Kubernetes - An Enterprise Guide 2E

License: MIT License

Shell 34.80% Open Policy Agent 64.62% Dockerfile 0.11% Python 0.08% Go 0.38%

kubernetes---an-enterprise-guide-2e's Introduction

Kubernetes: An Enterprise Guide, Second Edition, published by Packt

Note: Chapter 3 does not have any exercises, therefore, you will not find any code or scripts in the repo for those chapters.

Welcome to the repository for the Packt book, Kubernetes: An Enterprise Guide, Second Edition, created by Marc Boorshtein and Scott Surovich.

This repo contains the scripts that are references in the book exercises. You should clone this repo to the host you will use for the exercises included with the chapters. Each chapter will explain the important portions of the scripts so you will have an understanding of what the scripts are executing. While the scripts are not required, it will save your time over typing manifests manually.

Code Repository

Paperback: 578 pages
Publisher: Packt Publishing
Language: English

ISBN-10: 1803230037
ISBN-13: 978-1803230030
Kindle ASIN: B09FKKCXHG

Required Experience

You should have a basic understanding of Docker and Kubernetes before reading the book.

System Requirements

Ubuntu 18.04 or 20.04 (20.04 is referenced in the exercises)
4GB for most exercises, 8GB preferred
5-10GB of free disk space on the Docker host system

While the majority of the exercises can be executed on any system running Linux, the exercises in Chapter 12 may not execute correctly on a non-Ubuntu system.
All other exercise should execute on CentOS or Ubuntu.

WSL2 and Docker were tested and most exercises will work correctly, however since Chapter 10 requires a kernel with eBPF support, the Falco pods may not start correctly.

Chapter Notes

Chapter 4 contains a few complex topics that would require multiple virtual machines for any exercises. We wanted to keep the required resources for readers to be low, allowing the majority of readers to complete the exercise steps. This chapter has two topics that would require additional resources, the first is to fully configure external-dns, and the second, is K8GB.

In this repository, you will find resources and scripts to deploy an example K8GB configuration. These steps are outlined in the README file, located in the chapter 4 directory. Since the project is evolving, the scripts and resources may need updating and if/when that happens, we will update the required resources.

Download a free PDF

If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.

https://packt.link/free-ebook/9781803230030

kubernetes---an-enterprise-guide-2e's People

Contributors

Stargazers

Watchers

Forkers

jmccar amen619 ssurovich raphael1mbewou secabhk001 azurecloudmonk deb112233 danikgithub vishu77 vellankikoti kchou94 robert0714 aojgit smisra alexf4dev linuxclicks jkremser takowprogrammer alldbg techsupp jackchun sekhark8s suvankar08 essiea milstein-corp rrrupesh82 sobankhan12 nicht98 hhemied joymondal sioux69 fodrh1201 jackc8 ghuaynamontes sn0rlaxlife quynhlab edtshuma kbsinfotech hahagioi998 sanguinary-bus giorgiocerruti 31536k balaboppudi jaswant87 ajayryeruva the-mirak leewalter akroutihamza jithinscaria236 guilasabf aduru1 theja546 alainlompo vitbyst jnbdz jpetrous586 sawhna1 robotica72 anirbansaha1986 psaneem abhilashkurian vladimirvracaric alaahegga rodrigo-galba ahmedak-gl diondnr williamsun-hha ajaychinthapalli dharmesh1979 matthewrobertmac ryryryano neogopher yavuztor s4chidi nabysow lavanram123 myusuf591 sk4m1987 manvindar-telus falidevit webclinic017 hazem-soussi shinhs2009 letrandat rk-xbook rcn1ect it-engineer-pro afzaal0007

kubernetes---an-enterprise-guide-2e's Issues

openunison image not available

Chapter 8 in openunison-values.yaml, the image docker.lab.tremolo.dev/lab/ou-k8s seems to not be reachable.

Tried also with the docker.io/tremolosecurity/openunison-k8s-login-activedirectory:latest image which was available, but the 'openunison-orchestra' pod was failing on the readiness probes.

falco Readiness probe fails

host: Ubuntu 20.04 Focal Fossa LTS
Chapter 10

Got ebpf support, I was able to run 'sudo opensnoop-bpfcc'

Not sure why the readiness probe keeps failing, maybe you have some suggestions ?

