VPN Uname | SSH Host | SSH Uname | GCP Uname. | Password |
demo1 | | root | user1@threepings.com | C1sco12345! |
demo2 | | root | user2@threepings.com | C1sco12345! |
demo3 | | root | user3@threepings.com | C1sco12345! |
demo4 | | root | user4@threepings.com | C1sco12345! |
demo5 | | root | user5@threepings.com | C1sco12345! |
demo6 | | root | user6@threepings.com | C1sco12345! |
demo7 | | root | user7@threepings.com | C1sco12345! |
demo8 | | root | user8@threepings.com | C1sco12345! |
demo9 | | root | user9@threepings.com | C1sco12345! |
demo10 | | root | user10@threepings.com | C1sco12345! |
demo11 | | root | user11@threepings.com | C1sco12345! |
demo12 | | root | user12@threepings.com | C1sco12345! |
demo13 | | root | user13@threepings.com | C1sco12345! |
demo14 | | root | user14@threepings.com | C1sco12345! |
demo15 | | root | user15@threepings.com | C1sco12345! |
demo16 | | root | user16@threepings.com | C1sco12345! |
demo17 | | root | user17@threepings.com | C1sco12345! |
demo18 | | root | user18@threepings.com | C1sco12345! |
demo19 | | root | user19@threepings.com | C1sco12345! |
demo20 | | root | user20@threepings.com | C1sco12345! |
demo21 | | root | user21@threepings.com | C1sco12345! |
demo22 | | root | user22@threepings.com | C1sco12345! |
demo23 | | root | user23@threepings.com | C1sco12345! |
demo24 | | root | user24@threepings.com | C1sco12345! |
demo25 | | root | user25@threepings.com | C1sco12345! |
The lab leverages a Cisco Field Lab in the DMZ. We will leverage the Cisco Anyconnect Client to access this lab.
Open your Cisco Anyconnect Client
For MAC users running Catalina. Mac Security Policies have been enhanced. See below: https://support.apple.com/en-us/HT210176
To work around this please do the following:
cd /opt/cisco/AnyConnect
sudo nano AnyConnectLocalPolicy.xml
- Edit ExcludeMacNativeCertStore to "true"
^X (control X to exit) press Y to indicate that you want to save press enter to accept the existing name
Quit anyconnect and re-launch
- ssh to the IP Address you were provided
- Use the user credentials you were provided.
Open a web browser and browse to https://console.cloud.google.com/
- Use the credentials above.
- You MAY see a screen prompt you for a phone number. Please enter you cell phone number. When the text comes to your cell phone, enter it.
If it is not:
Click the 3 lines in the upper left to expand the menu.
After the user cluster has been deployed it is automatically registered to GCP. This can be seen in the dashboard by navigating to "Clusters" under "Kubernetes Engine".
We need to login from our dashboard to that cluster that is on-prem.
Do the following:
From your SSH Host
mkdir <:wq username> cd <name of user> ls -l export KUBECONFIG=~/<SUBSTITUTE USER CLUSTER FILE NAME>
The Example above shows the "user cluster file name" as "user1-kubeconfig"
The command for this example would be:
export KUBECONFIG=~/user1-kubeconfig
This sets the KUBECONFIG Environment Variable
export KSA_NAME=gke-connect-admin kubectl create serviceaccount $KSA_NAME kubectl create clusterrolebinding $KSA_NAME --clusterrole cluster-admin - serviceaccount=default:$KSA_NAME TOKEN_SECRET=`kubectl get serviceaccounts $KSA_NAME -o yaml | \ grep $KSA_NAME-token | awk -F": " '{print $2}'` echo `kubectl get secret $TOKEN_SECRET -o yaml | grep "token:" | awk -F": " '{print $2}' | base64 -d`
- Copy the token that is presented back.
- On your SSH Host
- Set the kubeconfig file for the
Apply the Persistant Volume Claim
kubectl apply -f 01-message-board-pvc.yaml kubectl get pvc
Apply the Message Board yaml file
kubectl apply -f 02-message-board.yaml
Get the Service IP
kubectl get svc
Notice the Port Number
Web to the IP on port 80
- Select "Signup"
- Provide the requested info (this is dummiy info for demo purposes only)
- Sign in using the credentials you provided
- Create a few messages to fill in the database.
Apply the new version of the messageboard
What happened?
- Notice the messages stayed.
- Why?
Please run the following commands to clean up your pod for the next session
kubectl delete -f 05-mb-pod.yaml kubectl delete -f 04-mb-pvc.yaml kubectl delete -f 03-nginx-svc.yaml
In your GCP Dashboard do the following: *