Tuesday, October 15, 2019

joy of Openshift SCC

if you do

oc describe project

you will see 2 annotations

openshift.io/sa.scc.supplemental-groups=1000800000/10000
openshift.io/sa.scc.uid-range=1000800000/10000


Even if you specify a "USER 10001" in your Dockerfile, your actual uid will be remapped withing the range specified by those 2 annotations (the second parameter "/10000" is the block length! meaning that you can have 10000 different users starting from uid 1000800000 ) :

sh-4.2$ id
uid=1000800000(root) gid=0(root) groups=0(root),1000800000
sh-4.2$ id root
uid=0(root) gid=0(root) groups=0(root)


and in order for this new user to be a first class citizen in your Linux, you must run a uid_entrypoint script to append it to /etc/passwd

for more details:

https://docs.openshift.com/enterprise/3.1/architecture/additional_concepts/authorization.html

https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines




Monday, October 7, 2019

kubernetes mount file on an existing folder

With ConfigMap and Secret you can "populate" a volume with files and "mount" that volume to a container, so that the application can access those files.


echo "one=1" > file1.properties
echo "two=2" > file2.properties
kubectl create configmap myconfig --from-file file1.properties --from-file file2.properties
kubectl describe configmaps myconfig


Name:         myconfig
Namespace:    default
Labels:       
Annotations:  

Data
====
file1.properties:
----
one=1

file2.properties:
----
two=2

Events:  


Now I can mount the ConfigMap into a Pod, as described here


cat mypod.yml

apiVersion: v1
kind: Pod
metadata:
  name: configmap-pod
spec:
  containers:
    - name: test
      image: nginx
      volumeMounts:
        - name: config-vol
          mountPath: /etc/config
  volumes:
    - name: config-vol
      configMap:
        name: myconfig
        items:
          - key: file1.properties
            path: myfile1.properties


kubectl create -f mypod.yml

kubectl exec -ti configmap-pod bash

cat /etc/config/myfile1.properties
one=1




Now I change the image to vernetto/mynginx, which contains already a /etc/config/file0.properties
The existing folder /etc/config/ is completely replaced by the volumeMount, so file0.properties disappears!
Only /etc/config/file1.properties is there.

They claim that one can selectively mount only one file from the volume, and leave the original files in the base image:
https://stackoverflow.com/questions/33415913/whats-the-best-way-to-share-mount-one-file-into-a-pod/43404857#43404857 using subPath, but it is definitely not working for me.










Friday, October 4, 2019

Cisco CCNA 200-125

GNS3 https://gns3.com/

https://github.com/GNS3/gns3-gui/releases/download/v2.0.3/GNS3-2.0.3-all-in-one.exe

install 2.0.3 !

you can download IOS image here https://srijit.com/working-cisco-ios-gns3/ (download 7200 and 3745 )

in GNS3, go to Edit/Preferences/Dynamips/IOS routers/

also, GNS3 is a spiteful beast, I managed to make it work only by copying the "bin" files to C:\Users\Pierre-Luigi\GNS3\images\IOS and by running gns3server.exe in a cmd dos prompt. What a piece of crap!
Otherwise it will tell you

"Could not create IOS router: Error while setting up node: S:/pierre/downloads/c7200-advipservicesk9-mz.152-4.S5.bin is not allowed on this remote server. Please use only a filename in C:\Users\Pierre-Luigi\GNS3\images\IOS.
error while deleting : Node ID 4f03d98e-bcca-4623-a2dc-9d5095eefb64 doesn't exist
Could not create IOS router: Node ID 4f03d98e-bcca-4623-a2dc-9d5095eefb64 doesn't exist
"


GNS3 allows you to construct and test networks in a risk-free virtual environment without the need for network hardware


CISCO packet-tracer https://www.itechtics.com/packet-tracer-download/ "a powerful network simulation software from Cisco Network Academy which can simulate/create a network without having a physical network" (with Netacademy you can take free course on Packet Tracer)
and download Packet Tracer here https://www.netacad.com/portal/resources/packet-tracer


Switch
Router
Firewall
Local Area Network
Wide Area Network

OSI Model (ISO standard): Application, Presentation, Session, Transport (Port), Network (IP -> ROUTER)), Datalink (MAC -> SWITCH), Physical
please do not throw sausage pizza away


TCP-IP stack: Application, Transport. Internet, Network access

PDU (protocol data unit): data, segment, packet, frame