Difference between revisions of "IT-SDK-Kubernetes-YAML"
Jump to navigation
Jump to search
(→Volumes and Data) |
(→Ingress) |
||
| Line 435: | Line 435: | ||
=== Ingress === | === Ingress === | ||
| + | <pre class="code"> | ||
| + | kubectl create deployment secondapp --image=nginx | ||
| + | kubectl get deployments secondapp -o yaml |grep label -A2 | ||
| + | kubectl expose deployment secondapp --type=NodePort --port=80 | ||
| + | kubectl create -f ingress.rbac.yaml | ||
| + | </pre> | ||
| + | |||
=== Scheduling === | === Scheduling === | ||
=== Logging and Troubleshooting === | === Logging and Troubleshooting === | ||
Revision as of 18:14, 22 November 2019
Contents
- 1 Introduction
- 2 Infrastructure
- 3 Linux-Admin
- 4 Install kubectl
- 5 Install minikube
- 6 Life Cycle: kubeadm
- 7 Life Cycle: kubectl
- 8 YAML
- 9 Schulung
- 9.1 Introduction
- 9.2 Basics of Kubernetes
- 9.3 Installation and Configuration
- 9.4 Kubernetes Architecture
- 9.5 APIs and Access
- 9.6 API Objects
- 9.7 Managing State With Deployments
- 9.8 Services
- 9.9 Volumes and Data
- 9.10 Ingress
- 9.11 Scheduling
- 9.12 Logging and Troubleshooting
- 9.13 Custom Resource Definition
- 9.14 Helm
- 9.15 Security
- 9.16 High Availability
Introduction
- Source: https://medium.com/google-cloud/kubernetes-101-pods-nodes-containers-and-clusters-c1509e409e16
- Source: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
Notes
- Cluster >>> Nodes >>> Deployments >>> Pods (Endpoint) >>> Containers (App) >> Service (s:app=A)
- Node: Has a Node-IP ### Pod: Has an Endpoint-IP ### Service: Has a Cluster-IP
- Master-Components:
- Node-Components: kubelet, kube-proxy
- Deleting a deployment does not delete the endpoints (Pod) or services.
- Deployment: primary purpose is to declare how many replicas of a pod should be running at a time.
- Resource: ???
- Persistent Volumes: To store data permanently
- Isolation between pods
Services
- Ingress: communicate with a service running in a pod >> Ingress-Controller / LoadBalancer
- Service in Kubernetes defines a logical set of Pods and a policy by which to access them.
- The set of Pods targeted by a Service is usually determined by a LabelSelector
- Services can be exposed in different ways by specifying a type in the ServiceSpec.
- Typ: ClusterIP, NodePort, LoadBalancer, ExternalName
Infrastructure
- Installation with Vagrant: https://kubernetes.io/blog/2019/03/15/kubernetes-setup-using-ansible-and-vagrant/
- Master (CPU: 3, MEM: 4G, Storage: 5G)
- Worker (CPU: 1, MEM: 2G, Storage: 5G)
- Ubuntu 16.04 LTS: ubuntu/xenial64
- Ubuntu 18.04 LTS: ubuntu/bionic64
# -*- mode: ruby -*-
# vi: set ft=ruby :
IMAGE_NAME = "ubuntu/xenial64"
N = 2
Vagrant.configure("2") do |config|
config.ssh.insert_key = false
config.vm.provider "virtualbox" do |vb|
vb.memory = 1024
vb.cpus = 2
end
config.vm.define "k8s-master" do |master|
master.vm.box = IMAGE_NAME
master.vm.network "private_network", ip: "192.168.50.10"
master.vm.hostname = "k8s-master"
end
config.vm.define "k8s-node01" do |node|
node.vm.box = IMAGE_NAME
node.vm.network "private_network", ip: "192.168.50.11"
node.vm.hostname = "k8s-node01"
end
end
end
Linux-Admin
$ vi /etc/sudoers.d #Add: student ALL=(ALL) ALL $ PATH=$PATH:/usr/sbin:/sbin $ export PATH="/home/sh/.minishift/cache/oc/v3.11.0/linux:$PATH" $ tar -xvf filename $ ip addr show $ vim /etc/hosts $ less filaname.txt # Dispaly the contents of a file $ cat filename.txt # Display the content of a file $ tee filename.txt # Redirect output to multiple files
Install kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl sudo install kubectl /sdk/bin
Install minikube
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube sudo install minikube /sdk/bin
Life Cycle: kubeadm
$ kubeadm init $ kubeadm join $ kubeadm config $ kubeadm token
Life Cycle: kubectl
$ kubectl config --kubeconfig=$CONFIG_FILE $ kubectl config --kubeconfig=$KONFIG_FILE use-context $CONTEXT_NAME ... kubectl create deployment nginx --image=nginx kubectl create -f $YAML_FILE ... $ kubectl get namespaces $ kubectl get nodes $ kubectl get depolyments $ kubectl get pods $ kubectl get services $ kubectl get endpoints $ kubectl get jobs ... $ kubectl describe $RESOURCE $RESOURCE_NAME ... kubectl delete deployments $RESOURCE_NAME kubectl delete endpoint $RESOURCE_NAME kubectl delete service $RESOURCE_NAME kubectl delete job $RESOURCE_NAME ... kubectl get deployment nginx -o yaml > first.yaml kubectl replace -f first.yaml kubectl expose deployment/nginx kubectl expose deployment nginx --type=LoadBalancer kubectl get deploy nginx kubectl get pod nginx kubectl get svc nginx kubectl get ep nginx kubectl describe pod nginx-1234567890 kubectl scale deployment nginx --replicas=3 kubectl exec nginx-1234567890 -- printenv ...