$ k describe pod falco-t5qh2
Warning Unhealthy 12s (x2 over 27s) kubelet Readiness probe failed: Get "http://172.18.0.3:8765/healthz": dial tcp 172.18.0.3:8765: connect: connection refused

Logs from the kubelet :

$ docker exec -it 5b5b425cabc7 bash
root@cluster01-worker:/# journalctl -u kubelet -f

Feb 18 20:32:24 cluster01-worker kubelet[242]: I0218 20:32:24.180431 242 scope.go:111] "RemoveContainer" containerID="5113d12dffa8f560bec9779371a552415f13e5b9419c8e1ae6d5f08a0630f3bc" Feb 18 20:32:24 cluster01-worker kubelet[242]: E0218 20:32:24.181735 242 pod_workers.go:190] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"falco\" with CrashLoopBackOff: \"back-off 2m40s restarting failed container=falco pod=falco-442ng_falco(c4db0dd4-d751-40a4-8f6d-cc19164d8915)\"" pod="falco/falco-442ng" podUID=c4db0dd4-d751-40a4-8f6d-cc19164d8915

TriggerBinding missing field

CHAPTER 14

$ cat chapter14/example-apps/tekton/tekton-webhook.yaml 
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
  name: gitlab-push-binding
  namespace: python-hello-build
spec: {}

When applying the example-apps/tekton/tekton-webhook.yaml manifests, the 'TriggerBinding' object creation fails.
Seems like the 'spec: {}' is not visible, or it can't be empty ?

Error message:

Error from server (BadRequest): error when creating "example-apps/tekton/tekton-webhook.yaml": admission webhook "validation.webhook.triggers.tekton.dev" denied the request: validation failed: missing field(s): spec

Kubernetes An Enterprises

ch02 - Calico Installation

Hi,

Having problems when installing Calico to the KinD cluster.

Here's the steps followed and output so far

Create the cluster

codebox@localhost:~/Kubernetes---An-Enterprise-Guide-2E/chapter2$ **kind create cluster --name cluster01 --config ./cluster01-kind.yaml**
Creating cluster "cluster01" ...
 ✓ Ensuring node image (kindest/node:v1.24.0) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-cluster01"
You can now use your cluster with:

kubectl cluster-info --context kind-cluster01

Have a nice day! 👋

Install Calico

codebox@localhost:~/Kubernetes---An-Enterprise-Guide-2E/chapter2$ **kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml**
namespace/tigera-operator created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/apiservers.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/imagesets.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/installations.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/tigerastatuses.operator.tigera.io created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/tigera-operator created
serviceaccount/tigera-operator created
clusterrole.rbac.authorization.k8s.io/tigera-operator created
clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created
deployment.apps/tigera-operator created

Apply the Calico custom configuration

codebox@localhost:~/Kubernetes---An-Enterprise-Guide-2E/chapter2$ kubectl create -f ./calico.yaml
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
Warning: spec.template.metadata.annotations[scheduler.alpha.kubernetes.io/critical-pod]: non-functional in v1.16+; use the "priorityClassName" field instead
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
Error from server (AlreadyExists): error when creating "./calico.yaml": configmaps "calico-config" already exists
[resource mapping not found for name: "felixconfigurations.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "ipamblocks.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "blockaffinities.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "ipamhandles.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "ipamconfigs.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "bgppeers.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "bgpconfigurations.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "ippools.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "hostendpoints.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "clusterinformations.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "globalnetworkpolicies.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "globalnetworksets.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "networkpolicies.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "networksets.crd.projectcalico.org" namespace: "" from "./calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
ensure CRDs are installed first]

Am assuming the contents of the calico.yaml file are no longer compatible with the version of Calico being pulled down in the tigera-operator.yaml manifest.

Much appreciate any help that can be provided!

calico doesn't install properly

with the latest kind, calico no longer installs with the supplied sample yaml file in chapter2:

❯ kind version
kind v0.12.0 go1.17.8 darwin/arm64
❯ kubectl create -f calico.yaml
configmap/calico-config created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
Warning: spec.template.metadata.annotations[scheduler.alpha.kubernetes.io/critical-pod]: non-functional in v1.16+; use the "priorityClassName" field instead
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
unable to recognize "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
❯ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-74cd595f4b-lt6tp 0/1 ContainerCreating 0 77s
kube-system calico-node-mjzng 0/1 CrashLoopBackOff 3 (34s ago) 77s
kube-system calico-node-v9fhv 0/1 CrashLoopBackOff 3 (17s ago) 77s
kube-system coredns-64897985d-4bcj7 0/1 ContainerCreating 0 11m
kube-system coredns-64897985d-vb9ck 0/1 ContainerCreating 0 11m
kube-system etcd-cluster01-control-plane 1/1 Running 0 11m
kube-system kube-apiserver-cluster01-control-plane 1/1 Running 0 11m
kube-system kube-controller-manager-cluster01-control-plane 1/1 Running 0 11m
kube-system kube-proxy-44q4b 1/1 Running 0 10m
kube-system kube-proxy-z9bvn 1/1 Running 0 11m
kube-system kube-scheduler-cluster01-control-plane 1/1 Running 0 11m

ch02: Ingress pods stay unschedulable

When executing the section Installing an Ingress Controller, readers are pointed to the following command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml

