Knowledge Transfer

Ethickfox kb page with all notes

Project maintained by ethickfox Hosted on GitHub Pages — Theme by mattgraham

==Kubernetes== (also known as k8s or “kube”) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications.

Upsides

Self-Healing
Automated Rollbacks
Horizontal scaling
High availability
Portability - allows to deploy and manage apps on different envs and clouds
Disaster recovery - backup and restore Downsides
Complexity of distributed systems - complex to setup and operate
Highter resources consumption With Kubernetes you can:
Orchestrate containers across multiple hosts.
Make better use of hardware to maximize resources needed to run your enterprise apps.
Control and automate application deployments and updates.
Mount and add storage to run stateful apps.
Scale containerized applications and their resources on the fly.
Declaratively manage services, which guarantees the deployed applications are always running the way you intended them to run.
Health-check and self-heal your apps with autoplacement, autorestart, autoreplication, and autoscaling.

Main parts

==Cluster== - is a grouping of nodes that run containerized apps in an efficient, automated, distributed, and scalable manner. A Kubernetes cluster consists of a set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.

==Control plane== - the collection of processes that control Kubernetes nodes. This is where all task assignments originate.

==kube-apiserver (api)== - is a component of the Kubernetes control plane that exposes the Kubernetes API. The API server is the external interface (synonym = front end) for the Kubernetes control plane.
==etcd== - is a consistent (stable) and highly-available key value store used as Kubernetes' backing store for all cluster data and used by other control pane copmponents (link how it works).
==kube-scheduler== - is a control plane component that watches for newly created pods with no assigned node, and selects a node for them to run on. Factors taken into account for scheduling decisions include:
- individual and collective resource requirements,
- hardware/software/policy constraints,
- affinity (closeness) and anti-affinity specifications,
- data locality,
- inter-workload interference
- deadlines.
==kube-controller-manager (c-m)== - is a control plane component that runs controller processes. Controller - a control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state.

[!warn] Example ReplciationController - checks if there are requred number of replicas DeploymentController - Rolling updates and rollbacks of deployments

==cloud-controller-manager (c-c-m)== - is a Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster. The cloud-controller-manager only runs controllers that are specific to your cloud provider. If you are running Kubernetes on your own premises, or in a learning environment inside your own PC, the cluster does not have a cloud controller manager.

==Nodes== - these machines perform the requested tasks assigned by the control plane.

Worker node - regular node where containers run
- kublet - deamon that communicates with control plane, starts containers
- container runtime - pulls container from registry, running and stopping them and managing resources
- kube proxy -network proxy that routes traffic from service to pod, provides loadbalancing
Master node - main node which manages worker nodes
- Api Server - cluster gateway
  - allows to interact with k8s cluster
  - acts as gatekeeper for authentication to allow only authorized interacvtions with cluster
- Scheduler - decides on which worker nodes pods will be created
- Controller manager - detects state changes - like pod's dying
- etcd - key-value store for cluster changes, like pods created etc ==Pod== - smallest unit in Kubernetes. A group of one or more containers deployed to a single node. All containers in a pod share an IP address, IPC, hostname, and other resources. Pods abstract network and storage from the underlying container. This lets you move containers around the cluster more easily.
Abstraction over container - no need to bind to specific container technology
In most cases only one container inside
They are ephemeral - could die easily and be recreated
They are stateless, so all data after restart is gone ==Network== - k8s provides a virtual network
Each pod has it's own internal ip address
Each time pod is recreated it gets a new address

==Deployments==

Ensures the desired number of Pods are running.
Provides rolling updates and rollbacks. ==StatefulSet== - like deployment, but supposed to be used by stateful apps(like DB)
Difficult in configuration
dbs usually hosted outside k8s ==Services== - manages access to pod and it's replicas
Exposes static ip address for the Pod, so if it's restarted, address won't be change
Lifecycle of pod and service are not connected
Serves as Load Balancer
External - exposes address outside of k8s network
Internal - address is reachable only in k8s network ==Ingress== - forwards requests to the particular k8s service

==ConfigMap== - configuration storage for application. Not suitable for passwords etc ==Secret== - stores data like ConfigMap, but securely. Could contain passwords

Stores everything base64 encoded ==Volume== - data storage outside of k8s, attached to cluster
Local storage
Remote storage Namespaces - let you isolate and organize your workloads

apiVersion: v1
kind: Namespace
metadata:
  name: development

==Kubelet== - this service runs on nodes, reads the container manifests, and ensures the defined containers are started and running.

