├── terraform ├── modules │ ├── work_pc │ │ ├── template │ │ │ ├── clean.sh │ │ │ └── boot_zip.sh │ │ ├── password.tf │ │ ├── providers.tf │ │ └── ami.tf │ ├── work_pc_v2 │ │ ├── template │ │ │ ├── clean.sh │ │ │ └── boot_zip.sh │ │ ├── password.tf │ │ ├── providers.tf │ │ └── ami.tf │ ├── worker_lfcs │ │ ├── template │ │ │ ├── clean.sh │ │ │ ├── boot_zip.sh │ │ │ └── worker2.sh │ │ ├── providers.tf │ │ ├── password.tf │ │ └── ami.tf │ ├── k8s_self_managment │ │ ├── template │ │ │ ├── clean.sh │ │ │ └── boot_zip.sh │ │ ├── data.tf │ │ ├── password.tf │ │ ├── providers.tf │ │ ├── time_unic.tf │ │ └── eip.tf │ ├── k8s_self_managment_v2 │ │ ├── template │ │ │ ├── clean.sh │ │ │ └── boot_zip.sh │ │ ├── data.tf │ │ ├── password.tf │ │ ├── providers.tf │ │ ├── time_unic.tf │ │ └── eip.tf │ ├── ssh-keys │ │ ├── key.tf │ │ └── output.tf │ ├── work_pc_v3 │ │ ├── password.tf │ │ ├── providers.tf │ │ └── ami.tf │ ├── vpc │ │ ├── providers.tf │ │ ├── vpc.tf │ │ ├── subnet.tf │ │ ├── output.tf │ │ ├── route_table.tf │ │ └── var.tf │ ├── vpc_v2 │ │ ├── providers.tf │ │ ├── output.tf │ │ └── main.tf │ └── eks │ │ ├── data.tf │ │ ├── aws.tf │ │ ├── eks_log_group.tf │ │ ├── addons.tf │ │ ├── output.tf │ │ └── locals.tf └── environments │ ├── cka │ └── readme.md │ ├── cks │ └── readme.md │ ├── eks │ └── readme.md │ └── hr │ └── readme.md ├── .hooks ├── requirements.txt └── .pre-commit-config.yaml ├── tasks ├── eks │ └── labs │ │ └── 01 │ │ ├── README.MD │ │ ├── worker │ │ └── files │ │ │ ├── 14 │ │ │ └── Dockerfile │ │ │ ├── profile │ │ │ └── worker.sh │ │ └── vpc │ │ └── terragrunt.hcl ├── cks │ ├── labs │ │ ├── 10 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 11 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── worker.sh │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 17 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── master.sh │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 19 │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── 14 │ │ │ │ │ └── Dockerfile │ │ │ │ │ └── worker.sh │ │ │ ├── SOLUTION.MD │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 20 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ └── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ ├── 21 │ │ │ ├── SOLUTION.MD │ │ │ └── worker │ │ │ │ └── files │ │ │ │ └── worker.sh │ │ ├── 22 │ │ │ └── k8s-1 │ │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── 23 │ │ │ └── k8s-1 │ │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── 25 │ │ │ └── k8s-1 │ │ │ │ └── scripts │ │ │ │ ├── admission_config.json │ │ │ │ └── admission_kube_config.yaml │ │ ├── 26 │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 27 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── default-deny.yaml │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 28 │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 29 │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 30 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── worker.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 03 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── SOLUTION.MD │ │ │ ├── README.MD │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── README.MD │ │ ├── 04 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── vpc │ │ │ │ └── terragrunt.hcl │ │ │ └── SOLUTION.MD │ │ ├── 07 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── K8sTrustedImages.yaml │ │ │ ├── README.MD │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 09 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── task9.yaml │ │ │ │ │ ├── profile │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 01 │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── tests.bats │ │ │ │ │ └── worker.sh │ │ │ ├── SOLUTION.MD │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 02 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── master.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ ├── vpc │ │ │ │ └── terragrunt.hcl │ │ │ └── SOLUTION.MD │ │ └── 05 │ │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ │ └── vpc │ │ │ └── terragrunt.hcl │ └── mock │ │ ├── 01 │ │ ├── k8s-9 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── K8sTrustedImages.yaml │ │ ├── k8s-6 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── task9.yaml │ │ │ │ └── task5.yaml │ │ ├── k8s-8 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── admission_config.json │ │ │ │ └── admission_kube_config.yaml │ │ ├── preview.png │ │ ├── k8s-10 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── worker │ │ │ └── files │ │ │ │ ├── 14 │ │ │ │ └── Dockerfile │ │ │ │ ├── profile │ │ │ │ ├── worker.sh │ │ │ │ └── solutions │ │ │ │ ├── 14.MD │ │ │ │ └── 02.MD │ │ ├── k8s-4 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── k8s-2 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── k8s-7 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── k8s-3 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ ├── 02 │ │ ├── k8s-9 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── K8sTrustedImages.yaml │ │ ├── k8s-11 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── master.sh │ │ ├── k8s-6 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── task9.yaml │ │ │ │ ├── task5.yaml │ │ │ │ └── ingress_nginx_conf.yaml │ │ ├── k8s-8 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── admission_config.json │ │ │ │ └── admission_kube_config.yaml │ │ ├── preview.png │ │ ├── k8s-10 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── worker │ │ │ └── files │ │ │ │ ├── 14 │ │ │ │ └── Dockerfile │ │ │ │ ├── profile │ │ │ │ └── solutions │ │ │ │ └── 14.MD │ │ ├── k8s-4 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── k8s-2 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── k8s-7 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── k8s-3 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── master.sh │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ ├── 03 │ │ ├── k8s-9 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── K8sTrustedImages.yaml │ │ ├── k8s-11 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── master.sh │ │ ├── k8s-6 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── task9.yaml │ │ │ │ ├── task5.yaml │ │ │ │ └── ingress_nginx_conf.yaml │ │ ├── k8s-8 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── admission_config.json │ │ │ │ └── admission_kube_config.yaml │ │ ├── preview.png │ │ ├── k8s-12 │ │ │ └── scripts │ │ │ │ └── worker.sh │ │ ├── k8s-10 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── k8s-7 │ │ │ └── scripts │ │ │ │ └── worker.sh │ │ ├── worker │ │ │ └── files │ │ │ │ ├── 14 │ │ │ │ └── Dockerfile │ │ │ │ ├── profile │ │ │ │ └── solutions │ │ │ │ └── 14.MD │ │ ├── k8s-4 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── k8s-2 │ │ │ └── scripts │ │ │ │ └── master.sh │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── master.sh │ │ │ │ └── worker.sh │ │ ├── k8s-3 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── master.sh │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ └── 04 │ │ ├── k8s-6 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ ├── _task9.yaml │ │ │ ├── _task5.yaml │ │ │ └── ingress_nginx_conf.yaml │ │ ├── k8s-7 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── master.sh │ │ ├── k8s-1 │ │ └── scripts │ │ │ └── worker.sh │ │ ├── preview.png │ │ ├── k8s-12 │ │ └── scripts │ │ │ └── worker.sh │ │ ├── k8s-4 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── default-deny.yaml │ │ ├── k8s-8 │ │ └── scripts │ │ │ └── worker.sh │ │ ├── worker │ │ └── files │ │ │ └── solutions │ │ │ └── 16.MD │ │ ├── k8s-2 │ │ └── scripts │ │ │ └── master.sh │ │ ├── ssh-keys │ │ └── terragrunt.hcl │ │ ├── k8s-3 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── master.sh │ │ └── vpc │ │ └── terragrunt.hcl ├── cka │ ├── labs │ │ ├── 10 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── ingress_nginx_conf.yaml │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── tests.bats │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 06 │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 01 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── tests.bats │ │ │ ├── README.MD │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 02 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── tests.bats │ │ │ ├── README.MD │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 03 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── ingress_nginx_conf.yaml │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 04 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── ingress_nginx_conf.yaml │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 05 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 07 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ └── worker.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ ├── worker.sh │ │ │ │ │ ├── solutions │ │ │ │ │ └── image │ │ │ │ │ │ ├── prometheus_cpu_usage.jpg │ │ │ │ │ │ └── prometheus_with_problem.jpg │ │ │ │ │ └── tests.bats │ │ │ ├── README.MD │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── 08 │ │ │ ├── k8s-1 │ │ │ │ └── scripts │ │ │ │ │ ├── worker.sh │ │ │ │ │ └── master.sh │ │ │ ├── worker │ │ │ │ └── files │ │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ └── 09 │ │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ └── worker.sh │ │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ │ ├── worker │ │ │ └── files │ │ │ │ └── worker.sh │ │ │ └── vpc │ │ │ └── terragrunt.hcl │ └── mock │ │ ├── 01 │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── task18.yaml │ │ ├── k8s-2 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── task18.yaml │ │ │ │ └── master.sh │ │ ├── preview.png │ │ ├── worker │ │ │ └── files │ │ │ │ └── solutions │ │ │ │ ├── 3.MD │ │ │ │ ├── 1.MD │ │ │ │ ├── 2.MD │ │ │ │ ├── 5.MD │ │ │ │ ├── 6.MD │ │ │ │ ├── 8.MD │ │ │ │ ├── 4.MD │ │ │ │ ├── 11.MD │ │ │ │ ├── 9.MD │ │ │ │ ├── 16.MD │ │ │ │ ├── 7.MD │ │ │ │ ├── 19.MD │ │ │ │ ├── 15.MD │ │ │ │ └── 14.MD │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ └── 02 │ │ ├── k8s-1 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ ├── task2.yaml │ │ │ ├── ingress_nginx_conf.yaml │ │ │ └── task6.yaml │ │ ├── k8s-2 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── master.sh │ │ ├── preview.png │ │ ├── k8s-3 │ │ └── scripts │ │ │ ├── master.sh │ │ │ └── worker.sh │ │ ├── k8s-4 │ │ └── scripts │ │ │ └── worker.sh │ │ ├── k8s-5 │ │ └── scripts │ │ │ └── worker.sh │ │ ├── worker │ │ └── files │ │ │ ├── solutions │ │ │ ├── 3.MD │ │ │ ├── 2.MD │ │ │ ├── 6.MD │ │ │ ├── 9.MD │ │ │ ├── 17.MD │ │ │ ├── 8.MD │ │ │ ├── 16.MD │ │ │ ├── 1.MD │ │ │ ├── 12.MD │ │ │ └── 7.MD │ │ │ └── worker.sh │ │ ├── ssh-keys │ │ └── terragrunt.hcl │ │ └── vpc │ │ └── terragrunt.hcl ├── hr │ └── mock │ │ └── 01 │ │ ├── k8s-1 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── master.sh │ │ ├── k8s-2 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ ├── master.sh │ │ │ └── 2.yaml │ │ ├── preview.png │ │ ├── worker │ │ └── files │ │ │ ├── solutions │ │ │ ├── 2.MD │ │ │ ├── 1.MD │ │ │ ├── 5.MD │ │ │ ├── 4.MD │ │ │ └── 3.MD │ │ │ └── worker.sh │ │ ├── ssh-keys │ │ └── terragrunt.hcl │ │ └── vpc │ │ └── terragrunt.hcl ├── lfcs │ └── mock │ │ └── 01 │ │ ├── worker-01 │ │ └── files │ │ │ ├── solutions │ │ │ ├── 15.MD │ │ │ ├── 14.MD │ │ │ ├── 1.MD │ │ │ ├── 4.MD │ │ │ ├── 16.MD │ │ │ ├── 18.MD │ │ │ ├── 6.MD │ │ │ ├── 3.MD │ │ │ ├── 10.MD │ │ │ ├── 23.MD │ │ │ ├── 9.MD │ │ │ ├── 12.MD │ │ │ ├── 17.MD │ │ │ ├── 2.MD │ │ │ ├── 5.MD │ │ │ ├── 13.MD │ │ │ ├── 25.MD │ │ │ ├── 8.MD │ │ │ ├── 19.MD │ │ │ ├── 22.MD │ │ │ ├── 21.MD │ │ │ └── 7.MD │ │ │ └── scripts │ │ │ ├── 18_generator.sh │ │ │ ├── 21_generator.sh │ │ │ ├── 12_generator.sh │ │ │ ├── 08_generator.sh │ │ │ ├── 22_generator.sh │ │ │ ├── 07_generator.sh │ │ │ ├── 09_generator.sh │ │ │ ├── 05_generator.sh │ │ │ └── 17_generator.sh │ │ ├── worker-02 │ │ └── files │ │ │ ├── worker.sh │ │ │ └── tests.bats │ │ └── ssh-keys │ │ └── terragrunt.hcl ├── ica │ └── mock │ │ ├── 02 │ │ ├── k8s-1 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ └── master.sh │ │ ├── k8s-3 │ │ │ └── scripts │ │ │ │ ├── worker.sh │ │ │ │ ├── task13.yml │ │ │ │ └── task10.yml │ │ ├── ssh-keys │ │ │ └── terragrunt.hcl │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ └── 01 │ │ ├── k8s-1 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ └── master.sh │ │ ├── k8s-3 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ ├── task11.yml │ │ │ └── task9.yml │ │ ├── worker │ │ └── files │ │ │ ├── tests │ │ │ └── tests-00.bats │ │ │ └── profile │ │ ├── ssh-keys │ │ └── terragrunt.hcl │ │ └── vpc │ │ └── terragrunt.hcl └── ckad │ └── mock │ ├── 01 │ ├── k8s-1 │ │ └── scripts │ │ │ ├── worker.sh │ │ │ ├── task4.yaml │ │ │ ├── ingress_nginx_conf.yaml │ │ │ ├── task8.yaml │ │ │ ├── task6.yaml │ │ │ └── task5.yaml │ ├── preview.png │ ├── worker │ │ └── files │ │ │ ├── solutions │ │ │ ├── 8.MD │ │ │ ├── 2.MD │ │ │ ├── 17.MD │ │ │ ├── 1.MD │ │ │ ├── 5.MD │ │ │ ├── 18.MD │ │ │ ├── 13.MD │ │ │ ├── 6.MD │ │ │ └── 11.MD │ │ │ └── worker.sh │ ├── ssh-keys │ │ └── terragrunt.hcl │ └── vpc │ │ └── terragrunt.hcl │ └── 02 │ ├── k8s-1 │ └── scripts │ │ ├── worker.sh │ │ ├── task3_1.yaml │ │ ├── ingress_nginx_conf.yaml │ │ ├── task1.yaml │ │ ├── task12.yaml │ │ ├── task18.yaml │ │ ├── task3_2.yaml │ │ ├── task3_3.yaml │ │ └── task6.yaml │ ├── preview.png │ ├── worker │ └── files │ │ ├── 5 │ │ └── Dockerfile │ │ ├── 21 │ │ └── app-21.yaml │ │ └── solutions │ │ ├── 17.MD │ │ ├── 5.MD │ │ ├── 3.MD │ │ ├── 12.MD │ │ └── 14.MD │ ├── ssh-keys │ └── terragrunt.hcl │ └── vpc │ └── terragrunt.hcl ├── logo ├── helm.png ├── aws-icon.png ├── prometheus.png ├── kubernetes-icon.png ├── kubernetes-ckad-color.png ├── logo_cka_whitetext-300x293.png └── kubernetes-security-specialist-logo.png ├── docs ├── images │ ├── ICA.png │ ├── cockpit.png │ └── run_via_docker.gif └── CODE_OF_CONDUCT.md ├── docker ├── ping_pong │ ├── app │ │ └── test_server.sh │ ├── yum.repos │ │ └── mongodb-org-6.0.repo │ ├── Dockerfile │ └── Dockerfile_alpine ├── Dockerfile ├── cks │ ├── 14 │ │ ├── app │ │ │ ├── app1.go │ │ │ └── app2.go │ │ ├── build.sh │ │ ├── Dockerfile1 │ │ └── Dockerfile2 │ ├── 28 │ │ ├── app │ │ │ ├── default_app.go │ │ │ └── read_mem.go │ │ ├── Dockerfile2 │ │ └── Dockerfile1 │ └── mock2 │ │ └── 12 │ │ ├── app │ │ ├── app2.go │ │ └── app1.go │ │ ├── Dockerfile1 │ │ └── Dockerfile2 ├── k8s-svc-sync │ ├── deploy │ │ └── local │ │ │ ├── 2_clusterrole.yaml │ │ │ ├── 3_clusterrolebinding.yaml │ │ │ ├── 1_serviceaccount.yaml │ │ │ └── 5_alert.yaml │ ├── Dockerfile │ └── Dockerfile_alpine ├── build.sh ├── tools │ └── build.sh └── runner │ └── build.sh ├── script ├── find_spot │ └── README.MD └── windows │ └── top_time │ ├── logs.csv │ ├── summary.csv │ └── daily.csv └── .gitignore /terraform/modules/work_pc/template/clean.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.hooks/requirements.txt: -------------------------------------------------------------------------------- 1 | pre-commit==2.13.0 2 | -------------------------------------------------------------------------------- /tasks/eks/labs/01/README.MD: -------------------------------------------------------------------------------- 1 | # EKS lab 01 2 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v2/template/clean.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/template/clean.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/template/clean.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/template/clean.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /terraform/environments/cka/readme.md: -------------------------------------------------------------------------------- 1 | # folder for cka k8s 2 | -------------------------------------------------------------------------------- /terraform/environments/cks/readme.md: -------------------------------------------------------------------------------- 1 | # folder for cks k8s 2 | -------------------------------------------------------------------------------- /terraform/environments/eks/readme.md: -------------------------------------------------------------------------------- 1 | # folder for eks labs 2 | -------------------------------------------------------------------------------- /terraform/environments/hr/readme.md: -------------------------------------------------------------------------------- 1 | # folder for hr mock env 2 | -------------------------------------------------------------------------------- /logo/helm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/helm.png -------------------------------------------------------------------------------- /logo/aws-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/aws-icon.png -------------------------------------------------------------------------------- /docs/images/ICA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/docs/images/ICA.png -------------------------------------------------------------------------------- /logo/prometheus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/prometheus.png -------------------------------------------------------------------------------- /tasks/cks/labs/03/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node " 3 | -------------------------------------------------------------------------------- /tasks/cks/labs/README.MD: -------------------------------------------------------------------------------- 1 | ## [CKS labs list ](..%2F..%2F..