Kubernetes
Basics
in the Cluster:
Master
- manage all nodes
- start app/schedule app container
Node
- kublet - talk to ma master
- container runtime - like docker, to pull the container image from a registry, unpacking the container and running the app
pods
- private, isolated network, visible from other pods and services within same k8s cluster
containerized apps, all containers run in a pod. If you have containers that depends on each other, they should be in a single pod
- share resources/namespace - The containers in a Pod share one IP Address and port space, are always co-located and co-scheduled, and run in a shared context on the same Node. And can communicate with each other
- storages, as Volumes
- networking, as unique cluster IP address
- container images versions or ports
- deployment create pods, make sure the containers are running even when the nodes failed
- use proxy to forward communications to cluster-wide, private network
kubectl proxycurl http://localhost:8001/version
- the pod endpoint will be created automatically based on the pod name
Services
- share resources/namespace - The containers in a Pod share one IP Address and port space, are always co-located and co-scheduled, and run in a shared context on the same Node. And can communicate with each other
- an abstraction which defines a logical set of Pods and a policy by which to access them. e.g routes traffic across a set of Pods. Persistent Endpoint for Pods
- use YAML/JSON
- user labels to select pods
- Services can be exposed in different ways by specifying a
typein the ServiceSpec, a.k.a different levels of access to a set of pods- Cluster IP, internal only
- NodePort, give each node a accessible IP (from external nodeport to internal target port)
- Load Balancer, add a load balancer from cloud provider which force the traffic from the service to nodes within it
kubectl
kubectl get nodes- deploy app
kubectl run APP_NAME --image=DOCKER_IMAGE_URL --port=PORT_NUMBER - check deployments
kubectl getdeployments kubectl get podsget existing podskubectl describe podsdetails about the Pod’s container: IP address, the ports used and a list of events related to the lifecycle of the Podkubectl logs $POD_NAME- to execute commands
kubectl exec -ti $POD_NAME bashkubectl exec -ti $POD_NAME curl localhost:8080access from cluster
- service
kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080expose the nodeport to external traffic, the NodePort that it is assigned will allow access from externalkubectl label pod $POD_NAME app=v1could have multiple labels
Monitor and Health Checks
- readiness check, if fails will remove load balancer
- live probe, restart container
- cat pods/healthy-xxx.yaml
Secrets and Configmaps
- dont put secrets in dockerfile
#configmaps
- can be used as env vars
- can tell the downstream pods that configuration is changed along a pod or restart if necessary
kubectl create configmap MAP_NAME --from-file xx/xxx.confsecrets
kubectl create secretkubectl create -f pods/xxx.yamlmount the secret as the volume of the pod
Deployments
deployments help to manage the replicas, to make sure it reaches the desired state, handle the creation, update and deletion
deployments/xxx.yaml
- specify the replicas
- label
- images
#create a deployment
kubectl create -f deployments/xxx.yaml
#check
kubectl describe deployments DEPLOYMENT_NAME
#create service
kubectl create -f services/xxx.yaml
kubectl get services xxx
kubectl get replicasets
#change the replica number in deployment yaml
vim deployments/xxx.yaml
kubectl apply -f deployments/xxx.yaml
#then we can see the update from replicasets and pods
Update
pod with app v2 will be deployed in one pod, and at this moment, there will be both v1 and v2. Then, route the traffic to v2, and remove v1 in this pod, and then cycle it to the next pods
- update the deployment yaml file to use v2 container image
- and then run
kubectl apply kubectl describe deployments xxxcheck the RollingUpdateStrategykubectl get podsto check the period of the updatekubectl describe pods POD_NAMEto check the version