YAML
Yaml-Config
kind: Config
preferences: {}
clusters (cluster, name)
users (name, user)
contexts (cluster, namespace, user)
current-context
Yaml-ClusterConfiguration
apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: 1.15.1 controlPlaneEndpoint: "k8smaster:6443" networking: podSubnet: 192.168.0.0/16
Yaml-ClusterRole
kind: ClusterRole metadata rules (apiGroups) - apiGroups (resources, verbs) ... kind: ClusterRoleBinding metadata roleRef (apiGroup, kind, name) subjects (kind, name, namespace)
Yaml-Deployment
kind: Deployment metadata (name, labels, namespace) spec (replicas, template) - template (metadata, spec) --- spec (containers, volumes, nodeSelector) ---- containers (name, image, imagePullPolicy, ports, env, securityContext, volumeMounts)
Yaml-Pod
kind: Pod metadata (name, namespace, labels) spec (containers, dnsPolicy, imagePullSecrets, initContainers, nodeName, nodeSelector)
Yaml-Service
kind: Service metadata (name, namespace, labels, selfLink) spec (clusterIP, ports, selector, type)
Yaml-Route
kind: Route metadata (name, namespace, labels) spec (host, to, port, tls)
Yaml-HorizontalPodAutoscaler
kind: HorizontalPodAutoscaler metadata spec (minReplicas, maxReplicas, scaleTargetRef, targetCPUUtilizationPercentage)
Yaml-Config
apiVersion: v1
kind: Config
preferences: {}
clusters:
- cluster:
certificate-authority: fake-ca-file
server: https://1.2.3.4
name: development
- cluster:
insecure-skip-tls-verify: true
server: https://5.6.7.8
name: scratch
contexts:
- context:
cluster: development
namespace: frontend
user: developer
name: dev-frontend
- context:
cluster: development
namespace: storage
user: developer
name: dev-storage
- context:
cluster: scratch
namespace: default
user: experimenter
name: exp-scratch
users:
- name: developer
user:
client-certificate: fake-cert-file
client-key: fake-key-file
- name: experimenter
user:
password: some-password
username: exp
current-context: dev-frontend
Schulung
Introduction
Basics of Kubernetes
Installation and Configuration
Installing Master
[user@master:~$] sudo -i [root@master:~$] apt-get update && apt-get upgrade -y [root@master:~$] apt-get install -y docker.io [root@master:~$] vim /etc/apt/sources.list.d/kubernetes.list # add: deb http://apt.kubernetes.io/ kubernetes-xenial main [root@master:~$] curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - [root@master:~$] apt-get update [root@master:~$] apt-get install -y kubeadm=1.15.1-00 kubelet=1.15.1-00 kubectl=1.15.1-00 [root@master:~$] wget https://tinyurl.com/yb4xturm -O rbac-kdd.yaml [root@master:~$] wget https://tinyurl.com/y8lvqc9g -O calico.yaml [root@master:~$] less calico.yaml [root@master:~$] vim kubeadm-config.yaml # Add: Kubernetes-Version, Node-Alais, IP-Range [root@master:~$] kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.out # Save output for future review [root@master:~$] exit ... [user@master:~$] mkdir -p $HOME/.kube [user@master:~$] sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [user@master:~$] sudo chown $(id -u):$(id -g) $HOME/.kube/config [user@master:~$] less .kube/config [user@master:~$] sudo cp /root/rbac-kdd.yaml . [user@master:~$] kubectl apply -f rbac-kdd.yaml [user@master:~$] sudo cp /root/calico.yaml . [user@master:~$] kubectl apply -f calico.yaml [user@master:~$] source <(kubectl completion bash) [user@master:~$] echo "source <(kubectl completion bash)" >> ~/.bashrc [user@master:~$] kubectl des<Tab> n<Tab><Tab> lfs458-<Tab> [user@master:~$] kubectl -n kube-s<Tab> g<Tab> po<Tab> [user@master:~$] sudo kubeadm config print init-defaults
Installing Worker
[user@node01:~$] sudo -i [root@node01:~$] apt-get update && apt-get upgrade -y [root@node01:~$] apt-get install -y docker.io [root@node01:~$] vim /etc/apt/sources.list.d/kubernetes.list >>>> add:deb http://apt.kubernetes.io/ kubernetes-xenial main [root@node01:~$] curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - [root@node01:~$] apt-get update [root@node01:~$] apt-get install -y kubeadm=1.15.1-00 kubelet=1.15.1-00 kubectl=1.15.1-00 [root@node01:~$] exit ... [user@master:~$] ip addr show ens4 | grep inet [user@master:~$] sudo kubeadm token list [user@master:~$] sudo kubeadm token create [user@master:~$] openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' ... [root@node01:~$] vim /etc/hosts [root@node01:~$] kubeadm join --token 27eee4.6e66ff60318da929 k8smaster:6443 --discovery-token-ca-cert-hash sha256:6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0 [root@node01:~$] exit [user@node01:~$] kubectl get nodes [user@node01:~$] ls -l .kube