%2Fdocs%2Flabs.MD#cks-labs) 2 | -------------------------------------------------------------------------------- /tasks/cks/labs/11/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task 11" 3 | -------------------------------------------------------------------------------- /docs/images/cockpit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/docs/images/cockpit.png -------------------------------------------------------------------------------- /logo/kubernetes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/kubernetes-icon.png -------------------------------------------------------------------------------- /tasks/cka/labs/06/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 6 " 3 | -------------------------------------------------------------------------------- /tasks/cks/labs/04/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task 04 " 3 | -------------------------------------------------------------------------------- /tasks/cks/labs/07/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-9/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task k8s-9" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-9/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task k8s-9" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-9/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task k8s-9" 3 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/k8s-2/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/15.MD: -------------------------------------------------------------------------------- 1 | ```sh 2 | sudo deluser jackson sudo 3 | ``` 4 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-2 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/03/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-2 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/04/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-2 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/05/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-5 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-7 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/08/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-8 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/labs/09/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-8 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/k8s-2/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-2/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-2" 3 | -------------------------------------------------------------------------------- /tasks/cks/labs/10/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-6/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-6" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-8/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-8" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-11/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-11" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-6/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-6" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-8/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-8" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-11/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-3 k8s-11" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-6/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-6" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-8/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-3 k8s-8" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-6/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-4 k8s-6" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-7/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-4 k8s-7" 3 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node ica mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc" { 2 | id = var.vpc_id 3 | } 4 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc" { 2 | id = var.vpc_id 3 | } 4 | -------------------------------------------------------------------------------- /docs/images/run_via_docker.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/docs/images/run_via_docker.gif -------------------------------------------------------------------------------- /logo/kubernetes-ckad-color.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/kubernetes-ckad-color.png -------------------------------------------------------------------------------- /tasks/cka/labs/10/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cka lab-10 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cka/mock/01/preview.png -------------------------------------------------------------------------------- /tasks/cka/mock/02/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cka/mock/02/preview.png -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node ckad mock-1 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/ckad/mock/01/preview.png -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node ckad mock-2 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/ckad/mock/02/preview.png -------------------------------------------------------------------------------- /tasks/cks/labs/20/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cks lab 20 k8s-1" 3 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cks/mock/01/preview.png -------------------------------------------------------------------------------- /tasks/cks/mock/02/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cks/mock/02/preview.png -------------------------------------------------------------------------------- /tasks/cks/mock/03/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cks/mock/03/preview.png -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks mock 04 k8s-1" 3 | 4 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cks/mock/04/preview.png -------------------------------------------------------------------------------- /tasks/hr/mock/01/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/hr/mock/01/preview.png -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | sudo touch /etc/skel/IMPORTANT_NOTES 3 | ``` 4 | -------------------------------------------------------------------------------- /logo/logo_cka_whitetext-300x293.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/logo_cka_whitetext-300x293.png -------------------------------------------------------------------------------- /terraform/modules/work_pc/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | length = 10 3 | special = false 4 | } 5 | -------------------------------------------------------------------------------- /tasks/cks/labs/30/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks lab-30 k8s-1" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-12/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks mock3 k8s-12" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-12/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks mock3 k8s-12" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node ica mock-1 k8s-1" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node ica mock-1 k8s-3" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node ica mock-1 k8s-3" 3 | apt-get update 4 | 5 | -------------------------------------------------------------------------------- /terraform/modules/ssh-keys/key.tf: -------------------------------------------------------------------------------- 1 | resource "tls_private_key" "work" { 2 | algorithm = "RSA" 3 | rsa_bits = 4096 4 | } 5 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v2/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | length = 10 3 | special = false 4 | } 5 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v3/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | length = 10 3 | special = false 4 | } 5 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/1.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | ln ~/file1 /opt/file1 3 | ln -s ~/file1 /opt/softlinkfile 4 | ``` 5 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | length = 10 3 | special = false 4 | } 5 | -------------------------------------------------------------------------------- /docker/ping_pong/app/test_server.sh: -------------------------------------------------------------------------------- 1 | for i in {1..2000}; do 2 | curl -s http://127.0.0.1:8080 | grep 'overloaded'& 3 | done 4 | wait -------------------------------------------------------------------------------- /logo/kubernetes-security-specialist-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/logo/kubernetes-security-specialist-logo.png -------------------------------------------------------------------------------- /tasks/cka/labs/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 2 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 2 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cka/labs/05/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 5 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 7 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cka/labs/08/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 8 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/task4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: messaging 6 | ... 7 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task3_1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: baracuda 6 | --- 7 | -------------------------------------------------------------------------------- /tasks/cks/labs/26/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cks lab 26 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cks/labs/28/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cks lab 28 " 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/4.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | chmod +t /opt/stickydir/ 3 | # OR 4 | chmod 1777 /opt/stickydir/ 5 | ``` 6 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | length = 10 3 | special = false 4 | } 5 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-2 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-3/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-2 k8s-3" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-10/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-10" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-10/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-10" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-10/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-3 k8s-10" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/cks/labs/20/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cks lan 20 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/16.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | mkdir /opt/16 3 | grep -E "^net.*" /etc/services > /opt/16/result.txt 4 | ``` 5 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/k8s-1/scripts/task9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apparmor 5 | labels: 6 | name: apparmor 7 | -------------------------------------------------------------------------------- /tasks/cks/labs/27/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks lab-27 k8s-1" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-6/scripts/task9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apparmor 5 | labels: 6 | name: apparmor 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-6/scripts/task9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apparmor 5 | labels: 6 | name: apparmor 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-6/scripts/task9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apparmor 5 | labels: 6 | name: apparmor 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-7/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cks mock3 k8s-7" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-4/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "*** worker node cks mock 4 k8s-4" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-8/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cks mock4 k8s-8" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/18.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | docker run --name webserv -d ubuntu/apache2 3 | 4 | docker image prune -a 5 | ``` 6 | -------------------------------------------------------------------------------- /docs/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 4 | -------------------------------------------------------------------------------- /script/find_spot/README.MD: -------------------------------------------------------------------------------- 1 | example usage: 2 | ``` 3 | ./find_spot.sh 4 | ./find_spot.sh -i 5 -n 70 5 | 6 | ./find_spot.sh -a arm -i 10 -n 70 7 | ``` -------------------------------------------------------------------------------- /tasks/cks/labs/26/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cks lab-26 k8s-1" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/cks/labs/28/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node cks lab-26 k8s-1" 3 | apt-get update 4 | apt-get -y install tcpdump 5 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-6/scripts/_task9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apparmor 5 | labels: 6 | name: apparmor 7 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/6.MD: -------------------------------------------------------------------------------- 1 | ```sh 2 | find /opt/06/task -type f -exec grep -q 'findme' {} \; -exec cp {} /opt/06/result \; 3 | ``` 4 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-3" 3 | 4 | systemctl disable kubelet 5 | service kubelet stop 6 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-4/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-3" 3 | 4 | systemctl disable kubelet 5 | service kubelet stop 6 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-5/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-2 k8s-3" 3 | 4 | systemctl disable kubelet 5 | service kubelet stop 6 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/3.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k create ns apx-x9984574 7 | ```` 8 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-1/scripts/task2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | creationTimestamp: null 5 | name: dev 6 | spec: {} 7 | status: {} 8 | -------------------------------------------------------------------------------- /terraform/modules/vpc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | provider "aws" { 6 | alias = "cmdb" 7 | region = var.region_cmdb 8 | } 9 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/README.MD: -------------------------------------------------------------------------------- 1 | ## Fix problem with kube-api. 2 | 3 | You have problems with k8s cluster. 4 | Connect to controlPlane **ssh k8s1_controlPlane_1** and fix them. 5 | -------------------------------------------------------------------------------- /terraform/modules/vpc_v2/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | provider "aws" { 6 | alias = "cmdb" 7 | region = var.region_cmdb 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/work_pc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | provider "aws" { 5 | region = var.region_cmdb 6 | alias = "cmdb" 7 | 8 | } 9 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/1.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | 6 | ``` 7 | k run nginx-pod --image nginx:alpine 8 | ``` 9 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/5/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/cks/labs/19/worker/files/14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/worker/files/14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/worker/files/14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/worker/files/14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/eks/labs/01/worker/files/14/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | RUN apt-get update 3 | RUN apt-get -y install curl 4 | 5 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 6 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/18_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | for image in ubuntu alpine busybox nginx httpd mysql postgres; do 4 | docker pull $image 5 | done 6 | -------------------------------------------------------------------------------- /terraform/modules/eks/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet_ids" "example" { 2 | vpc_id = var.vpc_id 3 | } 4 | data "aws_availability_zones" "available" { 5 | state = "available" 6 | } 7 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v2/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | provider "aws" { 5 | region = var.region_cmdb 6 | alias = "cmdb" 7 | 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v3/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | provider "aws" { 5 | region = var.region_cmdb 6 | alias = "cmdb" 7 | 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | provider "aws" { 5 | region = var.region_cmdb 6 | alias = "cmdb" 7 | 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/eks/aws.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | profile = var.aws 4 | } 5 | provider "aws" { 6 | alias = "cmdb" 7 | region = var.region_cmdb 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | provider "aws" { 6 | alias = "cmdb" 7 | region = var.region_cmdb 8 | } 9 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.17.2 2 | RUN apk add --update --no-cache curl netcat-openbsd bash jq 3 | COPY get_secret.sh /usr/bin/get_secret.sh 4 | RUN chmod +x /usr/bin/get_secret.sh 5 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/worker/files/solutions/image/prometheus_cpu_usage.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cka/labs/07/worker/files/solutions/image/prometheus_cpu_usage.jpg -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/2.