Vinayak Salunke's Blog

Prerequisites to set up the AWS EKS: Local Ubuntu 22.04 machine command line tools to be installed.

Vinayak Salunkhe's photo
Vinayak Salunkhe
·

28 min read

  1. What is Kubernetes? Kubernetes Is a tool used for managing containers. it manages clusters of container hosts and the containers which are enclosed in a pod that is managed bt Kubernetes.

  2. What are the benefits of using Kubernetes? Monitoring-kubernetes monitor the availability of the container in every millisecond and whenever the OS/Container goes down it will launch the identical container and serve the requests coming. It’s portable and 100% open source. Auto-Scaling-As load of the container increase the k8s launch more containers to handle the client request and as the load decrease the k8s shutdown the containers which causing less resource utilization

  3. On which architecture does Kubernetes work? Kubernetes work on Master-Slaves Architecture. There is a node also called controller node on which k8s is running is called a master node and the container are running on the other node called slaves node.

  4. What is a multinode cluster and single-node cluster in Kubernetes? When the controller program and the container node are running on the same machine

or on the same operating system then it is called a single-node cluster MultiNode- Cluster-when the controller program of k8s in running on the one machine (master- node) and the container is running on the different container host machine (worker- node).

  1. What do you mean by a pod in Kubernetes? pod is the smallest deployable unit of computing you can create and manage in k8s.

  2. What is minikube? Minikube is a program or software that helps to setup kubernetes or K8s

  3. How to install minikube and kubectl? For minikube, go to google and download the software and then double click the exe file to get minikube installed. Navigate to the Directory where Minikube is installed cmd> cd C:\Program Files\Kubernetes\Minikube

and then run the command "minikube.exe start --driver=virtualbox --kubernetes- version=v1.20.0", so that it starts creating minikube vm in virtual box which in turn acts

as a k8s server. 8. Whereas, for kubectl, you need to download the program file using curl -lo command and then it will get installed.

curl -LO https://storage.googleapis.com/kubernetes- release/release/v1.20.0/bin/windows/amd64/kubectl.exe

  1. How to run any pod through kubectl? kubectl run pod_name --image=image_name

  2. What do you mean by exposing the pod? Exposing the POD is equivalent to exposing a container, what exactly happens here is that particular ip and port number of POD gets internet access by the internal PAT/NAT mechanism.

  3. How to expose the pod? kubectl.exe expose deployment pod_name --port=Port_Number --type=NodePort

  • Difference between pod and deployment? The main reason why we take the help of k8s server is that even if the pod goes down, k8s can create a backup container for that one immediately. But who exactly, inside k8s, gonna do this is the controller program called as deployment. There is no way to re launch the pod once it's deleted. But deployment keeps on tracking the desired state of a pod. So that if a pod goes down then the controller program will launch pods automatically.

  1. What is single node cluster? Single node cluster is the environment where we have the container host and the kubernetes residing in the same OS or same server.

  2. What is deployment controller? Deployment controller is a program which deploys the pods and checks the health of running pods. If the pod goes down it will re launch the replica of the same pod.

  3. What is fail over? It means to re launch the new pods when the older ones are down or get deleted.

  4. What is kube API/API server?

  • In the k8s server program which runs on the master node and, receives and processes the requests from the clients it's called kube API.
  1. What are ways to send request to kubernete Server?
  • There are 2 ways to send request to the k8s server by using kubectl program, by writing the code in YAML lang.
  1. What is YAML language? How to write code in YAML language?

  • YAML is programming lang. which is used to write a code in Kubernetes, for doing the tasks.

  • For writing the code in YAML we must understand yaml lang first. Proper indentation is must required in yaml programs.

  • YAML lang. uses ( .yml ) extension for its file.

  1. What is kubelet program?
  • Kubelet is a program which is used by the k8s for communicating with container engine.
  1. What are kubernete resources?

  • In simple term we can say Kubernetes resources are basic parts of k8s system by which we can use kubernetes technology.

  • These resources are called by the keywords.

  • E.g. Pod, Deployment, Service, Replicas,

  1. Use of get and describe command?

  • By using get command we can get the list of all the resources which is created on the cluster, with their status.

  • By the using describe command we can get every details of the all or given specific resources.

