Learn kubernetes in kubernetes
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
# INFO ABOUT COMPLETE NEW VANILLA k8s v1.22 (ubuntu + containerd + calico)
root@f2k8s1p:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
f2k8s1p Ready control-plane,master 15m v1.22.0 10.22.0.10 <none> Ubuntu 20.04.2 LTS 5.4.0-80-generic containerd://1.5.2
f2k8s2p Ready <none> 14m v1.22.0 10.22.0.11 <none> Ubuntu 20.04.2 LTS 5.4.0-80-generic containerd://1.5.2
f2k8s3p Ready <none> 14m v1.22.0 10.22.0.12 <none> Ubuntu 20.04.2 LTS 5.4.0-80-generic containerd://1.5.2
root@f2k8s1p:~# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-ctpqk 1/1 Running 0 2m29s 192.168.87.65 f2k8s3p <none> <none>
kube-system calico-node-5zfn9 1/1 Running 0 2m29s 10.22.0.12 f2k8s3p <none> <none>
kube-system calico-node-8f7xs 1/1 Running 0 2m29s 10.22.0.11 f2k8s2p <none> <none>
kube-system calico-node-bkdsq 1/1 Running 0 2m29s 10.22.0.10 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-qqzbd 1/1 Running 0 5m 192.168.165.0 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-x5rrx 1/1 Running 0 5m 192.168.165.2 f2k8s1p <none> <none>
kube-system etcd-f2k8s1p 1/1 Running 0 5m7s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-apiserver-f2k8s1p 1/1 Running 0 5m16s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-controller-manager-f2k8s1p 1/1 Running 0 5m7s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-2bqxx 1/1 Running 0 5m 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-dztqt 1/1 Running 0 4m37s 10.22.0.11 f2k8s2p <none> <none>
kube-system kube-proxy-nc8np 1/1 Running 0 4m33s 10.22.0.12 f2k8s3p <none> <none>
kube-system kube-scheduler-f2k8s1p 1/1 Running 0 5m7s 10.22.0.10 f2k8s1p <none> <none>
root@f2k8s1p:~# kubectl get tasks
error: the server doesn't have a resource type "tasks"
root@f2k8s1p:~# kubectl apply -f https://github.com/dergeberl/kubeteach/releases/latest/download/deployment.yaml
namespace/kubeteach-system created
customresourcedefinition.apiextensions.k8s.io/exercisesets.kubeteach.geberl.io created
customresourcedefinition.apiextensions.k8s.io/taskdefinitions.kubeteach.geberl.io created
customresourcedefinition.apiextensions.k8s.io/tasks.kubeteach.geberl.io created
serviceaccount/kubeteach-controller-manager created
role.rbac.authorization.k8s.io/kubeteach-leader-election-role created
clusterrole.rbac.authorization.k8s.io/kubeteach-manager-role created
clusterrole.rbac.authorization.k8s.io/kubeteach-metrics-reader created
clusterrole.rbac.authorization.k8s.io/kubeteach-proxy-role created
rolebinding.rbac.authorization.k8s.io/kubeteach-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/kubeteach-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/kubeteach-proxy-rolebinding created
configmap/kubeteach-manager-config created
service/kubeteach-controller-manager-metrics-service created
deployment.apps/kubeteach-controller-manager created
root@f2k8s1p:~# kubectl apply -f https://github.com/dergeberl/kubeteach/releases/latest/download/exerciseset1.yaml
namespace/kubeteach-troubleshoot created
deployment.apps/fix-me created
exerciseset.kubeteach.geberl.io/set1 created
clusterrole.rbac.authorization.k8s.io/set1 created
clusterrolebinding.rbac.authorization.k8s.io/set1 created