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ``` 6 | k run messaging --image redis:alpine -l tier=msg 7 | ``` 8 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | provider "aws" { 6 | alias = "cmdb" 7 | region = var.region_cmdb 8 | } 9 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/worker/files/solutions/image/prometheus_with_problem.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ViktorUJ/cks/HEAD/tasks/cka/labs/07/worker/files/solutions/image/prometheus_with_problem.jpg -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/3.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | mkdir /opt/newdir 3 | mv /home/ubuntu/file31 /opt/newdir/ 4 | cp /home/ubuntu/file32 /opt/newdir/ 5 | rm /home/ubuntu/file33 6 | ``` 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/.terragrunt-cache/ 2 | **/.terraform.lock.hcl 3 | venv 4 | **.swp 5 | **.idea 6 | **.terraform 7 | **.__pycache__ 8 | /docker/ping_pong/dist/* 9 | terraform/environments/**/** 10 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/5.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k expose pod messaging --port 6379 --name messaging-service 7 | ```` 8 | -------------------------------------------------------------------------------- /terraform/modules/work_pc/template/boot_zip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update ; apt-get install -y gzip 3 | echo "${boot_zip}" | base64 -d | gzip -d > boot.sh 4 | chmod +x boot.sh 5 | ./boot.sh 6 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v2/template/boot_zip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update ; apt-get install -y gzip 3 | echo "${boot_zip}" | base64 -d | gzip -d > boot.sh 4 | chmod +x boot.sh 5 | ./boot.sh 6 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/template/boot_zip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update ; apt-get install -y gzip 3 | echo "${boot_zip}" | base64 -d | gzip -d > boot.sh 4 | chmod +x boot.sh 5 | ./boot.sh 6 | -------------------------------------------------------------------------------- /docker/cks/14/app/app1.go: -------------------------------------------------------------------------------- 1 | package main 2 | import ( 3 | "time" 4 | ) 5 | func main() { 6 | for { 7 | println("I am working ") 8 | time.Sleep(500 * time.Millisecond) 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/worker/files/tests/tests-00.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | @test "0 Init" { 4 | echo ''>/var/work/tests/result/all 5 | echo ''>/var/work/tests/result/ok 6 | [ "$?" -eq 0 ] 7 | } 8 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/21_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mkdir -p /opt/21/task /opt/21/task-backup /opt/21/result 4 | 5 | echo "backup me, please!" > /opt/21/task/file_to_backup 6 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/password.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "ssh" { 2 | for_each = var.ssh_password_enable ? toset(["enabled"]) : toset([]) 3 | 4 | length = 10 5 | special = false 6 | } 7 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/6.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k create deployment hr-web-app --image nginx:alpine --replicas 2 7 | ```` 8 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/template/boot_zip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update ; apt-get install -y gzip 3 | echo "${boot_zip}" | base64 -d | gzip -d > boot.sh 4 | chmod +x boot.sh 5 | ./boot.sh 6 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/template/boot_zip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update ; apt-get install -y gzip 3 | echo "${boot_zip}" | base64 -d | gzip -d > boot.sh 4 | chmod +x boot.sh 5 | ./boot.sh 6 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/8.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k create ns finance 7 | k run temp-bus -n finance --image redis:alpine 8 | ```` 9 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/3.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | 7 | k create ns team-elephant 8 | k get ns team-elephant 9 | 10 | ``` 11 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/solutions/17.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | k logs -n app-x -l app_name=xxx >/opt/17/17.log 6 | 7 | cat /opt/17/17.log 8 | ``` 9 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/10.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | sudo apt install -y nginx 3 | 4 | sudo systemctl enable --now nginx 5 | #or 6 | sudo systemctl start nginx 7 | sudo systemctl enable nginx 8 | ``` 9 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-02/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker-02 pc mock-1 " 3 | 4 | sudo apt install traceroute -y 5 | 6 | echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 7 | sudo sysctl -p 8 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/8.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | k logs pods/app-xyz3322 6 | k logs pods/app-xyz3322 > /opt/logs/app-xyz123.log 7 | 8 | ``` 9 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/23.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | sudo kill -HUP $(pidof redis-server) 3 | # OR 4 | ps aux | grep redis-server 5 | # take pid of it and send HUP signal 6 | sudo kill -HUP $REDIS_PID 7 | ``` 8 | -------------------------------------------------------------------------------- /terraform/modules/eks/eks_log_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_log_group" "eks" { 2 | name = "/aws/eks/${local.prefix}-eks/cluster" 3 | retention_in_days = var.eks.cloudwatch_retention_in_days 4 | } 5 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/2.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k run util --image busybox:1.36 -n dev --command sleep 3600 7 | k get po util -n dev 8 | ``` 9 | -------------------------------------------------------------------------------- /docker/cks/mock2/12/app/app2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | ) 7 | 8 | func main() { 9 | for { 10 | fmt.Println("I am working") 11 | time.Sleep(2000 * time.Millisecond) 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/solutions/5.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | cd /var/work/5/ 3 | 4 | podman build . -t ckad:0.0.1 5 | 6 | podman save --help 7 | 8 | podman save --format oci-archive -o ckad.tar ckad:0.0.1 9 | 10 | ``` 11 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/9.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # untar 3 | tar -xzf /opt/09/task/backup.tar.gz -C /opt/09/solution/tarbackup 4 | # unzip 5 | unzip -o /opt/09/task/backup.zip -d /opt/09/solution/zipbackup/ 6 | ``` 7 | -------------------------------------------------------------------------------- /docker/cks/28/app/default_app.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "time" 6 | ) 7 | 8 | func main() { 9 | for { 10 | log.Println("I am working...") 11 | time.Sleep(5000 * time.Millisecond) 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/solutions/2.MD: -------------------------------------------------------------------------------- 1 | ```` 2 | k config use-context cluster2-admin@cluster2 3 | 4 | k edit deployment test-app -n dev-team 5 | # updae image tag ->stable and replicas -> 4 6 | k get po -n dev-team 7 | ```` 8 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/4.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | mkdir /var/work/tests/artifacts/4/ -p 7 | k get no -o json > /var/work/tests/artifacts/4/nodes.json 8 | ```` 9 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/time_unic.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "time_static" "time" { 3 | } 4 | 5 | locals { 6 | time_stamp = timestamp() 7 | target_time_stamp = sum([tonumber(time_static.time.unix), tonumber("10")]) 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/time_unic.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "time_static" "time" { 3 | } 4 | 5 | locals { 6 | time_stamp = timestamp() 7 | target_time_stamp = sum([tonumber(time_static.time.unix), tonumber("10")]) 8 | } 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/worker/files/solutions/16.MD: -------------------------------------------------------------------------------- 1 | ```` 2 | vim /var/work/16/Dockerfile 3 | ```` 4 | ```` 5 | ..... 6 | gnupg ; \ 7 | rm -rf /var/lib/apt/lists/* 8 | 9 | ..... 10 | 11 | ..... 12 | USER couchdb 13 | ..... 14 | ```` -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc mock-1 " 3 | cd /var/work/tests/artifacts 4 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/hr/mock/01/worker/files/kube-prometheus-stack.yaml 5 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/12.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # To lock 3 | sudo usermod -L spiderman 4 | # OR 5 | sudo passwd -l spiderman 6 | 7 | # To unlock 8 | sudo usermod -U batman 9 | # OR 10 | sudo passwd -u batman 11 | ``` 12 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/17.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | mkdir -p /opt/17/results 3 | diff /opt/17/file1 /opt/17/file2 > /opt/17/results/text_difference 4 | diff -rq /opt/17/dir1/ /opt/17/dir2/ > /opt/17/results/folder_difference 5 | ``` 6 | -------------------------------------------------------------------------------- /docker/ping_pong/yum.repos/mongodb-org-6.0.repo: -------------------------------------------------------------------------------- 1 | [mongodb-org-6.0] 2 | name=MongoDB Repository 3 | baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/6.0/x86_64/ 4 | gpgcheck=1 5 | enabled=1 6 | gpgkey=https://pgp.mongodb.com/server-6.0.asc 7 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/k8s-1/scripts/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-9" 3 | mkdir -p /opt/course/9/ 4 | cd /opt/course/9/ 5 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/09/k8s-1/scripts/profile 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/worker/files/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/worker/files/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/worker/files/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/eks/labs/01/worker/files/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/worker/files/profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile very-secure flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/2.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k create deployment nginx-app --image nginx:alpine-slim --replicas 2 7 | k get deployment nginx-app 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /script/windows/top_time/logs.csv: -------------------------------------------------------------------------------- 1 | "Name","Sessions","TotalMin","TotalHrs" 2 | "Battle.net.exe","6","22,12","0,37" 3 | "chrome.exe","6","11,63","0,19" 4 | "Agent.exe","2","7,31","0,12" 5 | "SC2_x64.exe","1","0,69","0,01" 6 | "SC2Switcher_x64.exe","1","0,14","0" 7 | -------------------------------------------------------------------------------- /tasks/cks/labs/23/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node 23 " 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-10/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-10" 3 | 4 | mkdir /var/work/ -p 5 | cd /var/work/ 6 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/k8s-10/scripts/profile-nginx.json 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-10/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-10" 3 | 4 | mkdir /var/work/ -p 5 | cd /var/work/ 6 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-10/scripts/profile-nginx.json 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-10/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-3 k8s-10" 3 | 4 | mkdir /var/work/ -p 5 | cd /var/work/ 6 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/03/k8s-10/scripts/profile-nginx.json 7 | -------------------------------------------------------------------------------- /docker/cks/14/app/app2.go: -------------------------------------------------------------------------------- 1 | package main 2 | import ( 3 | "time" 4 | "syscall" 5 | ) 6 | func main() { 7 | for { 8 | println("I am working ") 9 | syscall.Kill(666, syscall.SIGTERM) 10 | time.Sleep(500 * time.Millisecond) 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /script/windows/top_time/summary.csv: -------------------------------------------------------------------------------- 1 | "Name","Sessions","TotalMin","TotalHrs" 2 | "chrome.exe","21","45,22","0,75" 3 | "Agent.exe","2","31,17","0,52" 4 | "Battle.net.exe","6","23,73","0,4" 5 | "SC2_x64.exe","1","0,69","0,01" 6 | "SC2Switcher_x64.exe","1","0,14","0" 7 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/6.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | 6 | k expose deployment web-app -n dev-2 --port 8080 --type NodePort --name web-app-svc 7 | k get svc -n dev-2 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /tasks/cks/labs/01/worker/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | [ "$?" -eq 0 ] 8 | 9 | } 10 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/solutions/1.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | mkdir /var/work/tests/artifacts/1/ -p 3 | aws ec2 describe-instances --region eu-north-1 \ 4 | --filters "Name=tag:env_name,Values=hr-mock" --output json > /var/work/tests/artifacts/1/ec2_1.json 5 | 6 | ``` 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-4/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-4" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-4/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-4" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-4/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-3 k8s-4" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-02/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | [ "$?" -eq 0 ] 8 | 9 | } 10 | -------------------------------------------------------------------------------- /terraform/modules/ssh-keys/output.tf: -------------------------------------------------------------------------------- 1 | output "private_key" { 2 | value = tls_private_key.work.private_key_pem 3 | sensitive = true 4 | } 5 | 6 | output "pub_key" { 7 | value = tls_private_key.work.public_key_openssh 8 | sensitive = true 9 | } 10 | -------------------------------------------------------------------------------- /tasks/cks/labs/07/k8s-1/scripts/K8sTrustedImages.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: k8strustedimages 3 | metadata: 4 | name: k8strustedimages 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Pod"] 10 | -------------------------------------------------------------------------------- /tasks/cks/labs/19/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc 19 " 3 | 4 | 5 | mkdir -p /var/work/14/ 6 | cd /var/work/14/ 7 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/19/worker/files/14/Dockerfile 8 | chmod 777 Dockerfile 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-9/scripts/K8sTrustedImages.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: k8strustedimages 3 | metadata: 4 | name: k8strustedimages 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Pod"] 10 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-9/scripts/K8sTrustedImages.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: k8strustedimages 3 | metadata: 4 | name: k8strustedimages 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Pod"] 10 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-9/scripts/K8sTrustedImages.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: k8strustedimages 3 | metadata: 4 | name: k8strustedimages 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Pod"] 10 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | type: NodePort 4 | nodePorts: 5 | http: 30102 6 | https: 31139 7 | ingressClass: 8 | create: true 9 | name: nginx 10 | setAsDefaultIngress: true 11 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | type: NodePort 4 | nodePorts: 5 | http: 30102 6 | https: 31139 7 | ingressClass: 8 | create: true 9 | name: nginx 10 | setAsDefaultIngress: true 11 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/17.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | echo "kubectl top nodes" > /opt/18/nodes.txt 7 | 8 | echo "kubectl top pod --all-namespaces --sort-by cpu" > /opt/18/pods.txt 9 | ``` 10 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | type: NodePort 4 | nodePorts: 5 | http: 30102 6 | https: 31139 7 | ingressClass: 8 | create: true 9 | name: nginx 10 | setAsDefaultIngress: true 11 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/2.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | sudo chown 750:750 /home/ubuntu/file2 3 | 4 | # Option 1 5 | sudo chmod g+wr,o+r /home/ubuntu/file2 6 | # Option 2 7 | sudo chmod 664 /home/ubuntu/file2 8 | 9 | sudo chmod u+s /home/ubuntu/file2 10 | ``` 11 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/deploy/local/2_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: k8s-svc-sync 5 | rules: 6 | - apiGroups: [""] 7 | resources: ["services", "endpoints", "namespaces"] 8 | verbs: ["get", "list", "watch"] 9 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/9.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | echo 'kubectl get po -n dev-2 -o json --context cluster1-admin@cluster1' >/var/work/artifact/9.sh 7 | bash /var/work/artifact/9.sh 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/worker/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | echo ''>/var/work/tests/result/requests 8 | 9 | } 10 | -------------------------------------------------------------------------------- /tasks/cka/labs/10/worker/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | echo ''>/var/work/tests/result/requests 8 | 9 | } 10 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/12_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | useradd batman 4 | useradd spiderman 5 | 6 | echo "batman:password4batman" | sudo chpasswd 7 | echo "spiderman:password4spiderman" | sudo chpasswd 8 | 9 | passwd -l batman 10 | passwd -u spiderman 11 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/11.