Kubernetes kubectl Tutorial with Examples for Devops Beginners and Students

Hi, a new #video on #kubernetes #kubectl is published on #codeonedigest #youtube channel. Learn #kubernetes #api #kubectlcommands #node #docker #container #cloud #aws #azure #programming #coding with #codeonedigest

@java #java #awscloud @awscloud #aws @AWSCloudIndia #Cloud #CloudComputing @YouTube #youtube #azure #msazure #microsoftazure  #kubectl #kubectlcommands #kubectlinstall #kubectlport-forward #kubectlbasiccommands #kubectlproxy #kubectlconfig #kubectlgetpods #kubectlexeccommand #kubectllogs #kubectlinstalllinux #kubectlapply #kuberneteskubectl #kuberneteskubectltutorial #kuberneteskubectlcommands #kuberneteskubectl #kuberneteskubectlinstall #kuberneteskubectlgithub #kuberneteskubectlconfig #kuberneteskubectllogs #kuberneteskubectlpatch #kuberneteskubectlversion #kubernetes #kubernetestutorial #kubernetestutorialforbeginners #kubernetesinstallation #kubernetesinterviewquestions #kubernetesexplained #kubernetesorchestrationtutorial #kubernetesoperator #kubernetesoverview  #containernetworkinterfaceaws #azure #aws #azurecloud #awscloud #orchestration #kubernetesapi #Kubernetesapiserver #Kubernetesapigateway #Kubernetesapipython #Kubernetesapiauthentication #Kubernetesapiversion #Kubernetesapijavaclient #Kubernetesapiclient

How to Install Kubectl on Windows 11

Kubernetes is an open-source system for automating containerized application deployment, scaling, and management. You can run commands against Kubernetes clusters using the kubectl command-line tool. kubectl can be used to deploy applications, inspect and manage cluster resources, and inspect logs. You can install Kubectl on various Linux platforms, macOS, and Windows. The choice of your…

View On WordPress

PODs in Kubernetes Explained | Tech Arkit

In Kubernetes, a pod is the smallest and simplest unit in the deployment model. It represents a single instance of a running process in a cluster and is the basic building block for deploying and managing containerized applications. A pod encapsulates one or more containers, storage resources, a unique network IP, and configuration options. The primary purpose of using pods is to provide a logical and cohesive unit for application deployment and scaling.

Kubectl get context: List Kubernetes cluster connections

Kubectl get context: List Kubernetes cluster connections @vexpert #homelab #vmwarecommunities #KubernetesCommandLineGuide #UnderstandingKubectl #ManagingKubernetesResources #KubectlContextManagement #WorkingWithMultipleKubernetesClusters #k8sforbeginners

kubectl, a command line tool, facilitates direct interaction with the Kubernetes API server. Its versatility spans various operations, from procuring cluster data with kubectl get context to manipulating resources using an assortment of kubectl commands. Table of contentsComprehending Fundamental Kubectl CommandsWorking with More Than One Kubernetes ClusterNavigating Contexts with kubectl…

View On WordPress

He'll never learn.

Minikube is an excellent tool for Kubernetes development because it allows users to run a single-node Kubernetes cluster locally on their laptops, making development and testing much more accessible. With Minikube, developers can quickly spin up and test Kubernetes applications and services in a local environment with the same configuration as their production clusters. This makes it easy to develop, test, and deploy applications on Kubernetes. Additionally, Minikube is simple to set up and provides a straightforward way to develop and maintain Kubernetes applications.

Hi!! I'm the anon who sent @/jv the question about how tumblr is handling boops, thanks for answering it in detail i really appreciate it!!! I understand some of it but there's room to learn and I'll look forward to that.

can I ask a follow up question, i don't know if this makes sense but is it possible to use something like k8s containers instead of lots of servers for this purpose?

Hi! Thanks for reaching out.

Yeah my bad, I didn't know what your technical skill level is, so I wasn't writing it in a very approachable level.

