├── .gitignore ├── README.md ├── challenges └── ImagePolicyWebhook │ ├── admission_config.yaml │ ├── apiserver-client-cert.pem │ ├── apiserver-client-key.pem │ ├── external-cert.pem │ ├── external-key.pem │ └── kubeconf └── cluster-setup └── latest ├── install_controlplane.sh └── install_node.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes CKS Challenge Series 2 | 3 | [THIS SERIES MOVED TO KILLERCODA](https://killercoda.com/killer-shell-cks) 4 | 5 | 6 | [click here to access the legacy challenges on Medium](https://killer.sh/r?d=cks-series) 7 | 8 | 9 | by [killer.sh](https://killer.sh) 10 | -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/admission_config.yaml: -------------------------------------------------------------------------------- 1 | # challenge: create this file 2 | -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/apiserver-client-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDGDCCAgCgAwIBAgITRRSRf+ctQj9YO8ZK8cFXdeU75DANBgkqhkiG9w0BAQsF 3 | ADAcMRowGAYDVQQDDBFib3VuY2VyLmxvY2FsLmxhbjAeFw0yMDEwMzEwOTUxMTNa 4 | Fw0yMDExMzAwOTUxMTNaMBwxGjAYBgNVBAMMEWJvdW5jZXIubG9jYWwubGFuMIIB 5 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfKtOY/2mszPovJ3emsuPudz 6 | RqKMXQ4KDgQOdkQIltxsyoLjwOq96vhUUOPqZxx5UoUtVEKo/ada3re/ibF8aXBY 7 | bBlbpyGmLIyHOeZG1rzu58wRLRyYBKiOiHg25KCG5+itaHZTKeMQFoWZTJtSbBUF 8 | UCJcf/B33qP2aUvYX9mKR59KcPmFZ+3unJ24hQ0lsgDDdfvWEYjfE8JCbmU5n+zF 9 | pzIsRF9pPpg2WonjIRS+CZU08yUggNz9cesB2D0LqbxSeslpIe1hguN+zWCe9FUq 10 | BzxEaX5140Ls6oZ0wstV0lDODdGtuE+4AD7vOvASK7/9TusOH39q4z/R8OFz6wID 11 | AQABo1MwUTAdBgNVHQ4EFgQU1FLcD6xjFWKm1dWnDdR08LF5t4owHwYDVR0jBBgw 12 | FoAU1FLcD6xjFWKm1dWnDdR08LF5t4owDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 13 | 9w0BAQsFAAOCAQEAc8psO+1tBy1KfD9/+EEmb8LbZfAKXMLbfL9/pRIGdt1oiDSR 14 | OUZqmU0yja1O15Fh4AWw+h3oOxjvurP14RkH/KCL6KGj0JGWqUDcUqUa6DH7JiJu 15 | VzGMJXESXmwFZYyfkO/86cI3MLyNu+nV7NcJzQlPofGgi1Hr8wCgTGAYNbet1FOp 16 | ABiT28TELBpTT39U3kB2aZ/0qfUsoYjrouaJFTEroL6LSiuutksdoE1wmDp7rLRW 17 | qOkCOlU3mnSIRESbOn1MPLLzXWNM8P0BOK9MlK4yL27/ytgyWm/ETlg2/z/LtTjw 18 | FVWJRdIudJBc7gGBMeiSIeAESpOSQdr07t+8YA== 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/apiserver-client-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDB8q05j/aazM+i 3 | 8nd6ay4+53NGooxdDgoOBA52RAiW3GzKguPA6r3q+FRQ4+pnHHlShS1UQqj9p1re 4 | t7+JsXxpcFhsGVunIaYsjIc55kbWvO7nzBEtHJgEqI6IeDbkoIbn6K1odlMp4xAW 5 | hZlMm1JsFQVQIlx/8Hfeo/ZpS9hf2YpHn0pw+YVn7e6cnbiFDSWyAMN1+9YRiN8T 6 | wkJuZTmf7MWnMixEX2k+mDZaieMhFL4JlTTzJSCA3P1x6wHYPQupvFJ6yWkh7WGC 7 | 437NYJ70VSoHPERpfnXjQuzqhnTCy1XSUM4N0a24T7gAPu868BIrv/1O6w4ff2rj 8 | P9Hw4XPrAgMBAAECggEAKpgaVQ758MtUOowXk0ogsO3x0ix2uSURLjzT1ENiw4cL 9 | WXpffInRRd5d3hn/679EIcxfxSaSqIptmYYvSZUyJpHmyW7UQyNPtG70b9HT8usx 10 | aLTXfNnPxQ4jp3MHUzSyDBJ8qvl5kDRu3xNeNIXUFyqSrSOuvuZX3QyTXFKs5Xem 11 | PDKJ9q7XjNV/F9Ak18UicEWHk+THJTLF6KC1qDCqc/i6eXj7J1x9rs5uT2mOkUeC 12 | thd6j8e32ERZ9ZANHhMYaEWh2c8smPQpI7WiAIlEiOYt7NLcAHd9UK8M6Sw8x77F 13 | szvG/G0vEM8k3qjnv6+LxE5eTWPyXlTR+bORoIZYIQKBgQDpn0uXjTVkEHKks2N9 14 | XTmvHhXJAezVr+XyOGNlOACflJ+rJu/oLS+ZVMBiv2age8/W99cz3UhPqWEzepBS 15 | 0PvIABoRBdgn13XUsUuPmQ7ves6xE8X8B1cwbw8CnVg8fBs8RVt2UnYV5MvqWDhN 16 | 0c8V3yAgctmRTcLZ0tf2EgZ2+wKBgQDUhoTbi6fYfootYEkbTTanhNFZzIEQrJcB 17 | pGG5AEfrKBypxF9ssN4nZkrro2SbptnK/dqFpJyGSAPHp9ArMXDH85bMjnu3Ef/Y 18 | hSI6naU+q5TUSMUCMT/x6HLHmKC/WLansxoMy0YLgl6VApShSx4vXeSGeatcukXf 19 | VTYxfiIj0QKBgQC76zJ22VMVBlXxPYrNkGuR/PUxFqdWy4J/b/QjuwRlWLuGhG99 20 | prse7xlBVQxMEst/8yPbyCceTPSu3+uvcgLVQZ+2CalxgtJ5H5PUEh39bB9OOMWM 21 | kKsFfo/oXoBXRszxkiib6ICr47pS6lt/3UBiK3RAJaH0S0RsyjiE6sLgeQKBgDvx 22 | mUWndXct8eFsmBI4TCMh5j6y3PCMDaer6thYiPB+Bt+ngNbSaEaqppUiJ/1zKVkF 23 | Ev7A+FkztMU6ww97yXjMbwtRYPm4/PXgT1BDKNmtYbQitlaw931O+BjuJuDxr8tL 24 | TByxtRcH9Y+IA84etuvbStrXNItaCt08VqXNEuoRAoGAY4adOhNppw960sgMbasr 25 | z3jDs7/uoO9mhgKNAthNPtIEBkjPyFEp926iqiDkO4sr20QC30smY6vhwH6hfHsW 26 | J9KKcb6ghzkA+5FZbp9i0cpKBz91lx+qaEarKmid59jp1Qa66SiIDdMIYrUDfPWx 27 | hfBaRj6zF8ABh5H5AH37nUA= 28 | -----END PRIVATE KEY----- -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/external-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDFzCCAf+gAwIBAgIUaRt+PAzRXodqMXEF5sbPyb6nV10wDQYJKoZIhvcNAQEL 3 | BQAwGzEZMBcGA1UEAwwQZXh0ZXJuYWwtc2VydmljZTAeFw0yMDEwMzExMDUxNDda 4 | Fw0yMDExMzAxMDUxNDdaMBsxGTAXBgNVBAMMEGV4dGVybmFsLXNlcnZpY2UwggEi 5 | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsDTI216EC4/cjDb5SEVYifJ3D 6 | VbV3fgg/LLAAEk/7UmRRX8aVe8ckaF6lEWRmwwUmZzuKigfQS3CDYPbBVhfmQHW5 7 | nfKEOfbhVdrX3UXChLPd8x79WUWq/zQ4gGgjhob1989BughNOlut8JxyBf7n1Kxm 8 | qa+RVtSH9ywaw4I14OUjEEl/d1TofjKlDuGPfS87S+wKhliKUgCKHxbaFlWd3rNP 9 | oOonY09Bm6f/bPxn6P6m3n7MtRvdRWnTAeDAvCpSIt0Q8qRY/3fpg3gROvBC17eh 10 | 2l6aD43BfiPG/YIW3E9seYDNBv9T8ah7h+zLQnBrJiSvBvYKv9nhSRlqCnyNAgMB 11 | AAGjUzBRMB0GA1UdDgQWBBRuzRw1Y5BO03wGeIv6qdYA/F2ZRDAfBgNVHSMEGDAW 12 | gBRuzRw1Y5BO03wGeIv6qdYA/F2ZRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 13 | DQEBCwUAA4IBAQAgAngjNhpInyOZCmVflgKYXgPcniAmG1Ow7qELTzKFE6afdSy+ 14 | IQk5bQCYiuDbN7tA0pvKdrqiXUNBpikNGUFYrdWDf4oQxdo2CP/wcfDrC8Y6AKLq 15 | m8+RaFs5iosV6+ZWwJdawSGuqxLOTLcD83xM1goU919IhwntGFYepthHjbtkg+2X 16 | 3Ydhz21afrkXZYFQBXKKvzebK0mYWeIgVeqDR4zL0uRQmL1TCxIhokDhcGxHDOyZ 17 | 82BomsT2mg2APXtCCGZ+dCd1pnNoYRunCn2ZXzTSvdfc7kzWMPe4fN8tBwLVK7+/ 