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k expose deployment hr-web-app --port 80 --type NodePort --name hr-web-app-service 7 | k edit svc hr-web-app-service # change NodePort number to 30082 8 | ```` 9 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/5.MD: -------------------------------------------------------------------------------- 1 | ```sh 2 | find "/opt/05/task" -type f -perm -u=x > /opt/05/result/execuser; 3 | find "/opt/05/task" -type f -perm -4000 -exec cp {} /opt/05/result/setuid/ \; 4 | find "/opt/05/task" -type f -size +1k -exec cp {} "/opt/05/result/05kb" \; 5 | ``` 6 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/17.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | echo 'kubectl api-resources --namespaced=true --context cluster1-admin@cluster1 ' >/var/work/artifact/17.sh 7 | bash /var/work/artifact/17.sh 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/1.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k get ns apx-z993845 7 | k create ns apx-z993845 8 | 9 | k run webhttpd --image httpd:alpine -n apx-z993845 10 | k get po -n apx-z993845 11 | 12 | ``` 13 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/5.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k create deployment -n messaging msg --image redis 7 | k expose -n messaging deployment/msg --name msg-service --target-port 6379 --type ClusterIP --port 6379 8 | ``` 9 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/13.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # Open /etc/security/limits.conf and add the following line 3 | phoenix hard nproc 20 4 | 5 | # or do that with echo 6 | sudo bash -c 'echo "phoenix hard nproc 20" >> /etc/security/limits.conf' 7 | ``` 8 | -------------------------------------------------------------------------------- /docker/cks/14/build.sh: -------------------------------------------------------------------------------- 1 | docker build --file Dockerfile1 --compress --no-cache -t viktoruj/cks-lab:cks_14_app1 . 2 | docker push viktoruj/cks-lab:cks_14_app1 3 | 4 | docker build --file Dockerfile2 --compress --no-cache -t viktoruj/cks-lab:cks_14_app2 . 5 | docker push viktoruj/cks-lab:cks_14_app2 6 | -------------------------------------------------------------------------------- /script/windows/top_time/daily.csv: -------------------------------------------------------------------------------- 1 | "Day","Name","TotalMin","TotalHrs" 2 | "2025-09-21","chrome.exe","45,22","0,75" 3 | "2025-09-21","Agent.exe","31,17","0,52" 4 | "2025-09-21","Battle.net.exe","23,73","0,4" 5 | "2025-09-21","SC2_x64.exe","0,69","0,01" 6 | "2025-09-21","SC2Switcher_x64.exe","0,14","0" 7 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/8.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | k get deployment redis-node -n db-redis 6 | 7 | k scale deployment redis-node -n db-redis --replicas 1 8 | 9 | k get deployment redis-node -n db-redis 10 | ``` 11 | -------------------------------------------------------------------------------- /tasks/cks/labs/27/k8s-1/scripts/default-deny.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: "deny-all" 6 | namespace: myapp 7 | spec: 8 | endpointSelector: 9 | matchLabels: {} 10 | egress: 11 | - {} 12 | ingress: 13 | - {} 14 | --- -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-4/scripts/default-deny.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: "deny-all" 6 | namespace: myapp 7 | spec: 8 | endpointSelector: 9 | matchLabels: {} 10 | egress: 11 | - {} 12 | ingress: 13 | - {} 14 | --- -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/08_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | mkdir -p /opt/08/files/ /opt/08/results/ 6 | 7 | for file in {1..20}; 8 | do 9 | cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-100} | head -n 150 > /opt/08/files/file$file.txt 10 | done 11 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/9.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | mkdir -p /var/work/tests/artifacts/9 7 | k get no -o jsonpath='{range .items[*]}{.status.nodeInfo.osImage}{"\n"}' >/var/work/tests/artifacts/9/os.json 8 | 9 | ```` 10 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/k8s-3/scripts/task13.yml: -------------------------------------------------------------------------------- 1 | # Task 27: Install Istio with Minimal Profile 2 | # This is an installation task performed via istioctl command line 3 | # No Kubernetes manifests needed - this file serves as a placeholder 4 | # See solution file 27.MD for istioctl installation commands 5 | --- 6 | -------------------------------------------------------------------------------- /terraform/modules/eks/addons.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_addon" "addons" { 2 | for_each = var.eks.addons 3 | cluster_name = aws_eks_cluster.eks-cluster.id 4 | addon_name = each.key 5 | addon_version = each.value.version 6 | resolve_conflicts = each.value.resolve_conflicts 7 | } 8 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/solutions/5.MD: -------------------------------------------------------------------------------- 1 | ```` 2 | k config use-context cluster1-admin@cluster1 3 | 4 | mkdir /var/work/tests/artifacts/5/ -p 5 | k get no -l work_type=infra -o json >/var/work/tests/artifacts/5/nodes.json 6 | 7 | cat /var/work/tests/artifacts/5/nodes.json | jq 8 | 9 | ```` 10 | -------------------------------------------------------------------------------- /terraform/modules/eks/output.tf: -------------------------------------------------------------------------------- 1 | output "eks_iam_app_role" { 2 | value = aws_iam_role.eks-app-WebIdentity.name 3 | } 4 | output "eks_cluster_name" { 5 | value = aws_eks_cluster.eks-cluster.name 6 | } 7 | output "aws_eks_cluster_eks_cluster_arn" { 8 | value = aws_eks_cluster.eks-cluster.arn 9 | } 10 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/16.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | echo 'kubectl get events --sort-by=".metadata.creationTimestamp" -A --context cluster1-admin@cluster1' >/var/work/artifact/16.sh 7 | bash /var/work/artifact/16.sh 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /docker/cks/14/Dockerfile1: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/app1.go app1.go 5 | RUN go build -ldflags="-w -s" app1.go 6 | 7 | FROM scratch 8 | COPY --from=builder /go/src/mypackage/myapp/app1 app1 9 | ENTRYPOINT ["/app1"] 10 | -------------------------------------------------------------------------------- /docker/cks/14/Dockerfile2: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/app2.go app2.go 5 | RUN go build -ldflags="-w -s" app2.go 6 | 7 | FROM scratch 8 | COPY --from=builder /go/src/mypackage/myapp/app2 app2 9 | ENTRYPOINT ["/app2"] 10 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/k8s-1/scripts/task18.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv-18 5 | labels: 6 | type: local 7 | spec: 8 | storageClassName: manual 9 | capacity: 10 | storage: 100Mi 11 | accessModes: 12 | - ReadWriteOnce 13 | hostPath: 14 | path: "/tmp/pv-18" 15 | --- 16 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/k8s-2/scripts/task18.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv-18 5 | labels: 6 | type: local 7 | spec: 8 | storageClassName: manual 9 | capacity: 10 | storage: 100Mi 11 | accessModes: 12 | - ReadWriteOnce 13 | hostPath: 14 | path: "/tmp/pv-18" 15 | --- 16 | -------------------------------------------------------------------------------- /docker/cks/28/Dockerfile2: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/read_mem.go read_mem.go 5 | RUN go build -ldflags="-w -s" -o main read_mem.go 6 | 7 | FROM scratch 8 | COPY --from=builder /go/src/mypackage/myapp/main main 9 | ENTRYPOINT ["/main"] 10 | -------------------------------------------------------------------------------- /docker/ping_pong/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | 3 | RUN apk update && apk add --no-cache git 4 | WORKDIR $GOPATH/src/mypackage/myapp/ 5 | COPY app/ . 6 | RUN go mod tidy 7 | RUN go build -ldflags="-w -s" -o app app.go 8 | 9 | FROM scratch 10 | COPY --from=builder /go/src/mypackage/myapp/app app 11 | ENTRYPOINT ["/app"] 12 | -------------------------------------------------------------------------------- /docker/cks/mock2/12/Dockerfile1: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/app1.go app1.go 5 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" app1.go 6 | 7 | FROM alpine:3.19.1 8 | COPY --from=builder /go/src/mypackage/myapp/app1 app1 9 | ENTRYPOINT ["/app1"] 10 | -------------------------------------------------------------------------------- /docker/cks/mock2/12/Dockerfile2: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/app2.go app2.go 5 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" app2.go 6 | 7 | FROM alpine:3.19.1 8 | COPY --from=builder /go/src/mypackage/myapp/app2 app2 9 | ENTRYPOINT ["/app2"] 10 | -------------------------------------------------------------------------------- /tasks/cks/labs/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc " 3 | 4 | mkdir /var/work/ -p 5 | cd /var/work/ 6 | apt install wget -y 7 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/01/worker/files/k8s.conf 8 | mkdir /home/ubuntu/.kube/ -p 9 | cp /var/work/k8s.conf /home/ubuntu/.kube/config 10 | -------------------------------------------------------------------------------- /tasks/cks/labs/27/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cks lab 28 " 3 | export KUBECONFIG=/root/.kube/config 4 | address=$(kubectl get no --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 5 | echo "$address myapp.local">>/etc/hosts -------------------------------------------------------------------------------- /docker/cks/28/Dockerfile1: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN apk update && apk add --no-cache git 3 | WORKDIR $GOPATH/src/mypackage/myapp/ 4 | COPY app/default_app.go default_app.go 5 | RUN go build -ldflags="-w -s" -o main default_app.go 6 | 7 | FROM scratch 8 | COPY --from=builder /go/src/mypackage/myapp/main main 9 | ENTRYPOINT ["/main"] 10 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/1.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | k get po -n dev-1 --show-labels 6 | 7 | k get po -n dev-1 -l team=finance 8 | 9 | k top po -n dev-1 -l team=finance --sort-by memory 10 | 11 | k label pod {pod_name with max memory usage} -n dev-1 usage=max 12 | ``` 13 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/solutions/3.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | ``` 5 | k rollout history deployment my-deployment -n baracuda 6 | 7 | k rollout undo deployment my-deployment --to-revision=1 -n baracuda 8 | 9 | k scale deployments.apps my-deployment -n baracuda --replicas 3 10 | 11 | ``` 12 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-6/scripts/task5.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: team-5 5 | labels: 6 | name: team-5 7 | --- 8 | apiVersion: v1 9 | data: 10 | password: UGExNjM2d29yRA== 11 | user: YWQtYWRtaW4= 12 | kind: Secret 13 | metadata: 14 | creationTimestamp: null 15 | name: db 16 | namespace: team-5 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-6/scripts/task5.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: team-5 5 | labels: 6 | name: team-5 7 | --- 8 | apiVersion: v1 9 | data: 10 | password: UGExNjM2d29yRA== 11 | user: YWQtYWRtaW4= 12 | kind: Secret 13 | metadata: 14 | creationTimestamp: null 15 | name: db 16 | namespace: team-5 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-6/scripts/task5.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: team-5 5 | labels: 6 | name: team-5 7 | --- 8 | apiVersion: v1 9 | data: 10 | password: UGExNjM2d29yRA== 11 | user: YWQtYWRtaW4= 12 | kind: Secret 13 | metadata: 14 | creationTimestamp: null 15 | name: db 16 | namespace: team-5 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-6/scripts/_task5.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: team-5 5 | labels: 6 | name: team-5 7 | --- 8 | apiVersion: v1 9 | data: 10 | password: UGExNjM2d29yRA== 11 | user: YWQtYWRtaW4= 12 | kind: Secret 13 | metadata: 14 | creationTimestamp: null 15 | name: db 16 | namespace: team-5 17 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/README.MD: -------------------------------------------------------------------------------- 1 | # Cpu throttling . 2 | 3 | You have received a complaint that during high load time the response time to clients increases several times. Nodes on which the application is running are not fully loaded. 4 | You need to identify the root cause and fix it. 5 | 6 | Prometheus is already installed on monitoring namespace in the cluster. 7 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | 3 | RUN apk update && apk add --no-cache git 4 | WORKDIR $GOPATH/src/mypackage/myapp/ 5 | COPY app/ . 6 | RUN go mod tidy 7 | RUN go test ./... 8 | RUN go build -ldflags="-w -s" -o app app.go 9 | 10 | FROM scratch 11 | COPY --from=builder /go/src/mypackage/myapp/app app 12 | ENTRYPOINT ["/app"] -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: jellyfish 6 | --- 7 | apiVersion: v1 8 | kind: Pod 9 | metadata: 10 | labels: 11 | run: app1 12 | name: app1 13 | namespace: jellyfish 14 | spec: 15 | containers: 16 | - image: viktoruj/ping_pong:alpine 17 | name: app 18 | --- 19 | -------------------------------------------------------------------------------- /tasks/cks/labs/30/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cks lab 30 k8s-1" " 3 | export KUBECONFIG=/root/.kube/config 4 | address=$(kubectl get no --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 5 | echo "$address myapp.local">>/etc/hosts 6 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/25.MD: -------------------------------------------------------------------------------- 1 | ### Create a Volume Group 2 | 3 | ```bash 4 | # Initialize the physical volumes 5 | sudo pvcreate /dev/nvme1n1 /dev/nvme3n1 6 | 7 | # Create a volume group 8 | sudo vgcreate volgroup1 /dev/nvme1n1 /dev/nvme3n1 9 | 10 | # Create a logical volume 11 | sudo lvcreate -L 1G -n logvolume1 volgroup1 12 | ``` 13 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/deploy/local/3_clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: k8s-svc-sync 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: k8s-svc-sync 9 | subjects: 10 | - kind: ServiceAccount 11 | name: k8s-svc-sync 12 | namespace: k8s-sync 13 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/README.MD: -------------------------------------------------------------------------------- 1 | We have an enterprise application in namespace **prod-jobs**. 2 | The application fetches tasks for processing from a queue (Kafka). 3 | We need to create **Horizontal Pod Autoscaling** based on **CPU** load. 4 | When the CPU load rises to **100%** we need to increase the number of pods to **6**. 5 | The **minimum** amount of pods should be **2**. 6 | -------------------------------------------------------------------------------- /tasks/cka/labs/03/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | service: 6 | type: NodePort 7 | nodePorts: 8 | http: 30102 9 | https: 31139 10 | ingressClass: 11 | create: true 12 | name: nginx 13 | setAsDefaultIngress: true 14 | -------------------------------------------------------------------------------- /tasks/cka/labs/04/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | service: 6 | type: NodePort 7 | nodePorts: 8 | http: 30102 9 | https: 31139 10 | ingressClass: 11 | create: true 12 | name: nginx 13 | setAsDefaultIngress: true 14 | -------------------------------------------------------------------------------- /tasks/cka/labs/10/k8s-1/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | service: 6 | type: NodePort 7 | nodePorts: 8 | http: 30102 9 | https: 31139 10 | ingressClass: 11 | create: true 12 | name: nginx 13 | setAsDefaultIngress: true 14 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-6/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | service: 6 | type: NodePort 7 | nodePorts: 8 | http: 30102 9 | https: 31139 10 | ingressClass: 11 | create: true 12 | name: nginx 13 | setAsDefaultIngress: true 14 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-6/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | service: 6 | type: NodePort 7 | nodePorts: 8 | http: 30102 9 | https: 31139 10 | ingressClass: 11 | create: true 12 | name: nginx 13 | setAsDefaultIngress: true 14 | -------------------------------------------------------------------------------- /tasks/cks/labs/01/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | 2 | ```` 3 | mkdir -p /var/work/tests/artifacts/1/ 4 | kubectl config get-contexts -o name > /var/work/tests/artifacts/1/contexts 5 | 6 | 7 | 8 | ```` 9 | 10 | ```` 11 | k config view --raw 12 | # or cat ~./kube/config 13 | 14 | # find cert and decode 15 | echo "{sert}" | base64 -d > /var/work/tests/artifacts/1/cert 16 | 17 | ```` 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/02/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node 02" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/02/k8s-1/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/labs/17/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node 17" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/17/k8s-1/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | 13 | export KUBECONFIG=/root/.kube/config 14 | 15 | kubectl taint nodes $(hostname) node-role.kubernetes.io/control-plane:NoSchedule- 16 | -------------------------------------------------------------------------------- /docker/cks/28/app/read_mem.