The main takeaway is, high scalability has to happen on all levels - feature design, software architecture, networking, hardware, software, and software management.

K8s (an open source software project called Kubernetes, for the normal people) is on the "software management" category. It's like what MS Outlook or Google Calendar is to meetings. It doesn't do the meetings for you, it doesn't give you more time or more meeting rooms, but it gives you a way to say who goes where, and see which rooms are booked.

While I cannot say for Tumblr, I think I've heard they use Kubernetes at least in some parts of the stack, I can't speak for them. I can speak for myself tho! Been using K8s in production since 2015.

Once you want to run more than "1 redis 1 database 1 app" kind of situation, you will likely benefit from using K8s. Whether you have just a small raspberry pi somewhere, a rented consumer-grade server from Hetzner, or a few thousand machines, K8s can likely help you manage software.

So in short: yes, K8s can help with scalability, as long as the overall architecture doesn't fundamentally oppose getting scaled. Meaning, if you would have a central database for a hundred million of your users, and it becomes a bottleneck, then no amount of microservices serving boops, running with or without K8s, will not remove that bottleneck.

"Containers", often called Docker containers (although by default K8s has long stopped using Docker as a runtime, and Docker is mostly just something devs use to build containers) are basically a zip file with some info about what to run on start. K8s cannot be used without containers.

You can run containers without K8s, which might make sense if you're very hardware resource restricted (i.e. a single Raspberry Pi, developer laptop, or single-purpose home server). If you don't need to manage or monitor the cluster (i.e. the set of apps/servers that you run), then you don't benefit a lot from K8s.

Kubernetes is handy because you can basically do this (IRL you'd use some CI/CD pipeline and not do this from console, but conceptually this happens) -

kubectl create -f /stuff/boop_service.yaml kubectl create -f /stuff/boop_ingress.yaml kubectl create -f /stuff/boop_configmap.yaml kubectl create -f /stuff/boop_deploy.yaml

(service is a http endpoint, ingress is how the service will be available from outside of the cluster, configmap is just a bunch of settings and config files, and deploy is the thing that manages the actual stuff running)

At this hypothetical point, Tumblr stuff deploys, updates and tests the boop service before 1st April, generally having some one-click deploy feature in Jenkins or Spinnaker or similar. After it's tested and it's time to bring in the feature to everyone, they'd run

kubectl scale deploy boop --replicas=999

and wait until it downloads and runs the boop server on however many servers. Then they either deploy frontend to use this, or more likely, the frontend code is already live, and just displays boop features based on server time, or some server settings endpoint which just says "ok you can show boop now".

And then when it's over and they disable it in frontend, just again kubectl scale .. --replicas=10 to mop up whichever people haven't refreshed frontend and still are trying to spam boops.

This example, of course, assumes that "boop" is a completely separate software package/server, which is about 85/15% chance that it isn't, and more likely it's just one endpoint that they added to their existing server code, and is already running on hundreds of servers. IDK how Tumblr manages the server side code at all, so it's all just guesses.

Hope this was somewhat interesting and maybe even helpful! Feel free to send more asks.

SteamCloud

So I've been doing some good old HackTheBox machines to refresh a little on my hacking skills and this machine was a very interesting one!

Exploitation itself wasn't particularly difficult; what was, however, was finding information on what I needed to do! Allow me to explain the process. :)

Enumeration

As is standard, I began with an nmap scan on SteamCloud:

Other than OpenSSH being outdated, all that I could really see was the use of various web servers. This led me to believe that there was a larger app running on the server, each service interacting with a different component of the app.

I performed some initial checks on each of these ports and found an API running on port 8443:

I noted the attempt to authenticate a user referred to as 'system:anonymous', originally thinking these could be credentials to another component of the application.

Some directory scans on different ports also revealed the presence of /metrics at port 10249 and /version at port 8443. Other than that, I really couldn't find anything and admittedly I was at a loss for a short while.

