Skip to content

Kubernetes Lab📜

Lab Overview📜

In this lab we will interact with our kubernetes cluster by creating a namespace, and a pod. Next will use
kubectl port-forward to create a network connection from our laptop to the pod running in the cluster.

Kubectl Basics📜


sshuttle is expected to be running in a background
sshuttle -vr bastion --dns --ssh-cmd 'ssh -i ~/.ssh/bb-onboarding-attendees.ssh.privatekey'

Add kubectl completion📜

Typing kubectl gets old, everyone uses a shortcuts published in the kubernetes docs bash-completion package should be installed first

echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.
echo "alias k=kubectl" >> ~/.bashrc
echo "complete -F __start_kubectl k" >> ~/.bashrc
source ~/.bashrc

Now you can use k instead of typing kubectl and after typing 3-4 letters of the command use tab key to complete command
Test completion works:

k get dep  # <----- press tab, the word `deployments.apps` should fill in

Updating Bash on macOS📜


Completion may fail with this error on macOS:

-bash: completion: function `__start_kubectl' not found

This happens because macOS ships with Bash 3.2, and tab completion for kubectl requires a minimum Bash version of 4.1, first released in 2009. If this happens, switch to a new version of Bash.

brew install bash
echo /usr/local/bin/bash | sudo tee -a /etc/shells
chsh -s /usr/local/bin/bash

Then either close your terminal and open a new one, or run exec /usr/local/bin/bash -il if you want to stay in your existing terminal.

Creating a Pod📜

  1. Now that we have access to the kubernetes cluster let’s deploy something

    kubectl create namespace refresher
    kubectl get namespaces
    kubectl get ns
  2. Quick exercise to build some background docker knowledge:

Note is an implicit default that gets put in front of images so iahmad/ubi8-nginx-high-port:8.1 is actually

Try running in terminal:

    docker pull
    # Downloading...

    # Then
    docker pull iahmad/ubi8-nginx-high-port:8.1
    # ... Image is up to date ...
    # (This knowledge will be important for future Open Policy Agent Image Registry Filtering Constraints)

  1. Create a folder to work in:

    mkdir -p ~/day1refresher
    cd ~/day1refresher
  2. Copy and paste the contents into a file

    apiVersion: v1
    kind: Pod
      name: simple-nginx-app
      namespace: refresher
      - name: simple-nginx-app
        image: iahmad/ubi8-nginx-high-port:8.1
        - containerPort: 7000 # This correlates to the port in the nginx.conf
    vi pod.yml
    # Press i for insert mode, then Paste
    # escape : qw! Enter to save
    cat pod.yml
    # Verify the file saved correctly/looks right
  3. Run the following command to deploy the pod into the cluster

    kubectl apply -f pod.yml
  4. Validate the pod deployed correctly

    kubectl get pods -n refresher

    RECORD your pod-name

  5. Open another terminal and run the following command:

    kubectl port-forward <your-pod-name> 8080:7000 --namespace=refresher
    # the 8080:7000 in the command means your laptop's
    # localhost:8080 --redirects to--> pod's port 7000


The above command will not return you to your terminal prompt, until you ctrl+c

  1. In a new terminal window: Use the curl command to reach the following URL from your Laptop:

    curl localhost:8080


kubectl port-forward will crash after ~1-3 minutes, so if you’re slow on the above command you may need to rerun the port forward

  1. Once you’ve been able to hit your application delete your pod

    # You can go back to the original terminal that was running the kubectl port-forward command and use Ctrl + C to break out of it.
    cd ~/day1refresher
    kubectl delete -f pod.yml

Lab Summary📜

  • You have been able to create a pod that deploys an instance of a nginx container inside your pod.

  • You also used the kubectl port-forward command, a debug tool, to open a port on your server to a port on the nginx pod in the cluster.

  • You then used this tunnel to send a curl command to the pod and validate your pod is up and running, and accepting traffic over this tunnel.