Checkout detailed article on Dev.to
- Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.
- Cluster: A set of worker machines, called nodes, that run containerized applications.
- Node: A single machine in a Kubernetes cluster.
- Pod: The smallest deployable unit, which can contain one or more containers.
- Service: A stable network endpoint to expose a set of pods.
- Namespace: A way to divide cluster resources between multiple users.
- Kubelet: An agent running on each node that ensures containers are running in a Pod.
- Kubectl: Command-line tool to interact with Kubernetes clusters.
-
Minikube: Set up a single-node Kubernetes cluster for testing.
minikube start
-
Get Cluster Information:
kubectl cluster-info
-
Get All Nodes in the Cluster:
kubectl get nodes
-
Create a Pod:
kubectl run mypod --image=nginx
-
List All Pods:
kubectl get pods
-
Describe a Pod:
kubectl describe pod mypod
-
Delete a Pod:
kubectl delete pod mypod
-
List All Namespaces:
kubectl get namespaces
-
Create a Namespace:
kubectl create namespace mynamespace
-
Delete a Namespace:
kubectl delete namespace mynamespace
-
Create a Deployment:
kubectl create deployment myapp --image=nginx
-
View Deployment Status:
kubectl get deployments
-
Update a Deployment:
kubectl set image deployment/myapp nginx=nginx:1.16 -
Rollback a Deployment:
kubectl rollout undo deployment/myapp
-
Scale a Deployment:
kubectl scale deployment myapp --replicas=3
-
Auto-scaling with Horizontal Pod Autoscaler (HPA):
kubectl autoscale deployment myapp --min=1 --max=5 --cpu-percent=80
-
Expose a Pod with a Service:
kubectl expose pod mypod --port=80 --target-port=8080
-
Create a Service for a Deployment:
kubectl expose deployment myapp --type=NodePort --port=80
-
List All Services:
kubectl get services
-
Understanding Cluster Networking: Kubernetes abstracts network communication between Pods.
-
Network Policies: Restrict Pod communication using Network Policies.
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: mynetworkpolicy namespace: mynamespace spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: role: frontend egress: - to: - podSelector: matchLabels: role: backend
-
Create a Persistent Volume:
apiVersion: v1 kind: PersistentVolume metadata: name: mypv spec: capacity: storage: 1Gi accessModes: - ReadWriteOnce hostPath: path: "/mnt/data"
-
Create a Persistent Volume Claim:
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mypvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi
-
Create a StorageClass:
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: mystorageclass provisioner: kubernetes.io/aws-ebs parameters: type: gp2
-
Create a ConfigMap from a File:
kubectl create configmap myconfig --from-file=config.txt
-
View a ConfigMap:
kubectl get configmap myconfig -o yaml
-
Use a ConfigMap in a Pod:
apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mycontainer image: nginx envFrom: - configMapRef: name: myconfig
-
Create a Secret from a Literal Value:
kubectl create secret generic mysecret --from-literal=username=admin
-
View a Secret:
kubectl get secret mysecret -o yaml
-
Use a Secret in a Pod:
apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mycontainer image: nginx envFrom: - secretRef: name: mysecret
-
Install an Ingress Controller: Use a Helm chart or YAML manifest to install an ingress controller (e.g., NGINX Ingress Controller).
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
-
Create an Ingress Resource:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myingress spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80
-
TLS Termination with Ingress:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myingress spec: tls: - hosts: - myapp.example.com secretName: mytlssecret rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80
-
Create a Role:
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: mynamespace name: myrole rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"]
-
Bind a Role to a User:
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: myrolebinding namespace: mynamespace subjects: - kind: User name: myuser apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: myrole apiGroup: rbac.authorization.k8s.io
-
Create a PSP:
apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: mypsp spec: privileged: false seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny volumes: - '*'
-
Create a Network Policy:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-db namespace: mynamespace spec: podSelector: matchLabels: role: db policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: role: frontend
-
Enable API Server Auditing:
- Edit the API server manifest to include auditing options.
- --audit-log-path=/var/log/kubernetes/audit.log - --audit-policy-file=/etc/kubernetes/audit-policy.yaml
-
Create a Custom Resource Definition:
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: myresources.example.com spec: group: example.com versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object scope: Namespaced names: plural: myresources singular: myresource kind: MyResource shortNames: - mr
-
Introduction to Operators: Operators are Kubernetes applications designed to manage complex stateful applications by extending the Kubernetes API.
-
Creating an Operator:
- Use the Operator SDK to scaffold and build an operator.
operator-sdk init --domain=example.com --repo=github.com/example/memcached-operator operator-sdk create api --group=cache --version=v1 --kind=Memcached --resource --controller
-
Install Istio:
istioctl install --set profile=demo
-
Deploy an Application with Istio:
- Annotate namespace to enable Istio sidecar injection.
kubectl label namespace mynamespace istio-injection=enabled
- Deploy application in the annotated namespace.
-
Traffic Management with Istio:
- Create VirtualService and DestinationRule to manage traffic routing.
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: myapp spec: hosts: - myapp.example.com http: - route: - destination: host: myapp subset: v1
-
Prometheus and Grafana:
-
Install Prometheus:
kubectl apply -f https://github.com/prometheus-operator/prometheus-operator/blob/main/bundle.yaml
-
Install Grafana:
kubectl apply -f https://raw.githubusercontent.com/grafana/grafana/main/deploy/kubernetes/grafana-deployment.yaml
-
View Metrics in Grafana: Access the Grafana dashboard and configure data sources to use Prometheus.
-
-
Logging with ELK Stack:
-
Deploy ELK Stack: Use Helm or custom YAML manifests to deploy Elasticsearch, Logstash, and Kibana.
helm install elk-stack stable/elastic-stack
-
Configure Fluentd for Log Collection:
- Deploy Fluentd as a DaemonSet to collect logs from all nodes and send them to Elasticsearch.
-
-
Kubernetes High Availability (HA):
- HA Master Nodes: Set up multiple master nodes to ensure availability.
- HA etcd Cluster: Use an HA etcd cluster to store Kubernetes state with redundancy.
-
Disaster Recovery:
-
Backup and Restore etcd:
- Use
etcdctlto take snapshots of the etcd cluster.
etcdctl snapshot save /path/to/backup
- Restore from the snapshot when needed.
- Use
-
-
Multi-Cluster Federation:
- Set Up Federation: Use Kubernetes Federation v2 to manage multiple clusters from a single control plane.
kubefedctl join mycluster --cluster-context=mycluster-context --host-cluster-context=host-cluster-context
- Deploy Federated Resources: Deploy resources that span across multiple clusters using the Federation API.