Updates after 20231011

nicholasdille · nicholasdille · commit c5f21cdfc91f · 2023-10-11T13:10:15.000+02:00
diff --git a/120_kubernetes/04_pods/pod.demo b/120_kubernetes/04_pods/pod.demo
@@ -1,10 +1,10 @@
 # Starting pods
 
 ## Starting a pod using kubectl
-kubectl run -it --image=alpine --rm --command -- bash
+kubectl run -it --image=alpine --rm --command -- sh
 
 ## Remove pod using kubectl
-kubectl delete pod bash
+kubectl delete pod sh
 
 ## View pods (pod is gone)
 
diff --git a/120_kubernetes/30_ingress/infrastructure-as-code.yaml b/120_kubernetes/30_ingress/infrastructure-as-code.yaml
@@ -5,9 +5,9 @@ metadata:
   name: traefik-dashboard
 spec:
   endpoints:
-  - dnsName: traefik.seat0.inmylab.de
+  - dnsName: ${DNS_NAME}
     recordTTL: 300
-    recordType: A
+    recordType: CNAME
     targets:
     - lb.seat0.inmylab.de
 ---
@@ -21,19 +21,21 @@ spec:
     name: letsencrypt-prod
     kind: ClusterIssuer
   dnsNames:
-  - traefik.seat0.inmylab.de
+  - ${DNS_NAME}
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik-dashboard
 spec:
   entryPoints:
-  - http
+  - https
   routes:
-  - match: Host(`traefik.seat0.inmylab.de`)
+  - match: Host(`${DNS_NAME}`)
     kind: Rule
     services:
     - name: traefik-dashboard
       port: 80
       strategy: RoundRobin
+  tls:
+    secretName: traefik-dashboard
diff --git a/120_kubernetes/30_ingress/proxy.demo b/120_kubernetes/30_ingress/proxy.demo
@@ -0,0 +1,7 @@
+# kubectl proxy
+
+## Start proxy
+kubectl proxy
+
+## Access service
+curl -s http://127.0.0.1:8001/api/v1/namespaces/default/services/web:80/proxy/
diff --git a/120_kubernetes/30_ingress/proxy.md b/120_kubernetes/30_ingress/proxy.md
@@ -0,0 +1,7 @@
+## `kubectl proxy`
+
+XXX
+
+### Demo
+
+Commands [](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/30_ingress/proxy.demo)
diff --git a/120_kubernetes/30_ingress/slides.md b/120_kubernetes/30_ingress/slides.md
@@ -96,16 +96,18 @@ Use with single node Docker for testing
 
 Supports HTTP(S) and TCP
 
-Resource definition `Middleware` to mutate requests and responses
+Resource definition `Middleware` to mutate requests and responses, e.g.
+
+- Redirect (permanently) using `RedirectRegEx`
+- Rewriting paths using `ReplacePathRegex`
+- Managing request and response headers using `Headers`
 
 Dashboard to inspect active configuration
 
-### Demo
+### Demo [](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/30_ingress/traefik.demo)
 
 Deploy traefik as ingress controller using a host port
 
 Deploy demo applications `foo` and `bar`
 
 Add `IngressRoute` resources
-
-Commands [](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/30_ingress/traefik.demo)
diff --git a/120_kubernetes/30_ingress/traefik.demo b/120_kubernetes/30_ingress/traefik.demo
@@ -14,5 +14,8 @@ kubectl apply -f traefik.yaml
 ## Deploy demo services
 kubectl apply -f demo.yaml
 
+## Deploy IngressRoute
+kubectl apply -f ingressroute.yaml
+
 ## Test connection
 curl --silent --resolve traefik.seat0.inmylab.de:80:127.0.0.1 http://traefik.seat0.inmylab.de/dashboard/
diff --git a/2023-11-03_heise-Kubernetes-absichern.html b/2023-11-03_heise-Kubernetes-absichern.html
@@ -54,6 +54,8 @@
 
 <!--
     TODO: RBAC, Policies, Network Policies, SBoM, Supply Chain Security
+
+    TODO: RBAC finden von sub-resources pod/exec
 -->
 
 <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
