K8s

K8s - DigitalOcean

Deploy Sampleapp on Kuberentes …

Prerequisite

  • Domain “kubbi.xyz”, ns1.digitalocean.com, ns2, ns3 …
  • Digital Ocean Login

Doku

https://docs.digitalocean.com/products/kubernetes/getting-started/operational-readiness/

Build Kubbi Cluster

Build Cluster with WebGUI or CLI

via CLI

time doctl kubernetes cluster create prod001 --region fra1 --node-pool "size=s-2vcpu-2gb;auto-scale=true;min-nodes=3;max-nodes=5"
  • FRA1
  • 3 Nodes
  • 2 CPU
  • 2 GB RAM
  • 60 GB Disk
  • Costs: 54 USD/Mt!

Connecting and managing this cluster

doctl kubernetes cluster kubeconfig save 4375b470-ebe8-4ccb-925a-345df364dfbd
user@mac % doctl kubernetes cluster kubeconfig save 4375b470-ebe8-4ccb-925a-345df364dfbd


Notice: Adding cluster credentials to kubeconfig file found in "/Users/user/.kube/config"
Notice: Setting current-context to do-fra1-k8s-1-28-2-do-0-fra1-1702031438694

kubectl config get-contexts

kubectl config get-contexts
user@mac % kubectl config get-contexts

CURRENT   NAME                                         CLUSTER                                      AUTHINFO                                           NAMESPACE
*         do-fra1-prod-cluster-01                      do-fra1-prod-cluster-01                      do-fra1-prod-cluster-01-admin

kubectl cluster-info

kubectl cluster-info
user@mac % kubectl cluster-info

Kubernetes control plane is running at https://f179692f-aeac-4f9c-af3b-2422897ea578.k8s.ondigitalocean.com
CoreDNS is running at https://f179692f-aeac-4f9c-af3b-2422897ea578.k8s.ondigitalocean.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

kubectl version

kubectl version
user@mac % kubectl version

Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.2

kubectl get nodes

kubectl get nodes
user@mac % kubectl get nodes

NAME                    STATUS   ROLES    AGE     VERSION
prod-cluster-01-xa856   Ready    <none>   3m59s   v1.28.2
prod-cluster-01-xa85a   Ready    <none>   4m7s    v1.28.2

Install Nginx Ingress Controller

  • via GUI / Marketplace / NGINX Ingress Controller

show lbl status

doctl compute load-balancer list --format IP,ID,Name,Status
user@mac % doctl compute load-balancer list --format IP,ID,Name,Status

IP    ID                                      Name                                Status
      55d7381d-9bcd-4f8f-905e-e90efd09f03e    a6554a9aff1a340e986d48431e19cca9    new

no ip yet … wait …

K8s - Hetzner

Source

https://www.youtube.com/watch?v=dEAtD9PVr_Q

get Host

Build a VM on Hetzner, Ubuntu 22.04

Patch

Patch the Box

apt-get update
apt-get --fix-broken install
apt-get -y upgrade
apt-get install lynx uptimed

Kurl Small

give a try with kurl. the Open Source Kubernetes Installer ;)

time curl https://kurl.sh/ccedeec |bash |tee -a install.md
real	4m5.149s
user	1m26.425s
sys	0m22.249s

Kurl Full

same as small, but with most options enabled

curl https://kurl.sh/13609c3 | sudo bash

Ressource Warning

got a warning as i took a bit a small VM (CX21). Just ignore it.

K8s on Debian12

Install Debian 12

or install Debian 11.7 and Upgrade to 12

Setup

3 Nodes

192.168.100.151     k8s-master
192.168.100.152     k8s-worker1
192.168.100.153     k8s-worker2

Locale

export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8

Kubernetes

https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

Swap Off

swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

Install FW

apt-get install ufw
ufw enable

Master

ufw allow 22/tcp
ufw allow 6443/tcp
ufw allow 2379/tcp
ufw allow 2380/tcp
ufw allow 10250/tcp
ufw allow 10251/tcp
ufw allow 10252/tcp
ufw allow 10255/tcp
ufw reload

Worker

ufw allow 22/tcp
ufw allow 10250/tcp
ufw allow 30000:32767/tcp
ufw reload

Containerd

cat << EOF >> /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

cat << EOF >> /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

Containerd

apt update
apt -y install containerd

Adapt Containerd to Kubernetes

containerd config default > /etc/containerd/config.toml >/dev/null 2>&1

Update config.toml

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

Restart Containerd

systemctl enable containerd
systemctl restart containerd

add Kubernetes

apt install gnupg gnupg2 curl software-properties-common -y
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |gpg --dearmour -o /etc/apt/trusted.gpg.d/cgoogle.gpg
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"

Kubectl

apt update
apt install kubelet kubeadm kubectl -y
apt-mark hold kubelet kubeadm kubectl

Kube Init on MASTER

kubeadm init --control-plane-endpoint=k8s-master

Downgrade to 1.26

Version 1.27 seems not production ready, so, you may have to downgrade it :(

K8s - Kubernetes

Show Contexts

kubectl config get-contexts
CURRENT   NAME                           CLUSTER                        AUTHINFO                             NAMESPACE
*         do-fra1-k8s-1-24-xxxxxxxxxxx   do-fra1-k8s-1-24-xxxxxxxxxxx   do-fra1-k8s-1-24-xxxxxxxxxxxxxxxxx
          do-fra1-k8s-1-25-xxxxxxxxxxx   do-fra1-k8s-1-25-xxxxxxxxxxx   do-fra1-k8s-1-25-xxxxxxxxxxxxxxxxx
          do-fra1-k8s-xxxxx              do-fra1-k8s-xxxxx              do-fra1-k8s-xxxxxxxxxxx

Delete old Contexts

kubectl config delete-context do-fra1-k8s-xxxxx

Any Comments ?

sha256: f12aa09936d175b3e23f2eebc1c152675d68dce6096b9ec02d7f8429b954b4fe

Kubernetes Multi-Juicer

If you ever wanna run a Multiplayer OWASP Juice Shop CTF on your own, here are some Notes and Info for bloody beginners

References

Prerequisite

you’ve got

btw. all this commands should run on macOS. linux may needs some adjustments …