gitea/cka-SVV
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

message

Browse Source
This commit is contained in:
sandervanvugt
2024-11-13 11:13:14 +01:00
parent 0630eb32e6
commit a64c9fdff9
21 changed files with 401 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
labs/exam-task1.sh Normal file
View File

@@ -0,0 +1,39 @@
if kubectl get ns indiana &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t namespace indiana was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t namespace indiana was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if [[ $(echo $(kubectl get -n indiana secret insecret -o yaml | awk '/color/ { print $2 }')| base64 -d) == blue ]] &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t secret insecret with COLOR=blue was found"
SCORE=$(( SCORE + 10 ))
elif kubectl get -n indiana secret insecret &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t secret insecret was found, but not with the expected variable"
else
echo -e "\033[31m[FAIL]\033[0m\t\t secret insecret was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if [[ $(echo $(kubectl get pods -n indiana inpod -o jsonpath='{.spec.containers[*].image}')) == nginx:latest ]] &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t found pod inpod that uses the latest version of nginx"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t pod inpod that uses the latest version of the nginx image was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl get pods -n indiana inpod -o yaml | grep insecret &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t pod inpod uses the secret insecret"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t pod inpod doesn't use the secret insecret"
fi
TOTAL=$(( TOTAL + 10 ))

8
labs/exam-task10.sh Normal file
View File

@@ -0,0 +1,8 @@
if helm list | grep mysql &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t you have successfully installed the bitnami mysql chart"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t bitnami mysql chart not found"
fi
TOTAL=$(( TOTAL + 10 ))

26
labs/exam-task11.sh Normal file
View File

@@ -0,0 +1,26 @@
if kubectl get ns nebraska &>/dev/null &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t namespace nebraska was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t namespace nebraska was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl -n nebraska get deploy | grep snowdeploy &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t Deployment snowdeploy was found in Namespace nebraska"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t Deployment snowdeploy was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl -n nebraska get deploy snowdeploy -o yaml | grep -A1 requests | grep 64Mi &>/dev/null && kubectl -n nebraska get deploy snowdeploy -o yaml | grep -A1 limits | grep 128Mi &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t the requested memory request and limits have been found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t the requested memory request and limits have not been found"
fi
TOTAL=$(( TOTAL + 10 ))

27
labs/exam-task12.sh Normal file
View File

@@ -0,0 +1,27 @@
if kubectl get ns | grep birds &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t namespace birds was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t namespace birds was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if [[ $(kubectl -n birds get pods --show-labels --selector=type=allbirds | grep bird | wc -l) == "5" ]] &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t good, 5 pods with label type=allbirds were found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t couldn't finf 5 pods with the label type=allbirds"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl get -n birds svc allbirds | grep 32323 &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t NodePort Service allbirds listening on nodePort 32323 was found in Namespace birds"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t no NodePort Service allbirds listening on nodePort 32323 was found in Namespace birds"
fi
TOTAL=$(( TOTAL + 10 ))

17
labs/exam-task13.sh Normal file
View File

@@ -0,0 +1,17 @@
if kubectl get pods -o yaml securepod | grep 'runAsGroup: 2000' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t securepod is running with group ID 2000"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t securepod is not running with group ID 2000"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl get pods -o yaml securepod | grep 'allowPrivilegeEscalation: false' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t container in pod securepod has privilege escalation disabled"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t container in pod securepod has privilege escalation not disabled"
fi
TOTAL=$(( TOTAL + 10 ))

18
labs/exam-task14.sh Normal file
View File

@@ -0,0 +1,18 @@
if docker images | grep myapp | grep '1.0' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t container image myapp:1.0 was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t container image myapp:1.0 was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if [ -f /tmp/myapp.tar ]
then
echo -e "\033[32m[OK]\033[0m\t\t tar archive /tmp/myapp.tar was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t tar archive /tmp/myapp.tar was not found"
fi
TOTAL=$(( TOTAL + 10 ))

8
labs/exam-task15.sh Normal file
View File

@@ -0,0 +1,8 @@
if kubectl get pod securepod -n oklahoma -o yaml | grep 'serviceAccount: secure' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t pod securepod in namespace oklahoma found and it is using the serviceaccount secure"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t couldn't find the pod securepod in namespace oklahoma that uses the serviceaccount secure"
fi
TOTAL=$(( TOTAL + 10 ))

