Merge pull request #61 from seifrajhi/kubernetes-hands-on-demo

feat: add kubernetes-hands-on-demo directory
seifrajhi · Feb 4, 2024 · b788910 · b788910
2 parents c0b2da6 + cbcce7d
commit b788910
Show file tree

Hide file tree

Showing 40 changed files with 1,464 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -72,6 +72,8 @@ The Security checklist aims at providing a basic list of guidance with links to
 
 5- https://medium.com/@seifeddinerajhi/owasp-kubernetes-top-10-a-comprehensive-guide-f03af6fd66ed
 
+5- https://eksclustergames.com:  Kubernetes CTF (Capture The Flag) challenges for EKS 
+
 ### Storage
 
 - The key concepts of Kubernetes storage, including [PVs, PVCs, and StorageClass](https://medium.com/@seifeddinerajhi/understanding-storage-in-kubernetes-ee2c19001aae)

diff --git a/kubernetes-hands-on-demo/README.md b/kubernetes-hands-on-demo/README.md
@@ -0,0 +1,6 @@
+# kubernetes-hands-on-demo
+Kubernetes Hands-On Demo
+
+## Start the Lab
+
+- [labs/README.md](labs)
diff --git a/kubernetes-hands-on-demo/examples/backend/Dockerfile b/kubernetes-hands-on-demo/examples/backend/Dockerfile
@@ -0,0 +1,4 @@
+FROM python:3.7-alpine
+ADD . /code/
+RUN pip install -r /code/requirements.txt
+CMD ["python", "/code/app.py"]
diff --git a/kubernetes-hands-on-demo/examples/backend/app.py b/kubernetes-hands-on-demo/examples/backend/app.py
@@ -0,0 +1,17 @@
+from flask import Flask, jsonify
+from socket import gethostname
+from random import choice
+from uuid import uuid4
+
+names = ['james', 'john', 'frank', 'william', 'samantha', 'michelle']
+
+app = Flask(__name__)
+
+@app.route('/api/names')
+def get_names():
+    name = choice(names)
+    return jsonify({"id": uuid4().hex[1:12], "hostname": gethostname(), "name": name})
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5001)
+
diff --git a/kubernetes-hands-on-demo/examples/backend/requirements.txt b/kubernetes-hands-on-demo/examples/backend/requirements.txt
@@ -0,0 +1 @@
+flask
diff --git a/kubernetes-hands-on-demo/examples/docker-compose.yml b/kubernetes-hands-on-demo/examples/docker-compose.yml
@@ -0,0 +1,27 @@
+version: "3.7"
+
+services:
+  frontend:
+    container_name: frontend
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile
+    environment:
+      - BACKEND_HOSTNAME=backend
+    depends_on:
+      - backend
+    ports:
+      - 5000:5000
+    networks:
+      - flaskapp
+
+  backend:
+    container_name: backend
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    networks:
+      - flaskapp
+
+networks:
+  flaskapp:
diff --git a/kubernetes-hands-on-demo/examples/frontend/Dockerfile b/kubernetes-hands-on-demo/examples/frontend/Dockerfile
@@ -0,0 +1,5 @@
+FROM python:3.7-alpine
+ENV BACKEND_HOSTNAME backend
+ADD . /code/
+RUN pip install -r /code/requirements.txt
+CMD ["python", "/code/app.py"]
diff --git a/kubernetes-hands-on-demo/examples/frontend/app.py b/kubernetes-hands-on-demo/examples/frontend/app.py
@@ -0,0 +1,16 @@
+from flask import Flask, jsonify
+from socket import gethostname
+import requests
+import os
+
+app = Flask(__name__)
+
+@app.route('/')
+def main():
+    print(os.environ['BACKEND_HOSTNAME'])
+    response = requests.get('http://{0}:5001/api/names'.format(os.environ['BACKEND_HOSTNAME'])).json()
+    return jsonify({"frontend_response": {"hostname": gethostname()}, "backend_response": response })
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000)
+
diff --git a/kubernetes-hands-on-demo/examples/frontend/requirements.txt b/kubernetes-hands-on-demo/examples/frontend/requirements.txt
@@ -0,0 +1,2 @@
+flask
+requests
diff --git a/kubernetes-hands-on-demo/labs/00-docker/Dockerfile b/kubernetes-hands-on-demo/labs/00-docker/Dockerfile
@@ -0,0 +1,4 @@
+FROM python:3.7
+RUN pip install requests
+ADD app.py /code/
+CMD ["python", "/code/app.py"]
