Game of Pods - Tyro
KodeKloud Game of Pods Tyro challenge: configure kubectl contexts, RBAC, and deploy a Jekyll site with persistent storage.
Configure kubectl to use the developer context with the drogo user and the development namespace. These commands set and switch the active context for subsequent kubectl operations.
1
2
3
4
kubectl config set-context --current --cluster=kubernetes --namespace=development --user=drogo
kubectl config use-context developer --cluster=kubernetes --namespace=development --user=drogo
kubectl config current-context
The resulting kubeconfig file shows the cluster, context, and user configuration with client certificate authentication for the drogo user.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...VkU2bVFFS2x0cHliUVVFZTRncmY2OGVUbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://172.17.0.61:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: development
user: drogo
name: developer
- context:
cluster: kubernetes
namespace: development
user: drogo
name: development
- context:
cluster: kubernetes
namespace: development
user: drogo
name: kubernetes-admin@kubernetes
current-context: developer
kind: Config
preferences: {}
users:
- name: drogo
user:
client-certificate: /root/drogo.crt
client-key: /root/drogo.key
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS...QgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNS...hVN25LN0xNUkUvRGNPNFJla0VGZEh6SkhVUjB
The following Kubernetes manifests deploy a Jekyll site with an init container, a PersistentVolume and PersistentVolumeClaim for site storage, RBAC Role and RoleBinding for the drogo user, and a NodePort Service to expose the site externally.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
for i in $(ls *.yaml); do echo filename: $i;echo "---" ;cat $i; done
filename: pod.yaml
---
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
namespace: development
labels:
run: jekyll
name: jekyll
spec:
volumes:
- name: site
persistentVolumeClaim:
claimName: jekyll-site
initContainers:
- name: copy-jekyll-site
image: kodekloud/jekyll
command: [ "jekyll", "new", "/site" ]
volumeMounts:
- name: site
mountPath: "/site"
containers:
- image: kodekloud/jekyll-serve
name: jekyll
resources: {}
volumeMounts:
- name: site
mountPath: "/site"
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
filename: pvc.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jekyll-site
namespace: development
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
filename: pv.yaml
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jekyll-site
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 1Gi
hostPath:
path: /site
type: ""
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
filename: rolebinginf.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: developer-rolebinding
namespace: development
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: developer-role
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: drogo
filename: role.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: developer-role
namespace: development
rules:
- apiGroups:
- ""
resources:
- services
- persistentvolumeclaims
- pods
verbs:
- '*'
filename: svc.yaml
---
apiVersion: v1
kind: Service
metadata:
labels:
run: jekyll
name: jekyll
namespace: development
spec:
ports:
- nodePort: 30097
port: 8080
protocol: TCP
targetPort: 4000
selector:
run: jekyll
type: NodePort
This post is licensed under CC BY 4.0 by the author.