18 | vL1/34t0+adU3beD/3RUKDxD6gjTB6qe3fn0 19 | -----END CERTIFICATE----- 20 | ~ -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/external-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsDTI216EC4/cj 3 | Db5SEVYifJ3DVbV3fgg/LLAAEk/7UmRRX8aVe8ckaF6lEWRmwwUmZzuKigfQS3CD 4 | YPbBVhfmQHW5nfKEOfbhVdrX3UXChLPd8x79WUWq/zQ4gGgjhob1989BughNOlut 5 | 8JxyBf7n1Kxmqa+RVtSH9ywaw4I14OUjEEl/d1TofjKlDuGPfS87S+wKhliKUgCK 6 | HxbaFlWd3rNPoOonY09Bm6f/bPxn6P6m3n7MtRvdRWnTAeDAvCpSIt0Q8qRY/3fp 7 | g3gROvBC17eh2l6aD43BfiPG/YIW3E9seYDNBv9T8ah7h+zLQnBrJiSvBvYKv9nh 8 | SRlqCnyNAgMBAAECggEAE8gEoPeTxJBPRtF6s1bY72gif2XoUk/ERPcvWSLB3WRw 9 | skZvv5oWoGH7l8DzKTl86xhtaRVLprA1xHUuibYLU2bP4kJ9sqQzdV74pV8EeUPm 10 | pjsgsgJEl092QpTI5GTAOaF/S9BGyhJOniYO5rE3yJHULI2P6QbxspxBjuYxn14G 11 | 1BuVa85TPGwALlwkRlHWz5K3K/p6jSVQFYg77YOJK9kgE4Ht7YM6bsUucKnTVaqV 12 | +YNfoL9UG3CBXwgj/vi1JaJPpxduUz3Vt01Cv1KbdNLGgaopZ7X8qrWCKaYtSlRy 13 | CdRjcfHhUgFFTqJRb19L1ZRSN36ix5Mk27oZnam5QQKBgQDXHVY0eBxjzqt2swHw 14 | 7xb+FDKHKcN15oJ6hfKmZQKm4G5HsH6LkUQpQXdZRN0qVimLJOXV5+n7BabzajC4 15 | pUb8/B3YnaTgDL5V881chUaHws+U0WwtZd6a4JKY3QO9GnG3Ht3pTaduK3qxw2+Y 16 | q3e/6laNIoiOfabMO5LvHqfTUQKBgQDMwJL+QJyC/0fkiHrcXKZMSNos90OzHzYv 17 | /1aezrh4kjaQXF+lK8Z54mSdWgfJHgP04VxWQ1ATmZgdnXXmQqQGOCyWmKOkESID 18 | YLuTbIQYVsdNB6aWhWCrpNAPt07GxPp/5mC89d3GOwdhRGxypOFPRYUGNf+8uAK3 19 | l/QFirPufQKBgC+T1oAuXKEakcPkHbbLOruhffd1Hj0SaaNtwthYmPiNxPZoK+T0 20 | kS3Kw/njiEMX4YJb+9WOwKp7eox13SbJr2S+4l8JpvDDAMoD7VTcSVg3ly/kDdgQ 21 | ouaAawwSPgRyN9p3oj86pKByT2XHwwPyUL8Ktm/qxmc1lVGwj3QBxL6xAoGBAK6p 22 | sDsYHutYnZmEG1qT5oC4vPUS0Tuh6nWzWc8LBS5FfCpVwnmCCEO9LptUS8PyyOlC 23 | vaQQs+SkZ7ELu6F7Q7TSgqbM+vtgaiV7hUfTkDO7AzTgy+knSjnh1GMzug2xxwcI 24 | HYnUKyWJAVimJ+T8Zf9bjIip08jHJ/o5s75ufeN5AoGBAL+vf85J4+8jjxDDFIFl 25 | Wq3tmUkDXqdn2kHpbUkZycuqveKjBr/fqM9vvY0sKLlzQpcVblgtVMXQJqKgQXfR 26 | oqYnTRMvDoW+ZWAE12sv2ga6Zs/zde800XlHdqggX0cE/OdeK0hUz7BkmaGmDkNQ 27 | KMJ1t5WbE93W0XmnT2a3ydDX 28 | -----END PRIVATE KEY----- -------------------------------------------------------------------------------- /challenges/ImagePolicyWebhook/kubeconf: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | 4 | # clusters refers to the remote service. 5 | clusters: 6 | - cluster: 7 | certificate-authority: /etc/kubernetes/admission/external-cert.pem # CA for verifying the remote service. 8 | server: https://external-service:1234/check-image # URL of remote service to query. Must use 'https'. 9 | name: image-checker 10 | 11 | contexts: 12 | - context: 13 | cluster: image-checker 14 | user: api-server 15 | name: image-checker 16 | current-context: image-checker 17 | preferences: {} 18 | 19 | # users refers to the API server's webhook configuration. 