kpt

Infrastructure management tool

.https://cloud.google.com/solutions/managing-cloud-infrastructure-using-kpt

.https://github.com/GoogleCloudPlatform/anthos-security-blueprints

    1  export CLUSTER_NAME=gke
    2  export CLUSTER_ZONE=us-central1-b
    3  export GCLOUD_PROJECT=$(gcloud config get-value project)
    4  gcloud container clusters get-credentials $CLUSTER_NAME     --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT
    5  gcloud container clusters list
    6  kubectl get pods -n istio-system
    7  kubectl get service -n istio-system
    8  kubectl get service -n asm-system
    9  kubectl get pods
   10  kubectl get services
   11  sudo apt install siege
   12  kubectl svc describe istio-ingressgateway
   13  kubectl describe svc istio-ingressgateway
   14  kubectl describe svc istio-ingressgateway -n istio-system
   15  export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \
   16  -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system)
   17  echo The gateway address is $GATEWAY_URL
   18  export CLUSTER_NAME=gke
   19  export CLUSTER_ZONE=us-central1-b
   20  export GCLOUD_PROJECT=$(gcloud config get-value project)
   21  gcloud container clusters get-credentials $CLUSTER_NAME     --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT
   22  export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \
   23  -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system)
   24  kubectl describe svc gateway
   25  kubectl describe svc gateway -n istio-system
   26  kubectl describe svc gateway -n bookinfo-gateway
   27  kubectl describe gateway bookinfo-gateway
   28  kubectl desribe virtualservices bookinfo
   29  kubectl describe virtualservices bookinfo
   30  kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
   31  curl -I http://${GATEWAY_URL}/productpage
   32  kubectl get virtualservices
   33  kubectl describe virtualservices
   34  kubectl get destinationrules
   35  kubectl get destination-rules

  119  cat <<EOF > /tmp/config-management.yaml
apiVersion: configmanagement.gke.io/v1
kind: ConfigManagement
metadata:
  name: config-management
spec:
  clusterName: kpt-tutorial
  git:
    syncRepo: ssh://${EMAIL}@source.developers.google.com:2022/p/${PROJECT}/r/config-management
    syncBranch: main
    secretType: ssh
EOF

  120  kubectl -n config-management-system     apply -f /tmp/config-management.yaml
  121  nomos status --contexts=$(kubectl config current-context)
  122  cd ~
  123  kpt pkg get https://github.com/GoogleCloudPlatform/anthos-security-blueprints.git/restricting-traffic/default-deny ./
  124  mkdir -p ~/config-management/namespaces/default
  125  cat >> ~/config-management/namespaces/default/namespace.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: default
EOF

  126  kpt fn source default-deny/ |     kpt fn run --image=gcr.io/kpt-functions/annotate-config --     annotation_name=anthos-security-blueprint     annotation_value=restricting-traffic |     kpt fn sink ~/config-management/namespaces/default/
  127  cat config-management/namespaces/default/default-deny.yaml
  128  cd ~/config-management/
  129  git add namespaces/default/
  130  git commit -m "Default deny"
  131  git push
  132  kubectl get networkpolicies
  133  kubectl -n default run -i --tty --rm test         --image=busybox --restart=Never -- sh
  134  wget --timeout=3 https://${KUBERNETES_SERVICE_HOST}
  135  gcloud source repos delete config-management --quiet
  136  gcloud container clusters delete kpt-tutorial     --async --quiet --zone=us-central1-a
  137  history

Last updated

Was this helpful?