  1. What is use of spec and kind keyword?

  • In YAML lang,

  • Spec keyword is used for declaring any specifications to the resources.

  • Kind keyword is used for declaring what kind of resource is this.

  1. What is RC? RC stands for Replication Controller. We know that k8s will do management of containers. Actually, the program in k8s that exactly does this management of containers tasks is RC. This is not done by deployment. Behind deployment, k8s will actually do this? Management means ensuring the container is always up.

  2. What is replica? Replica is a parameter in specifications of yaml code in k8s. This parameter actually denotes the number of copies of containers created by container hosts.

  3. Difference between create and apply? Create and apply looks similar in implementing the yaml code with slight difference. Create is used for creating the container using yaml code, whereas apply is used for updating the already created container (via yaml code) by making some changes to native yaml code file and then forcing them to apply on container by using apply keyword in kubectl command. For example: kubectl create -f rc.yaml kubectl apply -f rc.yaml

  4. command to see replication controller? 'kubectl get rc'. Also we can use 'kubectl get services' or 'kubectl describe rc

  5. What are labels? We know that RC is a program in k8s, that does the management of PODs (Or containers).But to do this, RC has to know the IP of PODs. Even though, it has acquired the IP's of PODs, k8s can't really rely on this IPs because IPs keeps on cv hanging whenever the PODs reboot. To prevent this, RC has to use another parameter instead of relying on IPs. This is provided by labels. Labels are like tags to PODs, so that even the POD reboots, still the label remains same. Hence, RC uses labels to monitor the PODs.

  6. How and where is Reverse Proxy used in Kubernetes? 'service' kind of resource will actually make use of loadbalancing and reverse proxy in k8s. This program will actually acts like the client for backend PODs and forwards the requests from actual end users to backend and then gives the response to end users as soon as it gets the response from backend servers.

  7. What are the different types of services in Kubernetes? There are particularly 3 main services in k8s. They are: 1) Cluster IP 2) Node IP 3) External (Literally, we call it as load balancer) Cluster IP is the default load balancer in k8s. The drawback is that any node within the cluster can connect to LB but from outside no one can connect. In Node port type, LB has access to outside world or even internet. If you had created PODs in your k8s, and want to have the load balancer with them then we need to connect to ELB of 3rd party like AWS.

  8. What is the importance of labels? Labels acts as a tag for the PODs, this helps the selector program of k8s to monitor their presence and include them whenever required for load balancing or managing.

  9. How does the NodePort service work? Node port works on the logic of doing the reverse proxy two times. Assume that k8s is running on minikube and try to randomly assume any empty port as 30k.Now in the yaml file you need to mention node port as 30k. What exactly happens is if anyone tries to connect the minikube ip with 30k as port then the node port program will does reverse proxy to the actual loadbalancer 'service' Again load balancer will internally do reverse proxy from the requests (That is coming from node port program) to the pods. In this way, because we are doing two times reverse proxy hence we are able to make our PODs or LB's to have internet access.

  10. What is the difference between port, target port and Nodeport? 'target port' is the port number at which our application inside POD is running. 'port' is the port number(on load balancer 'service') at which our load balancer receives the request from clients and then forwards them to the backend.

'node port' is the port on the container host level that helps for giving access to the LB 'service' to internet world. Because of this port node identifies it as a request to actual load balancer 32. What is MultiTier Application? MultiTier applications mean interconnecting two different applications which solve some particular use case. eg:one POD acts as a Database i.e, Back-End and another POD as a Front-End where all the Image is shown.The both the PODS are connected through a network in K8s is called Multi Tier Applications. 33. How to expose in k8s? Kubectl expose -type=Nodeport -port=80 34. What are the ways to specify the shell variable/environmental variables in linux? In containers, there are two ways by which we can specify a shell variable or environmental variable. Either at the time we create a container at the run time we can pass the shell values as environment variables or going inside the shell terminal of the pod we can create a variable and make it permanent by adding it to the file /root/.bashrc. But for this, the pod should be in a running state 35. How to get the terminal of a pod running in k8s? cmmnd: kubectl exec -it -bash 36. Command to check the stack limit in Linux? ulimit –a 37. How to enter the environmental variables when running pods? We can enter the environment variable at the run time of the pod by the use of the keyword env Kubectl run myos1 --image=wordpress --env=x=10 38. Which program is used for carrying environment variables in PHP container image? The keyword --env has some internal program that lets container image carry environment variables 39. What is the client program for connecting MySQL? In the WordPress it is the Word Press server that acts as a client. and keep on sending/retrieving the data to/from Pod. 40. How to check log of pods? Kubectl logs 41. What is secret in k8s? Secret is a resource type in Kubernetes to encode the environmental variables such as password, key-values, credentials etc. we can consider secret as a small box where our data is stored in encoded form.

