Kubernetes - GradedJestRisk/cicd-training GitHub Wiki

Table of Contents

General

Overview

Overview:

  • goal: scale applications, but not a whole set of containers (AWS EBS does this) => run containers according to container type (eg: 3 web-server containers, 1 database container)
  • path: orchestrate containers, using different strategies
  • 2 way to control k8s:
    • imperative: issue commands (do this)
    • declarative: issue needs (i need this, do whatever you can to get it)
  • 2 ways do run:
    • dedicated machine: minikube
    • cloud (server cluster):
      • Amazon EKS
      • Google GKE

Not docker-compose

What docker-compose did for us, and Kubernetes will NOT do:

  • build images from Dockerfile
  • share network among all containers in docker-compose.yml

Structure

Overview

  • request
  • load balancer
  • cluster
    • master: VM
    • node : VM, can run one mode. Smallest executable unit ?

objects

Overview, depends on api group:

  • apiVersion: v1
    • pod : run (one or more) container, usually a group of related containers that can't work without each other. Smallest runnable unit. Cannot be updated online (apart from container image), so generally encapsulated in deployment. Single use reserved for development purpose.
    • service : set up networking
      • NodePort: (dev) expose port outside of pod
      • Ingress
      • Load Balancer
      • Cluster IP
  • apiVersion: apps/v1
    • deployment:
run a group of related pods. Can be updated online. Use a pod template (implicit pod creation)

Install

Official

kubectl / Kubernetes CLI

Overview :

  • install (snap install --classic kubectl)
  • add auto-completion:
    • run sudo apt-get install bash-completion
    • add to ~.bashrc source <(kubectl completion bash)
  • test
    • kubectl version
    • kubectl +TAB should give annotate auth config

minikube / local cluster

Overview:

  • install VM tool (is this mandatory ?), here KVM (See here)
  • install VM driver, here KVM 2 (See here)
  • install minikube ( did not worked for me trough snap - fall back to binary)
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
  && sudo install minikube-linux-amd64 /usr/local/bin/minikube)
  • test ( minikube start --vm-driver kvm2 ), you'll get 
Starting local Kubernetes v1.13.2 cluster...
Starting VM...
Downloading Minikube ISO
 181.48 MB / 181.48 MB [============================================] 100.00% 0s
(..)
Starting cluster components...
(..)
Everything looks great. Please enjoy minikube!
  • check minikube is running ( minikube status , you'll get kubectl: Correctly Configured: pointing to minikube-vm at 192.168.39.195 )
  • check minikube can be reached by CLI ( kubectl cluster-info , you'll get Kubernetes master is running at https://192.168.39.195:8443 )

Cluster

create

Local

Overview

  • create: minikube start
  • get ip: minikube ip
  • delete: minikube delete

Docker CLI

To connect docker CLI connect to docker daemon inside minikube : eval(minikube docker-env)
If you get the following message could not read CA certificate "/home/gradedjestrisk/.minikube/certs/ca.pem": open /home/XXX/.minikube/certs/ca.pem: permission denied , try:

  • sudo vi /var/lib/snapd/apparmor/profiles/snap.docker.docker
  • find an appropriate location, eg in "Miscellaneous accesses" section
  • between 2 lines, add owner @{HOME}/.minikube/certs/* r,
  • run sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.docker.docker
  • original post here

Managed

AWS

Google

Manage

Overview

  • get ip minikube ip
  • load configuration file kubectl apply -f <PATH>
  • get status kubectl get <OBJECT_TYPE> (-o wide)
    • object name
    • pods => PORTS is (Pods)port / nodePort
    • services
  • get more details: kubectl describe <OBJECT_TYPE> (<OBJECT_NAME>)
  • delete an object, based on:
    • name kubectl delete <OBJECT_TYPE> <OBJECT_NAME>
    • configuration file kubectl delete -f <CONFIG_FILE>
  • execute a command in pod's running container kubectl exec -it <POD_NAME> <COMMAND>

Pod

configuration file

structure 

labels
   component: web

rules

Associate a label - key/value pair

status

Main 

$ kubectl get pods 
NAME                                 READY   STATUS    RESTARTS   AGE
client-deployment-78b59f8c49-2fd78   1/1     Running   0          6m41s
client-deployment-78b59f8c49-9krhc   1/1     Running   0          6m38s

Include IP, use -o wide 

$ kubectl get pods -o wide
NAME                                 READY   STATUS    RESTARTS   AGE    IP            NODE       NOMINATED NODE   READINESS GATES
client-deployment-78b59f8c49-2fd78   1/1     Running   0          5m4s   172.17.0.12   minikube   <none>           <none>
client-deployment-78b59f8c49-9krhc   1/1     Running   0          5m1s   172.17.0.9    minikube   <none>           <none>

Service

Node Port (DEV ONLY)

configuration file =

structure 






rules





Refer to a label (label selector) - key/value pair
port:








    

  • node(Port) : used by browser to access application, outside of the node (eg: real network) 30 000 - 32 767
    • 

  • target(Port) : used by service to access pod, same as in pod/containerPort  (eg: container network)
    • 

  • (Pods)port : used by other pods (eg: k8s network)
    • 




Deployment








configuration file








structure





apiVersion: apps/v1
kind: Deployment
metadata:
        name: <DEPLOYMENT_NAME>
spec:
        replicas: 1
        selector:
                matchLabels:
                        component: <POD_NAME>
                # Node template start here    
                template:
                        metadata:
                                labels:
                                       component: <POD_NAME>
                        spec:
                                containers:
                                        - name: <NAME>
                                          image: <DOCKER_IMAGE_PATH>
                                          ports:
                                                  - containerPort: <PORT>

 




rules








status






Main

$ kubectl get deployments 
NAME                READY   UP-TO-DATE   AVAILABLE   AGE
client-deployment   5/5     5            5           44m




Include images, use  -o wide 

$ kubectl get deployments -o wide
NAME                READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                       SELECTOR
client-deployment   5/5     5            5           44m   client       stephengrider/multi-worker   component=web






Imperative





Overview:




    

  • change property:  kubectl set <PROPERTY_NAME> <OBJECT_TYPE>/<OBJECT_NAME> <CONTAINER_NAME>= <VALUE> 

    • 

  • change container image to be used in a deployment:  kubectl set image deployment/client-deployment client=gradedjestrisk/multi-client:1 

    • 



              


           
⚠️ **GitHub.com Fallback** ⚠️