However, the deployment contains the following node selector:

$ kubectl get deployments.apps -o yaml -n ingress-nginx | grep nodeSelector -A2
        nodeSelector:
          ingress-ready: "true"
          kubernetes.io/os: linux

The clister01-kind.yaml file does not add the required label to any node.

As per the create cluster docs, you should add the node selector to the config file.

A workaround is to apply the label manually, e.g.:

kubectl label nodes cluster01-control-plane ingress-ready=true

Kind/Calico issues a warning that CustomResourceDefinition is deprecated and a few errors.

Hi,

As I follow the instructions to create a ConfigMap w/ calico using the provided file calico.yml, it issues this warning:

Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition

Followed by some errors:

Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "felixconf igurations.crd.projectcalico.org" already exists

I'm still reading the second chapter and don't know if it is correctly working, but seems so.

Anyway, just a head's up. 👍🏿

Full output:

✦ 🐊 kubectl create -f calico.yaml        
                                                                                     
configmap/calico-config created                                                                                                
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextension
s.k8s.io/v1 CustomResourceDefinition                                                                                           
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created                                                          
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created                                                   
clusterrole.rbac.authorization.k8s.io/calico-node created                                                                      
clusterrolebinding.rbac.authorization.k8s.io/calico-node created                                                               
daemonset.apps/calico-node created                                                                                             
serviceaccount/calico-node created                                                                                             
deployment.apps/calico-kube-controllers created                                                                                
serviceaccount/calico-kube-controllers created 
serviceaccount/calico-kube-controllers created                                                                                 
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "felixconf
igurations.crd.projectcalico.org" already exists                                                                               
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamblock
s.crd.projectcalico.org" already exists                                                                                        
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "blockaffi
nities.crd.projectcalico.org" already exists                                                                                   
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamhandl
es.crd.projectcalico.org" already exists                                                                                       
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamconfi
gs.crd.projectcalico.org" already exists                                                                                       
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgppeers.
crd.projectcalico.org" already exists                                                                                          
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgpconfig
urations.crd.projectcalico.org" already exists                                                                                 
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ippools.c
rd.projectcalico.org" already exists                                                                                           
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "hostendpo
ints.crd.projectcalico.org" already exists                                                                                     
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "clusterin
formations.crd.projectcalico.org" already exists                                                                               
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "globalnet
workpolicies.crd.projectcalico.org" already exists                                                                             
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "globalnet
worksets.crd.projectcalico.org" already exists                                                                                 
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "networkpo
licies.crd.projectcalico.org" already exists
Error from server (AlreadyExists): error when creating "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "networkse
ts.crd.projectcalico.org" already exists
``

falco-functions pod fails

Chapter 10

fulco-functions pod readiness probe fails, looks like the HTTP server is unreachable:

$ k describe pod falco-functions-7c647fbb8f-xlf2c

Warning Unhealthy 21s (x9 over 5m21s) kubelet Liveness probe failed: Get "http://10.240.189.142:8080/healthz": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Tried from inside the container also:

$ k exec -it falco-functions-7c647fbb8f-xlf2c -- bash

Defaulted container "falco-functions" out of: falco-functions, prepare (init), install (init)
I have no name!@falco-functions-7c647fbb8f-xlf2c:/$ curl -v localhost:8080

Rebuilt URL to: localhost:8080/

Trying ::1...

TCP_NODELAY set

connect to ::1 port 8080 failed: Connection refused

Trying 127.0.0.1...

TCP_NODELAY set

Connected to localhost (127.0.0.1) port 8080 (#0)
GET / HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.52.1
Accept: /

I have no name!@falco-functions-7c647fbb8f-xlf2c:/$ curl -v localhost:8080/healthz

Trying ::1...

TCP_NODELAY set

connect to ::1 port 8080 failed: Connection refused

Trying 127.0.0.1...