  1. What are the uses of secret? Secret is a database that stores all the confidential data in encoded form to provide security.

  2. Which type of encoding algorithm is used by secret? base64 encode format

  3. What is literal? Key-value pairs within the Secret in Kubernetes is also known as literals

  4. Which type of storage is provided by k8s? The type of storage provided by Kubernetes is temporary.

  5. What is the use case of Replication Controller? The main use case of Replication controller is to manage the replicas in system. Like PODs scale out and scale in are managed by RC/RS. Actually, RC is a resource of K8s that is obsolete. Another resource that substitutes this RC is RS

  6. What are the challenges that deployment helps us to solve? Basically, it is a common practice that companies keep on upgrading their images. So whenever we get a new image we need to launch PODs out of that. Then it will be more problematic to manage this data cutover from old PODs to new. Hence, we need to have a strategy for this. The name of that strategy is called as 'rolling upgrade' or 'ramped' Deployment resource is efficiently used in implementing Rolling upgrade strategy for updating the images of PODs without letting the clients aware of any downtime.

  7. What are the different types of Strategies? We have many strategies of which there are two important ones. Recreate strategy Rolling Upgrade strategy.

  8. Why we don't overwrite the version of an image? If we overwrite the version of image then deployment controller cannot be triggered. Because it can't identify if anything is changed in the older image. So to let the difference come out, we need to have a new image. Also, by keeping the older images (Means not overwriting them) we can have the advantages of version controlling feature.

  9. What is rollback and rollout? Rollout is like upgrading from present version of system to the next latest one. Whereas rollback is quite opposite, it means going back to the previous version.

  10. What is the set image command used for? Set image command allows the deployment resource to upgrade all the PODs to the next version specified in the image.

  11. How can we check the rollout status? Rollout status can be checked via 'kubectl rollout status deployment ' Also, we can see it in 'kubectl rollout history deployment '

  12. What command helps us to rollback to older version? kubectl rollout undo deployment

  13. What is label and selector...? Basically, label is a tag that is given to Pods, through which they can be identified or picked up by other programs. Selector is a program through which one resource collects the information of particular labelled pods and takes the decision to perform further tasks accordingly. In short, selector is a way to search other resources.

  14. What is equality based and set based selector...? Technically, both the names represent selectors. But the way they work is different because of different search algorithms they use. For example: Equality search is a selector that is very straight forward and needs too much precise information to start searching. Whereas, set based selector is a way that can sort out complicated input information like (and/or) logic and can then start searching.

  15. What is replica set...? Basically, Replica set is also a replication controller that can also work on 'set based' selector. RS can manage very big environments compared to RC.

  16. What is the role of match Labels and match Expression keywords...? Both of them helps selector program to identify what kind of pods or resources that client is intended to search for. But match labels is used when selector program is based on Equality search and match expression is based on set based selector program.

  17. How to do deployment with yaml file...? We can use the same yaml file of RS for deployment by simply changing the kind to Deployment. We change this because by using deployment resource, we can use LB concept and also deployment can create RS in backend.

  18. What are PVC, PV and SC in kubernetes? User can assign PVC as per their requirement however in order to access storage class, PV act as API for that. PV --> A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator. It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes but have a lifecycle independent of any individual pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system.

