Difference between revisions of "IT-SDK-Kubernetes-YAML"

Introduction

• Web-Source: https://medium.com/google-cloud/kubernetes-101-pods-nodes-containers-and-clusters-c1509e409e16
• Web-Source: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
• Web-Source-http://kubernetesbyexample.com/

Notes

• Cluster >>> Nodes >>> Deployments >>> Pods (Endpoint) >>> Containers (App) >> Service (s:app=A)
• Node: Has a Node-IP ### Pod: Has an Endpoint-IP ### Service: Has a Cluster-IP
• Master-Components:
• Node-Components: kubelet, kube-proxy
• Deleting a deployment does not delete the endpoints (Pod) or services.
• Deployment: primary purpose is to declare how many replicas of a pod should be running at a time.
• Resource: ???
• Persistent Volumes: To store data permanently
• Isolation between pods

Services

• Ingress: communicate with a service running in a pod >> Ingress-Controller / LoadBalancer
• Service in Kubernetes defines a logical set of Pods and a policy by which to access them.
• The set of Pods targeted by a Service is usually determined by a Label (Selector).
• Services can be exposed in different ways by specifying a type in the ServiceSpec.
• Typ: ClusterIP, NodePort, LoadBalancer, ExternalName

Infrastructure

• Installation with Vagrant: https://kubernetes.io/blog/2019/03/15/kubernetes-setup-using-ansible-and-vagrant/
• Master (CPU: 3, MEM: 4G, Storage: 5G)
• Worker (CPU: 1, MEM: 2G, Storage: 5G)
• Ubuntu 16.04 LTS: ubuntu/xenial64
• Ubuntu 18.04 LTS: ubuntu/bionic64

# -*- mode: ruby -*-
# vi: set ft=ruby :
IMAGE_NAME = "ubuntu/xenial64"

Vagrant.configure("2") do |config|
    config.ssh.insert_key = false

    config.vm.provider "virtualbox" do |vb|
        vb.cpus = 2
        vb.memory = 3072
    end
      
    config.vm.define "k8s-a-master" do |master|
        master.vm.box = IMAGE_NAME
        master.vm.hostname = "k8s-a-master"        
        master.vm.network "private_network", ip: "192.168.50.10"
        master.vm.network "public_network", ip: "192.168.178.110", :mac => "0800278A8081"
    end
    
    config.vm.define "k8s-a-node01" do |node|
        node.vm.box = IMAGE_NAME
        node.vm.hostname = "k8s-a-node01"            
        node.vm.network "private_network", ip: "192.168.50.11"
        node.vm.network  "public_network", ip: "192.168.178.111", :mac => "0800278A8082"
    end    	
end

Linux-Admin

$ vi /etc/sudoers.d #Add: student ALL=(ALL) ALL
$ PATH=$PATH:/usr/sbin:/sbin
$ export PATH="/home/sh/.minishift/cache/oc/v3.11.0/linux:$PATH"
$ tar -xvf filename
$ ip addr show
$ vim /etc/hosts
$ less filaname.txt # Dispaly the contents of a file
$ cat filename.txt # Display the content of a file
$ tee filename.txt # Redirect output to multiple files

Top-Themen

• Installation
• Cluster
• Nodes
• Pods
• InitContainers
• Deployments, StatefulSet
• Services, ServiceDiscovery, Expose, PortForward
• Volumes
• Labels
• Taints
• ReplicaSets, DaemonSets, Rollout
• Secrets
• Logging
• HealtCheck
• Jobs & CronJobs
• APIs
• Tool-Monitoring
• Tool-Helm

Install kubectl

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
sudo install kubectl /sdk/bin

Install minikube

curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube
sudo install minikube /sdk/bin

Life Cycle: kubeadm

$ kubeadm init
$ kubeadm join
$ kubeadm config
$ kubeadm token

Life Cycle: kubectl

Basics-Main

$ kubectl config --kubeconfig=$CFG_FILE
$ kubectl config --kubeconfig=$CFG_FILE use-context $CONTEXT_NAME
...
$ kubectl run $NAME --image=nginx --replicas=10
$ kubectl create deployment $NAME --image=nginx
...
$ kubectl run $NAME --image=nginx:1.23 --replicas=2 --port=9876 # Create and run a particular image.
$ kubectl create  -f file.yaml   # Create a resource from a file.
$ kubectl apply   -f file.yaml   # Apply a configuration to a resource by filename. Create the resource initially with either 'apply' or 'create --save-config'.
$ kubectl replace -f file.yaml   # Terminate and Replace a resource by filename.
...
$ kubectl get all
$ kubectl get all --all-namesapces
$ kubectl get all -o wide
$ kubectl get namespaces
$ kubectl get nodes
$ kubectl get depolyments
$ kubectl get pods
$ kubectl get services
$ kubectl get endpoints
$ kubectl get jobs
...
$ kubectl describe $RESOURCE $NAME
$ kubectl describe deployment nginx
...
$ kubectl delete $TYP --all -n $NAME
$ kubectl delete $TYP  $NAME
$ kubectl delete deployments $NAME
$ kubectl delete pod $NAME
$ kubectl delete service $NAME
$ kubectl delete endpoint $NAME
$ kubectl delete job $NAME

