Wifi Passwords:

This command can be helpful during an assessment because it gives insight into how a device connects to different Wi-Fi networks. By looking at the networks a device has saved, you can sometimes discover other internal or guest networks the device uses, which may show pathways an attacker could move through if the device were compromised.

netsh wlan show profiles | Select-String "All User Profile" | ForEach-Object { ($_.ToString().Split(":")[1].Trim()) } | ForEach-Object { Write-Host "`nProfile: $_" -ForegroundColor Cyan; (netsh wlan show profile name="$_" key=clear | Select-String "Key Content") -replace '.*:','Password: ' }

Searching the registry for stored passwords:

Get-ChildItem -Path HKLM:\, HKCU:\ -Recurse -ErrorAction SilentlyContinue | Get-ItemProperty -ErrorAction SilentlyContinue | Where-Object { $_ -match "password" }

Files that might contain passwords - starting at c:\

Get-ChildItem -Path C:\ -Include *.txt,*.xml,*.ini,*.config,*.bat -Recurse -ErrorAction SilentlyContinue | Select-String -Pattern "password", "pwd", "pass" | Select Path, LineNumber, Line

Autologin at Registry

If automatic logon is configured, DefaultPassword will appear in plaintext, which is a security risk. This command is essentially showing whether Windows is set to automatically log in and, if so, with what credentials.

Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" | Select-Object DefaultUsername, DefaultPassword, AutoAdminLogon

This one is exclusive to passwords, however its still a helpful command to have in your toolkit.  The following command can be used to look at the PowerShell history of all users or any users you are able to read if you are not an administrator.

1. Create a namespace iron-namespace-devops

Create a deployment iron-gallery-deployment-devops for iron gallery under the same namespace you created.

:- Labels run should be iron-gallery.

:- Replicas count should be 1.

:- Selector's matchLabels run should be iron-gallery.

:- Template labels run should be iron-gallery under metadata.

:- The container should be named as iron-gallery-container-devops, use kodekloud/irongallery:2.0 image ( use exact image name / tag ).

:- Resources limits for memory should be 100Mi and for CPU should be 50m.

:- First volumeMount name should be config, its mountPath should be /usr/share/nginx/html/data.

:- Second volumeMount name should be images, its mountPath should be /usr/share/nginx/html/uploads.

:- First volume name should be config and give it emptyDir and second volume name should be images, also give it emptyDir.

Create a deployment iron-db-deployment-devops for iron db under the same namespace.

:- Labels db should be mariadb.

:- Replicas count should be 1.

:- Selector's matchLabels db should be mariadb.

:- Template labels db should be mariadb under metadata.

:- The container name should be iron-db-container-devops, use kodekloud/irondb:2.0 image ( use exact image name / tag ).

:- Define environment, set MYSQL_DATABASE its value should be database_apache, set MYSQL_ROOT_PASSWORD and MYSQL_PASSWORD value should be with some complex passwords for DB connections, and MYSQL_USER value should be any custom user ( except root ).

:- Volume mount name should be db and its mountPath should be /var/lib/mysql. Volume name should be db and give it an emptyDir.

1. Create a service for iron db which should be named iron-db-service-devops under the same namespace. Configure spec as selector's db should be mariadb. Protocol should be TCP, port and targetPort should be 3306 and its type should be ClusterIP.
2. Create a service for iron gallery which should be named iron-gallery-service-devops under the same namespace. Configure spec as selector's run should be iron-gallery. Protocol should be TCP, port and targetPort should be 80, nodePort should be 32678 and its type should be NodePort.

