisible character
:set number        Show line number
:set nonumber    Dont Show line number
:set autoindent    Indent after carriage return
:set noautoindent     Turn off auto indent
:set showmatch    Show matching sets of parentheses as they are typed
:set noshowmatch         Turn off showmatch
:set showmode              Display mode on last line of screen
:set noshowmode          Turn off showmode 
:set ignorecase               Ignore case on searches
:set ic                             Ignore case on searches
:set noignorecase          Turn off ignore case
:set noic                        Turn off ignore case

:set all                          Show values of all passible parameters    

Pravin Ade | Sr. DevOps Engineer | Infosys

 

 

    

Useful Linux commands

Q 1. How to remove everything except for a list of files?

        rm -rf !(file1 | file2 | file3 |...)

Q 2. How to remove all hidden files in current directory?

        rm -f .??*  .[^.]

Q 3. How to save file in vim when forgetting to use sudo?

        :w !sudo tee %

Q 4. How to edit multiple file simultaneously with vim?

        vim -o file1 file2 file3

Q 5. How to find and remove broken symbolic links/

    fins -L . -type l -delete

Note: If you simply want to find broken symbolic links but without removing them:

            find -L -type l

            find . xtype l  

Q 6. How to monitor top 10 processes using the most CPU?

        watch -n1 "ps aux --sort -pcpu | head -n10"

Q 7. How to check battery of your wireless mouse?

        upower --dump

Q 8. How to find date and time when your linux was installed?

        tune2fs -l /dev/sda1 | grep "Filesystem created"

Q 9. How to combine multiple PDF files into one PDF file

        pdftk 1.pdf 2.pdf 3.pdf cat output 123.pdf

Q. 10 How to SSH to a remote server via a jump server in the middle?

        open ssh connection through a jump server

        ssh -J user@jump_server user@remote_server

What is user data in AWS?

How to use User Data? and Advantages of User Data?

AWS allows to run some commands/scripts at launch time of an instance which is known as user data. For example, you want to have certain packages installed or some configuration files to be present on the instance after the launch, user data is the thing you need. Whatever commands you specify in the user data gets executed and you get the stuff when instance is launched.

Let's try an example, install LAMP stack 

#!/bin/bash sudo apt update sudo apt install apache2 -y sudo apt install php libapache2-mod-php php-mysql -y sudo apt install php-cli -y echo "<?php phpinfo(); ?>" | sudo tee -a /var/www/html/info.php sudo apt install stress -y

Vault installations and integration with GitLab CICD pipeline

 What is vault?

Vault is an identity-based secrets and encryption management system. vault is used for store sensitive data it can be API encryption keys like tokens, access key, secret key, passwords, or certificates etc.

Ref Links: for integration vault with GitLab CICD

1. https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/

2. https://holdmybeersecurity.com/2021/03/04/gitlab-ci-cd-pipeline-with-vault-secrets/

3. https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/ci/secrets/index.md

4. https://gitlab.com/edmond-demo/sandbox/hashicorp/vault_via_api/-/blob/master/.gitlab-ci.yml

Cheat sheets:

            https://medium.com/@jagunathan22/hashicorp-vault-cheatsheet-8f13dc6a95a9

            https://sites.google.com/site/mrxpalmeiras/vault-cheat-sheet

Unseal the Vault-(Need to at least put 3 unseal key)

To authenticate purpose you need to unseal at least 3 unseal keys

CMD-  #vault operator unseal <unseal-key>  

Vault Login:-

Initial Root Token: <paste token here>

CMD-  #vault login

Enable outer access of Vault Server by its IP address:-

To make it available to the other nodes of the network need to change the configuration in the vault HCL file, It may be at a home directory or /etc/vault.d/vault.hcl.

Example:

storage "raft" {

  path    = "./vault/data"

  node_id = "node1"

}

 

listener "tcp" {

  address     = "ip:port"

  tls_disable = "true"

}

 

mlock = "false"

 

api_addr = "http://ip:port"

cluster_addr = "https://ip:port"

ui = true

GitLab Integration with Vault:

Step 1:- Create a  Gitlab project Repository.

Step 2:- Next step is to configure the vault:

A.     List, enable and disable vault secret engine as per requirement :

a.     vault secrets list

b.     vault secrets enable -path=secret kv

c.      vault secrets disable kv/

d.     Ref. https://www.vaultproject.io/docs/secrets

e.     Ref. https://learn.hashicorp.com/tutorials/vault/static-secrets

 

B.     Create, list and read Secret :

a.     vault kv put secret/hello target=world

b.     vault kv list secret/

c.      vault kv get secret/hello

C.    To create policies and role first need to enable authentication method for this case we are using JWT authentication method :

a.     CMD  # vault auth enable jwt

b.     Ref. https://www.vaultproject.io/api-docs/auth/jwt

 

D.    Create, list and read policy to provide read, write access to secret:

a.     vault policy write admin admin-policy.hcl (using hcl file)

b.     $ vault policy write myproject-production - <<EOF

# Policy name: myproject-production

#

# Read-only permission on 'secret/data/myproject/production/*' path

path "secret/data/myproject/production/*" {

  capabilities = [ "read" ]