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "syscall" 6 | "time" 7 | ) 8 | 9 | func main() { 10 | for { 11 | { 12 | fd, err := syscall.Open("/dev/mem", syscall.O_RDWR, 0) 13 | if err == nil { 14 | syscall.Close(fd) 15 | } 16 | log.Println("I am working...") 17 | time.Sleep(5000 * time.Millisecond) 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /tasks/cka/labs/03/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 2 " 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | address=$(kubectl get no -l work_type=infra_core --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 6 | echo "$address ckad.local">>/etc/hosts 7 | -------------------------------------------------------------------------------- /tasks/cka/labs/04/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 2 " 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | address=$(kubectl get no -l work_type=infra_core --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 6 | echo "$address ckad.local">>/etc/hosts 7 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/8.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # tar 3 | tar -cf /opt/08/results/mytar.tar -C /opt/08/files/ . 4 | 5 | # gzip 6 | tar -czf /opt/08/results/mytargz.tar.gz -C /opt/08/files/ . 7 | 8 | # bz2 9 | tar -cjf /opt/08/results/mybz.tar.bz2 -C /opt/08/files/ . 10 | 11 | # zip 12 | cd /opt/08/files && zip -r /opt/08/results/myzip.zip * && cd - 13 | ``` 14 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cka/mock/01/k8s-1/scripts/task18.yaml 8 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/task8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | labels: 6 | run: app-xyz3322 7 | name: app-xyz3322 8 | spec: 9 | containers: 10 | - image: busybox 11 | name: app-xyz3322 12 | command: 13 | - '/bin/sh' 14 | - '-c' 15 | - 'while true; do echo "Hello from $(hostname)!"; sleep 30; done' 16 | ... 17 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task12.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | labels: 6 | run: app-xyz3322 7 | name: app-xyz3322 8 | spec: 9 | containers: 10 | - image: busybox 11 | name: app-xyz3322 12 | command: 13 | - '/bin/sh' 14 | - '-c' 15 | - 'while true; do echo "Hello from $(hostname)!"; sleep 30; done' 16 | ... 17 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-9" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/09/k8s-1/scripts/task9.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/labs/10/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/10/k8s-1/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/k8s-2/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-7/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-7" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/k8s-7/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-2/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-7/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-7" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-7/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-3 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/03/k8s-2/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/16.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | 6 | ``` 7 | k create deployment nginx-deploy --image=nginx:1.16 --dry-run=client -o yaml > 16.yaml 8 | k apply -f 16.yaml --record 9 | k set image deployment/nginx-deploy nginx=nginx:1.17 --record 10 | k rollout history deployment nginx-deploy 11 | 12 | ``` 13 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-11/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-2 k8s-11" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-11/scripts/task16.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-11/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-2 k8s-11" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/03/k8s-11/scripts/task16.yaml 8 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-7/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-4 k8s-7" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/refs/heads/master/tasks/cks/mock/04/k8s-7/scripts/task11.yaml 7 | -------------------------------------------------------------------------------- /docker/build.sh: -------------------------------------------------------------------------------- 1 | docker buildx build --platform linux/arm64 --load -t viktoruj/cks-lab:arm64 . 2 | docker buildx build --platform linux/amd64 --load -t viktoruj/cks-lab:amd64 . 3 | docker push viktoruj/cks-lab:arm64 4 | docker push viktoruj/cks-lab:amd64 5 | docker manifest create viktoruj/cks-lab:latest viktoruj/cks-lab:arm64 viktoruj/cks-lab:amd64 6 | docker manifest push viktoruj/cks-lab:latest 7 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-4 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/refs/heads/master/tasks/cks/mock/04/k8s-2/scripts/task1.yaml 8 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/deploy/local/1_serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: k8s-svc-sync 5 | namespace: k8s-sync 6 | --- 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: k8s-svc-sync-token 11 | namespace: k8s-sync 12 | annotations: 13 | kubernetes.io/service-account.name: k8s-svc-sync 14 | type: kubernetes.io/service-account-token -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/solutions/12.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k get po -A | grep 'app-xyz3322' 7 | ``` 8 | ``` 9 | default app-xyz3322 1/1 Running 0 26m 10 | ``` 11 | ``` 12 | k logs pods/app-xyz3322 13 | k logs pods/app-xyz3322 > /opt/logs/app-xyz123.log 14 | 15 | ``` 16 | -------------------------------------------------------------------------------- /tasks/cks/labs/25/k8s-1/scripts/admission_config.json: -------------------------------------------------------------------------------- 1 | apiVersion: apiserver.config.k8s.io/v1 2 | kind: AdmissionConfiguration 3 | plugins: 4 | - name: ImagePolicyWebhook 5 | configuration: 6 | imagePolicy: 7 | kubeConfigFile: /etc/kubernetes/pki/webhook/admission_kube_config.yaml 8 | allowTTL: 50 9 | denyTTL: 50 10 | retryBackoff: 500 11 | defaultAllow: false 12 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-8/scripts/admission_config.json: -------------------------------------------------------------------------------- 1 | apiVersion: apiserver.config.k8s.io/v1 2 | kind: AdmissionConfiguration 3 | plugins: 4 | - name: ImagePolicyWebhook 5 | configuration: 6 | imagePolicy: 7 | kubeConfigFile: /etc/kubernetes/pki/webhook/admission_kube_config.yaml 8 | allowTTL: 50 9 | denyTTL: 50 10 | retryBackoff: 500 11 | defaultAllow: false 12 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-8/scripts/admission_config.json: -------------------------------------------------------------------------------- 1 | apiVersion: apiserver.config.k8s.io/v1 2 | kind: AdmissionConfiguration 3 | plugins: 4 | - name: ImagePolicyWebhook 5 | configuration: 6 | imagePolicy: 7 | kubeConfigFile: /etc/kubernetes/pki/webhook/admission_kube_config.yaml 8 | allowTTL: 50 9 | denyTTL: 50 10 | retryBackoff: 500 11 | defaultAllow: false 12 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-8/scripts/admission_config.json: -------------------------------------------------------------------------------- 1 | apiVersion: apiserver.config.k8s.io/v1 2 | kind: AdmissionConfiguration 3 | plugins: 4 | - name: ImagePolicyWebhook 5 | configuration: 6 | imagePolicy: 7 | kubeConfigFile: /etc/kubernetes/pki/webhook/admission_kube_config.yaml 8 | allowTTL: 50 9 | denyTTL: 50 10 | retryBackoff: 500 11 | defaultAllow: false 12 | -------------------------------------------------------------------------------- /terraform/modules/vpc_v2/output.tf: -------------------------------------------------------------------------------- 1 | output "subnets" { 2 | value = local.subnets 3 | } 4 | output "vpc_id" { 5 | value = local.vpc_id 6 | } 7 | output "USER_ID" { 8 | value = local.USER_ID 9 | } 10 | output "ENV_ID" { 11 | value = local.ENV_ID 12 | } 13 | output "local_prefix" { 14 | value = local.prefix 15 | } 16 | 17 | output "vpc_default_cidr" { 18 | value = var.vpc_default_cidr 19 | } 20 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/19.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | ip addr show ens5 # and find IP addr here 3 | echo "X.X.X.X" > /opt/19/result/ip 4 | 5 | ip route > /opt/19/result/routes 6 | 7 | sudo netstat -tulpn | grep 22 # find pid and put it to > /opt/18/result/pid 8 | # or using 9 | sudo ss -tulpn | grep 22 10 | #or using lsof 11 | sudo lsof -i :22 -t | head -n1 > /opt/19/result/pid 12 | 13 | ``` 14 | -------------------------------------------------------------------------------- /terraform/modules/vpc_v2/main.tf: -------------------------------------------------------------------------------- 1 | 2 | module "vpc" { 3 | depends_on = [aws_dynamodb_table_item.cmdb] 4 | source = "ViktorUJ/vpc/aws" 5 | version = "1.0.9" 6 | tags_default = var.tags_common 7 | vpc = { 8 | name = "${var.prefix}-${var.USER_ID}-${var.ENV_ID}-${var.STACK_NAME}-${var.STACK_TASK}" 9 | cidr = var.vpc_default_cidr 10 | } 11 | 12 | subnets = var.subnets 13 | } 14 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/22.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # Set ACL permissions for aclfile 3 | setfacl -m u:user22:r /opt/22/tasks/aclfile 4 | 5 | # Check the ACL permissions 6 | getfacl /opt/22/tasks/aclfile 7 | 8 | # Remove the immutable attribute from frozenfile 9 | sudo chattr -i /opt/22/tasks/frozenfile 10 | 11 | # Check the attributes of frozenfile 12 | lsattr /opt/22/tasks/frozenfile 13 | ``` 14 | -------------------------------------------------------------------------------- /terraform/modules/vpc/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "default" { 2 | depends_on = [aws_dynamodb_table_item.cmdb] 3 | cidr_block = var.vpc_default_cidr 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | tags = local.tags_all 7 | } 8 | 9 | resource "aws_internet_gateway" "default" { 10 | vpc_id = aws_vpc.default.id 11 | tags = local.tags_all 12 | } 13 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/22_generator.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | mkdir -p /opt/22/tasks 4 | 5 | echo "SuperSecretString1" > /opt/22/tasks/aclfile 6 | echo "SuperSecretString2" > /opt/22/tasks/frozenfile 7 | 8 | adduser --disabled-password --gecos "" user0 9 | adduser --disabled-password --gecos "" user22 10 | 11 | setfacl -m u:user0:r /opt/22/tasks/aclfile 12 | chattr +i /opt/22/tasks/frozenfile 13 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/template/worker2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "${ssh_private_key}">/home/ubuntu/.ssh/id_rsa 4 | chmod 600 /home/ubuntu/.ssh/id_rsa 5 | chown ubuntu:ubuntu /home/ubuntu/.ssh/id_rsa 6 | echo "${ssh_pub_key}">>/home/ubuntu/.ssh/authorized_keys 7 | 8 | date 9 | swapoff -a 10 | 11 | apt-get update && sudo apt-get upgrade -y 12 | 13 | acrh=$(uname -m) 14 | hostnamectl set-hostname ${hostname} 15 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/03/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/04/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/05/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/06/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/08/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/09/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/10/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/04/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node task 04 " 3 | kubectl taint nodes --all node-role.kubernetes.io/master- --kubeconfig=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- --kubeconfig=/root/.kube/config 5 | 6 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/04/k8s-1/scripts/task.yaml --kubeconfig=/root/.kube/config 7 | -------------------------------------------------------------------------------- /tasks/cks/labs/05/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/10/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/26/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/27/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/28/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/29/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/labs/30/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc mock-1 " 3 | 4 | mkdir -p /opt/course/9/ 5 | cd /opt/course/9/ 6 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/worker/files/profile 7 | 8 | mkdir -p /var/work/14/ 9 | cd /var/work/14/ 10 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/worker/files/14/Dockerfile 11 | chmod 777 Dockerfile 12 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/eks/labs/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc mock-1 " 3 | 4 | mkdir -p /opt/course/9/ 5 | cd /opt/course/9/ 6 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/worker/files/profile 7 | 8 | mkdir -p /var/work/14/ 9 | cd /var/work/14/ 10 | wget https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/worker/files/14/Dockerfile 11 | chmod 777 Dockerfile 12 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/ssh-keys/" 11 | 12 | extra_arguments "retry_lock" { 13 | commands = get_terraform_commands_that_need_locking() 14 | arguments = ["-lock-timeout=20m"] 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cka lab-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | 6 | sed -i '/--advertise-address=/a \ - --new-option2=value' /etc/kubernetes/manifests/kube-apiserver.yaml 7 | 8 | sed -i 's/Pod/PoD/g' /etc/kubernetes/manifests/kube-apiserver.yaml 9 | service kubelet restart 10 | sleep 10 11 | systemctl disable kubelet 12 | service kubelet stop 13 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-6/scripts/ingress_nginx_conf.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | config: 3 | enable-snippet-annotations: "true" 4 | allow-snippet-annotations: "true" 5 | ssl-redirect: "false" 6 | force-ssl-redirect: "false" 7 | service: 8 | type: NodePort 9 | nodePorts: 10 | http: 30102 11 | https: 31139 12 | ingressClass: 13 | create: true 14 | name: nginx 15 | setAsDefaultIngress: true 16 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/18.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts 7 | helm repo update 8 | 9 | 10 | helm install prom prometheus-community/kube-prometheus-stack \ 11 | --namespace monitoring --create-namespace --set prometheus.prometheusSpec.maximumStartupDurationSeconds=300 12 | ``` 13 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts 7 | helm repo update 8 | 9 | 10 | helm install prom prometheus-community/kube-prometheus-stack \ 11 | --namespace monitoring --create-namespace --set prometheus.prometheusSpec.maximumStartupDurationSeconds=300 12 | ``` 13 | -------------------------------------------------------------------------------- /docker/cks/mock2/12/app/app1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "time" 7 | ) 8 | 9 | func main() { 10 | for { 11 | fmt.Println("I am working") 12 | 13 | // Read the /etc/shadow file 14 | data, err := ioutil.ReadFile("/etc/shadow") 15 | if err != nil { 16 | fmt.Println("Error reading file:", err) 17 | } else { 18 | _ = data 19 | } 20 | 21 | time.Sleep(2000 * time.Millisecond) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/Dockerfile_alpine: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | 3 | RUN apk update && apk add --no-cache git 4 | WORKDIR $GOPATH/src/mypackage/myapp/ 5 | COPY app/ . 6 | RUN go mod tidy 7 | RUN go test ./... 8 | RUN go build -ldflags="-w -s" -o app app.go 9 | 10 | FROM alpine:3.22.1 11 | RUN apk add --update --no-cache curl netcat-openbsd bash jq bind-tools 12 | COPY --from=builder /go/src/mypackage/myapp/app app 13 | ENTRYPOINT ["/app"] -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/task6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | labels: 6 | run: text-printer 7 | name: text-printer 8 | spec: 9 | containers: 10 | - image: busybox 11 | name: text-printer 12 | command: 13 | - '/bin/sh' 14 | - '-c' 15 | - 'while true; do echo "Environment VAR: $COLOR"; sleep 60; done' 16 | env: 17 | - name: COLOR 18 | value: "RED" 19 | ... 20 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment/eip.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "master" { 2 | for_each = toset(var.k8s_master.eip == "true" ? ["enable"] : []) 3 | domain = "vpc" 4 | tags = local.tags_all_k8_master 5 | } 6 | 7 | resource "aws_eip_association" "master" { 8 | for_each = toset(var.k8s_master.eip == "true" ? ["enable"] : []) 9 | instance_id = local.master_instance_id 10 | allocation_id = aws_eip.master["enable"].id 11 | } 12 | -------------------------------------------------------------------------------- /tasks/cks/labs/03/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | In order to modify the parameters for the apiserver, we first ssh into the master node and check which parameters the apiserver process is 2 | running with: 3 | 4 | ```` 5 | # ssh to master node 6 | ps aux | grep kube-apiserver 7 | # find path to static posds manifest 8 | 9 | #edit api pod manifest 10 | # delete --kubernetes-service-node-port=31000 11 | # delete service 12 | kubectl delete svc kubernetes 13 | ```` 14 | -------------------------------------------------------------------------------- /terraform/modules/k8s_self_managment_v2/eip.