
Explore how a Kubernetes cluster handles an nginx deployment by stepping through API server, controller manager, scheduler, kubelet, and kube-proxy, illustrating pod creation, IP allocation, and fault recovery.
The controller manager on the master node ensures the cluster's actual state matches the desired state, using the api server and scheduler to deploy containers.
Configure a Google Kubernetes Engine cluster on Google Cloud Platform by selecting region and zones, setting node pools, images, machine type, boot disks, and automation options for maintenance and scaling.
Learn how Kubernetes roles define permissions with verbs like get, create, update, and delete, and how role bindings assign these roles to users, groups, or service accounts.
Bind a role to a user or service account within a namespace using a role binding, linking a subject to a pre-defined role such as pod-reader via rbac.authorization.k8s.io.
Access your google cloud vm via ssh or cloud shell, authorize ssh keys, and use sudo to elevate privileges; then prepare to configure a minikube cluster in the next lecture.
Learn to set up secure client authentication in minikube by generating a private key and a certificate signing request, then signing it with minikube CA to issue a client certificate.
Generate a private RSA key with OpenSSL to enable secure user authentication, saving it as a .key file with a key size in bits, then create a CSR.
Generate a certificate signing request (CSR) with OpenSSL by using the DevOps.key private key and saving the CSR as DevOps.csr, while setting the subject’s common name and organization.
Configure the Kubernetes credential for the DevOps user by associating the DevOps client certificate and private key with kubectl config set-credentials.
Create the devops desk Kubernetes context for minikube, set the devops user and namespace, verify the context, and switch the active context to devops desk to interact with the cluster.
Explore Kubernetes network policies by examining components like port selector, namespace scope, and ingress and egress rules, and compare CNI plugins such as psyllium, calico, and flannel in hands-on labs.
Create two pods named pod-a and pod-b with a lightweight nginx alpine image, then label them f=pod-a and f=pod-b using kubectl.
Verify pod connectivity using curl between pod A and pod B in gke with cilium, illustrating default pod-to-pod communication and preparing to apply a network policy to block it.
Block all pod-to-pod communication with a network policy, verify the block from pod A to pod B and back using kubectl and curl.
Demonstrate denying all ingress in the default namespace, test pod-to-pod communication, then block egress by editing and reapplying the network policy, and verify with a curl timeout.
Convert a private key to .ppk format using Puttygen to enable SSH access to an Ubuntu VM via Mobaxterm, and configure the private key in the SSH settings.
Troubleshoot vm access by using cloud shell to manage public/private keys and authorized_keys. Connect from external tools like Mobaxterm or Putty via the VM's public IP.
Install kubectl, make it executable, move the binary to the system bin directory, then start a minikube cluster with docker and display version details in yml format.
Understanding Kubernetes: Cluster Components and Architecture
Introduction
The Kubernetes Cluster Architecture
Learn Architecture Through Examples
Getting Started with Kubernetes
Control Plane Components in Kubernetes (Master Node)
Kubernetes Scheduler: A Key Control Plane Component
Kubernetes Controller Manager
Set Up a K8s Cluster on Google Kubernetes Engine (GKE)
Lab 1: Practical Kubernetes Cluster Setup
Lab 2: Practical Kubernetes Cluster Setup
Lab 3: Practical Kubernetes Cluster Setup
Lab 4: Practical Kubernetes Cluster Setup
RBAC Policies for Securing Kubernetes Cluster
Introduction
Key components of RBAC
How RBAC works?
How Role and RoleBinding Work Together
Kubernetes Roles: Defining Permissions and Access
Permissions Granted by Kubernetes Roles
Create a role
Bind the Role to a User or Service Account
Set Up a Minikube Kubernetes Cluster on Google Cloud
Project Overview
Launch VM for Minikube Cluster
Activate Cloud Shell and Connect to VM
Minikube Kubernetes Cluster Setup – Practical Lab 1
Minikube Kubernetes Cluster Setup – Practical Lab 2
Minikube Kubernetes Cluster Setup – Practical Lab 3
Start Minikube and Deploy Nginx Pod
Client Authentication using SSL/TLS Certificate
Set Up New Namespace & Launch Pod
Overview of Client Certificate Generation
Generate a Private Key
Generate a Certificate Signing Request (CSR)
Sign a CSR with Minikube's CA to Generate a User Certificate
Set and Verify Client Credentials in Kubernetes Config
RBAC: Role and RoleBinding
Create a Role
Create RoleBinding to Assign Role to User
Test RBAC Permissions
Access the K8s Minikube Cluster as a User
List and Manage Kubernetes Contexts
Set Up a New Context for a User
Verify RBAC Permissions with New Context
Modify and Test RBAC Role Permissions
Set Up and Verify Network Policies for Pods
Introduction to Kubernetes Network Policies
Why Restrict Pod-To-Pod Communication?
Understanding K8s Network Policies and CNI Plugins
Example Use Case Scenarios
Lab: Restrict Pod Communication Using Network Policies
Start Minikube with Cilium CNI
Create Two Pods with Labels
Verify Pod Connectivity Using Curl
Create Ingress Network Policy to Restrict Pod Access
Check if Pod-to-Pod Access is Blocked
Restrict Ingress/Egress Traffic with Network Policy
VM Remote Access: Using MobaXterm or PuTTY for Secure Connections
Deploy a Virtual Machine
Add User and Setup SSH Authentication
Create SSH Key Pair
Convert Private Key to .ppk Format
VM Access Troubleshooting
Deploy Minikube on Virtual Machine
Initialize Minikube Cluster
Secure Deployment and Access of Nginx on Kubernetes
Overview of Securing Nginx with HTTPS
Deploy and Expose a Nginx Pod to External Traffic
Access Nginx Web Server Through HTTP
Set Up Nginx on Host Machine for Accessing Nginx Pod
Access Nginx Web Server via Web Browser (HTTP Only)
Implement HTTPS for Nginx in a K8s Cluster Using TLS Certificates
Deploy and Expose a Nginx Pod to External Traffic
Generate a self-signed TLS Certificate
Store the TLS Certificate as a Secret
Check Minikube’s Ingress Controller Status
Create Ingress Resource for HTTPS
Last Lecture