Create the yaml file, iron-gallery-setup.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: iron-namespace-devops
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: iron-gallery-deployment-devops
  namespace: iron-namespace-devops
spec:
  replicas: 1
  selector:
    matchLabels:
      run: iron-gallery
  template:
    metadata:
      labels:
        run: iron-gallery
    spec:
      containers:
        - name: iron-gallery-container-devops
          image: kodekloud/irongallery:2.0
          resources:
            limits:
              memory: "100Mi"
              cpu: "50m"
          volumeMounts:
            - name: config
              mountPath: /usr/share/nginx/html/data
            - name: images
              mountPath: /usr/share/nginx/html/uploads
      volumes:
        - name: config
          emptyDir: {}
        - name: images
          emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: iron-db-deployment-devops
  namespace: iron-namespace-devops
spec:
  replicas: 1
  selector:
    matchLabels:
      db: mariadb
  template:
    metadata:
      labels:
        db: mariadb
    spec:
      containers:
        - name: iron-db-container-devops
          image: kodekloud/irondb:2.0
          env:
            - name: MYSQL_DATABASE
              value: database_apache
            - name: MYSQL_ROOT_PASSWORD
              value: "R@@tP@ssw0rd123!"
            - name: MYSQL_USER
              value: devuser
            - name: MYSQL_PASSWORD
              value: "D3v0ps@321"
          volumeMounts:
            - name: db
              mountPath: /var/lib/mysql
      volumes:
        - name: db
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: iron-db-service-devops
  namespace: iron-namespace-devops
spec:
  type: ClusterIP
  selector:
    db: mariadb
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
---
apiVersion: v1
kind: Service
metadata:
  name: iron-gallery-service-devops
  namespace: iron-namespace-devops
spec:
  type: NodePort
  selector:
    run: iron-gallery
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 32678

Apply the file:

thor@jumphost ~$ kubectl apply -f iron-gallery-setup.yaml
namespace/iron-namespace-devops created
deployment.apps/iron-gallery-deployment-devops created
deployment.apps/iron-db-deployment-devops created
service/iron-db-service-devops created
service/iron-gallery-service-devops created

Verify - check namespace, deployments, pods and services:

thor@jumphost ~$ kubectl get ns
NAME                    STATUS   AGE
default                 Active   14m
iron-namespace-devops   Active   65s
kube-node-lease         Active   14m
kube-public             Active   14m
kube-system             Active   14m
local-path-storage      Active   14m
thor@jumphost ~$ kubectl get all -n iron-namespace-devops
NAME                                                 READY   STATUS    RESTARTS   AGE
pod/iron-db-deployment-devops-559f689bbc-4jjjz       1/1     Running   0          108s
pod/iron-gallery-deployment-devops-9c67c8cb7-srrk9   1/1     Running   0          108s

NAME                                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/iron-db-service-devops        ClusterIP   10.96.107.103   <none>        3306/TCP       108s
service/iron-gallery-service-devops   NodePort    10.96.73.15     <none>        80:32678/TCP   108s

NAME                                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/iron-db-deployment-devops        1/1     1            1           108s
deployment.apps/iron-gallery-deployment-devops   1/1     1            1           108s

NAME                                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/iron-db-deployment-devops-559f689bbc       1         1         1       108s
replicaset.apps/iron-gallery-deployment-devops-9c67c8cb7   1         1         1       108s

1. We already have a secret key file ecommerce.txt under /opt location on jump host. Create a generic secret named ecommerce, it should contain the password/license-number present in ecommerce.txt file.
   
2. Also create a pod named secret-datacenter.
   
3. Configure pod's spec as container name should be secret-container-datacenter, image should be debian with latest tag (remember to mention the tag with image). Use sleep command for container so that it remains in running state. Consume the created secret and mount it under /opt/cluster within the container.
   
4. To verify you can exec into the container secret-container-datacenter, to check the secret key under the mounted path /opt/cluster. Before hitting the Check button please make sure pod/pods are in running state, also validation can take some time to complete so keep patience.

Create the secret from the file we already have in /opt/ecommerce.txt which is present on the jump host.

thor@jumphost ~$ kubectl create secret generic ecommerce --from-file=/opt/ecommerce.txt
secret/ecommerce created

This will create a secret where:
Key = ecommerce.txt
Value = the contents of /opt/ecommerce.txt (password/license-number)

This can then be verified:

thor@jumphost ~$ kubectl get secrets
NAME        TYPE     DATA   AGE
ecommerce   Opaque   1      50s
thor@jumphost ~$ kubectl describe secret ecommerce
Name:         ecommerce
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
ecommerce.txt:  7 bytes

Next step is then to create the pod yaml file, named secret-datacenter.yaml

apiVersion: v1
kind: Pod
metadata:
  name: secret-datacenter
spec:
  containers:
    - name: secret-container-datacenter
      image: debian:latest
      command: ["sleep", "infinity"]
      volumeMounts:
        - name: secret-volume
          mountPath: /opt/cluster
  volumes:
    - name: secret-volume
      secret:
        secretName: ecommerce