11
labs/exam-task2.sh Normal file
View File

@@ -0,0 +1,11 @@
kubectl get pods -A --selector tier=control-plane | awk 'NR > 1 { print $2 }' > /tmp/task2file.txt
if diff /tmp/task2file.txt /tmp/task2pods
then
echo -e "\033[32m[OK]\033[0m\t\t all pods with label tier=control-plane were found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t your result file doesn't show all pods with the label tier=control-plane"
fi
TOTAL=$(( TOTAL + 10 ))

17
labs/exam-task3.sh Normal file
View File

@@ -0,0 +1,17 @@
if kubectl get cm task3cm -o yaml |grep index.html &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t a configmap with the name task3cm was found with the right contents"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t configmap with the name task3cm was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl describe pod oregonpod | grep -A1 'ConfigMap' | grep task3cm &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t the pod oregonpod has the configmap task3cm mounted"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t the pod oregonpod doesn't seem to have the configmap task3cm mounted"
fi
TOTAL=$(( TOTAL + 10 ))

8
labs/exam-task4.sh Normal file
View File

@@ -0,0 +1,8 @@
if kubectl get pods sidepod -o yaml | grep -A 10 initContainers | grep 'restartPolicy: Always' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t found a pod sidepod that runs a sidecar container"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t didn't find a pod sidepod that runs a sidecar container"
fi
TOTAL=$(( TOTAL + 10 ))

17
labs/exam-task5.sh Normal file
View File

@@ -0,0 +1,17 @@
if kubectl get ns probes &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t namespace probes was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t namespace probes was not found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl describe pods -n probes probepod | grep Liveness | grep '/healthz' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t pod probepod was found, as well as its Liveness probe"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t no pod probepod with correct liveness probe was found"
fi
TOTAL=$(( TOTAL + 10 ))

22
labs/exam-task6.sh Normal file
View File

@@ -0,0 +1,22 @@
# get the revision number of the last update that was found
kubectl rollout history deployment updates > /tmp/task6.txt
LAST=$(tail -2 /tmp/task6.txt | head -1 | awk '{ print $1 }')
BEFORE=$(( LAST -1 ))
if kubectl rollout history deployment updates --revision=${LAST} | grep 'nginx:1.17' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t last revision of the updated deploy is set to nginx:1.17"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t last revision of the updated deploy is not set to nginx:1.17"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl rollout history deployment updates --revision=${BEFORE} | grep 'nginx:latest' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t previous revision of deploy updated was using nginx:latest"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t previous revision of deploy updated not found or not using nginx:latest"
fi
TOTAL=$(( TOTAL + 10 ))

36
labs/exam-task7.sh Normal file
View File

@@ -0,0 +1,36 @@
if grep $(minikube ip).*myapp.info /etc/hosts &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t name resolution for myapp.info is setup"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t no name resolution for myapp.info was found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl describe svc task7svc | grep app=updates &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t Service task7svc found and exposes Deploy updates"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t No Service task7svc exposing Deploy updates was found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl get pods -n ingress-nginx | grep controller | grep Running &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t found a running ingress controller"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t no running ingress controller was found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl describe ing | grep task7svc:80 &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t ingress rule forwarding traffic to task7svc was found"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\" no ingress rule forwarding traffic to task7svc was found"
fi
TOTAL=$(( TOTAL + 10 ))

17
labs/exam-task8.sh Normal file
View File

@@ -0,0 +1,17 @@
if kubectl describe networkpolicy | grep 'PodSelector:.*type=webapp' &>/dev/null && kubectl describe networkpolicy | grep 'PodSelector:.*type=tester' &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t NetworkPolicy was found with correct configuration"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t No NetworkPolicy with correct configuration was found"
fi
TOTAL=$(( TOTAL + 10 ))
if kubectl exec -it nevatest -- wget --spider --timeout=1 nevaginx &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t the tester pod can access the nevaginx pod"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t the tester pod cannot access the nevaginx pod"
fi
TOTAL=$(( TOTAL + 10 ))

17
labs/exam-task9.sh Normal file
View File

@@ -0,0 +1,17 @@
if kubectl exec storepod -- cat /usr/share/nginx/html/index.html &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t file index.html accessible through hostPath storage"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t file index.html not accessible through hostPath storage"
fi
TOTAL=$(( TOTAL + 10 ))
if curl $(minikube ip):32032 | grep welcome &>/dev/null
then
echo -e "\033[32m[OK]\033[0m\t\t Pod storepod correctly exposed and hostPath volume content accessible"
SCORE=$(( SCORE + 10 ))
else
echo -e "\033[31m[FAIL]\033[0m\t\t Pod storepod not correctly exposed"
fi
TOTAL=$(( TOTAL + 10 ))