This is where I realized I'm an actual moron and didn't think to research the in-use ports. xD A quick search for 'ports 8443, 10250' returns various pages referring to Kubernetes. I can't remember precisely what page I checked but Oracle provides a summary of the components of a Kubernetes deployment.

Now that I had an idea of what was being used on the server, I was in a good place to dig further into what was exploitable.

Seeing What's Accessible

Knowing absolutely nothing about Kubernetes, I spent quite a while researching it and common vulnerabilities found in Kubernetes deployments. Eduardo Baitello provides a very informative article on attacking Kubernetes through the Kubelet API at port 10250.

With help from this article, I discovered that I was able to view pods running on the server, in addition to being able to execute commands on the kube-proxy and nginx pods. The nginx pod is where you'll find the first flag. I also made note of the token I discovered here, in addition to the token from the kube-proxy pod (though this isn't needed):

After finding these tokens, I did discover that the default account had permissions to view pods running in the default namespace through the API running on port 8443 (/api/v1/namespaces/default/pods) but I had no awareness of how this could be exploited.

If I had known Kubernetes and the workings of their APIs, I would have instantly recognised that this is the endpoint used to also add new pods to Kubernetes, but I didn't! Due to this, I wasted more time than I care to admit trying other things such as mounting the host filesystem to one of the pods I can access and establishing a reverse shell to one of the pods.

I did initially look at how to create new pods too; honestly there's very little documentation on using the API on port 8443 directly. Every example I looked at used kubectl, a commandline tool for managing Kubernetes.

Exploitation (Finally!)

After a while of digging, I finally came across a Stack Overflow page on adding a pod through the API on port 8443.

Along with this, I found a usable YAML file from Raesene in an article on Kubernetes security. I then converted this from YAML to JSON and added the pod after some minor tweaks.

My first attempt at adding a pod was unsuccessful- the pod was added, but the containers section was showing as null

However, it didn't take me long to see that this was due to the image I had specified in the original YAML file. I simply copied the image specified in the nginx pod to my YAML file and ended up with the following:

I saved the json output to a file named new-pod2.json and added the second pod.

curl -k -v -X POST -H "Authorization: Bearer <nginx-token>" -H "Content-Type: application/json" https://steamcloud.htb:8443/api/v1/namespaces/default/pods [email protected]

This time, the pod was added successfully and I was able to access the host filesystem through 'le-host'

The Vulnerability

The main issue here that made exploitation possible was the ability to access the Kubelet API on port 10250 without authorization. This should not be possible. AquaSec provide a useful article on recommendations for Kubernetes security.

Conclusion

SteamCloud was a relatively easy machine to exploit; what was difficult was finding information on the Kubernetes APIs and how to perform certain actions. It is one of those that someone with experience in the in-use technologies would have rooted in a matter of minutes; for a noob like me, the process wasn't so straightforward, particularly with information on Kubernetes being a little difficult to find! I've only recently returned to hacking, however, which might have contributed to my potential lack of Google Fu here. ^-^

I very much enjoyed the experience, however, and feel I learned the fundamentals of testing a Kubernetes deployment which I can imagine will be useful at some point in my future!

Introduction to EKS Secrets Management with Kubernetes

Managing secrets in Kubernetes doesn’t have to involve complex coding. Using tools like kubectl and external secret management solutions, you can securely create, manage, and access secrets in your Kubernetes clusters without writing any code. By following best practices and leveraging Kubernetes’ built-in features, you can ensure that your sensitive data remains secure while allowing your applications to access them easily. This approach to Kubernetes secrets management helps streamline security processes while maintaining the integrity and confidentiality of your sensitive information.