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "master" { 2 | for_each = toset(var.k8s_master.eip == "true" ? ["enable"] : []) 3 | domain = "vpc" 4 | tags = local.tags_all_k8_master 5 | } 6 | 7 | resource "aws_eip_association" "master" { 8 | for_each = toset(var.k8s_master.eip == "true" ? ["enable"] : []) 9 | instance_id = local.master_instance_id 10 | allocation_id = aws_eip.master["enable"].id 11 | } 12 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/solutions/4.MD: -------------------------------------------------------------------------------- 1 | ```` 2 | k config use-context cluster1-admin@cluster1 3 | ```` 4 | 5 | ```` 6 | # vim 4.yaml 7 | 8 | apiVersion: monitoring.coreos.com/v1 9 | kind: ServiceMonitor 10 | metadata: 11 | name: app 12 | namespace: prod 13 | spec: 14 | selector: 15 | matchLabels: 16 | app: app 17 | endpoints: 18 | - port: metrics 19 | path: /metrics 20 | 21 | ```` 22 | ``` 23 | k apply -f 4.yaml 24 | 25 | ``` 26 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/7.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ```` 6 | k get no 7 | k run static-busybox --image busybox -o yaml --dry-run=client -l pod-type=static-pod --command sleep 60000 >7.yaml 8 | scp 7.yaml {control_plane}:/tmp/ 9 | ```` 10 | ### ssh to {control_plane} 11 | 12 | ``` 13 | sudo cp /tmp/7.yaml /etc/kubernetes/manifests/ 14 | exit 15 | 16 | k get po -l pod-type=static-pod 17 | ``` 18 | -------------------------------------------------------------------------------- /docker/ping_pong/Dockerfile_alpine: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | 3 | RUN apk update && apk add --no-cache git 4 | WORKDIR $GOPATH/src/mypackage/myapp/ 5 | COPY app/ . 6 | RUN go mod tidy 7 | RUN go build -ldflags="-w -s" -o app app.go 8 | 9 | FROM alpine:3.22.1 10 | RUN apk add --update --no-cache curl netcat-openbsd bash jq mysql-client bind-tools postgresql-client mongodb-tools 11 | COPY --from=builder /go/src/mypackage/myapp/app app 12 | ENTRYPOINT ["/app"] 13 | -------------------------------------------------------------------------------- /tasks/cks/labs/03/README.MD: -------------------------------------------------------------------------------- 1 | 2 | | **3** | **Kube-api disable access via nodePort** | 3 | |:-------------------:|:------------------------------------------------------------| 4 | | Task weight | 4% | 5 | | Cluster | default | 6 | | Acceptance criteria | - Kube-api Only accessible through a **ClusterIP** Service | 7 | --- 8 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/21.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | cat < /opt/21/result/script.sh 3 | #!/bin/bash 4 | 5 | cp -r /opt/21/task/* /opt/21/task-backup/ 6 | touch /opt/21/result/empty_file 7 | EOF 8 | 9 | chmod +x /opt/21/result/script.sh 10 | 11 | # Edit crontab 12 | crontab -e 13 | 14 | # and add this line 15 | 0 2 * * * /opt/21/result/script.sh 16 | 17 | # OR 18 | 19 | sudo bash -c 'echo "0 2 * * * /opt/21/result/script.sh" > /etc/cron.d/21-script' 20 | ``` 21 | -------------------------------------------------------------------------------- /tasks/cks/labs/21/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | ### scan all images 2 | ```` 3 | trivy i nginx:1.16.1-alpine | grep -E 'CVE-2020-10878|CVE-2020-1967' 4 | ```` 5 | 6 | ```` 7 | trivy i k8s.gcr.io/kube-apiserver:v1.18.0| grep -E 'CVE-2020-10878|CVE-2020-1967' 8 | ```` 9 | 10 | ```` 11 | trivy i k8s.gcr.io/kube-controller-manager:v1.18.0| grep -E 'CVE-2020-10878|CVE-2020-1967' 12 | ```` 13 | 14 | ```` 15 | trivy i docker.io/weaveworks/weave-kube:2.7.0| grep -E 'CVE-2020-10878|CVE-2020-1967' 16 | ```` 17 | -------------------------------------------------------------------------------- /docker/tools/build.sh: -------------------------------------------------------------------------------- 1 | docker buildx build --platform linux/arm64 --load -t viktoruj/tools:arm64 -f Dockerfile_ARM . 2 | docker buildx build --platform linux/amd64 --load -t viktoruj/tools:amd64 -f Dockerfile_x86 . 3 | docker push viktoruj/tools:arm64 4 | docker push viktoruj/tools:amd64 5 | docker manifest create viktoruj/tools:latest viktoruj/tools:arm64 viktoruj/tools:amd64 6 | #docker manifest create viktoruj/tools:latest viktoruj/tools:amd64 7 | docker manifest push viktoruj/tools:latest 8 | -------------------------------------------------------------------------------- /tasks/cks/labs/22/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node task 22" 3 | kubectl taint nodes --all node-role.kubernetes.io/master- --kubeconfig=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- --kubeconfig=/root/.kube/config 5 | 6 | export KUBECONFIG=/root/.kube/config 7 | 8 | 9 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/labs/22/k8s-1/scripts/task.yaml --kubeconfig=/root/.kube/config 10 | -------------------------------------------------------------------------------- /docker/runner/build.sh: -------------------------------------------------------------------------------- 1 | docker buildx build --platform linux/arm64 --load -t viktoruj/runner:arm64 --no-cache -f Dockerfile_ARM . 2 | docker buildx build --platform linux/amd64 --load -t viktoruj/runner:amd64 --no-cache -f Dockerfile_x86 . 3 | docker push viktoruj/runner:arm64 4 | docker push viktoruj/runner:amd64 5 | docker manifest rm viktoruj/runner:latest 6 | docker manifest create viktoruj/runner:latest viktoruj/runner:arm64 viktoruj/runner:amd64 7 | docker manifest push viktoruj/runner:latest 8 | -------------------------------------------------------------------------------- /tasks/cks/labs/21/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc 21 " 3 | 4 | apt-get install wget apt-transport-https gnupg lsb-release 5 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null 6 | echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list 7 | apt-get update 8 | apt-get install trivy -y 9 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/worker/files/21/app-21.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: app-21 5 | labels: 6 | app: app-21 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: app-21 12 | template: 13 | metadata: 14 | labels: 15 | app: app-21 16 | spec: 17 | containers: 18 | - name: ping-pong 19 | image: viktoruj/ping_pong:alpine 20 | ports: 21 | - containerPort: 8080 22 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/k8s-1/scripts/task1.yaml 8 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/01/k8s-1/scripts/task2.yaml 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-1/scripts/task1.yaml 8 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/02/k8s-1/scripts/task2.yaml 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-3 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | kubectl taint nodes --all node-role.kubernetes.io/master- 5 | kubectl taint nodes --all node-role.kubernetes.io/control-plane- 6 | 7 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/03/k8s-1/scripts/task1.yaml 8 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cks/mock/03/k8s-1/scripts/task2.yaml 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | 4 | apt-get install wget apt-transport-https gnupg lsb-release 5 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null 6 | echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list 7 | apt-get update 8 | apt-get install trivy -y 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-1" 3 | 4 | apt-get install wget apt-transport-https gnupg lsb-release 5 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null 6 | echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list 7 | apt-get update 8 | apt-get install trivy -y 9 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-3 k8s-1" 3 | 4 | apt-get install wget apt-transport-https gnupg lsb-release 5 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null 6 | echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list 7 | apt-get update 8 | apt-get install trivy -y 9 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | acrh=$(uname -m) 6 | case $acrh in 7 | x86_64) 8 | awscli_url="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" 9 | ;; 10 | aarch64) 11 | awscli_url="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" 12 | ;; 13 | esac 14 | 15 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/hr/mock/01/k8s-1/scripts/4.yaml 16 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/k8s-2/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-2" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | acrh=$(uname -m) 6 | case $acrh in 7 | x86_64) 8 | awscli_url="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" 9 | ;; 10 | aarch64) 11 | awscli_url="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" 12 | ;; 13 | esac 14 | 15 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/hr/mock/01/k8s-2/scripts/2.yaml 16 | -------------------------------------------------------------------------------- /tasks/cks/labs/05/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node task 05" 3 | 4 | acrh=$(uname -m) 5 | case $acrh in 6 | x86_64) 7 | arc_name="amd64" 8 | ;; 9 | aarch64) 10 | arc_name="arm64" 11 | ;; 12 | esac 13 | kube_bench_version="0.6.17" 14 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/cks/labs/05/k8s-1/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node task 05" 3 | 4 | acrh=$(uname -m) 5 | case $acrh in 6 | x86_64) 7 | arc_name="amd64" 8 | ;; 9 | aarch64) 10 | arc_name="arm64" 11 | ;; 12 | esac 13 | kube_bench_version="0.6.17" 14 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/07_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | for ((k=1;k<=70;k++)); do 6 | rand=$((RANDOM % 2)) 7 | if [[ "$rand" -eq 0 ]]; then 8 | echo "system$k=enabled" >> /etc/config.conf 9 | else 10 | echo "system$k=disabled" >> /etc/config.conf 11 | fi 12 | done 13 | 14 | chmod a+rw /etc/config.conf 15 | chown ubuntu:ubuntu /etc/config.conf 16 | cp /etc/config.conf /var/work/tests/artifacts/05_config.conf 17 | mkdir -p /opt/07 /var/work/07/ 18 | -------------------------------------------------------------------------------- /terraform/modules/vpc/subnet.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "aws_subnet" "subnets_pub" { 3 | depends_on = [aws_dynamodb_table_item.cmdb] 4 | vpc_id = aws_vpc.default.id 5 | for_each = var.az_ids 6 | map_public_ip_on_launch = true 7 | cidr_block = each.key 8 | availability_zone_id = each.value 9 | tags = local.tags_all 10 | lifecycle { 11 | ignore_changes = [ 12 | tags, 13 | tags_all 14 | ] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/13.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | # vim 13.yaml 7 | 8 | apiVersion: batch/v1 9 | kind: Job 10 | metadata: 11 | name: hi-job 12 | spec: 13 | template: 14 | spec: 15 | containers: 16 | - name: hi-job 17 | image: busybox 18 | command: ["echo", "hello world"] 19 | restartPolicy: Never 20 | backoffLimit: 6 21 | completions: 3 22 | ``` 23 | ``` 24 | k apply -f 13.yaml 25 | ``` 26 | -------------------------------------------------------------------------------- /.hooks/.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/pre-commit/pre-commit-hooks 3 | rev: v3.2.0 4 | hooks: 5 | - id: trailing-whitespace 6 | - id: end-of-file-fixer 7 | - id: check-added-large-files 8 | - repo: https://github.com/psf/black 9 | rev: 21.7b0 10 | hooks: 11 | - id: black 12 | language_version: python3 13 | - repo: https://github.com/antonbabenko/pre-commit-terraform 14 | rev: v1.50.0 15 | hooks: 16 | - id: terraform_fmt 17 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-1" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | 13 | export KUBECONFIG=/root/.kube/config 14 | 15 | kubectl taint nodes $(hostname) node-role.kubernetes.io/control-plane:NoSchedule- 16 | 17 | export ISTIO_VERSION=1.26.3 18 | curl -L https://istio.io/downloadIstio | sh - 19 | install istio-$ISTIO_VERSION/bin/istioctl /usr/local/bin/ 20 | -------------------------------------------------------------------------------- /tasks/cks/labs/07/README.MD: -------------------------------------------------------------------------------- 1 | | **7** | **Open Policy Agent - Blacklist Images from very-bad-registry.com** | 2 | |:-----------------------:|:--------------------------------------------------------------------| 3 | | Task weight | 6% | 4 | | Cluster | default | 5 | | Acceptance criteria | - Cannot run a pod with an image from **very-bad-registry.com** | 6 | --- 7 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/cks/labs/20/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/ssh-keys/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | #source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/k8s_self_managment/?ref=task_01" 11 | source = "../../..//modules/ssh-keys/" 12 | 13 | extra_arguments "retry_lock" { 14 | commands = get_terraform_commands_that_need_locking() 15 | arguments = ["-lock-timeout=20m"] 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/6.MD: -------------------------------------------------------------------------------- 1 | 1. Get manifest of the existing pod 2 | 3 | ``` 4 | kubectl config use-context cluster1-admin@cluster1 5 | 6 | k get pod text-printer -o yaml > 6.yaml 7 | ``` 8 | 9 | 2. Change the value of env var from RED to GREEN 10 | 11 | ``` 12 | # vim 6.yaml 13 | ... 14 | env: 15 | - name: COLOR 16 | value: GREEN 17 | ... 18 | ``` 19 | 20 | 3. Remove existing pod and create new one from updated manifest 21 | 22 | ``` 23 | k delete pod text-printer --force 24 | k apply -f 6.yaml 25 | ``` 26 | -------------------------------------------------------------------------------- /tasks/cks/labs/19/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | # vim /var/work/14/Dockerfile 3 | 4 | 5 | FROM ubuntu:20.04 6 | RUN apt-get update 7 | RUN apt-get -y install curl 8 | RUN groupadd myuser 9 | RUN useradd -g myuser myuser 10 | USER myuser 11 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 12 | 13 | ``` 14 | 15 | ``` 16 | podman build . -t cks:14 17 | 18 | 19 | podman run -d --name cks-14 cks:14 20 | sleep 2 21 | podman logs cks-14 | grep myuser 22 | 23 | ``` 24 | 25 | ``` 26 | podman stop cks-14 27 | podman rm cks-14 28 | ``` 29 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/k8s-1/scripts/task5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rsapp 6 | --- 7 | apiVersion: apps/v1 8 | kind: ReplicaSet 9 | metadata: 10 | name: rs-app2223 11 | namespace: rsapp 12 | labels: 13 | app: app2223 14 | spec: 15 | replicas: 2 16 | selector: 17 | matchLabels: 18 | app: rs-app2223 19 | template: 20 | metadata: 21 | labels: 22 | app: rs-app2223 23 | spec: 24 | containers: 25 | - name: redis 26 | image: rrredis:alpine 27 | ... 28 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task18.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | creationTimestamp: null 5 | name: app-y 6 | spec: {} 7 | status: {} 8 | --- 9 | apiVersion: v1 10 | kind: Pod 11 | metadata: 12 | creationTimestamp: null 13 | name: app1 14 | namespace: app-y 15 | spec: 16 | containers: 17 | - env: 18 | - name: SERVER_NAME 19 | value: app-y 20 | image: viktoruj/ping_pong:alpine 21 | name: app 22 | resources: {} 23 | dnsPolicy: ClusterFirst 24 | restartPolicy: Always 25 | status: {} 26 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/worker/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | # vim /var/work/14/Dockerfile 3 | 4 | 5 | FROM ubuntu:20.04 6 | RUN apt-get update 7 | RUN apt-get -y install curl 8 | RUN groupadd myuser 9 | RUN useradd -g myuser myuser 10 | USER myuser 11 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 12 | 13 | ``` 14 | 15 | ``` 16 | podman build . -t cks:14 17 | 18 | 19 | podman run -d --name cks-14 cks:14 20 | sleep 2 21 | podman logs cks-14 | grep myuser 22 | 23 | ``` 24 | 25 | ``` 26 | podman stop cks-14 27 | podman rm cks-14 28 | ``` 29 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/worker/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | # vim /var/work/14/Dockerfile 3 | 4 | 5 | FROM ubuntu:20.04 6 | RUN apt-get update 7 | RUN apt-get -y install curl 8 | RUN groupadd myuser 9 | RUN useradd -g myuser myuser 10 | USER myuser 11 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 12 | 13 | ``` 14 | 15 | ``` 16 | podman build -t cks:14 . 17 | 18 | 19 | podman run -d --name cks-14 cks:14 20 | sleep 2 21 | podman logs cks-14 | grep myuser 22 | 23 | ``` 24 | 25 | ``` 26 | podman stop cks-14 27 | podman rm cks-14 28 | ``` 29 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/worker/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | # vim /var/work/14/Dockerfile 3 | 4 | 5 | FROM ubuntu:20.04 6 | RUN apt-get update 7 | RUN apt-get -y install curl 8 | RUN groupadd myuser 9 | RUN useradd -g myuser myuser 10 | USER myuser 11 | CMD ["sh", "-c", "while true ; do id ; sleep 1 ;done"] 12 | 13 | ``` 14 | 15 | ``` 16 | podman build -t cks:14 . 