PVC --> A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes (e.g., can be mounted once read/write or many times read-only). SC --> A StorageClass provides a way for administrators to describe the "classes" of storage they offer. Different classes might map to quality-of-service levels, or to backup policies, 60. What is Ephemeral storage in container? Pods use ephemeral local storage for scratch space, caching, and logs. However, life time of ephemeral storage doesn't go beyond pod i.e pod deleted data stored in ephemeral will be deleted. 61. Which provisioner kubernetes support? Kubernetes support Storage Class (SC) provisioner like cloud storages. 62. What is static and dynamic PV? A static PV simply means that some k8s administrator provisioned a persistent volume in the cluster and it’s ready to be consumed by other resources. Dynamic volume provisioning allows storage volumes to be created on-demand. 63. What are the specifications needed to launch PVC? First we need to tell what is the storage class name, by using keywords storageClassName: Second, we need to tell what is the access mode policy, by using the keywords accessModes:

  • ReadWriteOnce Next, we need to mention our request for storage resource in the form of resources:

  1. requests:

  2. storage: 10Gi

  1. What is the difference between RWO and RWX? These are the two types of access modes used in PVC yaml file: Read Write Once (RWO) – only one node is allowed to access the storage volume at a time for read and write access. Read Write Many (RWX) – many nodes may simultaneously read and write to the storage volume.

  2. Mention the use of Storage Class Storage class helps us to provide dynamic PVs for PVCs raised by clients. Also, SC helps in managing plugins for different storage providers. If the developer says that the PVC is not needed then what will happen to the data that is stored in the main storage. As the

policy is currently "Retain" hence the data will not be removed. As the PV is released the PV cannot be used by other PODs except the name of POD for which it was created earlier, but the data is safe. It has to be manually deleted by editing the policy using the command "kubectl edit pv mypvc" Use command kubectl get PV . If this is done after retaining policy then the data will be deleted. @In Recycle the main data will be removed.When the PVC is deleted then the PV will become "Available" not released.This can be now used and attached. Currently, we have to create a PV before PVC. As we have used hostPath in the PV so the data will come from the worker node. @In delete, say we need 10 gibs so we get it from aws And as soon as the PVC is deleted then the PV is also deleted, so both ebs and the PV will be deleted. 66. By default minikube gives which Storage Class? Whenever minikube is started, they come up with a by default storage class and can be found using command "kubectl get sc". Storage class uses a program called as provisioned and here it is minkube-hostpath. 67. What are Self Service tools? Self-service are tools that automate processes 68. How storage class works behind the scene? SC will sense the presence of any PVC requests and accordingly selects or points out appropriate plugin programs for creating PVs 69. What the work is of /hostpath in kubernetes cluster? The plugin of hostPath is that it will pick up the storage from the path provided in the base OS and will give it to the PVC 70. Which plugin is used in Storage class for NFS storage? The name of plugin is nfs plugin.The only change for pv file is instead of hostPath use nfs and the storage. Syntax is like- nfs: server: "serverip" path: "/mydata" 71. What does RWO access mode means? If multiple pods are launched and each uses the NFS. If any change is done by one pod by going entering the pod, this change will be reflected in all the pods. Rw has 2 types: RWO RWX. RWO: ReadWriteOnce, means that only node can use and not for multiple nodes. RWX- For multiple worker nodes.

  1. Which command is used to check logs in client NFS system? Icat /var/lib/message is used to show logs in NFS system.

  2. Why we need multi node cluster? We need multinode cluster so that high availability functionality can be ensured in case any node goes down or the incoming traffic is high.

  3. What is the function of kube-controller manager? In a multi node cluster, there should be some program which can manage the nodes and monitor the health status of nodes. Such program is called as Kube-controller Manager.

  4. What do you mean by SPOF( single point of failure ) In a single node cluster, all the application/resources are deployed in one node. Then by chance, if the incoming traffic is huge or that physical node is down then the entire application goes down. Such situation in which we cannot ensure redundancy to applications due to the presence of only single node is called as SPOF.

  5. Which program decides where to launch the pods? In k8s cluster, master node has a program which controls where a particular POD has to be launched, such program is called scheduler.

  6. Which program takes the request from kube-controller manager to launch the containers? Kubelet is the program that takes the request from KCM to launch containers. In this situation kubelet is acting as an interface between master node and other container engine nodes.

  7. Who decides the ip of any pod? Master node decides the IP of PODs. To be specific, inside master node there is a program called kubeadm which does this part.

  8. Which driver kubernetes support? systemd driver is supported which by default docker doesnt have in it.

  9. How to ignore the errors for number of CPU and free memory? To ignore the min requirement warning we use, --ignore-preflight-errors=NumCPU-- ignore-preflight-errors= Me

  10. What is tc? TC is a software package which we get from iproute-tc, it is required by kubernetes for internal traffic routing.