Setting Taint
$ kubectl taint nodes --all node-role.kubernetes.io/master- $ kubectl taint nodes --all node.kubernetes.io/not-ready $ kubectl taint nodes node2 node2=DoNotSchedulePods:NoExecute $ kubectl taint nodes node3 node3=DoNotSchedulePods:NoSchedule $ kubectl taint nodes node2 node2:NoExecute- $ kubectl taint nodes node3 node3:NoSchedule- $ kubectl describe nodes node1 | grep -i taint $ kubectl describe nodes node3 | grep Taint $ kubectl run test-deployment --image=nginx --replicas=10 $ kubectl get pods -o wide | grep nginx
App life cycle 1
- core: deployment >> pod >> service
kubectl run nginx --image=nginx kubectl create deployment nginx --image=nginx ... kubectl create -f file.yaml # create Deployment kubectl replace -f file.yaml # terminate and create Deployment kubectl apply -f file.yaml # apply Deployment ... kubectl scale deployment nginx --replicas=3 ... kubectl expose deployment $DEPLOYMENT_ID # create Service kubectl expose deployment $DEPLOYMENT_ID --type=LoadBalancer # create external IP ... kubectl get all --all-namesapces kubectl get all -o wide kubectl get deployment nginx -o yaml > file.yaml ... kubectl describe deployment nginx kubectl exec $POD_ID -- printenv ... kubectl delete pod nginx-123456789 kubectl delete pod --all -n $NAMESPACE_ID
App life cycle 2
kubectl exec $POD_ID -- printenv kubectl expose deployment $DEPLOYMENT_ID --type=LoadBalancer
Kubernetes Architecture
APIs and Access
API Objects
Jobs & Cronjobs
Jobs
kind: Job metadata (name) spec (completions, parallelism, activeDeadlineSeconds) ---containers (name, image, command, args)
Cronjobs
* * * * * command to execute # minute (0 - 59) # hour (0 - 23) # day of the month (1 - 31) # month (1 - 12) # day of the week (0 - 6) ... kind: CronJob metadata (name) spec (schedule,jobTemplate) ---containers (name, image, args)
Managing State With Deployments
ReplicaSet
A ReplicaSet is defined with fields, including a selector that specifies how to identify Pods it can acquire, a number of replicas indicating how many Pods it should be maintaining, and a pod template specifying the data of new Pods it should create to meet the number of replicas criteria. By deleteing rs, just pod with the same system-label will be deleted.
kubectl get rs kubectl create -f rs.yaml kubectl delete rs rs-one --cascade=false kubectl edit po $POD_ID # change system: ReplicaOne >>to>> system: IsolatedPod kubectl get po -L system kubectl delete rs rs-one
DaemonSet
The DaemonSet ensures that when a node is added to a cluster a pods will be created on that node
kubectl create -f ds.yaml
kubectl get ds
kubectl set image ds ds-one nginx=nginx:1.12.1
kubectl rollout history ds ds-one
kubectl rollout history ds ds-one --revision=1
kubectl rollout undo ds ds-one --to-revision=1
...
kubectl create -f ds.yaml
////////////
name: ds-two
updateStrategy:
type: OnDelete
type: RollingUpdate
////////////
kubectl rollout status ds ds-two
Services
kubectl get nodes --show-labels kubectl label node $NODE_ID system=secondOne kubectl get pods -l app=nginx --all-namespaces kubectl expose deployment nginx-one ... kubectl expose deployment nginx-one --type=NodePort --name=service-lab kubectl describe services ... kubectl get deploy --show-labels kubectl delete deploy -l system=secondary kubectl label node $NODE_ID system-
Volumes and Data
- Ceph is also another popular solution for dynamic, persistent volumes.
- spec.volumes
- spec.containers.volumeMounts
kubectl create configmap colors --from-literal=text=black --from-file=./favorite --from-file=./primary/ kubectl get configmap colors -o yaml kubectl exec -it shell-demo -- /bin/bash -c 'echo $ilike' kubectl exec -it shell-demo -- /bin/bash -c 'env' kubectl exec -it shell-demo -- /bin/bash -c 'df -ha |grep car' kubectl exec -it shell-demo -- /bin/bash -c 'cat /etc/cars/car.trim' ... kubectl delete pods shell-demo kubectl delete configmap fast-car colors ... kubectl create -f pv.yaml # PersistentVolume kubectl get pv ... kubectl create -f pvc.yaml # PersistentVolumeClaim kubectl get pvc
Ingress
kubectl create deployment secondapp --image=nginx kubectl get deployments secondapp -o yaml |grep label -A2 kubectl expose deployment secondapp --type=NodePort --port=80 kubectl create -f ingress.rbac.yaml