Kubernetes API Tutorial with Examples for Devops Beginners and Students

Hi, a new #video on #kubernetesapi is published on #codeonedigest #youtube channel. Learn #kubernetes #api #kubectl  #node #docker #container #cloud #aws #azure #programming #coding with #codeonedigest

@java #java #awscloud @awscloud #aws @AWSCloudIndia #Cloud #CloudComputing @YouTube #youtube #azure #msazure #microsoftazure  #kubernetes #kubernetestutorial #kubernetestutorialforbeginners #kubernetesinstallation #kubernetesinterviewquestions #kubernetesexplained #kubernetesorchestrationtutorial #kubernetesoperator #kubernetesoverview #kubernetesnetworkpolicy #kubernetesnetworkpolicyexplained #kubernetesnetworkpolicytutorial #kubernetesnetworkpolicyexample #containernetworkinterface #containernetworkinterfaceKubernetes #containernetworkinterfaceplugin #containernetworkinterfaceazure #containernetworkinterfaceaws #azure #aws #azurecloud #awscloud #orchestration #kubernetesapi #Kubernetesapiserver #Kubernetesapigateway #Kubernetesapipython #Kubernetesapiauthentication #Kubernetesapiversion #Kubernetesapijavaclient #Kubernetesapiclient

HELM MasterClass: Kubernetes Packaging Manager

1. Introduction

Understanding Kubernetes

Kubernetes has become the de facto standard for container orchestration, enabling developers to deploy, manage, and scale applications efficiently. Its powerful features make it an essential tool in modern DevOps, but the complexity of managing Kubernetes resources can be overwhelming.

The Role of HELM in Kubernetes

HELM simplifies the Kubernetes experience by providing a packaging manager that streamlines the deployment and management of applications. It allows developers to define, install, and upgrade even the most complex Kubernetes applications.

Overview of the Article Structure

In this article, we'll explore HELM, its core concepts, how to install and use it, and best practices for leveraging HELM in your Kubernetes environments. We'll also dive into advanced features, real-world case studies, and the future of HELM.

2. What is HELM?

Definition and Purpose

HELM is a package manager for Kubernetes, akin to what APT is to Debian or YUM is to CentOS. It simplifies the deployment of applications on Kubernetes by packaging them into charts, which are collections of files that describe the Kubernetes resources.

History and Evolution of HELM

HELM was created by Deis, which later became part of Microsoft Azure. Over the years, it has evolved into a robust tool that is now maintained by the Cloud Native Computing Foundation (CNCF), reflecting its significance in the Kubernetes ecosystem.

Importance of HELM in Modern DevOps

In modern DevOps, where agility and automation are key, HELM plays a crucial role. It reduces the complexity of Kubernetes deployments, enables version control for infrastructure, and supports continuous deployment strategies.

3. Core Concepts of HELM

Charts: The Packaging Format

Charts are the fundamental unit of packaging in HELM. A chart is a directory of files that describe a related set of Kubernetes resources. Charts can be shared through repositories and customized to suit different environments.

Repositories: Hosting and Managing Charts

HELM charts are stored in repositories, similar to package repositories in Linux. These repositories can be public or private, and they provide a way to share and distribute charts.

Releases: Managing Deployments

A release is an instance of a chart running in a Kubernetes cluster. Each time you deploy a chart, HELM creates a release. This allows you to manage and upgrade your applications over time.

Values: Configuration Management

Values are the configuration files used by HELM to customize charts. They allow you to override default settings, making it easy to adapt charts to different environments or use cases.

4. Installing and Setting Up HELM

Prerequisites for Installation

Before installing HELM, ensure that you have a running Kubernetes cluster and that kubectl is configured to interact with it. You'll also need to install HELM's client-side component on your local machine.

Step-by-Step Installation Guide

To install HELM, download the latest version from the official website, extract the binary, and move it to your PATH. You can verify the installation by running helm version in your terminal.

Setting Up HELM on a Kubernetes Cluster

Once installed, you need to configure HELM to work with your Kubernetes cluster. This involves initializing HELM (if using an older version) and setting up a service account with the necessary permissions.

5. Creating and Managing HELM Charts

How to Create a HELM Chart

Creating a HELM chart involves using the helm create command, which sets up a boilerplate directory structure. From there, you can customize the chart by editing the templates and values files.