  11. What is Namespace? Basically, namespace is collection of resources (limited or unlimited, depending on quota allocations that are isolated and can't be seen by other tenants or users. It is a way using which kubernetes provides isolation. Using namespace space a single company with multiple teams can use the same kubernetes cluster. It provides isolation and security.

  12. Why after Worker node join to Master node takes time to Ready Node? After worker node joins the master node, the configuration behind the scene takes time to get the node ready to use.

  13. What is Multi-Tenancy provides? Multi tenancy feature helps kubernetes to share its resources with multiple tenants at same time besides maintaining security.

  14. What is Veth? Basically it is also a network interface. In container world perspective, every network interface (or NIC) of container is internally seen as a sub-interface of the docker host. That means, nic of container is not real nic (As we see for any server or computer), hence the name vNIC or vETH , which means virtual nic or virtual Ethernet

  15. What is VXLAN? In simple words, VXLAN means extended LAN. That is, it is a group of LANs which are interconnected with the help of tunneling programs or plugins. Every tunneling program uses some techniques for tunneling like GRE and VXLAN. Flannel program uses VXLAN tunnel technique. Because of VXLAN we can establish overlay network that aids network communication between multiple nodes across different LANs but under one VXLAN.

  16. What is Overlay Network? With the help of software defined networks, programs establish their own network communication channel between different LANs upon underlay network is called as Overlay network. This is possible with the help of tunneling where packet masking actually happens. In this kind of scenarios, programs actually make use of nic interface of underlying host (commonly called as underlay network).

  17. What is the port number of the KubeAPI server? 6443 is the port number of the KubeAPI server.

  18. How can we connect our local system as a user to the K8s cluster in cloud? Username and password configured in kube-config file. So local system users can access the API Server by username and password. Kubectl get --kubeconfig.

  19. What is Flannel and what does it do? Flannel is a CNI plugin in K8S and it take care of underlying network connection between Master and Worker nodes.

  20. What is Tunneling? Tunneling is a process to create virtual network called overlay network. Overlay network will help in underlying network.

  21. What is VxLAN, IP Masquerading? VxLAN means Virtual extending LAN which is used to create tunneling.

  22. How are the PODs networking managed in K8s? flannal

  23. What is CNI? Container Network Interface will manage the connection between pods. CNI is present in all worker nodes like a switch.

  24. What is etcd? etcd is an open source distributed key-value store used to hold and manage the critical information that distributed systems need to keep running.

  25. What is the port number of the KubeAPI server? 6443

  26. How can we connect our local system as a user to the K8s cluster in cloud? In the kubectl command, we should use keywords like: --server :6443, For example: kubectl get pods --server 54.86.177.22:6443; to connect with k8s cluster from our local system

  27. What challenges will we face while doing the above connection and what is the solution to that? It allows only two private IP address of the AWS instance not allows to public IP address of the master not.

  28. What is Flannel and what does it do? It is the program which acts as router and switches. Basically it provides the networking.

  29. What is Tunneling? Tunneling is used to create an overlay network which means it is used to connect to different subnet by the tunneling method.

  30. What is VxLAN, IP Masquerading? VXLAN stands virtual extended LAN which fulfill the requirement of the networking and flannel. If network packets have to travel from one LAN to another then it uses some kind of hiding technique. This technique is called as IP masquerading which is a form of hiding the network addresses. This is analogous to NATing.

  31. How is the PODs networking managed in K8s? PODs networking is managed in K8s by flannel it provides various IP range and subnet to nodes configured accordingly.

  32. What is CNI? CNI means Container Network Interface, It act as an interface between network providers and Kubernetes pod networking. It is used for managing networks.

  33. How can we see what IP range has been provided to a worker node for the PODs? We can check in /var/run/flannel/subnet.env we can check in above file to see the range which are using in Pods.

  34. What are the plugins that helps in creating the CNI? Plugins like Flannel, Calico Weave net helps in creating the CNI.

  35. What is etcd ? It is known as the database for management allocation in K8s. It store the metadata for kubernetes

  36. What is network namespace and what does flannel do with it? The namespace is like creating our own environments in the k8s .The flannel is the program which provides networking between the pods and also provides communication b/w different node's pods.

