Ganguri Rakesh

My name is. I have total 6 years of experience in ports and automation, like how to shape those containers using Kubernetes, and troubleshooting the issues, and also networking concepts like connecting two ports within a different network using networking concepts and networking policies in Kubernetes. And I have experience in complementing Kubernetes, handling the controlling manager for shipping in the ports. So all these, I have experience in creating Kubernetes cluster activities in both infrastructure, AKS, and EKS. In easy Kubernetes, infrastructure as a cloud, I create using Terraform scripts. So using Terraform, I have created IIS platforms into upgrading the infrastructure as you backup what's new to your environment, and also maintaining infrastructure, creating different services, handling the entire environment using Terraform, using condition statements and Terraform state files when managing the locking the state file in different folders so that only single users can access it. We've been doing all this stuff with the given tools. These are my overall experiences with my voice and response for this. Thank you.

I like to integrate Kubernetes with the IAS using Terraform. First of all, we have to create a main.tf file and also, how to integrate with the Terraform state files. And first of all, variables we have to create, and we have to call those variables inside the.tf file. So, like, local rtf, we have to call, like, a provision, and also local.df. So local.df, we have to mention the data that is present inside the services. Only created services, we have to integrate those services with that Terraform script. First of all, we have to mention the Terraform script in the root directory, and we have to call it parent directory using the modules. For modules, like, we can create a telephone script and, like, version, we have to create the version of Terraform that we have to use inside the account. So, like this, we can integrate whatever the script we have to return with the IAS, like, Kubernet and it is whatever the cluster we have created, that we can integrate with the Terraform script. So, that we'll have to access the permission for the RBAC room-based access control. So then, like, they have to forward the user's permission, like, both for particular AKS cluster, whatever the cluster we have to forward. So for that, we have to forward the RBAC rule, like, read access, write access, and execute access for particular service in the Azure RBAC role permissions we have to provide and also, like, the subscription user permissions. This one, we have to provide inside the IT manager for that particular role.

Security, we can go for a serial firewall. A serial firewall can create a network with the Kubernetes cluster, using network policy. So, we have to mention a port IP address. To which port it has to be connected using the network identity we've mentioned, such as Crino network and Flannel network. Inside the Flannel network, part-to-part communication between different nodes has to be mentioned so that port communication between one network and another network can be communicated. So, what are the services that the application hits from outside the network? There has to be a connection between one port and another port between different nodes. Like this, communication between different network policies and portable communication within the CNN overlay under the network has been done. Using the network, we can configure port-to-port communication between different networks. Like, whatever the Flannel network configuration has been done, that has to be integrated. It will act as a choke point to access the private cloud and access the CIDR or block, whatever the block has been provided, that has to be integrated within the different subnets of the ports. So, that I can integrate port-to-port communication. Like, this, different networks can implement port-to-port access, also known as RDAC access. We can provide different access to different users. So, whatever the access we have provided, we can conclude access to that particular role also. We can restrict access. We can analyze access to a particular role.

One second. K. A port, like, we have different ports, such as stateless, stateful set, and load balancing props. Different parts, we can have, like, deployments. So while creating deployments, like, when the port has been created and also the readiness probe has been created. So in the power, I've seen there's been control, like, control manager, and master to the latest cluster. So the master component will control the power, in which node it has to be deployed and what are the state files, like, other state files are having and the port is ready or not, the readiness of the port. So we have to mention, like, the pod is ready state means, we have to mention, for this delay seconds, we have to mention particular seconds. So after those seconds only the port will be restarting. So the condition should be mentioned here, like, to start the port after such condition has been satisfied or not. So, like, this, we have to mention the port like readiness and liveness. So mention the port like liveness code means, like, you can mention the port that has to be immediately in live condition, that it should be restarted that it should be started in particular condition. Immediately, it has to be started using, like, the same containers. Like, you can use the same containers as per particular form. The logs have been generated. The cache will distribute into particular location volumes into the particular location of the path what has been provided. So that logs have to display. We have to mention the script transcript you have to display. So after executing that port, like, we can check the logs have been generated, whatever the last day of the logs or last particular time of the logs have been generated using that, condition, like, what do you call, like, sidecar containers, we have to mention inside that port. So these are the different ports and life cycles that have to be integrated with the given address.

I have not worked mostly on Tanjoo Kubernetes on EKS. So, I have an idea about that Kubernetes, the Tanjoo, which has to be deployed whenever using the post configuration without a headless of a particular Kubernetes cluster. That means, without connecting to the IP address. We can only connect using the host. The IP address assigned is not displayed. Only the backend is connected to the host. The load balancer, which we have connected with the service, is integrated with the backend with an IP address that is not displayed. So, only the host configuration, the part we mentioned using the URL that has been displayed to the client or user. Using that client and that URL, the user can log in to the application. And for that, thank you, given it is to deploy into an AKS cluster.