Next, apply the pod configuration and then check the pod status:

thor@jumphost ~$ kubectl apply -f secret-datacenter.yaml
pod/secret-datacenter created

thor@jumphost ~$ kubectl get pods
NAME                READY   STATUS    RESTARTS   AGE
secret-datacenter   1/1     Running   0          31s

Finally, verify the secret inside the container:

thor@jumphost ~$ kubectl exec -it secret-datacenter -- bash
root@secret-datacenter:/# ls /opt/cluster
ecommerce.txt
root@secret-datacenter:/# cat /opt/cluster/ecommerce.txt
5ecur3

You can think of them as setup jobs that prepare the environment for the main container:
- Runs to completion before any app containers start.
- Runs sequentially — each one must finish successfully before the next starts.
- Is defined inside a Pod’s spec (just like regular containers).

There are some applications that need to be deployed on Kubernetes cluster and these apps have some pre-requisites where some configurations need to be changed before deploying the app container. Some of these changes cannot be made inside the images so the DevOps team has come up with a solution to use init containers to perform these tasks during deployment.

1. Create a Deployment named as ic-deploy-devops.
   
2. Configure spec as replicas should be 1, labels app should be ic-devops, template's metadata lables app should be the same ic-devops.
   
3. The initContainers should be named as ic-msg-devops, use image fedora with latest tag and use command '/bin/bash', '-c' and 'echo Init Done - Welcome to xFusionCorp Industries > /ic/blog'. The volume mount should be named as ic-volume-devops and mount path should be /ic.
   
4. Main container should be named as ic-main-devops, use image fedora with latest tag and use command '/bin/bash', '-c' and 'while true; do cat /ic/blog; sleep 5; done'. The volume mount should be named as ic-volume-devops and mount path should be /ic.
   
5. Volume to be named as ic-volume-devops and it should be an emptyDir type.

Create the ic-deploy-devops.yaml file.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ic-deploy-devops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ic-devops
  template:
    metadata:
      labels:
        app: ic-devops
    spec:
      initContainers:
        - name: ic-msg-devops
          image: fedora:latest
          command: ["/bin/bash", "-c", "echo Init Done - Welcome to xFusionCorp Industries > /ic/blog"]
          volumeMounts:
            - name: ic-volume-devops
              mountPath: /ic
      containers:
        - name: ic-main-devops
          image: fedora:latest
          command: ["/bin/bash", "-c", "while true; do cat /ic/blog; sleep 5; done"]
          volumeMounts:
            - name: ic-volume-devops
              mountPath: /ic
      volumes:
        - name: ic-volume-devops
          emptyDir: {}

Deploy: kubectl apply -f ic-deploy-devops.yaml

Verify its running: kubectl get pods

1. Create a PersistentVolume named as pv-devops. Configure the spec as storage class should be manual, set capacity to 3Gi, set access mode to ReadWriteOnce, volume type should be hostPath and set path to /mnt/security (this directory is already created, you might not be able to access it directly, so you need not to worry about it).
2. Create a PersistentVolumeClaim named as pvc-devops. Configure the spec as storage class should be manual, request 1Gi of the storage, set access mode to ReadWriteOnce.
3. Create a pod named as pod-devops, mount the persistent volume you created with claim name pvc-devops at document root of the web server, the container within the pod should be named as container-devops using image httpd with latest tag only (remember to mention the tag i.e httpd:latest).
4. Create a node port type service named web-devops using node port 30008 to expose the web server running within the pod.

Create the yaml file, in this example I'm using the name webapp-devops.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-devops
spec:
  storageClassName: manual
  capacity:
    storage: 3Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: /mnt/security
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-devops
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-devops
  labels:
    app: web-devops
spec:
  containers:
    - name: container-devops
      image: httpd:latest
      ports:
        - containerPort: 80
      volumeMounts:
        - name: volume-devops
          mountPath: /usr/local/apache2/htdocs
  volumes:
    - name: volume-devops
      persistentVolumeClaim:
        claimName: pvc-devops
---
apiVersion: v1
kind: Service
metadata:
  name: web-devops
spec:
  type: NodePort
  selector:
    app: web-devops
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30008

Noted that there was an error when applying the yaml file.

thor@jumphost ~$ kubectl apply -f webapp-devops.yaml
persistentvolume/pv-devops created
persistentvolumeclaim/pvc-devops created
error: error parsing webapp-devops.yaml: error converting YAML to JSON: yaml: line 6: found character that cannot start any token

Turns out that the yaml file is pretty strict when it comes to formatting. This usually means of the following needs rectifying:
- A stray tab character (\t)
- A colon (:) not followed by a space
- Bad indentation (mix of tabs and spaces)
- Extra invisible characters from copying text

Rewriting the YAML with consistent 2-space indentation fixes it.