  37. What is Access and Identity in K8s? -->Access means permissions given by k8s admin to users to access the k8s cluster resources Identity means authenticating the k8s cluster using the user name.

  38. What is IAM? -->Identity access management: policies to ensure proper and authorized people can access resources.

  39. What is the use of role and role-binding? --> Roles means to assign responsibilities and permissions.

  40. What is RBAC? -->Role based access control that means to give access to user via creating roles in k8s cluster.

  41. Command to get the details of the cluster -->.kubectl cluster-info

  42. What is the meaning of the term Control Plane? -->master node is k8s cluster

  43. What are the different types of Authentication? -->3 types are Password based authentication, Key based authentication and Certificate based authentication.

  44. Which authentication type is highly supported by K8s? Certificate base authentication

  45. What are the drawbacks of password based and key based authentication? The password base is less secure and key base authentication is secure but difficult to manage.

  46. What is CSR and CRT? CSR: Certificate Signing Request is sent to master from the node. CRT: Chinese Reminder Theorem is sent to the node as a reply.

  47. Which is the most commonly used algorithm in the asymmetric key cryptography? -->RSA

  48. Steps to achieve certificate based authentication?

  49. Generate Private Key.

  50. Create a certificate

  51. Send CSR

  52. Authenticated by CA

  53. Send CRT

  54. What is openSSL? -->A command-line tool used to generate private keys.

  55. How to create a new Kubernetes config file? --> kubectl config --kubeconfig,filename. kubeconfig set-cluster cluster_name --server IP:Port

  56. How to switch the contexts in K8s? -->kubectl config use-context.

  57. What are the different ways of authentication? Primarily there are 4 ways of authentication: 1) User/password 2) User/Token 3) User/cert 4) User/SSO.

  58. How can we list the clusters our local system can have access to? kubectl config get-clusters or kubectl config get-clusters --kubeconfig vimal.kubeconfig.

  59. What does context mean in kubernetes? Let's assume our laptop which has minikube and also access to AWS. That means my laptop can literally reach to k8s clusters of minikube and AWS. So when we type kubectl create pod ...... then how will they come to know which cluster it has to use. For this, we need to use context

  60. How can we edit or add new context or cluster information? To create context, we need to use: kubectl config set-context vimal@awskubecluster --user=vimal --cluster awskubecluster --kubeconfig vimal.kubeconfig. To switch, kubectl config use-context vimal@awskubecluster --kubeconfig vimal.kubeconfig kubectl config current-contaxt --kubecopnfig vimal.kubeconfig

  61. How to reverse the certificate and see the information? openssl x509 -in apiserver.crt -text -noout

  62. What is Subject alternative name and what error it can solve for kubernetes client? Inside the crt file, we have some section called as SAN subject alternative name, which tells what are the IPs linked to this particular certificate. (In other words if anyone tries to access the resources other than the IP mentioned in cert file, then it won't allow).

This section doesn't have public IP of AWS listed in SAN. For this, we need to add that one here. After we add pub IP, anyone from anywhere in the world can access this pub IP of k8s cluster of AWS. 129. How to create namespace and role for that namespace? kubectl create ns kubectl create role vimal-tech --resources=pods --verb=get,list -n tech 130. How to bind the role to a specific user? kubectl create rolebinding --role vimal-tech --user vimal -n tech 131. How can we edit the roles once binded? kubectl edit role vimal-tech -n tech. 132. What is kubernetes API server? The Kubernetes API server validates and configures data for the api objects which include pods, services, replication controllers, and others. The API Server services REST operations and provides the frontend to the cluster's shared state through which all other components interact. 133. What is Certificate based authentication in kubernetes? Certificate based authentication is the authentication type which is highly supported by K8s. Creating a private key in Linux Redhat VM for kubectl client àCreate a CSR in same VM àThen send CSR to K8Master àThen revert with CRT from master back to WS. 134. Which option is available in vi for copy and pasting the data from one file to another file? For copy --> y $ For paste --> p 135. How we can see the status of our pod? Kubectl get pods Or Kubectl describe pod < name of pod> 136. How we can give the extra privileges in kubernetes? Using RBAC we can extra privileges to resources in Kubernetes. 137. What are API groups in kubernetes? API groups make it easier to extend the Kubernetes API. The API group is specified in a REST path and in the api Version field of a serialized object. There are several API groups in Kubernetes: The core (also called legacy) group is found at REST path /api/v1.