}

EOF

c.      vault policy list

d.     vault policy read admin

e.     Ref. https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started

 

E.     Create, list, read and delete role to provide RBACK for the secret using policies:

a.     $ vault write auth/jwt/role/myproject-production - <<EOF

{

  "role_type": "jwt",

  "policies": ["myproject-production"],

  "token_explicit_max_ttl": 60,

  "user_claim": "user_email",

  "bound_claims_type": "glob",

  "bound_claims": {

    "project_id": "22",

    "ref_protected": "true",

    "ref_type": "branch",

    "ref": "auto-deploy-*"

  }

}

EOF

b.     $ vault list auth/role

c.      $ vault read auth/role/myproject-production

d.     $ vault delete auth/role/myproject-production

e.     Ref. https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started

 

 

F.     Access secrets from .gitlab-ci.yml file

a.     Ref. https://gitlab.com/edmond-demo/sandbox/hashicorp/vault_via_api/-/blob/master/.gitlab-ci.yml

stages:

    - test

read_secrets:

  stage: test

  # image:

  #   name: alpine:latest

  script:

    # - apk add --update curl jq

 

    # Vault's address can be provided here or as CI/CD variable

    - export VAULT_ADDR=http://<IP-Address:Port>

   

   

  tags:

    - ubuntu20

    - awslightsail

 

 

 

 

Python Features

 Features of python

1. Simple and easy to learn:

1. When we read python program, we can feel like reading English statements.
2. Simple syntaxes.
3. Very less number of lines as compared with other languages.
4. More readability and simplicity.
5. We can reduce development cost of the project.

2. Freeware and Open Source:

1. We can use python without any license and it's freeware.
2. no need to pay single paisa for using software.

3. High Level Programming Language:

1. It is programmer friendly language.
2. Being a programmer we are not required to concentrate low level activities like memory management and security etc.

4. Dynamically Typed:

1. Data type is does not matter. whenever we are assigning the value, based on value type will be allocate automatically.

5. Interpreted:

1. Being a programmer not required to compile python program. internally python interpreter will take care that compilation.
2. An  interpreter is a program that reads and execute code line by line.

Identifiers:

Name of identifiers can be class name or Function name or Module name or Variable name.

 ex. 

here my_string is a identifier.

After reading about Identifiers what's in our  mind is there any rules to define variables or identifiers in python. answer is yes! python follows rules they are followings.

1. Alphabet symbols it may be UPPER CASE or lower case.
2. Identifier should not start with Digits.
3. Identifiers are case sensitive.

>>> a = 10

>>> A = 20

>>> print(a)

10

>>> print(A)

20

      4. We can not use reserved word as identifiers.

Then question arise is how many keyword and what are they in python?

here is answer 

Steps:

1. open command prompt 
2. type py or python
3. but insure that python already installed or not for that type python --version in cmd
4. import keyword
5. keyword.kwlist

All reserved words  in python contains only alphabet symbol.

Except the following - True, False and None.

    

   5.There is no length limits for identifiers

DATA TYPES IN PYTHON

Fundamental Data Types:

Fundamental data types are immutable. once create an object we can not perform any changes in that object.

1. int
2. float
3. complex
4. bool
5. str

Collection Data Types:

1. bytes
2. bytesarray
3. range
4. list
5. tuple
6. set
7. frozonset
8. dict
9. None

Brief explanations about Data type in next blog...….

  

        

Python for beginners

Python!

Now day everyone talks about Python Python.....

The question is why Python suddenly came in picture?

The answer is Python quite easy to learn as compare other languages.

Python is recommended as first programming language for beginners.

DOB of python Officially: 20th February 1991. means Python was made available to public in 1991.  

Python is a widely used high-level programming language

 It has a large and comprehensive standard library

It is general purpose means we can use for developing web application, for desktop application, database application, Network programming, for developing games, data analysis applications, ML- Machine learning, Data science , AI , IOT almost everywhere Python most popular now days. 

Getting started with Download and install python.

Download from official web site: https://www.python.org/

windows user : https://www.python.org/downloads/windows/

Mac user : https://www.python.org/downloads/mac-osx/

Verify if python is installed

If you have Python 3 installed, and it is your default version  you should see something like this: 

We are write our first program in python same with traditional way.

Hello World! in python using IDLE

C:

#include <stdio.h>

void main()

{

    print("Hello World!");    

}

Python:

print("Hello World!")

Example 2:

Print the sum of two numbers

num_1, num_2 = 10 ,20

print("Sum of two numbers:", num_1 + num_2)

Python was developed by almost all programming language features from different languages.

1. Functional Programming feature from C.

2. Object Oriented Programming feature from CPP.

3. Scripting Language Features from Perl and Shell.

4. Modular Programming features from Modula-3 

Everything is okay! yeah! okay but where we can use?

1. For developing Desktop applications.

2. For developing Desktop applications.

3. Games, Data Analysis , ML, DL, AI and IOT.