TCP_NODELAY set

Connected to localhost (127.0.0.1) port 8080 (#0)
GET /healthz HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.52.1
Accept: /

Gitlab username

CHAPTER 14

Able to get the Gitlab password with:
kubectl get secret gitlab-gitlab-initial-root-password -o json -n gitlab | jq -r '.data.password' | base64 -d

..but can't find the username to login, tried 'git', 'gitlab', 'Git', 'Gitlab' but none of them worked.

"ou-tls-certificate" not found

CHAPTER 14

After run the './deploy_openunison_imp.sh' script, the 'kube-oidc-proxy-orchestra' pod fails.

The problem seems to be with a secret that has the wrong name. It has extra characters, eg 'ou-tls-certificate-8b9md' instead of 'ou-tls-certificate'.

I changed it's name to 'ou-tls-certificate' and it partially worked. The next error is that the secret holds only the private key and not the private key and the certificate.

first error

Warning FailedMount 16s (x12 over 10m) kubelet MountVolume.SetUp failed for volume "kube-oidc-proxy-config" : secret "ou-tls-certificate" not found

second error after the secret rename

Warning FailedMount 12s (x6 over 28s) kubelet MountVolume.SetUp failed for volume "kube-oidc-proxy-config" : references non-existent secret key: tls.crt

Gatekeeper API versions issue

CHAPTER 14

Deploying gatekeeper has issues with gatekeeper API versions:

$ ./deploy_gatekeeper.sh
namespace/gatekeeper-system created
customresourcedefinition.apiextensions.k8s.io/assign.mutations.gatekeeper.sh created
customresourcedefinition.apiextensions.k8s.io/assignmetadata.mutations.gatekeeper.sh created
resourcequota/gatekeeper-critical-pods created
customresourcedefinition.apiextensions.k8s.io/configs.config.gatekeeper.sh created
customresourcedefinition.apiextensions.k8s.io/constraintpodstatuses.status.gatekeeper.sh created
customresourcedefinition.apiextensions.k8s.io/constrainttemplatepodstatuses.status.gatekeeper.sh created
customresourcedefinition.apiextensions.k8s.io/constrainttemplates.templates.gatekeeper.sh created
mutatingwebhookconfiguration.admissionregistration.k8s.io/gatekeeper-mutating-webhook-configuration created
customresourcedefinition.apiextensions.k8s.io/mutatorpodstatuses.status.gatekeeper.sh created
serviceaccount/gatekeeper-admin created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/gatekeeper-admin created
role.rbac.authorization.k8s.io/gatekeeper-manager-role created
clusterrole.rbac.authorization.k8s.io/gatekeeper-manager-role created
rolebinding.rbac.authorization.k8s.io/gatekeeper-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/gatekeeper-manager-rolebinding created
secret/gatekeeper-webhook-server-cert created
service/gatekeeper-webhook-service created
deployment.apps/gatekeeper-audit created
deployment.apps/gatekeeper-controller-manager created
Warning: policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget
poddisruptionbudget.policy/gatekeeper-controller-manager created
validatingwebhookconfiguration.admissionregistration.k8s.io/gatekeeper-validating-webhook-configuration created
sleeping 10 seconds
usage: sleep seconds
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/allow-privilege-escalation/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/capabilities/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/forbidden-sysctls/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-filesystem/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-namespaces/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-network-ports/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/privileged-containers/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/proc-mount/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/read-only-root-filesystem/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
error: unable to recognize "https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/users/template.yaml": no matches for kind "ConstraintTemplate" in version "templates.gatekeeper.sh/v1"
sleeping 10 seconds
usage: sleep seconds
assign.mutations.gatekeeper.sh/k8spspdefaultallowprivilegeescalation created
assign.mutations.gatekeeper.sh/k8spspdefaultallowprivilegeescalationinit created
assign.mutations.gatekeeper.sh/k8spspfsgroup created

packtpublishing / kubernetes---an-enterprise-guide-2e Goto Github PK

kubernetes---an-enterprise-guide-2e's Introduction

Kubernetes: An Enterprise Guide, Second Edition, published by Packt

Code Repository

Links

Required Experience

System Requirements

Chapter Notes

Download a free PDF

kubernetes---an-enterprise-guide-2e's People

Contributors

Stargazers

Watchers

Forkers

kubernetes---an-enterprise-guide-2e's Issues

first error

second error after the secret rename

Recommend Projects

Recommend Topics

Recommend Org