Posts tagged How to

Kubernetes

Controlling Access in Kubernetes with RBAC

Introduction

Role-based access control is an important component when it comes to managing a Kubernetes cluster securely. The more users and automated processes there are that need to interface with the Kubernetes API, the more important controlling access becomes. In this lab, you will have the opportunity to practice your skills with the Kubernetes RBAC system by implementing your own RBAC permissions to appropriately limit user access.

Solution

Log in to the lab server using the credentials provided:

ssh cloud_user@<PUBLIC_IP_ADDRESS>

Note: When copying and pasting code into Vim from the lab guide, first enter :set paste (and then i to enter insert mode) to avoid adding unnecessary spaces and hashes.

Create a Role for the dev User

  1. Test access by attempting to list pods as the dev user:kubectl get pods -n beebox-mobile --kubeconfig dev-k8s-config We’ll get an error message.
  2. Create a role spec file:vi pod-reader-role.yml
  3. Add the following to the file:apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: beebox-mobile name: pod-reader rules: – apiGroups: [“”] resources: [“pods”, “pods/log”] verbs: [“get”, “watch”, “list”]
  4. Save and exit the file by pressing Escape followed by :wq.
  5. Create the role:kubectl apply -f pod-reader-role.yml

Bind the Role to the dev User and Verify Your Setup Works

  1. Create the RoleBinding spec file:vi pod-reader-rolebinding.yml
  2. Add the following to the file:apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pod-reader namespace: beebox-mobile subjects: – kind: User name: dev apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io
  3. Save and exit the file by pressing Escape followed by :wq.
  4. Create the RoleBinding:kubectl apply -f pod-reader-rolebinding.yml
  5. Test access again to verify you can successfully list pods:kubectl get pods -n beebox-mobile --kubeconfig dev-k8s-config This time, we should see a list of pods (there’s just one).
  6. Verify the dev user can read pod logs:kubectl logs beebox-auth -n beebox-mobile --kubeconfig dev-k8s-config We’ll get an Auth processing... message.
  7. Verify the dev user cannot make changes by attempting to delete a pod:kubectl delete pod beebox-auth -n beebox-mobile --kubeconfig dev-k8s-config We’ll get an error, which is what we want.
HOW To's Terraform

Configuring Terraform and provisioning an AWS EC2 Instance.

Terraform provides an elegant user experience for operators to safely and predictably make changes to infrastructure. Terraform is distributed as a binary package for many supported platforms and architectures. Installing Terraform To install Terraform, after downloading the appropriate version of Terraform, unzip the package. Terraform runs as a single binary named terraform. The final step is to make sure that the binaryterraform is available on the environment path. See thisfor instructions on setting the PATH on Linux and Mac.  Verifying the Installation After installing Terraform, verify the installation worked by opening a new terminal… Read More

Read More
2 Minute Tutorials HOW To's LINUX Tutorials

How to change root password in Ubuntu Linux

By default, the root user account password is locked in Ubuntu Linux for security reasons. As a result, you can not login using root user or use a command such as ‘su -‘ to become a SuperUser.

You need to use the passwd command to change the password for user accounts on Ubuntu Linux. A typical user can only change the password for his/her account only. A SuperUser (root) can change the password for any user account. Your user account info stored in /etc/passswd and an encrypted password stored in /etc/shadow file.

How to change root password in Ubuntu

The procedure to change the root user password on Ubuntu Linux:

  1. Type the following command to become root user and issue passwd:
    sudo -i
    passwd
  2. OR set a password for root user in a single go:
    sudo passwd root
  3. Test it your root password by typing the following command:
    su –

A note about root password on an Ubuntu server/desktop

Enabling the root account by setting the password is not needed. Almost everything you need to do as SuperUser (root) of an Ubuntu server can be done using sudo command. For example, restart apache server:
$ sudo systemctl restart apache2
You can add an additional user to sudo by typing the following command:
$ sudo adduser {userNameHere} sudo
For example, add a user named pankaj to sudo:
$ sudo adduser pankaj sudo

2 Minute Tutorials HOW To's LINUX RHEL

Configuring NTP using chrony

Chrony provides another implementation of NTP and is designed for systems that are often powered down or disconnected from the network. The main configuration file is /etc/chrony.conf  and parameters are similar to those in the /etc/ntp.conf file. – chronyd is the daemon that runs in user space.– chronyc is a command-line program that provides a command prompt and a number of commands. Examples:tracking: Displays system time informationsources: Displays information about current sources. Installing Chrony Install the chrony package by using the following command: # yum install chrony Use the following commands to start chronyd and to… Read More

Read More
2 Minute Tutorials HOW To's LINUX

Passwordless Login Using SSH Keygen in 5 Easy Steps

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol. In this article we will show you how to setup password-less login on RHEL/CentOS 7.x/6.x/5.x and Fedora using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer. My Setup Environment SSH Client : 192.168.0.12… Read More

Read More