17 | 18 | 19 | podman run -d --name cks-14 cks:14 20 | sleep 2 21 | podman logs cks-14 | grep myuser 22 | 23 | ``` 24 | 25 | ``` 26 | podman stop cks-14 27 | podman rm cks-14 28 | ``` 29 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/09_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mkdir -p /opt/09/task \ 4 | /tmp/tar \ 5 | /tmp/zip/ \ 6 | /opt/09/solution/tarbackup \ 7 | /opt/09/solution/zipbackup 8 | 9 | for i in {1..10}; do 10 | echo "This is a dummy file$i for tar." > /tmp/tar/file_$i.txt 11 | echo "This is a dummy file$i for zip." > /tmp/zip/file_$i.txt 12 | done 13 | 14 | cd /tmp/tar/ 15 | tar -czf /opt/09/task/backup.tar.gz * 16 | cd - 17 | cd /tmp/zip/ 18 | zip -r /opt/09/task/backup.zip file* 19 | cd - 20 | rm -rf /tmp/tar /tmp/zip 21 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/worker/files/solutions/3.MD: -------------------------------------------------------------------------------- 1 | ```` 2 | k config use-context cluster1-admin@cluster1 3 | 4 | 5 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts 6 | helm search repo prometheus-community/kube-prometheus-stack --versions | grep 45.4.0 7 | 8 | helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 45.4.0 -n monitoring --create-namespace -f /var/work/tests/artifacts/kube-prometheus-stack.yaml 9 | 10 | helm list -n monitoring 11 | k get po,svc -n monitoring 12 | 13 | ```` 14 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/solutions/7.MD: -------------------------------------------------------------------------------- 1 | ```bash 2 | # Append to the end of the file 3 | echo "system71=enabled" >> /etc/config.conf 4 | 5 | # Write a script to filter out enable parameters 6 | cat < /opt/07/filter.sh 7 | #! /bin/bash 8 | 9 | grep "enabled" /etc/config.conf 10 | EOF 11 | 12 | chmod +x /opt/07/filter.sh 13 | 14 | # Make a backup 15 | sudo cp /etc/config.conf /etc/config.conf.back 16 | 17 | # Replace all disabled parameters (to enabled) with enabled using sed. 18 | sudo sed -i 's/disabled/enabled/g' /etc/config.conf 19 | ``` 20 | -------------------------------------------------------------------------------- /tasks/cka/labs/09/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 9 " 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | address=$(kubectl get no -l work_type=system --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 6 | echo "$address cka.local">>/etc/hosts 7 | echo "$address dev-cka.local">>/etc/hosts 8 | echo "$address weight-cka.local">>/etc/hosts 9 | echo "$address header-cka.local">>/etc/hosts 10 | echo "$address non-domain.example">>/etc/hosts -------------------------------------------------------------------------------- /tasks/cka/labs/10/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka lab 10 " 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | address=$(kubectl get no -l work_type=system --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 6 | echo "$address cka.local">>/etc/hosts 7 | echo "$address dev-cka.local">>/etc/hosts 8 | echo "$address weight-cka.local">>/etc/hosts 9 | echo "$address header-cka.local">>/etc/hosts 10 | echo "$address non-domain.example">>/etc/hosts -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc mock-1 " 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | # Helm installation 6 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash 7 | 8 | mkdir -p /opt/logs/ /opt/18/ 9 | chmod a+w /opt/logs/ /opt/18/ 10 | 11 | address=$(kubectl get no -l work_type=infra_core --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 12 | echo "$address ckad.local">>/etc/hosts 13 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-3/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.7.3" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.7.3" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/k8s-3/scripts/task11.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: indigo 5 | --- 6 | apiVersion: v1 7 | kind: Pod 8 | metadata: 9 | name: sleep-indigo 10 | namespace: indigo 11 | labels: 12 | app: sleep-indigo 13 | spec: 14 | containers: 15 | - name: sleep-indigo 16 | image: curlimages/curl 17 | command: ["/bin/sh", "-c", "sleep 3600"] 18 | resources: 19 | requests: 20 | cpu: "10m" 21 | memory: "32Mi" 22 | limits: 23 | cpu: "10m" 24 | memory: "64Mi" 25 | --- 26 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-1 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-3 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-3/scripts/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker node mock-4 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo apt install ./kube-bench.deb -f -y 17 | -------------------------------------------------------------------------------- /terraform/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "subnets_az" { 2 | value = local.subnets_az 3 | } 4 | 5 | output "subnets_az_cmdb" { 6 | value = local.subnets_az_cmdb 7 | } 8 | 9 | output "vpc_id" { 10 | value = aws_vpc.default.id 11 | } 12 | output "vpc_default_cidr" { 13 | value = var.vpc_default_cidr 14 | } 15 | 16 | output "env" { 17 | value = "${local.prefix}-${var.app_name} " 18 | } 19 | output "USER_ID" { 20 | value = local.USER_ID 21 | } 22 | output "ENV_ID" { 23 | value = local.ENV_ID 24 | } 25 | output "local_prefix" { 26 | value = local.prefix 27 | } 28 | -------------------------------------------------------------------------------- /tasks/cks/labs/25/k8s-1/scripts/admission_kube_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | clusters: 4 | - cluster: 5 | certificate-authority: /etc/kubernetes/pki/webhook/server.crt 6 | server: << server >> 7 | name: bouncer_webhook 8 | contexts: 9 | - context: 10 | cluster: bouncer_webhook 11 | user: api-server 12 | name: bouncer_validator 13 | current-context: bouncer_validator 14 | preferences: {} 15 | users: 16 | - name: api-server 17 | user: 18 | client-certificate: /etc/kubernetes/pki/apiserver.crt 19 | client-key: /etc/kubernetes/pki/apiserver.key 20 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/k8s-8/scripts/admission_kube_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | clusters: 4 | - cluster: 5 | certificate-authority: /etc/kubernetes/pki/webhook/server.crt 6 | server: << server >> 7 | name: bouncer_webhook 8 | contexts: 9 | - context: 10 | cluster: bouncer_webhook 11 | user: api-server 12 | name: bouncer_validator 13 | current-context: bouncer_validator 14 | preferences: {} 15 | users: 16 | - name: api-server 17 | user: 18 | client-certificate: /etc/kubernetes/pki/apiserver.crt 19 | client-key: /etc/kubernetes/pki/apiserver.key 20 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-8/scripts/admission_kube_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | clusters: 4 | - cluster: 5 | certificate-authority: /etc/kubernetes/pki/webhook/server.crt 6 | server: << server >> 7 | name: bouncer_webhook 8 | contexts: 9 | - context: 10 | cluster: bouncer_webhook 11 | user: api-server 12 | name: bouncer_validator 13 | current-context: bouncer_validator 14 | preferences: {} 15 | users: 16 | - name: api-server 17 | user: 18 | client-certificate: /etc/kubernetes/pki/apiserver.crt 19 | client-key: /etc/kubernetes/pki/apiserver.key 20 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-8/scripts/admission_kube_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | clusters: 4 | - cluster: 5 | certificate-authority: /etc/kubernetes/pki/webhook/server.crt 6 | server: << server >> 7 | name: bouncer_webhook 8 | contexts: 9 | - context: 10 | cluster: bouncer_webhook 11 | user: api-server 12 | name: bouncer_validator 13 | current-context: bouncer_validator 14 | preferences: {} 15 | users: 16 | - name: api-server 17 | user: 18 | client-certificate: /etc/kubernetes/pki/apiserver.crt 19 | client-key: /etc/kubernetes/pki/apiserver.key 20 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cka lab-2 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cka/labs/02/k8s-1/scripts/1.yaml 6 | 7 | # Installation of metrics server 8 | kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml 9 | kubectl -n kube-system patch deployment metrics-server --type=json \ 10 | -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]]' 11 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** worker pc cka mock-2 " 3 | 4 | mkdir -p /var/work/artifact/ 5 | echo '# script fo 9 question' >/var/work/artifact/9.sh 6 | echo '# script fo 16 question' >/var/work/artifact/16.sh 7 | echo '# script fo 17 question' >/var/work/artifact/17.sh 8 | chmod 777 -R /var/work/artifact 9 | 10 | 11 | address=$(kubectl get no -l work_type=infra_core --context cluster1-admin@cluster1 -o json | jq -r '.items[] | select(.kind == "Node") | .status.addresses[] | select(.type == "InternalIP") | .address') 12 | echo "$address cka.local">>/etc/hosts 13 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/k8s-3/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-1 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo DEBIAN_FRONTEND=noninteractive apt install -y -f ./kube-bench.deb 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/k8s-3/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-3 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo DEBIAN_FRONTEND=noninteractive apt install -y -f ./kube-bench.deb 17 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/k8s-3/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node mock-4 k8s-3" 3 | acrh=$(uname -m) 4 | case $acrh in 5 | x86_64) 6 | arc_name="amd64" 7 | ;; 8 | aarch64) 9 | arc_name="arm64" 10 | ;; 11 | esac 12 | kube_bench_version="0.9.4" 13 | kube_bench_url="https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${arc_name}.deb" 14 | # https://github.com/aquasecurity/kube-bench/releases 15 | curl -L $kube_bench_url -o kube-bench.deb 16 | sudo DEBIAN_FRONTEND=noninteractive apt install -y -f ./kube-bench.deb 17 | -------------------------------------------------------------------------------- /tasks/cka/labs/08/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cka lab-8 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | # Installation of metrics server 6 | kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml 7 | kubectl -n kube-system patch deployment metrics-server --type=json \ 8 | -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]]' 9 | 10 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/refs/heads/master/tasks/cka/labs/08/k8s-1/scripts/app.yaml 11 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task3_2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: my-deployment 7 | name: my-deployment 8 | namespace: baracuda 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: my-deployment 14 | strategy: {} 15 | template: 16 | metadata: 17 | creationTimestamp: null 18 | labels: 19 | app: my-deployment 20 | spec: 21 | containers: 22 | - image: viktoruj/ping_pong 23 | name: ping-pong-8j7v9 24 | resources: {} 25 | status: {} 26 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/k8s-3/scripts/task9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: bronze 6 | labels: 7 | istio-injection: enabled 8 | --- 9 | apiVersion: v1 10 | kind: Pod 11 | metadata: 12 | name: sleep-bronze 13 | namespace: bronze 14 | labels: 15 | app: sleep-bronze 16 | spec: 17 | containers: 18 | - name: sleep-bronze 19 | image: curlimages/curl 20 | command: ["/bin/sh", "-c", "sleep 3600"] 21 | resources: 22 | requests: 23 | cpu: "10m" 24 | memory: "32Mi" 25 | limits: 26 | cpu: "10m" 27 | memory: "64Mi" 28 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/19.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ``` 6 | # vim 19.yaml 7 | 8 | 9 | apiVersion: v1 10 | kind: Pod 11 | metadata: 12 | creationTimestamp: null 13 | labels: 14 | run: non-root-pod 15 | name: non-root-pod 16 | spec: 17 | securityContext: 18 | runAsUser: 1000 19 | fsGroup: 2000 20 | containers: 21 | - image: redis:alpine 22 | name: non-root-pod 23 | resources: {} 24 | dnsPolicy: ClusterFirst 25 | restartPolicy: Always 26 | status: {} 27 | 28 | ``` 29 | 30 | ``` 31 | k apply -f 19.yaml 32 | ``` 33 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/k8s-3/scripts/task10.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: emerald 5 | labels: 6 | istio-injection: enabled 7 | --- 8 | apiVersion: v1 9 | kind: Pod 10 | metadata: 11 | name: sleep-emerald 12 | namespace: emerald 13 | labels: 14 | app: sleep-emerald 15 | spec: 16 | containers: 17 | - name: sleep-emerald 18 | image: curlimages/curl 19 | command: ["/bin/sh", "-c", "sleep 3600"] 20 | resources: 21 | requests: 22 | cpu: "10m" 23 | memory: "32Mi" 24 | limits: 25 | cpu: "10m" 26 | memory: "64Mi" 27 | --- 28 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/05_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | arr[0]="256K" 4 | arr[1]="512K" 5 | arr[2]="1536K" 6 | arr[3]="2M" 7 | 8 | mkdir -p /opt/05/task 9 | mkdir -p /opt/05/result/05kb 10 | mkdir -p /opt/05/result/setuid/ 11 | 12 | for i in {1..500}; do 13 | dd if=/dev/urandom bs=${arr[$[ $RANDOM % 4 ]]} count=1 of=/opt/05/task/file$i > /dev/null 14 | chown ubuntu:ubuntu /opt/05/task/file$i 15 | rand=$((RANDOM % 2)) 16 | if [[ $rand -eq 0 ]]; then 17 | chmod u+x /opt/05/task/file$i 18 | elif [[ $rand -eq 1 ]]; then 19 | chmod u+s /opt/05/task/file$i 20 | fi 21 | done 22 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/worker/files/solutions/11.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | #vim 11.yaml 7 | 8 | apiVersion: networking.k8s.io/v1 9 | kind: Ingress 10 | metadata: 11 | name: cat 12 | namespace: cat 13 | annotations: 14 | nginx.ingress.kubernetes.io/rewrite-target: / 15 | spec: 16 | rules: 17 | - http: 18 | paths: 19 | - path: /cat 20 | pathType: Prefix 21 | backend: 22 | service: 23 | name: cat 24 | port: 25 | number: 80 26 | 27 | ``` 28 | ``` 29 | k apply -f 11.yaml 30 | ``` 31 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task3_3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: my-deployment 7 | name: my-deployment 8 | namespace: baracuda 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: my-deployment 14 | strategy: {} 15 | template: 16 | metadata: 17 | creationTimestamp: null 18 | labels: 19 | app: my-deployment 20 | spec: 21 | containers: 22 | - image: viktoruj/ping_pong:alpine 23 | name: ping-pong-8j7v9 24 | resources: {} 25 | status: {} 26 | -------------------------------------------------------------------------------- /terraform/modules/vpc/route_table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "pub" { 2 | depends_on = [aws_dynamodb_table_item.cmdb] 3 | vpc_id = aws_vpc.default.id 4 | route { 5 | cidr_block = "0.0.0.0/0" 6 | gateway_id = aws_internet_gateway.default.id 7 | } 8 | tags = local.tags_all 9 | } 10 | 11 | 12 | 13 | resource "aws_route_table_association" "pub" { 14 | depends_on = [ 15 | aws_subnet.subnets_pub, 16 | aws_dynamodb_table_item.cmdb 17 | ] 18 | for_each = var.az_ids 19 | route_table_id = aws_route_table.pub.id 20 | subnet_id = aws_subnet.subnets_pub["${each.key}"].id 21 | } 22 | -------------------------------------------------------------------------------- /docker/k8s-svc-sync/deploy/local/5_alert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PrometheusRule 3 | metadata: 4 | labels: 5 | app: k8s-svc-sync 6 | name: svc-sync-rules 7 | namespace: monitoring 8 | spec: 9 | groups: 10 | - name: ./k8s-svc-sync 11 | rules: 12 | - alert: k8s-svc-sync 13 | annotations: 14 | description: no ready k8s-svc-sync pods found 15 | summary: k8s-svc-sync pods are not ready 16 | expr: kube_deployment_status_replicas_ready{deployment="k8s-svc-sync", namespace="k8s-sync"} == 0 17 | for: 3m 18 | labels: 19 | severity: critical 20 | -------------------------------------------------------------------------------- /terraform/modules/vpc/var.tf: -------------------------------------------------------------------------------- 1 | variable "region" {} 2 | variable "az_ids" { 3 | type = map(string) 4 | } 5 | 6 | variable "vpc_default_cidr" {} 7 | 8 | variable "aws" {} 9 | variable "prefix" {} 10 | variable "app_name" {} 11 | variable "USER_ID" { 12 | type = string 13 | default = "defaultUser" 14 | } 15 | variable "ENV_ID" { 16 | type = string 17 | default = "defaultId" 18 | } 19 | 20 | variable "STACK_NAME" { 21 | type = string 22 | default = "" 23 | } 24 | 25 | variable "STACK_TASK" { 26 | type = string 27 | default = "" 28 | } 29 | variable "tags_common" { 30 | type = map(string) 31 | } 32 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/03/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/04/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/05/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/06/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/07/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/eks/labs/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | az_ids = local.vars.locals.az_ids 21 | 22 | } 23 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/k8s-2/scripts/2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dev-team 5 | labels: 6 | name: dev-team 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | creationTimestamp: null 12 | labels: 13 | app: test-app 14 | name: test-app 15 | namespace: dev-team 16 | spec: 17 | replicas: 1 18 | selector: 19 | matchLabels: 20 | app: test-app 21 | strategy: {} 22 | template: 23 | metadata: 24 | creationTimestamp: null 25 | labels: 26 | app: test-app 27 | spec: 28 | containers: 29 | - image: nginx 30 | name: app 31 | -------------------------------------------------------------------------------- /tasks/cka/labs/01/worker/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | [ "$?" -eq 0 ] 8 | 9 | } 10 | 11 | #1 12 | @test "1. Deploy a pod named webhttpd " { 13 | echo '1'>>/var/work/tests/result/all 14 | result=$(kubectl get po webhttpd -n apx-z993845 -o jsonpath='{.spec.containers..image}' --context cluster1-admin@cluster1 ) 15 | if [[ "$result" == "httpd:alpine" ]]; then 16 | echo '1'>>/var/work/tests/result/ok 17 | fi 18 | [ "$result" == "httpd:alpine" ] 19 | } 20 | # 1 1 21 | -------------------------------------------------------------------------------- /tasks/cka/labs/02/worker/files/tests.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | export KUBECONFIG=/home/ubuntu/.kube/_config 3 | 4 | @test "0 Init " { 5 | echo ''>/var/work/tests/result/all 6 | echo ''>/var/work/tests/result/ok 7 | [ "$?" -eq 0 ] 8 | 9 | } 10 | 11 | #1 12 | @test "1. Deploy a pod named webhttpd " { 13 | echo '1'>>/var/work/tests/result/all 14 | result=$(kubectl get po webhttpd -n apx-z993845 -o jsonpath='{.spec.containers..image}' --context cluster1-admin@cluster1 ) 15 | if [[ "$result" == "httpd:alpine" ]]; then 16 | echo '1'>>/var/work/tests/result/ok 17 | fi 18 | [ "$result" == "httpd:alpine" ] 19 | } 20 | # 1 1 21 | -------------------------------------------------------------------------------- /tasks/cks/labs/03/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node " 3 | YAML_FILE="/etc/kubernetes/manifests/kube-apiserver.yaml" 4 | sed -i '/--tls-private-key-file=\/etc\/kubernetes\/pki\/apiserver.key/a\ - --kubernetes-service-node-port=31000' "$YAML_FILE" 5 | echo "*** change kube api config " 6 | sleep 30 7 | kubectl get node --kubeconfig=/root/.kube/config 8 | while test $? -gt 0 9 | do 10 | sleep 5 11 | echo "Trying again..." 