diff --git a/kubernetes-hands-on-demo/labs/00-docker/app.py b/kubernetes-hands-on-demo/labs/00-docker/app.py
@@ -0,0 +1,3 @@
+import requests
+r = requests.get('https://www.google.com')
+print('Response is: {}'.format(r.status_code))
diff --git a/kubernetes-hands-on-demo/labs/01-pods/pod.yml b/kubernetes-hands-on-demo/labs/01-pods/pod.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-hostname-app
+spec:
+  containers:
+    - name: hostname
+      image: ruanbekker/hostname:latest
diff --git a/kubernetes-hands-on-demo/labs/02-labels/README.md b/kubernetes-hands-on-demo/labs/02-labels/README.md
@@ -0,0 +1,29 @@
+
+```
+$ kubectl get pods
+NAME                                     READY   STATUS    RESTARTS   AGE
+my-hostname-app                          1/1     Running   0          2m24s
+```
+
+```
+$ kubectl describe pod my-hostname-app
+Name:         my-hostname-app
+Namespace:    default
+Priority:     0
+Node:         k3d-demo-worker-1/172.18.0.4
+Start Time:   Sun, 29 Sep 2019 23:47:33 +0200
+Labels:       env=staging
+...
+```
+
+```
+$ kubectl get pods -l env=staging
+NAME              READY   STATUS    RESTARTS   AGE
+my-hostname-app   1/1     Running   0          22s
+```
+
+```
+$ kubectl get pods -l env=staging -L env
+NAME              READY   STATUS    RESTARTS   AGE   ENV
+my-hostname-app   1/1     Running   0          29s   staging
+```
diff --git a/kubernetes-hands-on-demo/labs/02-labels/pod.yml b/kubernetes-hands-on-demo/labs/02-labels/pod.yml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-hostname-app
+  labels:
+    env: staging
+spec:
+  containers:
+    - name: hostname
+      image: ruanbekker/hostname:latest
diff --git a/kubernetes-hands-on-demo/labs/03-deployment/01-specify-command.yml b/kubernetes-hands-on-demo/labs/03-deployment/01-specify-command.yml
@@ -0,0 +1,20 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: run-command-with-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: debug
+  template:
+    metadata:
+      labels:
+        app: debug
+    spec:
+      containers:
+      - name: test
+        image: busybox
+        command: ["/bin/sh"]
+        args: ["-c", "while true; do echo hello; sleep 10;done"]
diff --git a/kubernetes-hands-on-demo/labs/03-deployment/README.md b/kubernetes-hands-on-demo/labs/03-deployment/README.md
@@ -0,0 +1,23 @@
+```
+$ kubectl get deployments
+NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
+my-hostname-deployment   3/3     3            3           3m38s
+```
+
+```
+$ kubectl get pods -l app=hostname
+NAME                                      READY   STATUS    RESTARTS   AGE
+my-hostname-deployment-575594bff5-lz6n8   1/1     Running   0          4m5s
+my-hostname-deployment-575594bff5-mf969   1/1     Running   0          4m5s
+my-hostname-deployment-575594bff5-vzz2s   1/1     Running   0          4m5s
+```
+
+```
+$ kubectl port-forward pod/my-hostname-deployment-575594bff5-lz6n8 8001:8000
+```
+
+```
+$ curl http://localhost:8001
+Handling connection for 8001
+Hostname: my-hostname-deployment-575594bff5-lz6n8
+```
diff --git a/kubernetes-hands-on-demo/labs/03-deployment/deployment.yml b/kubernetes-hands-on-demo/labs/03-deployment/deployment.yml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-hostname-deployment
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: hostname
+  template:
+    metadata:
+      labels:
+        app: hostname
+    spec:
+      containers:
+        - name: hostname
+          image: ruanbekker/hostname:latest
diff --git a/kubernetes-hands-on-demo/labs/04-service/README.md b/kubernetes-hands-on-demo/labs/04-service/README.md
@@ -0,0 +1,14 @@
+```
+$ kubectl apply -f service.yml
+```
+
+```
+$ kubectl get service
+NAME               TYPE           CLUSTER-IP      EXTERNAL-IP                        PORT(S)          AGE