root@f2k8s1p:~# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-ctpqk 1/1 Running 0 6m1s 192.168.87.65 f2k8s3p <none> <none>
kube-system calico-node-5zfn9 1/1 Running 0 6m1s 10.22.0.12 f2k8s3p <none> <none>
kube-system calico-node-8f7xs 1/1 Running 0 6m1s 10.22.0.11 f2k8s2p <none> <none>
kube-system calico-node-bkdsq 1/1 Running 0 6m1s 10.22.0.10 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-qqzbd 1/1 Running 0 8m32s 192.168.165.0 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-x5rrx 1/1 Running 0 8m32s 192.168.165.2 f2k8s1p <none> <none>
kube-system etcd-f2k8s1p 1/1 Running 0 8m39s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-apiserver-f2k8s1p 1/1 Running 0 8m48s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-controller-manager-f2k8s1p 1/1 Running 0 8m39s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-2bqxx 1/1 Running 0 8m32s 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-dztqt 1/1 Running 0 8m9s 10.22.0.11 f2k8s2p <none> <none>
kube-system kube-proxy-nc8np 1/1 Running 0 8m5s 10.22.0.12 f2k8s3p <none> <none>
kube-system kube-scheduler-f2k8s1p 1/1 Running 0 8m39s 10.22.0.10 f2k8s1p <none> <none>
kubeteach-system kubeteach-controller-manager-84cff55968-wtx2q 1/1 Running 0 3m14s 192.168.82.1 f2k8s2p <none> <none>
kubeteach-troubleshoot fix-me-94dc7844c-jbtx2 0/1 ErrImagePull 0 31s 192.168.82.2 f2k8s2p <none> <none>
root@f2k8s1p:~# kubectl get tasks --all-namespaces -o wide
NAMESPACE NAME TITLE DESCRIPTION STATUS
default task01 Create namespace Create a new namespace with the name kubeteach active
default task02 Create pod Create a pod in namespace kubeteach, name it pod1 and use nginx:latest as image pending
default task03 Create deployment Create a deployment with the name kubeteach-webserver in namespace kubeteach, 3 replicas and nginx:latest as image pending
default task04 Scale deployment Scale the deployment from task3 to 5 replicas pending
default task05 Add port to deployment Add a containerPort (TCP port 80) to the deployment from task3 pending
default task06 Create service for deployment Create a service of type NodePort to export port 80 of the deployment from task3 pending
default task07 Create configMap Create a configMap with name colorconf in namespace kubeteach with value color=blue pending
default task08 Bind configmap data to pod Create a new nginx:latest pod with name colorconf-pod in namespace kubeteach and use the configmap value color as environment variable COLOR pending
default task09 Create serviceaccount Create a new serviceaccount named kubeteach-sa in kubeteach namespace pending
default task10 Use serviceaccount Use the serviceaccount kubeteach-sa in a new deployment named nginx-sa with image nginx:latest in kubeteach namespace pending
default task11 Create role Create a new role named kubeteach-pod-role in kubeteach namespace with permissions on pods (get, list, watch) pending
default task12 Create rolebinding Connect the role kubeteach-pod-role (task11) and serviceaccount kubeteach-sa (task9) in a rolebinding named kubeteach-rolebinding pending
default task13 Fix broken deployment In namespace kubeteach-troubleshoot is a deployment named fix-me, find the problem and fix this deployment active