Best Practices for Chart Development

When developing charts, follow best practices such as keeping templates simple, using values.yaml for configuration, and testing charts with tools like helm lint and helm test.

Versioning and Updating Charts

Version control is crucial in chart development. Use semantic versioning to manage chart versions and ensure that updates are backward compatible. HELM's helm upgrade command makes it easy to deploy new versions of your charts.

6. Deploying Applications with HELM

Deploying a Simple Application

To deploy an application with HELM, you use the helm install command followed by the chart name and release name. This will deploy the application to your Kubernetes cluster based on the chart's configuration.

Managing Application Lifecycles with HELM

HELM simplifies application lifecycle management by providing commands for upgrading, rolling back, and uninstalling releases. This ensures that your applications can evolve over time without downtime.

Troubleshooting Deployment Issues

If something goes wrong during deployment, HELM provides detailed logs that can help you troubleshoot the issue. Common problems include misconfigured values or missing dependencies, which can be resolved by reviewing the chart's configuration.

7. HELM Repositories

Setting Up a Local HELM Repository

Setting up a local repository involves running a simple HTTP server that serves your charts. This is useful for testing and internal use before publishing charts to a public repository.

Using Public HELM Repositories

Public repositories like Helm Hub provide a vast collection of charts for various applications. You can add these repositories to your HELM setup using the helm repo add command and then install charts directly from them.

Security Considerations for HELM Repositories

When using or hosting HELM repositories, security is paramount. Ensure that your repository is secured with HTTPS, and always verify the integrity of charts before deploying them.

8. Advanced HELM Features

Using HELM Hooks for Automation

HELM hooks allow you to automate tasks at different points in a chart's lifecycle, such as before or after installation. This can be useful for tasks like database migrations or cleanup operations.

Managing Dependencies with HELM

HELM can manage chart dependencies through the requirements.yaml file. This allows you to define and install other charts that your application depends on, simplifying complex deployments.

Using HELM with CI/CD Pipelines

Integrating HELM with your CI/CD pipeline enables automated deployments and updates. Tools like Jenkins, GitLab CI, and GitHub Actions can be used to automate HELM commands, ensuring continuous delivery.

Installing Kubernetes on Mac: A Step-by-Step Guide

Keywords: Kubernetes, Mac, installation, Minikube, Docker, VirtualBox, kubectl

Running Kubernetes locally on your Mac is a valuable tool for developers and administrators alike. It allows for experimentation, testing, and development without the complexities of a full-scale production environment. Here's a guide on how to set up Kubernetes on your Mac using Minikube.  

Prerequisites

Before diving into the installation, ensure you have the following:

macOS: Running the latest version.

Homebrew: A package manager for macOS. If not installed, open Terminal and run.

Instalar kubectl y kubecolor en Debian 12

En esta guía, te mostraré cómo instalar kubectl y kubecolor en Debian 12. kubectl es una herramienta de línea de comandos para interactuar con Kubernetes, y kubecolor es una extensión que agrega colores a la salida de kubectl para mejorar la legibilidad. Kubectl 1- Paquetes necesarios sudo apt-get install -y apt-transport-https ca-certificates curl 2- Descargamos las llaves curl -fsSL…

Kubectl cp Command: How to Copy Files From Kubernetes Pods

1. Identify the Pod and the File Path First, determine the name of the pod and the path of the file you want to copy from the pod. For example, let’s say you have a pod named my-pod in the default namespace, and you want to copy a file located at /path/in/pod/file.txt from the pod to your local machine. 2. Use kubectl cp Command The kubectl cp command is used to copy files between a local…

Kubectl is an important tool for managing Kubernetes clusters. It enables developers to deploy and manage applications on Kubernetes clusters from the command line. Kubectl is an essential tool for every Kubernetes user and is a vital part of the Kubernetes ecosystem. This article will introduce us to some command line utility that helps us not to repeat kubectl command again and again.