Basics-Mix

$ kubectl get deployment nginx -o yaml > file.yaml
$ kubectl scale deployment nginx --replicas=3
$ kubectl apply -f project/k8s/development --recursive
$ kubectl get pods -Lapp -Ltier -Lrole
$ kubectl annotate pods my-nginx-v4-9gw19 description='my frontend running nginx'
$ kubectl autoscale deployment/my-nginx --min=1 --max=3

Services

$ kubectl service hello-minikube --url

Labels

$ kubectl label nodes $NAME typ=node1
$ kubectl label pods $NAME owner=michael
$ kubectl get pods --show-labels
$ kubectl get pods --selector owner=michael
$ kubectl get pods -l env=development
$ kubectl get pods -l 'env in (production, development)'
$ kubectl delete pods -l 'env in (production, development)'

ReplicaSet

exec

$ kubectl exec -it $POD -- printenv
$ kubectl exec -it $POD -- /bin/bash
$ kubectl exec -it $POD -- /bin/bash -c 'env'
$ kubectl exec -it $POD -- /bin/bash -c 'df -ha |grep car'
$ kubectl exec -it $POD -- /bin/bash -c 'echo $ilike'
$ kubectl exec -it $POD -- /bin/bash -c 'cat /etc/cars/car.trim'
$ kubectl exec -it $POD -c shell -- ping $SVC.$NAMESPACE.svc.cluster.local
$ kubectl exec -it $POD -c c1 -- bash

Expose

• ClusterIP, NodePort, LoadBalancer, or ExternalName.

$ kubectl run $NAME --image=nginx:1.12 --port=9876
$ kubectl expose deployment $NAME                            # Exposes the Service on ClusterIP.
$ kubectl expose deployment $NAME --type=LoadBalancer        # Exposes the Service on external.
$ kubectl expose deployment $NAME --type=NodePort --port=80  # Exposes the Service on Node.
$ kubectl edit ingress $CFG_INGRESS

Taint

$ kubectl taint nodes --all node-role.kubernetes.io/master-
$ kubectl taint nodes --all node.kubernetes.io/not-ready
...
$ kubectl taint nodes node2 node2=DoNotSchedulePods:NoExecute
$ kubectl taint nodes node3 node3=DoNotSchedulePods:NoSchedule
$ kubectl taint nodes node2 node2:NoExecute-
$ kubectl taint nodes node3 node3:NoSchedule-
...
$ kubectl taint nodes $NODE_ID bubba=value:NoExecute
$ kubectl taint nodes $NODE_ID bubba=value:NoSchedule
$ kubectl taint nodes $NODE_ID bubba=value:PreferNoSchedule
$ kubectl taint nodes $NODE_ID bubba-
$ kubectl drain $NODE_ID 
$ kubectl uncordon $NODE_ID
...
$ kubectl describe node | grep Taint
$ kubectl describe nodes $NODE_ID | grep -i taint
$ kubectl describe nodes $NODE_ID | grep Taint

Volumus

• Typ: node-local such as emptyDir or hostPath
• Typ: file-sharing such as nfs
• Typ: cloud-provider such as awsElasticBlockStore, azureDisk, or gcePersistentDisk
• Typ: distributed-file such as glusterfs or cephfs
• Typ: special-purpose such as secret, gitRepo, PersistentVolume

In Pod

kind: Pod
volumeMounts:
- name: xchange
  mountPath: "/tmp/xchange"
- name: mypod
  mountPath: "/tmp/persistent"
...
volumes:
- name: xchange
  emptyDir: {}
- name: mypd
  persistentVolumeClaim:
    claimName: myclaim

kind: PersistentVolumeClaim
metadata:
  name: myclaim
spec:
  accessModes:
  - ReadWriteOnce | ReadOnlyMany | ReadWriteMany 
  resources:
    requests:
      storage: 1Gi

Secret

$ kubectl create secret generic $NAME --from-file=./file.txt
$ kubectl get secrets