==Replication controller== - this controls how many identical copies of a pod should be running somewhere on the cluster.

==Service== - this decouples work definitions from the pods. Kubernetes service proxies automatically get service requests to the right pod—no matter where it moves in the cluster or even if it’s been replaced.

==kubectl== - the command line configuration tool for Kubernetes.

kubectl create deployment my-app --image=nginx
kubectl get nodes  # List available nodes
kubectl get deployments  # Check deployments
kubectl get pods  # Check running pods
kubectl expose deployment my-app --type=NodePort --port=80
kubectl scale deployment my-app --replicas=3
kubectl delete deployment my-app
kubectl delete service my-app

Kubernetes Explanation in Pictures

Node

it’s a virtual or physical machine

Usually 1 Application per Pod

Each Pod gets its own IP address

Pods are ephemeral

One node cluster - minikube

kubectl get node

apiVersion: v1
kind: ConfigMap 
metadata:
    name: mongo-config 
data:
    mongo-url: mongo-service


apiVersion: v1
kind: Secret
metadata:
    name: mongo-secret
type: 0paque
data:
    mongo_user: YWRtaW4=
    mongo_password: MwsfsZDFUMmUZN2Rm

apiversion:v1
kind: Deployment
metadata:
    name: mongo-deployment
    labels:
        app: mongo
spec:
    replicas: 1 
    selector:
        matchLabels:
            app: mongo
    template:
        metadata:
            labels:
                app: mongo
        spec:
            containers:
                - name: mongodb 
                image: mongo:5.0
                ports:
                      - containerPort: 27017
			   env:
					 - name: MONGO_INITDB_ROOT_USERNAME
					   valueFrom:
    secretKeyRef: 
name: mongo-secret
key: mongo-user
					 - name: MONGO_INITDB_ROOT_PASSWORD
					   valueFrom:
    secretKeyRef: 
name: mongo-secret
key: mongo-password

apiVersion: v1
kind: Service
metadata:
    name: mongo-service
spec:
    selector:
        app: mongo
ports:
    - protocol: TCP
    port: 8080
    targetPort: 27017



apiversion:v1
kind: Deployment
metadata:
    name: webapp-deployment
    labels:
        app: webapp
spec:
    replicas: 1 
    selector:
        matchLabels:
            app: webapp
    template:
        metadata:
            labels:
                app: webapp
        spec:
            containers:
                - name: webapp 
                image: nanajanashia/k8s-demo-app: v1.0
                ports:
                      - containerPort: 3000
			   env:
					 - name: USER_NAME
					   valueFrom:
    secretKeyRef: 
name: mongo-secret
key: mongo-user
					 - name: USER_PASSWORD
					   valueFrom:
    secretKeyRef: 
name: mongo-secret
key: mongo-password
					 - name: DB_URL
					   valueFrom:
    							configMapKeyRef: 
name: mongo-config
key: mongo-url

apiVersion: v1
kind: Service
metadata:
    name: webapp-service
spec:
	type:NodePort
    selector:
        app: webapp
ports:
    - protocol: TCP
    port: 80
    targetPort: 3000
	nodePort: 30100

kubectl apply -f mongo-config.yaml
kubectl get all
kubectl get configmap
kubectl get secret
kubectl logs webapp-deployment-deffd6bcc-gsmlt
kubectl get node -o wide
minikube ip

Commands Examples

kubectl cluster-info

kubectl get nodes
kubectl get namespaces
kubectl get pods -A      # in all namespaces
kubectl get pods -n development # in namespace development
kubectl get services -A
kubectl get deployments -n development

kubectl apply -f kub.yml

kubectl delete -f kub.yml
kubectl delete pod pod-info-development-78bbb77995-4mdf8 -n development

kubectl logs pod-info-development-78bbb77995-l47xp -n development

Managing Kubernetes for development

minikube start
kubectl get nodes  # Verify cluster is running