+hostname-service   LoadBalancer   10.43.199.184   172.18.0.2,172.18.0.3,172.18.0.4   8000:31165/TCP   61s
+```
+
+```
+$ curl http://localhost:8000
+Hostname: my-hostname-deployment-575594bff5-mf969
+```
diff --git a/kubernetes-hands-on-demo/labs/04-service/service.yml b/kubernetes-hands-on-demo/labs/04-service/service.yml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: hostname-service
+spec:
+  ports:
+  - port: 8000
+    targetPort: 8000
+  selector:
+    app: hostname
+  type: LoadBalancer
diff --git a/kubernetes-hands-on-demo/labs/05-frontend-backend/backend-deployment-service.yml b/kubernetes-hands-on-demo/labs/05-frontend-backend/backend-deployment-service.yml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+spec:
+  ports:
+  - port: 5000
+    targetPort: 5000
+  selector:
+    app: backend
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  labels:
+    app: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+    spec:
+      containers:
+      - name: backend
+        image: awselscpt/backend
+        ports:
+        - name: http
+          containerPort: 5000
diff --git a/kubernetes-hands-on-demo/labs/05-frontend-backend/frontend-deployment-service.yml b/kubernetes-hands-on-demo/labs/05-frontend-backend/frontend-deployment-service.yml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+spec:
+  ports:
+  - port: 80
+    targetPort: 4567
+  selector:
+    app: frontend
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: frontend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+      - name: frontend
+        image: ruanbekker/awselcpt-frontend:v1
+        ports:
+        - name: http
+          containerPort: 4567
+        env:
+        - name: backend_service_host
+          value: "backend"
+        - name: backend_service_port
+          value: "5000"
diff --git a/kubernetes-hands-on-demo/labs/06-jobs/01-job.yml b/kubernetes-hands-on-demo/labs/06-jobs/01-job.yml
@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: basic
+  namespace: jobs
+spec:
+  template:
+    spec:
+      containers:
+        - name: job
+          image: busybox
+          args: 
+            - /bin/sh
+            - -c
+            - echo "=> Start of Job"; echo "hello, world"; sleep 5; echo "goodbye, world"; echo "=> Finish of Job" 
+      restartPolicy: Never
diff --git a/kubernetes-hands-on-demo/labs/06-jobs/02-job-with-script.yml b/kubernetes-hands-on-demo/labs/06-jobs/02-job-with-script.yml
@@ -0,0 +1,38 @@
+apiVersion: v1
+data:
+  script.sh: |-
+    echo "Hello world!"
+    echo "Goodbye world!"
+    myname=$(hostname)
+    echo $myname
+kind: ConfigMap
+metadata:
+  name: script-configmap
+  namespace: jobs
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app: script-job
+  name: script-job
+  namespace: jobs
+spec:
+  backoffLimit: 2
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - /opt/script/script.sh
+          image: 'busybox'
+          name: script
+          volumeMounts:
+            - mountPath: /opt/script
+              name: script-configmap
+              readOnly: false
+      restartPolicy: Never
+      volumes:
+        - configMap:
+            name: script-configmap
+          name: script-configmap
diff --git a/kubernetes-hands-on-demo/labs/06-jobs/03-job-with-activedeadlineseconds.yml b/kubernetes-hands-on-demo/labs/06-jobs/03-job-with-activedeadlineseconds.yml
@@ -0,0 +1,17 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: hello-goodbye-with-timeout
+  namespace: jobs
+spec:
+  activeDeadlineSeconds: 2
+  template:
+    spec:
+      containers:
+        - name: job
+          image: busybox
+          args: 
+            - /bin/sh
+            - -c
+            - echo "=> Start of Job"; echo "hello, world"; sleep 5; echo "goodbye, world"; echo "=> Finish of Job" 
+      restartPolicy: Never