20 | users: 21 | - name: api-server 22 | user: 23 | client-certificate: /etc/kubernetes/admission/apiserver-client-cert.pem # cert for the webhook admission controller to use 24 | client-key: /etc/kubernetes/admission/apiserver-client-key.pem # key matching the cert 25 | -------------------------------------------------------------------------------- /cluster-setup/latest/install_controlplane.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Source: http://kubernetes.io/docs/getting-started-guides/kubeadm/ 4 | 5 | ### setup terminal 6 | apt-get install -y bash-completion binutils 7 | echo 'colorscheme ron' >> ~/.vimrc 8 | echo 'set tabstop=2' >> ~/.vimrc 9 | echo 'set shiftwidth=2' >> ~/.vimrc 10 | echo 'set expandtab' >> ~/.vimrc 11 | echo 'source <(kubectl completion bash)' >> ~/.bashrc 12 | echo 'alias k=kubectl' >> ~/.bashrc 13 | echo 'alias c=clear' >> ~/.bashrc 14 | echo 'complete -F __start_kubectl k' >> ~/.bashrc 15 | sed -i '1s/^/force_color_prompt=yes\n/' ~/.bashrc 16 | 17 | 18 | ### install k8s and docker 19 | apt-get remove -y docker.io kubelet kubeadm kubectl kubernetes-cni 20 | apt-get autoremove -y 21 | apt-get install -y etcd-client vim build-essential 22 | 23 | systemctl daemon-reload 24 | curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - 25 | cat < /etc/apt/sources.list.d/kubernetes.list 26 | deb http://apt.kubernetes.io/ kubernetes-xenial main 27 | EOF 28 | KUBE_VERSION=1.21.0 29 | apt-get update 30 | apt-get install -y docker.io kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=0.8.7-00 31 | 32 | cat > /etc/docker/daemon.json <> ~/.vimrc 8 | echo 'set tabstop=2' >> ~/.vimrc 9 | echo 'set shiftwidth=2' >> ~/.vimrc 10 | echo 'set expandtab' >> ~/.vimrc 11 | echo 'source <(kubectl completion bash)' >> ~/.bashrc 12 | echo 'alias k=kubectl' >> ~/.bashrc 13 | echo 'alias c=clear' >> ~/.bashrc 14 | echo 'complete -F __start_kubectl k' >> ~/.bashrc 15 | sed -i '1s/^/force_color_prompt=yes\n/' ~/.bashrc 16 | 17 | 18 | ### install k8s and docker 19 | apt-get remove -y docker.io kubelet kubeadm kubectl kubernetes-cni 20 | apt-get autoremove -y 21 | apt-get install -y etcd-client vim build-essential 22 | 23 | systemctl daemon-reload 24 | curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - 25 | cat < /etc/apt/sources.list.d/kubernetes.list 26 | deb http://apt.kubernetes.io/ kubernetes-xenial main 27 | EOF 28 | KUBE_VERSION=1.21.0 29 | apt-get update 30 | apt-get install -y docker.io kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=0.8.7-00 31 | 32 | cat > /etc/docker/daemon.json <