kubernetes.md

Kubernetes

• See also:
  • Tools
    • Lens - K8s IDE
    • Kubectl - Command-line interaction with k8s API
    • Helm - K8s package manager
  • Installation methods
    • Kubeadm - Official tool for cluster creation
    • Kubespray - Create K8s cluster with Ansible
    • Kops - Automatic K8s cluster provisioning
  • Distributions
    • Minikube - Local K8s for learning
    • K0s - Lightweight K8s

Troubleshooting

• kubectl cp <NAMESPACE>/<POD_NAME>:<PATH_IN_POD> <LOCAL_PATH>
• kubectl cp myscript.sh keycloak-0:/tmp/myscript.sh -n keycloak = Copy myscript.sh into the keycloak-0 pod.
• kubectl run curl-test --image=radial/busyboxplus:curl -i --tty --rm = Run pod with curl and nslookup for testing.

Kubectl

• See also:
  • Kubectl cheat sheet
    
    
• cluster-info = Print IPs of services and where they're running.
  
  
• get = Get info for a resource TYPE
  • kubectl get all -A = Get all resources in all namespaces.
  • kubectl get all -n splunk = Get all resources in the splunk namespace.
  • kubectl get pods -A = List running pods in all (-A) namespaces.
  • kubectl get pods -w = Continuously watch (-w) pods as they update in the default namespace.
  • kubectl get nodes -o wide = List nodes with extra (-o wide) information.
• describe = Get info for a SPECIFIC resource
  • kubectl describe nodes node1 = Describe node1.
  • kubectl describe -n gitlab pods gitlab-runner-678dd89fd9 | grep Node: = Show the node running a specific pod in the gitlab namespace.
    
    
• logs = Get pod logs.
  • kubectl logs -f -n kube-system coredns-694675dfcd-dqg69 = Tail CoreDNS pod logs in the kube-system namespace.
• exec = Run command in a pod.
  • kubectl exec -i gitlab-runner-678dd89fd9 -n gitlab -- nslookup google.com = Run an nslookup command in a gitlab runner pod.
  • kubectl exec -it gitlab-runner-678dd89fd9 -n gitlab -- /bin/bash = Pop a shell in a gitlab runner pod.
    
    
• edit = Open YAML editor for a resource & update it automatically.
• create = imperatively create resources.
  • kubectl create -f file.yaml = Create resources in file.yaml
• apply = declaratively create resources.
  • kubectl apply -f file.yaml = Create resources in file.yaml
• scale = Manually scale a deployment.
  • kubectl scale deployment myapp-deployment --replicas=5
    
    
• delete = Destroy a resource
  • kubectl delete service/sonarqube-sonarqube -n sonarqube
    
    
• kubectl rollout undo deployment myapp-deployment = Revert myapp-deployment to its previous version.

Example deployment

• For ChatGPT: Write an example nginx deployment for kubernetes
• Creates a ReplicaSet of 3 identical Nginx pods:
• nginx-deployment.yml

  ---
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: nginx-deployment
  spec:
    replicas: 3 # Create a ReplicaSet with 3 pods matching the template.
    selector:
      matchLabels:
        app: nginx # The ReplicaSet manages all pods with this label.
    template:
      metadata:
        labels:
          app: nginx # Give all pods this label.
      spec:
        containers:
          - name: nginx # All pods have a single nginx container.
            image: nginx:latest
            ports:
              - containerPort: 80
  

• nginx-service.yml

  ---
  apiVersion: v1
  kind: Service
  metadata:
    name: nginx-service
  spec:
    selector:
      app: nginx  # All pods with this label will be part of the service.
    ports:
      - protocol: TCP
        port: 80
        targetPort: 80
    type: NodePort

• kubectl apply -f nginx-deployment.yml
• kubectl apply -f nginx-service.yml
• kubectl delete -f nginx-deployment.yml
• kubectl delete -f nginx-service.yml

Deployment

• Creates a ReplicaSet declaratively.

ReplicaSet

• Maintains the desired number of identical pods. Usually created by a deployment.

StatefulSet

• Alternative to ReplicaSet for deploying stateful pods.

Service

• Abstraction layer to make pods accessible.
• Matches a set of pods using a label.

ClusterIP Service

• Makes a service available to pods inside the cluster.
• Used by internal-only services that communicate with each other inside the cluster.
• Provides a single IP to access all pods within that service from inside the cluster.

ports:
  - protocol: TCP
    port: 80          # The port of the SERVICE - All traffic on this port routes to the `targetPort` of each pod
    targetPort: 3000  # The port of the POD - The service forwards traffic from `port` to `targetPort`

NodePort Service

• Makes a service available outside the cluster on every node at a specific port.
• Nodes that don't have the service's pod(s) scheduled on them will forward any traffic on that port to the node(s) with the pod(s) scheduled on them.
• Useful when paired with an external load balancer that forwards traffic to the nodePort of each node.
• Cluster IP - An internal-only IP that is only accessible INSIDE the cluster. Used for pod-to-pod traffic.
• Ports (in service definition file) StackOverflow explanation

  ports:
    - protocol: TCP
      port: 80          # The port of the SERVICE - For NodePort services, this can be anything
      targetPort: 3000  # The port of the POD - The service forwards traffic from `port` to `targetPort`
      nodePort: 30432   # The port of the NODE - The node listens on this port and routes traffic to the service port

  incoming traffic -> nodePort (NODE) -> port (SERVICE) -> targetPort (POD)
  

  • Example (in Lens GUI): 80:30432/TCP - This service is accessible on each node's IP over port 30432. Port 30432 on every node will forward to port 80 on the service. Port 80 of the service will then forward traffic to the targetPort of the service pod(s).

LoadBlanacer Service

• Provisions an external cloud-managed load balancer to forward traffic to backend pods.
• Used with cloud providers.

kind: Service
metadata:
  name: my-service
spec:
  selector:
    app.kubernetes.io/name: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
      - ip: 192.0.2.127  # This is the external IP of the cloud-managed load balancer.

Endpoint

• Lists the IPs/ports of all pods belonging to a service.

Ingress

• Acts as an HTTP/HTTPS (layer 7) load balancer in front of your services.
• Used with ClusterIP services (NOT NodePort or LoadBalancer).
• If you're already using a LoadBalancer service, an Ingress is redundant.
• Ideal when you have many ClusterIP services and don't want to use a LoadBalancer service for each of them.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: simple-fanout-example
spec:
  rules:
  - host: foo.bar.com  # This is the external domain that clients will connect to.
    http:
      paths:
      - path: /foo  # This would handle foo.bar.com/foo and send it to service1
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 4200
      - path: /bar  # This would handle foo.bar.com/bar and send it to service2
        pathType: Prefix
        backend:
          service:
            name: service2
            port:
              number: 8080

CoreDNS

• See also
  • k8s DNS
  • DNS troubleshooting on EKS
  • Debugging k8s DNS resolution
    
    
• Update CoreDNS to use an upstream DNS server:

kubectl edit configmap coredns -n kube-system

  Corefile: |
    .:53 {
        log # < --- Log requests to stdout
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        forward . 10.128.0.2 # < --- Use 10.128.0.2 as upstream DNS
        prometheus :9153
        cache 30
        loop
        reload
        loadbalance
    }