Apply the newly formatted yaml file:

thor@jumphost ~$ kubectl apply -f webapp-devops.yaml
persistentvolume/pv-devops unchanged
persistentvolumeclaim/pvc-devops unchanged
pod/pod-devops created
service/web-devops created

thor@jumphost ~$ kubectl get deployment redis-deployment
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
redis-deployment   0/1     1            0           72s

thor@jumphost ~$ kubectl get pods -l app=redis
NAME                                READY   STATUS              RESTARTS   AGE
redis-deployment-54cdf4f76d-tpd68   0/1     ContainerCreating   0          102s

Use the pod name from above to inspect the pod details (describes it):

thor@jumphost ~$ kubectl describe pod redis-deployment-54cdf4f76d-tpd68
Name:             redis-deployment-54cdf4f76d-tpd68
Namespace:        default
Priority:         0
Service Account:  default
Node:             kodekloud-control-plane/172.17.0.2
Start Time:       Thu, 23 Oct 2025 09:56:15 +0000
Labels:           app=redis
                  pod-template-hash=54cdf4f76d
Annotations:      <none>
Status:           Pending
IP:               
IPs:              <none>
Controlled By:    ReplicaSet/redis-deployment-54cdf4f76d
Containers:
  redis-container:
    Container ID:   
    Image:          redis:alpin
    Image ID:       
    Port:           6379/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:        300m
    Environment:  <none>
    Mounts:
      /redis-master from config (rw)
      /redis-master-data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-26kqb (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  data:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      redis-conig
    Optional:  false
  kube-api-access-26kqb:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    2m53s                default-scheduler  Successfully assigned default/redis-deployment-54cdf4f76d-tpd68 to kodekloud-control-plane
  Warning  FailedMount  50s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[config], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
  Warning  FailedMount  45s (x9 over 2m53s)  kubelet            MountVolume.SetUp failed for volume "config" : configmap "redis-conig" not found

The last line clearly shows that there is a type for the configmap - it should be referencing redis-config however its showing configmap redis-conig not found.
Also if we review the file further, we see that the image name for the redis container also has a typo and is missing e from the end of alpin.

Edit the file with:

kubectl edit deployment redis-deployment

-- snipped --
          defaultMode: 420
          name: redis-conig  <- Change this to read name: redis-config
        name: config
-- snipped --

redis-container:
    Container ID:   
    Image:          redis:alpin <- Change this to read redis:alpine

thor@jumphost ~$ kubectl edit deployment redis-deployment
deployment.apps/redis-deployment edited

Now delete the stuck pod:

thor@jumphost ~$ kubectl delete pod redis-deployment-54cdf4f76d-tpd68
pod "redis-deployment-54cdf4f76d-tpd68" deleted

Check the rollout and then confirm the pods are up:

thor@jumphost ~$ kubectl rollout status deployment redis-deployment
deployment "redis-deployment" successfully rolled out

thor@jumphost ~$ kubectl get pods
NAME                                READY   STATUS    RESTARTS   AGE
redis-deployment-7c8d4f6ddf-w889f   1/1     Running   0          2m56s

Summary of fixes

First, create the yaml manifest file named grafana-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: grafana-deployment-nautilus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: grafana
  template:
    metadata:
      labels:
        app: grafana
    spec:
      containers:
        - name: grafana-container
          image: grafana/grafana:latest
          ports:
            - containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
  name: grafana-service
spec:
  type: NodePort
  selector:
    app: grafana
  ports:
    - port: 3000
      targetPort: 3000
      nodePort: 32000

Deploy:

thor@jumphost ~$ kubectl apply -f grafana-deployment.yaml
deployment.apps/grafana-deployment-nautilus created
service/grafana-service created

thor@jumphost ~$ kubectl get deployments
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
grafana-deployment-nautilus   0/1     1            0           19s