12 | kubectl get node --kubeconfig=/root/.kube/config 13 | done 14 | date 15 | echo "*** delete svc kubernetes " 16 | kubectl delete svc kubernetes --kubeconfig=/root/.kube/config 17 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/12.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | #vim 12.yaml 7 | 8 | apiVersion: networking.k8s.io/v1 9 | kind: Ingress 10 | metadata: 11 | name: cat 12 | namespace: cat 13 | annotations: 14 | nginx.ingress.kubernetes.io/rewrite-target: / 15 | spec: 16 | rules: 17 | - http: 18 | paths: 19 | - path: /cat 20 | pathType: Prefix 21 | backend: 22 | service: 23 | name: cat 24 | port: 25 | number: 80 26 | 27 | ``` 28 | ``` 29 | k apply -f 12.yaml 30 | 31 | curl cka.local:30102/cat 32 | ``` 33 | -------------------------------------------------------------------------------- /terraform/modules/eks/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | USER_ID = var.USER_ID == "" ? "defaultUser" : var.USER_ID 3 | ENV_ID = var.ENV_ID == "" ? "defaultId" : var.ENV_ID 4 | prefix_id = "${local.USER_ID}_${local.ENV_ID}" 5 | prefix = "${local.prefix_id}_${var.prefix}" 6 | item_id_lock = "CMDB_lock_${local.USER_ID}_${local.ENV_ID}_${var.app_name}_${var.prefix}" 7 | item_id_data = "CMDB_data_${local.USER_ID}_${local.ENV_ID}_${var.app_name}_${var.prefix}" 8 | subnets = data.aws_subnet_ids.example.ids 9 | availability_zones = data.aws_availability_zones.available.zone_ids 10 | 11 | } 12 | -------------------------------------------------------------------------------- /tasks/cks/labs/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/03/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/04/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/05/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/07/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/09/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/10/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/11/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/17/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/19/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | az_ids = { 21 | "10.2.0.0/19" = "eun1-az1" 22 | "10.2.32.0/19" = "eun1-az2" 23 | 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /tasks/cks/labs/26/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cks lab-26 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | # Installation of metrics server 6 | kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml 7 | kubectl -n kube-system patch deployment metrics-server --type=json \ 8 | -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]]' 9 | 10 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/refs/heads/master/tasks/cks/labs/26/k8s-1/scripts/app.yaml 11 | 12 | apt-get update 13 | apt-get -y install tcpdump 14 | -------------------------------------------------------------------------------- /tasks/cks/mock/01/worker/files/solutions/02.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | ``` 6 | k get po -n team-xxx -o yaml | grep 'image:' | uniq | grep -v 'docker' 7 | ``` 8 | ``` 9 | k get no 10 | ssh {node 2 } 11 | 12 | ``` 13 | 14 | ``` 15 | # find all image with 'CRITICAL' 16 | trivy i {image} | grep 'CRITICAL' 17 | ``` 18 | ```` 19 | # exit to worker PC 20 | exit 21 | ```` 22 | ```` 23 | k get deployment -n team-xxx 24 | 25 | k get deployment {deployment1} -n team-xxx -o yaml | grep 'image:' 26 | 27 | # if deployment has CRITICAL image 28 | # k scale deployment {deployment_name} -n team-xxx --replicas 0 29 | ```` 30 | -------------------------------------------------------------------------------- /tasks/cks/mock/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/cks/mock/03/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/cks/mock/04/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/hr/mock/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = "10.2.0.0/16" 20 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 21 | az_ids = local.vars.locals.az_ids 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/ica/mock/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/ica/mock/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/cka/labs/08/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cka/labs/09/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cka/labs/10/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cks/labs/02/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | ssh {worker_node} 3 | sudo su 4 | mkdir -p /var/work/tests/artifacts/12/log 5 | ``` 6 | ``` 7 | sysdig --help 8 | sysdig --list 9 | sysdig --list | grep container 10 | sysdig --list | grep user 11 | sysdig --list | grep time 12 | sysdig --list | grep k8s 13 | 14 | ``` 15 | 16 | ``` 17 | sysdig -p"%evt.time,%container.id,%container.name,%user.name,%k8s.ns.name,%k8s.pod.name" container.image=docker.io/library/nginx:latest 18 | 19 | sysdig -p"%evt.time,%container.id,%container.name,%user.name,%k8s.ns.name,%k8s.pod.name" container.image=docker.io/library/nginx:latest>/var/work/tests/artifacts/12/log 20 | # wait 20 sec 21 | 22 | ``` 23 | -------------------------------------------------------------------------------- /tasks/cks/labs/26/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cks/labs/27/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cks/labs/28/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cks/labs/29/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cks/labs/30/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | source = "../../..//modules/vpc_v2/" 11 | } 12 | 13 | inputs = { 14 | region = local.vars.locals.region 15 | aws = local.vars.locals.aws 16 | prefix = local.vars.locals.prefix 17 | tags_common = local.vars.locals.tags 18 | app_name = "network" 19 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 20 | subnets = local.vars.locals.subnets 21 | enable_dns_hostnames="true" 22 | 23 | 24 | } 25 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/15.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | 6 | ``` 7 | #vim 15.yaml 8 | 9 | apiVersion: v1 10 | kind: Pod 11 | metadata: 12 | creationTimestamp: null 13 | labels: 14 | run: super-user-pod 15 | name: super-user-pod 16 | spec: 17 | containers: 18 | - command: 19 | - sleep 20 | - "4800" 21 | image: busybox:1.28 22 | name: super-user-pod 23 | resources: {} 24 | securityContext: 25 | capabilities: 26 | add: ["SYS_TIME"] 27 | 28 | dnsPolicy: ClusterFirst 29 | restartPolicy: Always 30 | status: {} 31 | 32 | ``` 33 | ```` 34 | k apply -f 15.yaml 35 | ```` 36 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/k8s-1/scripts/task6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: swordfish 6 | --- 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | metadata: 10 | creationTimestamp: null 11 | labels: 12 | app: sword-app 13 | name: sword-app 14 | namespace: swordfish 15 | spec: 16 | replicas: 1 17 | selector: 18 | matchLabels: 19 | app: sword-app 20 | strategy: {} 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | labels: 25 | app: sword-app 26 | spec: 27 | containers: 28 | - image: viktoruj/ping_pong:alpine 29 | name: app 30 | resources: {} 31 | status: {} 32 | -------------------------------------------------------------------------------- /tasks/lfcs/mock/01/worker-01/files/scripts/17_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mkdir -p /opt/17/results /opt/17/dir1 /opt/17/dir2 4 | 5 | for i in {1..100}; do 6 | if (( i != 50 )); then 7 | str=$(echo "$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 80 ; echo '')") 8 | echo $str >> /opt/17/file1 9 | echo $str >> /opt/17/file2 10 | else 11 | echo "This is the different line" >> /opt/17/file2 12 | fi 13 | done 14 | 15 | num_files=$(( RANDOM % 21 + 20 )) 16 | 17 | for ((i=1; i<=$num_files; i++)); do 18 | echo "Dummy file $i" >> /opt/17/dir1/file$i 19 | if (( RANDOM % 2 )); then 20 | cp "/opt/17/dir1/file$i" "/opt/17/dir2/file$i" 21 | fi 22 | done 23 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/worker/files/solutions/14.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | 4 | ``` 5 | 6 | ``` 7 | # vim 14.yaml 8 | 9 | apiVersion: v1 10 | kind: Pod 11 | metadata: 12 | creationTimestamp: null 13 | labels: 14 | run: redis-storage 15 | name: redis-storage 16 | spec: 17 | containers: 18 | - image: redis:alpine 19 | name: redis-storage 20 | volumeMounts: 21 | - mountPath: /data/redis 22 | name: data 23 | resources: {} 24 | dnsPolicy: ClusterFirst 25 | restartPolicy: Always 26 | volumes: 27 | - name: data 28 | emptyDir: 29 | sizeLimit: 500Mi 30 | status: {} 31 | 32 | ``` 33 | ``` 34 | k apply -f 14.yaml 35 | ``` 36 | -------------------------------------------------------------------------------- /terraform/modules/work_pc/ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ec2_instance_type" "master" { 2 | instance_type = var.work_pc.instance_type 3 | } 4 | 5 | locals { 6 | data_arch = join("", data.aws_ec2_instance_type.master.supported_architectures) 7 | arch = local.data_arch == "x86_64" ? "amd64" : local.data_arch 8 | } 9 | 10 | 11 | 12 | data "aws_ami" "master" { 13 | 14 | most_recent = true 15 | 16 | filter { 17 | name = "name" 18 | values = [ 19 | "ubuntu/images/hvm-ssd/ubuntu-*-${var.work_pc.ubuntu_version}-${local.arch}-server-*" 20 | ] 21 | } 22 | 23 | filter { 24 | name = "virtualization-type" 25 | values = ["hvm"] 26 | } 27 | 28 | owners = ["099720109477"] 29 | } 30 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v2/ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ec2_instance_type" "master" { 2 | instance_type = var.work_pc.instance_type 3 | } 4 | 5 | locals { 6 | data_arch = join("", data.aws_ec2_instance_type.master.supported_architectures) 7 | arch = local.data_arch == "x86_64" ? "amd64" : local.data_arch 8 | } 9 | 10 | 11 | 12 | data "aws_ami" "master" { 13 | 14 | most_recent = true 15 | 16 | filter { 17 | name = "name" 18 | values = [ 19 | "ubuntu/images/hvm-ssd/ubuntu-*-${var.work_pc.ubuntu_version}-${local.arch}-server-*" 20 | ] 21 | } 22 | 23 | filter { 24 | name = "virtualization-type" 25 | values = ["hvm"] 26 | } 27 | 28 | owners = ["099720109477"] 29 | } 30 | -------------------------------------------------------------------------------- /terraform/modules/work_pc_v3/ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ec2_instance_type" "master" { 2 | instance_type = var.work_pc.instance_type 3 | } 4 | 5 | locals { 6 | data_arch = join("", data.aws_ec2_instance_type.master.supported_architectures) 7 | arch = local.data_arch == "x86_64" ? "amd64" : local.data_arch 8 | } 9 | 10 | 11 | 12 | data "aws_ami" "master" { 13 | 14 | most_recent = true 15 | 16 | filter { 17 | name = "name" 18 | values = [ 19 | "ubuntu/images/hvm-ssd/ubuntu-*-${var.work_pc.ubuntu_version}-${local.arch}-server-*" 20 | ] 21 | } 22 | 23 | filter { 24 | name = "virtualization-type" 25 | values = ["hvm"] 26 | } 27 | 28 | owners = ["099720109477"] 29 | } 30 | -------------------------------------------------------------------------------- /terraform/modules/worker_lfcs/ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ec2_instance_type" "master" { 2 | instance_type = var.work_pc.instance_type 3 | } 4 | 5 | locals { 6 | data_arch = join("", data.aws_ec2_instance_type.master.supported_architectures) 7 | arch = local.data_arch == "x86_64" ? "amd64" : local.data_arch 8 | } 9 | 10 | 11 | 12 | data "aws_ami" "master" { 13 | 14 | most_recent = true 15 | 16 | filter { 17 | name = "name" 18 | values = [ 19 | "ubuntu/images/hvm-ssd/ubuntu-*-${var.work_pc.ubuntu_version}-${local.arch}-server-*" 20 | ] 21 | } 22 | 23 | filter { 24 | name = "virtualization-type" 25 | values = ["hvm"] 26 | } 27 | 28 | owners = ["099720109477"] 29 | } 30 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/worker/files/solutions/7.MD: -------------------------------------------------------------------------------- 1 | ``` 2 | kubectl config use-context cluster1-admin@cluster1 3 | ``` 4 | 5 | ``` 6 | k run web-srv --image viktoruj/ping_pong:latest --dry-run=client -o yaml > 7.yaml 7 | 8 | ``` 9 | 10 | ``` 11 | # vim 7.yaml 12 | 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | creationTimestamp: null 17 | labels: 18 | run: web-srv 19 | name: web-srv 20 | spec: 21 | containers: 22 | - image: viktoruj/ping_pong:latest 23 | name: app1 # change from web-srv to app1 24 | resources: {} 25 | dnsPolicy: ClusterFirst 26 | restartPolicy: Always 27 | status: {} 28 | 29 | 30 | ``` 31 | 32 | ``` 33 | k apply -f 7.yaml 34 | 35 | k get po web-srv 36 | 37 | ``` 38 | -------------------------------------------------------------------------------- /tasks/ckad/mock/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | # source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/vpc/?ref=task_01" 11 | source = "../../..//modules/vpc/" 12 | } 13 | 14 | inputs = { 15 | region = local.vars.locals.region 16 | aws = local.vars.locals.aws 17 | prefix = local.vars.locals.prefix 18 | tags_common = local.vars.locals.tags 19 | app_name = "network" 20 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 21 | az_ids = local.vars.locals.az_ids 22 | } 23 | -------------------------------------------------------------------------------- /tasks/ckad/mock/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | # source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/vpc/?ref=task_01" 11 | source = "../../..//modules/vpc/" 12 | } 13 | 14 | inputs = { 15 | region = local.vars.locals.region 16 | aws = local.vars.locals.aws 17 | prefix = local.vars.locals.prefix 18 | tags_common = local.vars.locals.tags 19 | app_name = "network" 20 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 21 | az_ids = local.vars.locals.az_ids 22 | } 23 | -------------------------------------------------------------------------------- /tasks/cka/labs/05/k8s-1/scripts/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " *** master node cka lab-5 k8s-1" 3 | export KUBECONFIG=/root/.kube/config 4 | 5 | # Installation of metrics server 6 | kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml 7 | kubectl -n kube-system patch deployment metrics-server --type=json \ 8 | -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]]' 9 | 10 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cka/labs/05/k8s-1/scripts/1.yaml 11 | sleep 10 12 | kubectl apply -f https://raw.githubusercontent.com/ViktorUJ/cks/master/tasks/cka/labs/05/k8s-1/scripts/app.yaml 13 | -------------------------------------------------------------------------------- /tasks/cka/mock/01/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | # source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/vpc/?ref=task_01" 11 | source = "../../..//modules/vpc/" 12 | } 13 | 14 | inputs = { 15 | region = local.vars.locals.region 16 | aws = local.vars.locals.aws 17 | prefix = local.vars.locals.prefix 18 | tags_common = local.vars.locals.tags 19 | app_name = "network" 20 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 21 | az_ids = local.vars.locals.az_ids 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/k8s-1/scripts/task6.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | creationTimestamp: null 5 | name: dev-2 6 | spec: {} 7 | status: {} 8 | --- 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | metadata: 12 | creationTimestamp: null 13 | labels: 14 | app: web-app 15 | name: web-app 16 | namespace: dev-2 17 | spec: 18 | replicas: 2 19 | selector: 20 | matchLabels: 21 | app: web-app 22 | strategy: {} 23 | template: 24 | metadata: 25 | creationTimestamp: null 26 | labels: 27 | app: web-app 28 | spec: 29 | containers: 30 | - image: viktoruj/ping_pong 31 | name: ping-pong-n6tc8 32 | resources: {} 33 | status: {} 34 | -------------------------------------------------------------------------------- /tasks/cka/mock/02/vpc/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | locals { 6 | vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) 7 | } 8 | 9 | terraform { 10 | # source = "git::git@github.com:ViktorUJ/cks.git//terraform/modules/vpc/?ref=task_01" 11 | source = "../../..//modules/vpc/" 12 | } 13 | 14 | inputs = { 15 | region = local.vars.locals.region 16 | aws = local.vars.locals.aws 17 | prefix = local.vars.locals.prefix 18 | tags_common = local.vars.locals.tags 19 | app_name = "network" 20 | vpc_default_cidr = local.vars.locals.vpc_default_cidr 21 | az_ids = local.vars.locals.az_ids 22 | 23 | } 24 | -------------------------------------------------------------------------------- /tasks/cks/labs/04/SOLUTION.MD: -------------------------------------------------------------------------------- 1 | https://kubernetes.io/docs/tutorials/security/ns-level-pss/ 2 | 3 | ``` 4 | k get ns team-red --show-labels 5 | 6 | kubectl label --overwrite ns team-red pod-security.kubernetes.io/enforce=baseline 7 | 8 | k get ns team-red --show-labels 9 | ``` 10 | 11 | ``` 12 | k get po -n team-red 13 | # delete all pods in ns team-red 14 | 15 | k delete po {pod_names} -n team-red --force 16 | ``` 17 | 18 | ``` 19 | k get po -n team-red 20 | 21 | # No resources found in team-red namespace. 22 | 23 | ``` 24 | 25 | ``` 26 | k events replicasets.apps -n team-red 27 | mkdir /var/work/tests/artifacts/4/ -p 28 | k events replicasets.apps -n team-red >/var/work/tests/artifacts/4/events.log 29 | ``` 30 | --------------------------------------------------------------------------------