📦
secure-kubernetes-development
  • README
  • Setup
    • Requirements and Setup
      • Setup Google GKE
  • Linux Security Basics
    • Linux & Container Basics
  • Application Security
    • Sample Spring Boot Application
  • Container Security
    • Root Container
    • Rootless Container
    • Rootless Container with JIB
    • Rootless Container with Paketo
  • Kubernetes Security
    • Initial Unsafe K8s Deployment
    • Safe K8s Deployment with Pod Security Context
    • Safe K8s Deployment with Pod Security Admission
    • Safe K8s Deployment with Open Policy Agent
  • Further Resources
    • Kubernetes Authorization (RBAC)
    • Helpful Tools for Container & K8s Security
    • List of Further Resources
Powered by GitBook
On this page
  • Java JDK
  • Kubernetes
  • Local
  • Managed Kubernetes Cluster

Was this helpful?

  1. Setup

Requirements and Setup

PreviousREADMENextSetup Google GKE

Last updated 2 years ago

Was this helpful?

Java JDK

You need a Java JDK version 17 or higher

Kubernetes

In general, you should be able to run all demos on current Kubernetes cluster versions at least supporting pod security contexts. For supporting Pod Security Admission you need at least Kubernetes version 1.23.

Local

For local Kubernetes provisioning you may use one of the following:

  • that runs on Linux systems (without using a VM)

  • as a cross-platform solution running on Linux, macOS, and Windows.

  • for Windows, macOS and Linux (needs Licensing for commercial use)

  • for Windows, macOS and Linux (free alternative for Docker Desktop)

For installation just follow the instructions on the or web sites.

Minikube

To start Minikube just type:

minikube start

If you want to use local images to be deployed to minikube then you need to point the docker registry to the one inside minikube.

eval $(minikube docker-env)

With a docker ps command you can check if you are using the intended docker registry.

docker ps

You can stop Minikube again using:

minikube stop

K3s

For Linux users the easiest way to provision a Kubernetes locally is done as follows:

curl -sfL https://get.k3s.io | sh -

After waiting for a short time (takes maybe about 30 seconds) you have a Kubernetes cluster ready to use. Just try this to make sure it works:

sudo k3s kubectl get nodes

Unfortunately as of now this requires root privileges. Currently, K3s provides Rootless support only as an experimental feature.

To stop the Kubernetes server just type:

k3s-killall.sh

To stop it and get rid of the installation just type:

k3s-uninstall.sh

Managed Kubernetes Cluster

To use all features of an enterprise grade Kubernetes cluster you have to go into the cloud and use one of the well-known providers:

Google GKE

To use the scripts you must have the Google cloud cli installed and be logged in to GCP.

gcloud auth login
gcloud config set project [project]

Please update the provided scripts according to your google cloud project and the target zone you want to use before executing these!

For full details please consult the

Microsoft Azure with

Amazon AWS with

Google Cloud with

The directory contains scripts to create a kubernetes cluster on Google cloud GKE. There is also a script to update the cluster to enable pod security policy.

K3s
Minikube
Docker Desktop
Rancher Desktop
K3s
Minikube
minikube docs
AKS
EKS
GKE
gke-provisioning