CCD by then, we have to include first stages to get the source code from the repository in a particular branch. After that, we have to build the code for that. In the code, we have the Dockerfile. So for that, the second stage is to build the code using the Dockerfile, and with that, an image has been created. And next stage is to push that code into the container registry. Container registry has concepts like private and public repositories. So we have to give permissions to access the image from that particular repository into our local. We have to give permission to the private repository to get access to that image, so after giving permissions, we have to deploy. At the deploy stage, we have to deploy into the Kubernetes cluster. So we have to provide access to the Kubernetes cluster using a config file. So using that config file location, we have to configure and write the manifest file for deployment. The YAML file in that image has to be the repository name. From that, it has to be deployed, and also, we have to create a service, such as an Ingress Load Balancer or other Cluster IP to connect internally using the Cluster IP only, which will be exposed to our website. We can use the English load balancer as a host path configuration. And we have to apply those manifest files by creating them and creating the deployment activity. So, this entire setup, the CICD pipeline, we have to use for a Kubernetes cluster from a Dockerfile. And using the load balancer, the host, whatever, the client hits the URL, so that the application will get access to the particular user. These are the stages of a Kubernetes cluster for deployment activity.

Using a hand chart, we have to suppose we have to deploy different environments at the same time, which will create a fraud environment at the same time using the hand chart. And also, we can customize the values file, such as deployments or database. So, for a 3-tier application, we want to deploy the front end, back end, and middleware applications. At the time, we have to deploy them at the same time. So, not to integrate them, we can create hand charts and dependencies of hand charts. So, you can use a parent hand chart and a child hand chart. So, all the hand charts, whatever the 3 types of hand charts suppose, for example, the front end application, back end application, and middleware applications. So, the entire application like these 3, we can have to deploy into the production, dev, QA, and. So, at a single shot, we can deploy using the hand charts. So, these are the dependencies like chart-dot-yml and values-dot-yml. In chart-dot-yml, you have to represent the applications that we have deployed inside that particular end chart. So, like that, we have to mention as a dependency there in the chart-dot-yml. And while you start yml, you can customize, whatever the things we have to request and the database. And we can use secrets for dependencies of database, whatever the connect to particular application server. A country map, you can use. Large different events, and also PC question volumes can be claimed. You can represent, as per our requirement, as per product requirement. So, like this, we can use the dependency in the engine.

Blue wheel deployment is, like, one of the strategies in the deployment. So whenever there is a request comes from the like, any new tag has been deployed, so until then, all the, like, all the bots have been deployed with the same single, changes. So until those changes have been reflected, we have either the configuration of HPA, high-performance module load balancer, or auto scaling. So there has been, like, no downtime, other, like, other ports have no configuration we have to run. So in there, like, we have the latest tag, what we have deployed. So there is no downtime, like, until unless there is, like, any view changes have been reflected into the particular environment. So that, like, the new build deployment will come under, like, suppose, like the load balancer, like, it will go to the old one or new one. Like, it depends upon, like, whatever the load balancer it is going to a particular node. So, we can control, like, load using Bluegreen deployment. Like, there is no downtime, we can use this strategy.

Stateful set, we can use the stateful sets in the given address to start a pod using the MySQL database was, if you want to have the MySQL database creation, so you have to create a state for that SQL database because, like, whenever there is a port has been created, the master of the database has been created. The replica of that master of the database server is being, like, slaves. So it has to be started after, like, master has been started because, like, for every application, for every port, there is, like, a namespace. Every port has been one, like, space, what you call, like, a space means, like, a volume. So because, like, it has to be controlled in one strategy. So the master has to be synchronized with the, what will master has been synced with the state of the database. So, whenever there is a download to the master, we can control the data from the slave as well. So, for that, like, we can have the backup of the database from the slave concepts in the easy Kubernetes stateful set concept.

We can use secrets, like base 64. It will hide whatever data we have represented, it will represent in the encryption format. From there, we can call the secrets reference key from the secrets value. So, we can encrypt that data using the secrets dot YAML file. In Zoom, suppose we have configured the environment in the port deployment dot yml. So by integrating this one, the back end has been connected with the database of a particular application. So, we can secure the data agent secrets and as an instance, two data. Suppose, if we're using easy pebble like this, we can add more security, we can use keywords. So from keywords, we have to call inside the secret value and config maps we can use. From the config maps and secrets, we can call those data inside the deployment file. So, while deploying, if we store the values of database sensitive data, like database name, username, password, we want to store inside the keyword of the secret, and we call those keywords using config maps as secrets value. And the secret value will be configured inside deployments as a port. Then it will be displayed as it will not be visible to other users. While deployment, we can see the box means that username and password are not displayed. So, like this, we can secure sensitive data inside the Kubernetes cluster using secrets or config maps.

On the logging architecture, I have used because based on the config file we have configured and also secrets, keywords, key values, and secret values. So using that, we are logging into the Kubernetes cluster and config.config file will be there. Like, we have the key, authorization key, and CA certificates. All these using that, we can authorize and authenticate the Kubernetes clusters.