# Check the service (optional)
thor@jumphost ~$ kubectl get svc grafana-service
NAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
grafana-service   NodePort   10.96.117.133   <none>        3000:32000/TCP   43s

1. Create a pod named print-envars-greeting.
2. Configure spec as, the container name should be print-env-container and use bash image.
3. Create three environment variables:

a. GREETING and its value should be Welcome to

b. COMPANY and its value should be DevOps

c. GROUP and its value should be Industries

1. Use command ["/bin/sh", "-c", 'echo "$(GREETING) $(COMPANY) $(GROUP)"'] (please use this exact command), also set its restartPolicy policy to Never to avoid crash loop back.
2. You can check the output using kubectl logs -f print-envars-greeting command.

First, create the yaml file for our pod which will be named print-envars-greeting.yaml

apiVersion: v1
kind: Pod
metadata:
  name: print-envars-greeting
spec:
  containers:
    - name: print-env-container
      image: bash
      command: ["/bin/sh", "-c", 'echo "$(GREETING) $(COMPANY) $(GROUP)"']
      env:
        - name: GREETING
          value: "Welcome to"
        - name: COMPANY
          value: "DevOps"
        - name: GROUP
          value: "Industries"
  restartPolicy: Never

Apply the yaml file and then check the status of the pod:

thor@jumphost ~$ kubectl apply -f print-envars-greeting.yaml
pod/print-envars-greeting created

thor@jumphost ~$ kubectl get pods
NAME                    READY   STATUS      RESTARTS   AGE
print-envars-greeting   0/1     Completed   0          76

Finally, view the log output:

thor@jumphost ~$ kubectl logs -f print-envars-greeting
Welcome to DevOps Industries

Explanation

restartPolicy: Never  - This ensures the Pod won’t restart once it completes the echo command.

The bash image runs the command and prints the concatenated environment variables.

The echo "$(GREETING) $(COMPANY) $(GROUP)" syntax uses shell substitution to combine them.

1. Create a deployment using nginx image with latest tag only and remember to mention the tag i.e nginx:latest. Name it as nginx-deployment. The container should be named as nginx-container, also make sure replica counts are 3.
2. Create a NodePort type service named nginx-service. The nodePort should be 30011.

First, create the yaml file which will be called nginx-deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx-container
          image: nginx:latest
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  selector:
    app: nginx
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30011

Apply the configuration created above:

thor@jumphost ~$ kubectl apply -f nginx-deployment.yaml
deployment.apps/nginx-deployment created
service/nginx-service created

# Check the deployment has been successful and pods are available:
thor@jumphost ~$ kubectl get deployments
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   3/3     3            3           31s
thor@jumphost ~$ kubectl get pods -l app=nginx
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5b58668cfc-2zfjh   1/1     Running   0          86s
nginx-deployment-5b58668cfc-cwr5z   1/1     Running   0          87s
nginx-deployment-5b58668cfc-xdhld   1/1     Running   0          86s

Click the App button in the UI to verify via the URL:

1. Create a pod named webserver.
2. Create an emptyDir volume shared-logs.
3. Create two containers from nginx and ubuntu images with latest tag only and remember to mention tag i.e nginx:latest, nginx container name should be nginx-container and ubuntu container name should be sidecar-container on webserver pod.
4. Add command on sidecar-container "sh","-c","while true; do cat /var/log/nginx/access.log /var/log/nginx/error.log; sleep 30; done"
5. Mount the volume shared-logs on both containers at location /var/log/nginx, all containers should be up and running.

Create the pod yaml file, named webserver.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: webserver
spec:
  containers:
    - name: nginx-container
      image: nginx:latest
      volumeMounts:
        - name: shared-logs
          mountPath: /var/log/nginx

    - name: sidecar-container
      image: ubuntu:latest
      command: ["sh", "-c", "while true; do cat /var/log/nginx/access.log /var/log/nginx/error.log; sleep 30; done"]
      volumeMounts:
        - name: shared-logs
          mountPath: /var/log/nginx

  volumes:
    - name: shared-logs
      emptyDir: {}

Apply the file and then verify:

thor@jumphost ~$ kubectl apply -f webserver.yaml
pod/webserver created
thor@jumphost ~$ kubectl get pods
NAME        READY   STATUS    RESTARTS   AGE
webserver   2/2     Running   0          16s