Prerequisites to set up the AWS EKS on your local Ubuntu 22.04 machine:

Step 1: Install AWS CLI

bashCopy code# Update package list
sudo apt update

# Install AWS CLI version 2
sudo apt install -y aws-cli

# Verify the installation
aws --version

Step 2: Install kubectl

bashCopy code# Download kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

# Make kubectl executable
chmod +x kubectl

# Move kubectl to a directory in your PATH
sudo mv kubectl /usr/local/bin/

Step 3: Install eksctl

bashCopy code# Download eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64" > eksctl

# Make eksctl executable
chmod +x eksctl

# Move eksctl to a directory in your PATH
sudo mv eksctl /usr/local/bin

Step 4: Install Helm

To install Helm on Ubuntu, you can use the package manager snap.

bashCopy code# Install Helm with snap
sudo snap install helm --classic

Step 5: Set Up a Domain Name System (DNS)

This step involves configuring DNS, and it is independent of your local OS. You can set up DNS with services like AWS Route 53 or any other DNS provider.

Step 6: Create an AWS EKS Cluster

Now, you can create an AWS EKS cluster using the eksctl tool.

bashCopy codeeksctl create cluster --name your-cluster-name --region your-region --version 1.22

Make sure to replace your-cluster-name and your-region with your preferred cluster name and region.

Once you've completed these steps, you'll have the prerequisites set up on your local Ubuntu 22.04 machine for AWS EKS.

Helm Install

Download the gpg key

curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null

Install the apt-transport-https

sudo apt-get install apt-transport-https --yes

Add Helm repository

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list

Update your system packages

sudo apt-get update

Install Helm

sudo apt-get install helm

aws --version

Download eksctl CLI tool for creating EKS Clusters on AWS

curl --silent --location "[github.com/weaveworks/eksctl/releases/lates.. -s)_amd64.tar.gz" | tar xz -C /tmp

Move eksctl setup to /usr/local/bin directory

sudo mv /tmp/eksctl /usr/local/bin

Check eksctl version

eksctl version

Download the latest release with the command:

curl -LO "[dl.k8s.io/release/$(curl](https://dl.k8s.io.. -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl/bin/linux/amd64/kubectl)"

Install kubectl

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

Test to ensure the version you installed is up-to-date:

kubectl version --client

On AWS Console:

  1. Create an AWS IAM service role and an AWS VPC.

  2. Create Amazon EKS cluster.

  3. Configure kubectl for Amazon EKS cluster.

  4. Launch and configure Amazon EKS worker nodes.

After setting up your local machine and AWS console, you can use Helm to deploy your BigID app on your EKS cluster.

Create an AWS IAM service role:

  • Sign in to the AWS Management Console and open the IAM console.

  • In the navigation pane of the IAM console, choose Roles, and then choose Create role.

  • Choose the AWS Service role type, and then choose the service that you want to allow to assume this role.

  • Choose the use case for your service.

  1. Create an AWS VPC:

    • Go to the VPC section in the AWS Console, create a VPC, and give it a name and a CIDR block address.

    • When creating a VPC, a Route Table, Network ACL, and Security Group are automatically created.

    • Open the Amazon VPC console and choose the Region to create your VPC in.

  2. Create an Amazon EKS cluster:

    • Create an IAM role for the cluster with necessary permissions.

    • Create a VPC for the cluster with necessary subnets and security groups.

    • Launch an EC2 instance with the EKS-optimized AMI and join it to the cluster.

  3. Configure kubectl for Amazon EKS cluster:

    • Install kubectl and aws-iam-authenticator.

    • Update kubeconfig with the cluster details you want to connect to by running: aws eks update-kubeconfig --name <clustername> --region <region>.

    • Once you get the kubeconfig, if you have access, then you can start using kubectl.

  4. Launch and configure Amazon EKS worker nodes:

    • Create an IAM role for worker nodes with necessary permissions.

    • Launch an EC2 instance with EKS-optimized AMI and join it to the cluster.

    • Verify that the node is registered and ready in the cluster.