Loging

$ kubectl logs --tail=5 $POD -c $CONTAINER
$ kubectl logs --since=10s $POD -c $CONTAINER
$ kubectl logs -p $POD -c $CONTAINER

YAML

Yaml-Config

kind: Config
preferences: {}
clusters (cluster, name)
users (name, user)
contexts (cluster, namespace, user)
current-context

Yaml-ClusterConfiguration

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: 1.15.1
controlPlaneEndpoint: "k8smaster:6443"
networking:
   podSubnet: 192.168.0.0/16

Yaml-Deployment

kind: Deployment
metadata (name, labels, namespace)
spec (replicas, template)
- template (metadata, spec)
--- spec (containers, volumes, nodeSelector)
---- containers (name, image, imagePullPolicy, ports, env, securityContext, volumeMounts)

Yaml-Pod

kind: Pod
metadaten
  name: podName
  labels:
    env: development
    app: anything
spec:
  containers:
  - name: conName
    image: nginx
    ports:
    - containerPort: 9876
    command:
      - "bin/bash"
      - "-c"
      - "sleep 10000"    
    resources:
      limits:
        memory: "64Mi"
        cpu: "500m"

Yaml-Service

kind: Service
metadata (name, namespace, labels, selfLink)
spec (clusterIP, ports, selector, type)
...
kind: Service
metadata:
  name: nameService
spec:
  ports:
    - port: 80
      targetPort: 9876
  selector:
    app: sise

Yaml-Route

kind: Route
metadata (name, namespace, labels)
spec (host, to, port, tls)

Schulung

Introduction

Basics of Kubernetes

Installation and Configuration

Installing Master

[user@master:~$] sudo -i
[root@master:~$] apt-get update && apt-get upgrade -y
[root@master:~$] apt-get install -y docker.io
...
[root@master:~$] vim /etc/apt/sources.list.d/kubernetes.list
[root@master:~$] echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" >> /etc/apt/sources.list.d/kubernetes.list
[root@master:~$] curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
[root@master:~$] apt-get update
...
[root@master:~$] apt-get install -y kubeadm=1.15.1-00 kubelet=1.15.1-00 kubectl=1.15.1-00
...
[root@master:~$] vim /etc/hosts               # Add an local DNS alias for master server
[root@master:~$] vim kubeadm-config.yaml      # Add Kubernetes-Version, Node-Alais, IP-Range
-----------------------------------------------------------------------------------------------
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: 1.15.1               #<-- Use the word stable for newest version
controlPlaneEndpoint: "k8smaster:6443"  #<-- Use the node alias not the IP
networking:
  podSubnet: 192.168.0.0/16             #<-- Match the IP with Calico config file
-----------------------------------------------------------------------------------------------
[root@master:~$] kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.out
[root@master:~$] exit
...
[user@master:~$] mkdir -p $HOME/.kube
[user@master:~$] sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[user@master:~$] sudo chown $(id -u):$(id -g) $HOME/.kube/config
[user@master:~$] less .kube/config
...
[user@master:~$] wget https://tinyurl.com/yb4xturm -O rbac-kdd.yaml
[user@master:~$] wget https://tinyurl.com/y8lvqc9g -O calico.yaml
[user@master:~$] sudo cp /root/rbac-kdd.yaml .
[user@master:~$] sudo cp /root/calico.yaml .
[user@master:~$] kubectl apply -f rbac-kdd.yaml
[user@master:~$] kubectl apply -f calico.yaml
...
[user@master:~$] source <(kubectl completion bash)
[user@master:~$] echo "source <(kubectl completion bash)" >> ~/.bashrc
...
[user@master:~$] sudo kubeadm config print init-defaults

Installing Worker

[user@node01:~$] sudo -i
[root@node01:~$] apt-get update && apt-get upgrade -y
[root@node01:~$] apt-get install -y docker.io
[root@node01:~$] vim /etc/apt/sources.list.d/kubernetes.list >>>> add:deb http://apt.kubernetes.io/ kubernetes-xenial main
[root@node01:~$] curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
[root@node01:~$] apt-get update
[root@node01:~$] apt-get install -y kubeadm=1.15.1-00 kubelet=1.15.1-00 kubectl=1.15.1-00
[root@node01:~$] exit
...
[user@master:~$] ip addr show ens4 | grep inet
[user@master:~$] sudo kubeadm token list
[user@master:~$] sudo kubeadm token create
[user@master:~$] openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
...
[root@node01:~$] vim /etc/hosts
[root@node01:~$] kubeadm join --token 27eee4.6e66ff60318da929 k8smaster:6443 --discovery-token-ca-cert-hash sha256:6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0
[root@node01:~$] exit
[user@node01:~$] kubectl get nodes
[user@node01:~$] ls -l .kube

