Reading time ~2 minutes
A modular Kubernetes Lab
- Previous Iterations
- The Result: k8s-lab-plz
Today I want to talk a bit about a side project I’ve been working on for a while, but never actively publicised it.
As a security engineer I often like to test new tools and technologies related to Kubernetes, but I realised I didn’t have a proper environment to do so.
In the past, I did blog about having a dedicated Kubernetes lab
(see Deploy Your Own Kubernetes Lab),
and also released automation to
Deploy a Multi-node Production Ready Kubernetes Cluster
kubespray, but much has changed since I released that blog post,
and relying on virtual machines seems so 2019 to me 😅.
So earlier this year I blogged on how to have a Kubernetes Lab on Baremetal, detailing the steps I took to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular.
That’s great for the provisioning phase, but I wanted to take this a step further, by having an automated and (more importantly) repeatable way to deploy tools/components onto the cluster.
It’s no secret that, once I got exposed to the world of monorepos and repeatable builds in my previous job at Thought Machine, I fell in love with their elegance and engineering philosophy.
The Result: k8s-lab-plz
The components currently supported are:
- HashiCorp Vault
- ELK (Elasticsearch, Kibana, Filebeats)
- Observability (Prometheus, Grafana, Alertmanager)
- Kafka (Kafka, Zookeeper, KafkaExporter, Entity Operator)
For a more detailed view of what’s coming up next (i.e., Istio, Gatekeeper, Falco, etc.), you can refer to the project roadmap.
Ok, How Does it Work?
Deploying a component is as simple as running a command. For example, to deploy Vault:
This will automagically:
- Create a
- Create a
- Fetch and deploy the Vault Helm chart in the
- Initialize (unseal) Vault
- Enable the Vault’s Kubernetes backend
- Setup the sidecar Agent, by creating a role/policy for the sidecar which allows it to read any secret in the kv-v2
All with one (reproducible) command.
For another concrete example, you can check “Automating Cartography Deployments on Kubernetes”.
Show Me the Code
k8s-lab-plz can be found on Github: https://github.com/marco-lancini/k8s-lab-plz.
I hope you’ll find k8s-lab-plz useful, and I’m keen to get feedback on it!
If you find the information shared was useful, if something is missing, or if you have ideas on how to improve it, please let me know on Twitter.