Containerization with Docker and Kubernetes: An Essential Guide

Docker and Kubernetes have emerged as foundational tools for containerization and orchestration in the rapidly evolving landscape of cloud-native technologies. This blog post explores their roles, provides setup guides, and highlights key use cases demonstrating their power and flexibility.

Introduction to Containerization

Containerization is a lightweight alternative to traditional virtualization, enabling applications to run in isolated environments. This approach solves many problems related to environment consistency, application deployment, and scalability. 

Docker: The Containerization Pioneer

What is Docker?

Docker is an open-source platform that automates the deployment of applications inside lightweight, portable containers. It encapsulates an application and its dependencies, ensuring it runs consistently across various environments.

Why Use Docker?

Consistency: Ensures the application behaves the same, regardless of where it is run.

Efficiency: Reduces overhead by sharing the host OS kernel.

Portability: Facilitates seamless movement of applications between development, testing, and production environments.

Setting Up Docker

1. Install Docker:

   - Windows & macOS: Download the Docker Desktop installer from [Docker's official site](https://www.docker.com/products/docker-desktop).

   - Linux: Use the package manager. For example, on Ubuntu:

     sudo apt-get update

     sudo apt-get install docker-ce docker-ce-cli containerd.io

2. Verify Installation:

 docker --version

3. Run Your First Container:

    docker run hello-world

Docker Use Cases

- Microservices: Simplifies the deployment and management of microservice architectures.

- DevOps: Streamlines CI/CD pipelines by providing consistent environments.

- Hybrid Cloud: Enables seamless movement of workloads between on-premises and cloud environments.

Kubernetes: Orchestrating Containers at Scale

What is Kubernetes?

Kubernetes, often abbreviated as K8s, is an open-source platform for automating the deployment, scaling, and operation of containerized applications. It manages clusters of containers, ensuring high availability and scalability.

Why Use Kubernetes?

- Scalability: Automatically scales applications based on demand.

- Self-Healing: Automatically restarts, replaces, and reschedules containers when they fail.

- Service Discovery & Load Balancing: Efficiently balances traffic and discovers services without manual intervention.

Setting Up Kubernetes

1. Install Kubernetes Tools:

   - kubectl: Command-line tool for interacting with Kubernetes clusters.

   - Minikube: Local Kubernetes cluster for development.

   # Install kubectl

   sudo apt-get update

   sudo apt-get install -y kubectl

    Install Minikube

   curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64

   chmod +x minikube

   sudo mv minikube /usr/local/bin/

2. Start Minikube:

  minikube start

3. Deploy an Application:

   kubectl create deployment hello-node --image=k8s.gcr.io/echoserver:1.4

   kubectl expose deployment hello-node --type=LoadBalancer --port=8080

   minikube service hello-node

Kubernetes Use Cases

- Complex Applications: Manages applications with multiple, interdependent services.

- CI/CD Pipelines: Enhances automation and reduces the risk of deployment issues.

- Multi-Cloud Deployments: Orchestrates applications across various cloud providers.

Integrating Docker and Kubernetes

While Docker provides the containerization platform, Kubernetes offers robust orchestration capabilities. Together, they form a powerful combination for building, deploying, and managing cloud-native applications.

Example Workflow:

1. Build Docker Image:

   docker build -t my-app .

2. Push to Container Registry:

   docker tag my-app my-repo/my-app

   docker push my-repo/my-app

3. Deploy with Kubernetes:

   kubectl create deployment my-app --image=my-repo/my-app

   kubectl expose deployment my-app --type=LoadBalancer --port=80

Conclusion

Containerization with Docker and Kubernetes revolutionizes how applications are developed, deployed, and managed. By leveraging Docker's simplicity and Kubernetes' powerful orchestration capabilities, organizations can achieve greater agility, scalability, and reliability in their cloud-native journey.

For more details click www.hawkstack.com