[Kubernetes] Kubernetes 101: Play with Kubernetes Labs

bigb0ss
bigb0ss
Jan 7 · 5 min read
Image for post
Image for post

Intro

As new year 2021 is coming along, I was assigned to perform a security assessment focusing on a Kubernetes environment. I had some experience with working Kubernetes and containerized environment before, but honestly, those technologies are evolving like crazy. I believe that Kubernetes is currently the most popular and even being most updated open-source project right now!

I thought it would be a good time to share some resources and techniques that I have learned about Kubernetes (or K8S). I would not go into nitty-gritty about Kubernetes technology itself since there are plethora resources to learn about it like Kube Academy.

Play with Kubernetes

Today, I will demonstrate how to create Kubernetes cluster using free Kubernetes playground tool: Play with Kubernetes and deploy simple web application to expose it to the public Internet.

Login

To login, you need to use either github or docker account. I will use docker account to login.

Image for post
Image for post

This will open up another pop-up window to ask for Sign-in.

Image for post
Image for post

After successful login, click “Start” to start the playground lab.

Image for post
Image for post

Add New Instance

The session will be live for 4 hours. After that, it will close session and delete everything. We will click on “+ADD NEW INSTANCE” 3 times to create 3 instances.

Image for post
Image for post
  • Node1 (192.168.0.8) — This will be the Kubernetes Mater/Control Plane node.
  • Node2 (192.168.0.7) — Worker Node1
  • Node3 (192.168.0.6) — Worker Node2
Image for post
Image for post

Initialize Master Node

This lab is awesome that it is already installed with many of the software like kubectl and kubeadm, and it also provide initialization command to setup Kubernetes cluster.

In the Node1 (Master Node — 192.168.0.8), run the following command to initiate the Kubernetes cluster:

kubeadm init --apiserver-advertise-address $(hostname -i) --pod-network-cidr 10.5.0.0/16
Image for post
Image for post

At the end of the output, make sure to copy the following commands, especially for the kubeadm join command:

Note: This will be used to join worker nodes to the master node later.

To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.conf…snip…Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.8:6443 --token cqrinh.hlgvpsp7ikqa828j \
--discovery-token-ca-cert-hash sha256:c7b9773c55b7e35a9dda67612bff1129475b36017089c3905383c04d5b43a05d
Image for post
Image for post

Initialize Networking

When we type kubectl get nodes command, we can see that STATUS of the node is NotReady. This is because we have not initialized networking for the cluster. Run the following command to initialize the networking:

Image for post
Image for post
kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml
Image for post
Image for post

And if we run the kubectl get nodes command again, we can see that the STATUS is now changed to Ready.

Image for post
Image for post

Add Worker Nodes

Now, let’s add Node2 and Node3 to the master node by using the following command on the each instance:

kubeadm join 192.168.0.8:6443 --token cqrinh.hlgvpsp7ikqa828j --discovery-token-ca-cert-hash sha256:c7b9773c55b7e35a9dda67612bff1129475b36017089c3905383c04d5b43a05d
Image for post
Image for post

To verify, run the kubectl get nodes -o wide command on the master node, and we can see that Node2 and Node3 are successfully joined to the master node.

Image for post
Image for post

Install Web Application

We will use the following nginx-app.yaml file to install a web application (Nginx) to our Kubernetes cluster:

apiVersion: v1
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
[Source]: https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml

Without going into too much detail, the above manifest will basically create a LoadBalancer Service to expose the web app using the master node’s public IP (if the node is configured as a public-facing cluster) and deploy 3 replicas of Nginx servers.

Let’s use the following command to deploy the YAML file:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
Image for post
Image for post

To verify, run the following command to check the created Nginx server pods in the worker nodes:

kubectl get pods -o wide

3 replicas of the Nginx servers are successfully created. (2 in Node2 and 1 in Node3)

Image for post
Image for post

And run the following command to check the LoadBalancer creation:

kubectl get svc -o wide

We can see the created the LoadBalancer service, and it is using the port 30736/TCP to expose the Nginx server to the public.

Note: Kubernetes service will pick random ports between 30000 and 32767 by default unless a port is specified in the deployment script.

Image for post
Image for post

Accessing the Web App

Now, using the public URL for the lab instance + using the port 30736, let’s visit the Nginx site via browser.

Image for post
Image for post
Image for post
Image for post

Conclusion

Using the “Play with Kubernetes” lab, I demonstrated the quick setup of Kubernetes cluster + running web application within. This was really simple exercise, and it is not even 1/1000 of what Kubernetes can do. However, I think it is a great start to get your feet wet for Kubernetes at least. Cheers!

The Startup

Get smarter at building your thing. Join The Startup’s +776K followers.

bigb0ss

Written by

bigb0ss

OSCE | OSCP | CREST | Offensive Security Consultant — All about Penetration Test | Red Team | Cloud Security | Web Application Security

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +776K followers.

bigb0ss

Written by

bigb0ss

OSCE | OSCP | CREST | Offensive Security Consultant — All about Penetration Test | Red Team | Cloud Security | Web Application Security

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +776K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store