• Credentials
• Preparation
  • Logging In
• Connect to SSH Host
• Deploy HX CSI

The lab leverages a Cisco Field Lab in the DMZ. We will leverage the Cisco Anyconnect Client to access this lab.

• Open your Cisco Anyconnect Client

  • Connect to vpn.reqdemo.com
  • Select "reqlab-admin" as the Group (your vpn may drop and reconnect after 1 minute. This is normal)

• For MAC users running Catalina. Mac Security Policies have been enhanced. See below: https://support.apple.com/en-us/HT210176

• To work around this please do the following:

cd /opt/cisco/AnyConnect
sudo nano AnyConnectLocalPolicy.xml

• Edit ExcludeMacNativeCertStore to "true"

<ExcludeMacNativeCertStore>true</ExcludeMacNativeCertStore>

^X (control X to exit) press Y to indicate that you want to save press enter to accept the existing name

Quit anyconnect and re-launch

• ssh to the IP Address you were provided
  • Use the user credentials you were provided.

• Open a web browser and browse to https://console.cloud.google.com/

  • Use the credentials above.
  • You MAY see a screen prompt you for a phone number. Please enter you cell phone number. When the text comes to your cell phone, enter it.

• In the upper left verify the project is "barksdalelabs".

• If it is not:

  • Select the dropdown
  • Select "threepings" as the Organization
  • Select "barksdalelabs" as the project.
  • Click "Open"

• Click the 3 lines in the upper left to expand the menu.

  • Hover over "Kubernetes Engine"
  • Select "Clusters"

• After the user cluster has been deployed it is automatically registered to GCP. This can be seen in the dashboard by navigating to "Clusters" under "Kubernetes Engine".

• We need to login from our dashboard to that cluster that is on-prem.

  • Do the following:

    • From your SSH Host

       mkdir <:wq
       username>
       cd <name of user>
       ls -l
       export KUBECONFIG=~/<SUBSTITUTE USER CLUSTER FILE NAME>
      

  • The Example above shows the "user cluster file name" as "user1-kubeconfig"

  • The command for this example would be:

     export KUBECONFIG=~/user1-kubeconfig
    

  • This sets the KUBECONFIG Environment Variable

     export KSA_NAME=gke-connect-admin
     kubectl create serviceaccount $KSA_NAME
     kubectl create clusterrolebinding $KSA_NAME --clusterrole cluster-admin - serviceaccount=default:$KSA_NAME
     TOKEN_SECRET=`kubectl get serviceaccounts $KSA_NAME -o yaml | \ grep $KSA_NAME-token | awk -F": " '{print $2}'`
     echo `kubectl get secret $TOKEN_SECRET -o yaml | grep "token:" | awk -F": " '{print $2}' | base64 -d`
    

    • Copy the token that is presented back.

• On your SSH Host
  • Set the kubeconfig file for the

• Apply the Persistant Volume Claim

   kubectl apply -f 01-message-board-pvc.yaml
   kubectl get pvc
  

• Apply the Message Board yaml file

   kubectl apply -f 02-message-board.yaml
  

  

• Get the Service IP

   kubectl get svc
  

  

• Notice the Port Number

• Web to the IP on port 80

• Select "Signup"
• Provide the requested info (this is dummiy info for demo purposes only)

• Sign in using the credentials you provided

• Create a few messages to fill in the database.

• Apply the new version of the messageboard

   ./06-changeimage.sh 
  

• What happened?

• Notice the messages stayed.
• Why?

• Please run the following commands to clean up your pod for the next session

   kubectl delete -f 05-mb-pod.yaml
   kubectl delete -f 04-mb-pvc.yaml
   kubectl delete -f 03-nginx-svc.yaml
  

• In your GCP Dashboard do the following: *