Setting Taint

App life cycle 1

• core: deployment >> pod >> service

App life cycle 2

Kubernetes Architecture

APIs and Access

$ kubectl proxy --port=8080
$ curl http://localhost:8080/api/v1
$ curl http://127.0.0.1:8001/api/v1/namespaces
$ kubectl get --raw=/api/v1
$ kubectl api-versions
...
$ export client= $(grep client-cert ~/.kube/config |cut -d" " -f 6)
$ export key=$(grep client-key-data ~/.kube/config |cut -d " " -f 6)
$ export auth=   $(grep certificate-authority-data ~/.kube/config |cut -d " " -f 6)
$ echo $client, $key, $auth
...
$ echo $client | base64 -d - > ./client.pem
$ echo $key    | base64 -d - > ./client-key.pem
$ echo $auth   | base64 -d - > ./ca.pem
...
$ curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://k8smaster:6443/api/v1/pods

API Objects

Jobs & Cronjobs

Jobs

kind: Job
metadata (name)
spec (completions, parallelism, activeDeadlineSeconds)
---containers (name, image, command, args)

Cronjobs

* * * * * command to execute
# minute (0 - 59)
# hour (0 - 23)
# day of the month (1 - 31)
# month (1 - 12)
# day of the week (0 - 6)
...
kind: CronJob
metadata (name)
spec (schedule,jobTemplate)
---containers (name, image, args)

Managing State With Deployments

ReplicaSet

A ReplicaSet is defined with fields, including a selector that specifies how to identify Pods it can acquire, a number of replicas indicating how many Pods it should be maintaining, and a pod template specifying the data of new Pods it should create to meet the number of replicas criteria. By deleteing rs, just pod with the same system-label will be deleted.

kubectl get rs
kubectl create -f rs.yaml
kubectl delete rs rs-one --cascade=false
kubectl edit po $POD_ID  # change system: ReplicaOne >>to>> system: IsolatedPod
kubectl get po -L system
kubectl delete rs rs-one

DaemonSet

The DaemonSet ensures that when a node is added to a cluster a pods will be created on that node

kubectl create -f ds.yaml
kubectl get ds
kubectl set image ds ds-one nginx=nginx:1.12.1
kubectl rollout history ds ds-one
kubectl rollout history ds ds-one --revision=1
kubectl rollout undo ds ds-one --to-revision=1
...
kubectl create -f ds.yaml
////////////
name: ds-two
updateStrategy:
    type: OnDelete
	type: RollingUpdate
////////////
kubectl rollout status ds ds-two

Services

kubectl get nodes --show-labels
kubectl label node $NODE_ID system=secondOne
kubectl get pods -l app=nginx --all-namespaces
kubectl expose deployment nginx-one
...
kubectl expose deployment nginx-one --type=NodePort --name=service-lab
kubectl describe services
...
kubectl get deploy --show-labels
kubectl delete deploy -l system=secondary
kubectl label node $NODE_ID system-

Volumes and Data

• Ceph is also another popular solution for dynamic, persistent volumes.
• spec.volumes
• spec.containers.volumeMounts

kubectl create configmap colors --from-literal=text=black --from-file=./favorite --from-file=./primary/
kubectl get configmap colors -o yaml
kubectl exec -it shell-demo -- /bin/bash -c 'echo $ilike'
kubectl exec -it shell-demo -- /bin/bash -c 'env'
kubectl exec -it shell-demo -- /bin/bash -c 'df -ha |grep car'
kubectl exec -it shell-demo -- /bin/bash -c 'cat /etc/cars/car.trim'
...
kubectl delete pods shell-demo
kubectl delete configmap fast-car colors
...
kubectl create -f pv.yaml   # PersistentVolume
kubectl get pv
...
kubectl create -f pvc.yaml  # PersistentVolumeClaim
kubectl get pvc

Ingress

kubectl create deployment secondapp --image=nginx
kubectl get deployments secondapp -o yaml |grep label -A2
kubectl expose deployment secondapp --type=NodePort --port=80
kubectl create -f ingress.rbac.yaml

Scheduling

kubectl describe nodes |grep -i label
kubectl describe nodes |grep -i taint

kubectl get deployments --all-namespaces
sudo docker ps |wc -l

kubectl label nodes $NODE_ID status=vip
kubectl get nodes --show-labels
////
nodeSelector:
    status: vip
////

Logging and Troubleshooting

Custom Resource Definition

Helm

Security

High Availability