Verify log sharing - checking the logs from nginx:

thor@jumphost ~$ kubectl exec -it webserver -c nginx-container -- bash
root@webserver:/# ls /var/log/nginx
access.log  error.log

exit

Finally, check what the sidecar sees. This should be the log output from /var/log/nginx/access/log and /var/log/nginx/error.log which will be printed continously every 30 seconds.

thor@jumphost ~$ kubectl logs -f webserver -c sidecar-container
2025/10/23 08:48:18 [notice] 1#1: using the "epoll" event method
2025/10/23 08:48:18 [notice] 1#1: nginx/1.29.2
2025/10/23 08:48:18 [notice] 1#1: built by gcc 14.2.0 (Debian 14.2.0-19) 
2025/10/23 08:48:18 [notice] 1#1: OS: Linux 5.4.0-1106-gcp
2025/10/23 08:48:18 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2025/10/23 08:48:18 [notice] 1#1: start worker processes
2025/10/23 08:48:18 [notice] 1#1: start worker process 77
-- Snipped -- 

1. Create a pod named volume-share-devops.
   
2. For the first container, use image ubuntu with latest tag only and remember to mention the tag i.e ubuntu:latest, container should be named as volume-container-devops-1, and run a sleep command for it so that it remains in running state. Volume volume-share should be mounted at path /tmp/official.
   
3. For the second container, use image ubuntu with the latest tag only and remember to mention the tag i.e ubuntu:latest, container should be named as volume-container-devops-2, and again run a sleep command for it so that it remains in running state. Volume volume-share should be mounted at path /tmp/games.
   
4. Volume name should be volume-share of type emptyDir.
   
5. After creating the pod, exec into the first container i.e volume-container-devops-1, and just for testing create a file official.txt with any content under the mounted path of first container i.e /tmp/official.
   
6. The file official.txt should be present under the mounted path /tmp/games on the second container volume-container-devops-2 as well, since they are using a shared volume.

First create the volume-share-devops.yaml file:

apiVersion: v1
kind: Pod
metadata:
  name: volume-share-devops
spec:
  containers:
    - name: volume-container-devops-1
      image: ubuntu:latest
      command: ["sleep", "3600"]
      volumeMounts:
        - name: volume-share
          mountPath: /tmp/official

    - name: volume-container-devops-2
      image: ubuntu:latest
      command: ["sleep", "3600"]
      volumeMounts:
        - name: volume-share
          mountPath: /tmp/games

  volumes:
    - name: volume-share
      emptyDir: {}

Create the pod with the following command:

thor@jumphost ~$ kubectl apply -f volume-share-devops.yaml
pod/volume-share-devops created

Next verify the pod is running:

thor@jumphost ~$ kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
volume-share-devops   2/2     Running   0          55s

Create the file inside the first container by exec'ing into the container:

thor@jumphost ~$ kubectl exec -it volume-share-devops -c volume-container-devops-1 -- bash

# This will place you inside the container so you can create the file:
root@volume-share-devops:/# 

root@volume-share-devops:/# echo "This is shared data" > /tmp/official/official.txt
ls /tmp/official
official.txt

exit

Verify from the second container that we can see the official.txt file:

thor@jumphost ~$ kubectl exec -it volume-share-devops -c volume-container-devops-2 -- bash
root@volume-share-devops:/# ls /tmp/games
official.txt
root@volume-share-devops:/# cat /tmp/games/official.txt
This is shared data

# Check existing running pods:

thor@jumphost ~$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
nginx-phpfpm   2/2     Running   0          2m28s

# Check the shared volume path in the existing config map
thor@jumphost ~$ kubectl get configmap
NAME               DATA   AGE
kube-root-ca.crt   1      5m2s
nginx-config       1      2m44  <-- This file

thor@jumphost ~$ kubectl describe configmap nginx-config
Name:         nginx-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx.conf:
----
events {
}
http {
  server {
    listen 8099 default_server;
    listen [::]:8099 default_server;

    # Set nginx to serve files from the shared volume!
    root /var/www/html;
    index  index.html index.htm index.php;
    server_name _;
    location / {
      try_files $uri $uri/ =404;
    }
    location ~ \.php$ {
      include fastcgi_params;
      fastcgi_param REQUEST_METHOD $request_method;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_pass 127.0.0.1:9000;
    }
  }
}

