Kubernetes Challenges 1 - Solutions

Akhilesh-Joshi · August 5, 2022, 9:44pm

Please Feel free to correct me if I am missing something.

Kubeconfig

root@controlplane ~/.kube ✖ kubectl config set-credentials martin --client-certificate=/root/martin.crt --client-key=/root/martin.key 
User "martin" set.

> root@controlplane ~/.kube ➜  kubectl config set-context developer --user=martin --cluster=kubernetes
> Context "developer" created.

PVC

PVC.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jekyll-site
  namespace: development
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: jekyll-site

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: jekyll
  name: jekyll
  namespace: development
spec:
  volumes:
    - name: site
      persistentVolumeClaim:
        claimName: jekyll-site
  initContainers:
  - name: copy-jekyll-site
    image: kodekloud/jekyll
    command: ['sh', '-c', 'jekyll', 'new', '/site' ]
	volumeMounts:
    - name: site
      mountPath: /site
  containers:
  - image: kodekloud/jekyll-serve
    name: jekyll
	volumeMounts:
    - name: site
      mountPath: /site
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always

service.yaml

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: jekyll
  name: jekyll
  namespace: development
spec:
  ports:
  - name: "4000"
    nodePort: 30097
    port: 8080
    protocol: TCP
    targetPort: 4000
  selector:
    app: jekyll
  type: NodePort
status:
  loadBalancer: {}

contexts

root@controlplane ~/.kube ➜  kubectl config set-context developer --user=martin --cluster=kubernetes
Context "developer" modified.

root@controlplane ~/.kube ➜  kubectl config use-context developer
Switched to context "developer".

role and rolebinding

role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: development
  name: developer-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods", "persistentvolumeclaims" , "services"]
  verbs: ["*"]



RB.yaml

apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
# You need to already have a Role named "pod-reader" in that namespace.
kind: RoleBinding
metadata:
  name: developer-rolebinding
  namespace: development
subjects:
# You can specify more than one "subject"
- kind: User
  name: martin # "name" is case sensitive
  apiGroup: rbac.authorization.k8s.io
roleRef:
  # "roleRef" specifies the binding to a Role / ClusterRole
  kind: Role #this must be Role or ClusterRole
  name: developer-role  # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: rbac.authorization.k8s.io

Ayman · August 6, 2022, 3:43pm

Hello @Akhilesh-Joshi,
Please check the answers in this repo https://github.com/kodekloudhub/kubernetes-challenges/tree/master/challenge-1 and review your answers with it

chalkesn · March 3, 2023, 4:35pm

Very well Explained. Thank you.