WHAT IS KUBERNETES
- Kubernetes is a container orchestration.
- OpenSource system for automating deployment, scaling, and management of containerized apps.
- Started by Google in 2015. Now it is a part of the Cloud Native Computing Foundation project.
HOW DOES KUBERNETES WORKS
- Service discovery and load balancing (exposing pod with name/ip and can't balancing traffic).
- Storage orchestration (mount external storage service).
- Automated rollouts and rollbacks (modifying deployment with yaml file).
- Automatic bin packing (customizing resource).
- Self-healing (auto stop/start/restart/changing container to became ready to serve).
- Secret and configuration management (storing sensitive information such as password, token, etc).
Master nodes (control-plane) controls and coordinates all the nodes and continuously maintaining the desired state throughout your cluster. Master process :
- kube-apiserver the single point of management for the entire cluster. The API server implements a RESTful interface for communication with tools and libraries. The kubectl command directly interacts with the API server.
- kube-controller-manager which performs cluster-level functions, such as replicating components, keeping track of worker nodes, handling node failures, and so on.
- kube-scheduler which schedules your apps (assigns a worker node to each deployable component of your application).
- ETCD is a reliable distributed data store that persistently stores the cluster configuration. Kubernetes uses etcd to store configuration data that can be accessed by each of the nodes in the cluster. This can be used for service discovery and can help components configure or reconfigure themselves according to up-to-date information.
Worker nodes. worker nodes are basically worker machines (VMs, physical, bare metal servers, etc) in a cluster running your workloads. The nodes are controlled by Kubernetes master and are continuously monitored to maintain the desired state of the application. Worker process :
- Container runtime (Docker).
- Kubelet (agent that communicates with the k8s master and manage containers on its node).
- Kube-proxy (network proxy that reflects k8s networking services on each node. Its responsible for implementing a form of virtual IP for Services).
- Web UI (Dashboard).
- Container Resource Monitoring.
- Cluster Level Logging.
- Pod is a collection of containers with shared storage and network, and a specification on how to run them. Each pod is allocated its own IP address.
- Service is used to define a logical set of Pods and related policies used to access them. Exposing to external world mechanism.
- Volume is essentially a directory accessible to all containers running in a Pod.
- Namespace are virtual clusters backed by the physical cluster. Three namespace default is default (namespace contains the objects which belong to any other namespace), kube-system (namespace contains the objects created by the Kubernetes system), and kube-public (special namespace, which is readable by all users and used for special purposes, like bootstrapping a cluster).
- ReplicaSet ensures that a specified number of Pod replicas are running at any given time.
- Deployment is used to change the current state to the desired state.
- StatefulSet is used to ensure control over the deployment ordering and access to volumes, etc.
- DaemonSet is used to ensure control over the deployment ordering and access to volumes, etc.
- Job is used to perform some task and exit after successfully completing their work or after a given period of time.
Kubernetes using three different types of networks :
- Infrastructure Network is the network your physical (or virtual) machines are connected to. Normally your production network, or a part of it.
- Service Network is the (completely) virtual (rather fictional) network, which is used to assign IP addresses to Kubernetes Services, which you will be creating.
- Pod Network is the network which is used by the pods.
Networking between components in kubernetes :
- Container to container communication inside a pod (share the network namespaces).
- Pod to pod communication accros nodes (using routable pods and nodes like GCE or SDN like flannel/calico/weave).
- Communication between the external world and pods (exposing services to the external world with kube-proxy).
ACCESSING KUBERNETES CLUSTER
- CLI using kubectl.
- GUI using kubernetes-dashboard.
KUBERNETES SERVICE TYPE
- ClusterIP Service (default) : exposes the service on an internal IP in the cluster. This type makes the Service only reachable from within the cluster.
- NodePort Service : exposes the service on the same port of each selected Node in the cluster using NAT. Makes a service accessible from outside the cluster using NodeIP:NodePort.
- LoadBalancer Service : creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP to the service.
KUBERNETES OBJECT MODEL
apiVersion: apps/v1 #apiVersion, API endpoint on API server which we want to connect to
kind: Deployment #kind, object type
metadata: #metadata, basic information of object
spec: #spec, desire state of deployment
- name: nginx
KUBERNETES VOLUME MANAGEMENT
KUBERNETES (KUBECTL) USEFULLL COMMAND
Help : kubectl -h
Syntax : kubectl [command] [TYPE] [NAME] [flags]
-- command : Specifies the operation (create, get, describe, delete)
-- type : Specifies the resource type.
-- name : Specifies the name of the resource.
-- flags : Specifies optional flags.
kubectl api-resources #Print the supported API resources on the server.
kubectl get apiservices #Print the supported API services on the server.
kubectl get endpoints|nodes|pods|deployments|services|secrets|replicaset -o wide|json|yaml
kubectl get endpoints|nodes|pods|deployments|services|secrets|replicaset --all-namespaces
kubectl config view
kubectl apply -f FILENAME [flags]
kubectl apply -f kubernetes-dashboard.yaml
kubectl create -f FILENAME [flags]
kubectl create namespaces app01
kubectl create secret ...
kubectl create -f app01.yaml
kubectl edit deployment apache02
kubectl exec POD
kubectl exec -it apache02 /bin/bash
kubectl expose [type] [name] [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
kubectl expose deployment apache02 --port=80 --protocol=TCP --type=NodePort --external-ip=103.x.x.x
kubectl logs POD
kubectl logs apache02
kubectl run NAME --image=image [--port=port] [--replicas=replicas] [--labels]
kubectl run apache02 --image=httpd --port=80 --replicas=3 --labels="name=apache02"
Kubernetes Cheat Sheet
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image; putting it in a Secret object allows for more control over how it is used, and reduces the risk of accidental exposure.
Users can create secrets, and the system also creates some secrets.
To use a secret, a pod needs to reference the secret. A secret can be used with a pod in two ways: as files in a volume mounted on one or more of its containers, or used by kubelet when pulling images for the pod.
KUBERNETES BASIC MODULS
- Create a k8s cluster
- Deploy an app
- Explore your app
- Explore your app publicly
- Scale up your app
- Update your app