# Get the config yaml file from the running pod, save to tmp and review:
thor@jumphost ~$ kubectl get pod nginx-phpfpm -o yaml > /tmp/nginx.yaml
thor@jumphost ~$ cat /tmp/nginx.yaml 
--Snipped --
    volumeMounts:
    - mountPath: /usr/share/nginx/html  < this is incorrect should be /var/www/html

# Make revelant changes and then save file and post changes using force
thor@jumphost ~$ kubectl replace -f /tmp/nginx.yaml --force
pod "nginx-phpfpm" deleted
pod/nginx-phpfpm replaced

# Check pods running status time:
thor@jumphost ~$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
nginx-phpfpm   2/2     Running   0          25s

# Copy the index.php from jump host to the nginx-container
thor@jumphost ~$ kubectl cp /home/thor/index.php nginx-phpfpm:/var/www/html -c nginx-container

There exists a deployment named nginx-deployment; initiate a rollback to the previous revision.

thor@jumphost ~$ kubectl get deployments
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   3/3     3            3           107s

thor@jumphost ~$ kubectl rollout history deployment nginx-deployment
deployment.apps/nginx-deployment 
REVISION  CHANGE-CAUSE
1         <none>
2         kubectl set image deployment nginx-deployment nginx-container=nginx:stable --kubeconfig=/root/.kube/config --record=true

thor@jumphost ~$ kubectl rollout undo deployment nginx-deployment --to-revision=1
deployment.apps/nginx-deployment rolled back

Execute a rolling update for this application, integrating the nginx:1.18 image. The deployment is named nginx-deployment.

Ensure all pods are operational post-update.

thor@jumphost ~$ kubectl get deployments
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   3/3     3            3           16s
thor@jumphost ~$ kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
nginx-deployment-989f57c54-7r2gs   1/1     Running   0          26s
nginx-deployment-989f57c54-c5jmq   1/1     Running   0          26s
nginx-deployment-989f57c54-lhg7b   1/1     Running   0          26s
thor@jumphost ~$ kubectl set image deployment nginx-deployment nginx-container=nginx:1.18
deployment.apps/nginx-deployment image updated
thor@jumphost ~$ kubectl get pods
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-58cf54c7f6-lf6ft   1/1     Running   0          22s
nginx-deployment-58cf54c7f6-r94hk   1/1     Running   0          15s
nginx-deployment-58cf54c7f6-tkd8x   1/1     Running   0          13s
thor@jumphost ~$ kubectl get deployments
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   3/3     3            3           103s
thor@jumphost ~$ kubectl rollout status deployment nginx-deployment
deployment "nginx-deployment" successfully rolled out

• Use any python image as the base image.
• Install the dependencies using requirements.txt file.
• Expose the port 5004.
• Run the server.py script using CMD.

Build an image named nautilus/python-app using this Dockerfile. Once image is built, create a container named pythonapp_nautilus. Map port 5004 of the container to the host port 8096. Once deployed, you can test the app using curl command on App Server 2.

ssh as normal
cd /python_app
ls
src
cd src
[steve@stapp02 src]$ ls
requirements.txt  server.py

cd ../ <- so we are back in the python_app directory
sudo vi Dockerfile
# Use any Python base image
FROM python:3.10-slim
# Set working directory inside container
WORKDIR /app
# Copy requirements.txt first (for caching)
COPY src/requirements.txt .
# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy the rest of the app files
COPY src/ .
# Expose the application port
EXPOSE 5004
# Command to run the Python server
CMD ["python", "server.py"]
esc
wq!

# Build the docker image
docker build -t nautilus/python-app .
[+] Building 192.4s (10/10) FINISHED docker:default

# Run the container
docker run -d --name pythonapp_nautilus -p 8096:5004 nautilus/python-app
792114a7169c49779c19dbde997dadf87ac3e12adcc80822427e09936e25b17b

# Verify that its running
docker ps
CONTAINER ID   IMAGE                 COMMAND              CREATED          STATUS          PORTS                    NAMES
792114a7169c   nautilus/python-app   "python server.py"   53 seconds ago   Up 50 seconds   0.0.0.0:8096->5004/tcp   pythonapp_nautilus

curl stapp02:8096
Welcome to xFusionCorp Industries!