##### EVERYTHING UP AND RUNNING.
#####
##### LET DELETE kubeteach now
root@f2k8s1p:~# kubectl delete -f https://github.com/dergeberl/kubeteach/releases/latest/download/exerciseset1.yaml
namespace "kubeteach-troubleshoot" deleted
deployment.apps "fix-me" deleted
exerciseset.kubeteach.geberl.io "set1" deleted
clusterrole.rbac.authorization.k8s.io "set1" deleted
clusterrolebinding.rbac.authorization.k8s.io "set1" deleted
root@f2k8s1p:~# kubectl delete -f https://github.com/dergeberl/kubeteach/releases/latest/download/deployment.yaml
namespace "kubeteach-system" deleted
customresourcedefinition.apiextensions.k8s.io "exercisesets.kubeteach.geberl.io" deleted
customresourcedefinition.apiextensions.k8s.io "taskdefinitions.kubeteach.geberl.io" deleted
customresourcedefinition.apiextensions.k8s.io "tasks.kubeteach.geberl.io" deleted
serviceaccount "kubeteach-controller-manager" deleted
role.rbac.authorization.k8s.io "kubeteach-leader-election-role" deleted
clusterrole.rbac.authorization.k8s.io "kubeteach-manager-role" deleted
clusterrole.rbac.authorization.k8s.io "kubeteach-metrics-reader" deleted
clusterrole.rbac.authorization.k8s.io "kubeteach-proxy-role" deleted
rolebinding.rbac.authorization.k8s.io "kubeteach-leader-election-rolebinding" deleted
clusterrolebinding.rbac.authorization.k8s.io "kubeteach-manager-rolebinding" deleted
clusterrolebinding.rbac.authorization.k8s.io "kubeteach-proxy-rolebinding" deleted
configmap "kubeteach-manager-config" deleted
service "kubeteach-controller-manager-metrics-service" deleted
deployment.apps "kubeteach-controller-manager" deleted
### CHECK
root@f2k8s1p:~# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-ctpqk 1/1 Running 0 9m3s 192.168.87.65 f2k8s3p <none> <none>
kube-system calico-node-5zfn9 1/1 Running 0 9m3s 10.22.0.12 f2k8s3p <none> <none>
kube-system calico-node-8f7xs 1/1 Running 0 9m3s 10.22.0.11 f2k8s2p <none> <none>
kube-system calico-node-bkdsq 1/1 Running 0 9m3s 10.22.0.10 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-qqzbd 1/1 Running 0 11m 192.168.165.0 f2k8s1p <none> <none>
kube-system coredns-78fcd69978-x5rrx 1/1 Running 0 11m 192.168.165.2 f2k8s1p <none> <none>
kube-system etcd-f2k8s1p 1/1 Running 0 11m 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-apiserver-f2k8s1p 1/1 Running 0 11m 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-controller-manager-f2k8s1p 1/1 Running 0 11m 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-2bqxx 1/1 Running 0 11m 10.22.0.10 f2k8s1p <none> <none>
kube-system kube-proxy-dztqt 1/1 Running 0 11m 10.22.0.11 f2k8s2p <none> <none>
kube-system kube-proxy-nc8np 1/1 Running 0 11m 10.22.0.12 f2k8s3p <none> <none>
kube-system kube-scheduler-f2k8s1p 1/1 Running 0 11m 10.22.0.10 f2k8s1p <none> <none>
### AND NOW check for Tasks:
root@f2k8s1p:~# kubectl get tasks --all-namespaces -o wide
Error from server (NotFound): Unable to list "kubeteach.geberl.io/v1alpha1, Resource=tasks": the server could not find the requested resource (get tasks.kubeteach.geberl.io)
We see, that the list kubeteach.geberl.io/v1alpha1 will remain after deleting "everything".
This is a known behavior (https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) but should be fixed in future.
The following pipelines are needed:
Improving the documentation
TaskDefinitionAdd Helm chart for installation.
To be able to get information about an set of tasks it would be an good idea to create an additional object which contains multiple TaskDefinition. It would be also possible to set points on an Task to be able to calculate a score for a set of tasks.
检测到 dergeberl/kubeteach 一共引入了294个开源组件,存在2个漏洞
漏洞标题:jwt-go 安全漏洞
缺陷组件:github.com/dgrijalva/[email protected]+incompatible
漏洞编号:CVE-2020-26160
漏洞描述:jwt-go是个人开发者的一个Go语言的JWT实现。
jwt-go 4.0.0-preview1之前版本存在安全漏洞。攻击者可利用该漏洞在使用[]string{} for m[\"aud\"](规范允许)的情况下绕过预期的访问限制。
影响范围:(∞, 4.0.0-preview1)
最小修复版本:4.0.0-preview1
缺陷组件引入路径:github.com/dergeberl/kubeteach@->github.com/dgrijalva/[email protected]+incompatible
另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=adf662
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.