Setting up k8s on gcloud for home use

I recently completed my Certified Kubernetes Administrator and Certified Kubernetes Security Specialist certifications. Theres a pretty famous ‘Kubernetes the hard way’ document that explains how to setup Kubernetes manually on google cloud, which, while a good activity to go through to really understand the process, I found the following way to setup (and tear down) a cluster much quicker and easier to allow for practicing various topics in the CKA and CKS exam - which I have shamelessly lifted from here and tweaked slightly to just install some of the CKS security tools for the CKS exam. Documenting here for when I have to come back in a couple of years and re-do the CKA and CSK in case I don’t have a playground to hand.
 

(Note: this installs a bunch of stuff to the master node. Great for exam practice but not something you’d want to widely do in production without applying some throught to the overall architecture)  

This assumes you have installed the gcloud cli and authorised it - if not, read how to do that here. First we’re going to create two compute instances in google cloud - one will be a master node and the other a worker node as a single k8s cluster - you can scale this up as much as you like, just turn up more compute instances and repeat the worker node install/joining process below (relevant Kubernetes documentation can be found here )

Create the master node compute instance

gcloud compute instances create master01 --zone=europe-west3-c \
--machine-type=e2-medium \
--image=ubuntu-1804-bionic-v20201014 \
--image-project=ubuntu-os-cloud \
--boot-disk-size=50GB

Create the worker node compute instance (repeat for however many worker nodes you want in your cluster)

gcloud compute instances create worker01 --zone=europe-west3-c \
--machine-type=e2-medium \
--image=ubuntu-1804-bionic-v20201014 \
--image-project=ubuntu-os-cloud \
--boot-disk-size=50GB

Install k8s components on master node

This also installs the following security tools:

• falco
• kube-bench
• trivy

gcloud compute ssh master01
sudo -i
bash <(curl -s https://raw.githubusercontent.com/richfairhurst/scripts/master/k8s_install_master.sh)

Install k8s components on worker node

gcloud compute ssh worker01
sudo -i
bash <(curl -s https://raw.githubusercontent.com/richfairhurst/scripts/master/k8s_install_worker.sh)

Open ports for any nodeport configuration you play with

gcloud compute firewall-rules create nodeports --allow tcp:30000-40000

stop compute instances when not in use

gcloud compute instances stop controlplane cks-node
gcloud compute instances start cks-controlplane cks-node