Skip to main content

Solution | Secure Workloads in Google Kubernetes Engine: Challenge Lab | 2022

 

Task 0: Download the necessary files: 

gsutil cp gs://spls/gsp335/gsp335.zip .

unzip gsp335.zip


Task - 1: Setup cluster


gcloud container clusters create <cluster-name> \
   --zone us-central1-c \
   --machine-type n1-standard-4 \
   --num-nodes 2 \
   --enable-network-policy



gcloud sql instances create <your-sql-instance-name> --region us-central1

Task - 2: Setup wordpress:

  • Create database - wordpress


Go to the SQL -> open the  created instance (wordpress-db-387) -> then database -> Create database 
Database name :wordpress
Create

-> users-> add user Account
User name: wordpress
Add

  • Add user - wordpress (no password)

  • Service account


gcloud iam service-accounts create <your-service-account-credentials>


gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
   --member="serviceAccount:<your-service-account-credentials>@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \
   --role="roles/cloudsql.client"

gcloud iam service-accounts keys create key.json --iam-account=<your-service-account-credentials>@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com

kubectl create secret generic cloudsql-instance-credentials --from-file key.json

kubectl create secret generic cloudsql-db-credentials \
   --from-literal username=wordpress \
   --from-literal password=''

  • Remember the passowrd you set-up above as you'll need it later.


  • Create the WordPress deployment and service


kubectl create -f volume.yaml

  • Go to the overview page of your Cloud SQL instance, and copy the Connection name.


  • Open wordpress.yaml with your any editor, and replace INSTANCE_CONNECTION_NAME (in line 61) with the Connection name of your Cloud SQL instance and Save the file changes.


kubectl apply -f wordpress.yaml

Task - 3: Setup Ingress with TLS:

helm version

helm repo add stable https://charts.helm.sh/stable
helm repo update

  • If your environment does not install with Helm


curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

  • Now, you can continue:


helm install nginx-ingress stable/nginx-ingress --set rbac.create=true

kubectl get service nginx-ingress-controller

. add_ip.sh

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.16.0/cert-manager.yaml

kubectl create clusterrolebinding cluster-admin-binding \
   --clusterrole=cluster-admin \
   --user=$(gcloud config get-value core/account)

  • Edit issuer.yaml and set the email address Save the file changes and run


kubectl apply -f issuer.yaml


kubectl apply -f ingress.yaml


Task - 4: Set up Network Policy:


  • Goto editor and in network-policy.yaml add it at the end

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
   name: allow-nginx-access-to-internet
spec:
 podSelector:
     matchLabels:
          app: nginx-ingress
 policyTypes:
 - Ingress
 ingress:
 - {}

  • Then run below command in cloud shell 


kubectl apply -f network-policy.yaml

Task - 5: Setup Binary Authorization:


  • Goto Cloud Console -> Security -> Binary Authorization.

  • Enable the Binary Authorization API.

  • On Binary Authorization page, click Edit POLICY.

  • Select Disallow all images for the Default rule.

  • Scroll down to Custom exemption rules, click ADD Add Image Pattern then paste the below image path in New image pattern

  1. docker.io/library/wordpress:latest

  • Repeat the above two steps to add the following image paths

  1. us.gcr.io/k8s-artifacts-prod/ingress-nginx/*

  2. gcr.io/cloudsql-docker/*

  3. quay.io/jetstack/*

  • Click SAVE POLICY.

  • Navigate to Kubernetes Engine -> Clusters.

  • Click your cluster name to view its detail page.

  • Edit Binary authorization and Enable Binary Authorization then SAVE CHANGES.


Task - 6: Setup Pod Security Policy:


  • Editing for psp-restrictive.yaml is shown through the script editor. 

  • replace appVersion: extensions/v1beta1 with policy/v1beta1

  • Save the changes & apply the config through kubectl.



kubectl apply -f psp-role.yaml
kubectl apply -f psp-use.yaml
kubectl apply -f psp-restrictive.yaml



Thanks for reading this blog!!!
Labels:

Comments

Post a Comment

Popular Posts

Types of operating systems

Today there are lot of operating systems in the internet but actually they are only based on these main operating systems. What we see on internet is that windows is an OS, Linux is an OS but actually it is not really true. These are true only in simple understanding but when we explore computers more then we see there are lot of types of operating systems available in the market. These are written below...... Batch Operating System Multi-programming OS. Time-sharing or multitasking operating systems Distributed operating System Network operating System Real Time operating System Hard real--time systems Soft real--time systems Batch operating system: These operating system can not interact directly with the computer. Batch processing is a technique in which an Operating System collects the programs and data together in a batch before processing starts.   Multi-programming OS: These type of OS are able to run multiple jobs simultaneously in the memory. For it, memory is considered a...
1 comment
Read more

Know Operating Systems (Briefly)

OPERATING SYSTEM :     Today's lot of operating systems have arrived in the marketplace, but some OS gets failed because of their specifications or trends. Let me tell you what is an Operating System in short " an operating system is just a system software which help us to communicate with a machine using graphical or command line interface."     That's means when someone using his/her smartphone or computer or any type of device that's sure this device has an operating system and there is a proper way to use this device. Every Operating system has its own way or type of using it.    An OS is also making a vital role in the device because there are lot of things in a device which depends on the OS like bluetooth-connectivity, wireless-connections, display and many more things.   WORKING PROCESS :   Basically an OS is a system software so it contains all information about the hardware of this device.    Now...
Post a Comment
Read more

A technical preview of an Operating System

Operating System (OS): An Operating system consists of a set of programs which controls, co-ordinates and supervises the activities of the various components of a computer system. Its function is to link between the computer hardware and the user. An operating system is a software or a series of programmes, which performs various types of functions in order to manage and organize file so". Objectives:  There are lot of objectives of an operating system, actually it covers the birth of a perfect operating system. A user is just like a wanting animal they just want everything. But as a developer we are just tying to make our software more & more better as per user requests. These are some main objectives ------ To describe the basic organization of computer systems. To provide a grand tour of the major components of operating systems. Provide more convenient environment for users. Provide maximum utilized performance to users as per hardware existance. Computer Startup: When a c...
1 comment
Read more

Application Softwares (types of softwares)

  Application Software:   An application software always works under a system software. These softwares are generally a set of one or more programmes, designed to solve a specific problem, or do a specific task e.g. An application software for payroll processing produces pay slips as the major output, and an application software for processing examination results produces mark sheets as the major output along with some other statistical reports.    And also if a person is writing a program to solve his/her personal and particular problems is also comes under the application software. These programs included in an application software package are called application programmes and who made these programs are also known as application programmers. The most commonly known application software are 1. Word Processing Software: A word processing software enables us to make use of a computer system for creating editing, viewing, formatting, storing retrieving and painting ...
Post a Comment
Read more