Differences

This shows you the differences between two versions of the page.

--- devops:docker:kubernetes [2023/11/18 14:08] – skipidar
+++ devops:docker:kubernetes [2024/07/21 14:33] (current) – skipidar
@@ Line 1: / Line 1: @@
 ====== Kubernetes ======
@@ Line 8: / Line 9: @@
 K8s in 30 Min https://de.slideshare.net/lestrrat/kubernetes-in-30-minutes-20170310
+{{youtube>zkevzEgEFuc}}
+Glossary
+|Pod|Smallest unit of K8s. Can contain multiple containers {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/ZS1pEtKqtQ.png?300px}}|
+|ReplicaSet| **Orchestrated by deployments.** A ReplicaSet ensures that a **specified number of pod replicas are running at any given time**. However, a Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to Pods along with a lot of other useful features. {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/1a1gqMxnuj.png?300px}}|
+|Deployments|Manages your Pods. The Deployment object not only creates the pods but also ensures the correct number of pods is always running in the cluster, handles scalability, and takes care of updates to the pods on an ongoing basis.  {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/IIQ1Hpm0Bd.png?300px}}|
+|Services|Write traffic to Pods. Visible inside the cluster {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/jgduvQSMHM.png?300px}}|
+|Ingress|Make Service visible over the internets {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/jgduvQSMHM.png?300px}}|
+|Secrets| Store SENSITIVE data and files to map those into the container {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/cYujcjPS5e.png?300px}}|
+===== Kubernetes Command line control =====
+<sxh shell>
+# check status
+kubectl cluster-info
+Kubernetes control plane is running at https://1E8A67830070D01D369595AAD4DAB03D.gr7.eu-central-1.eks.amazonaws.com
+CoreDNS is running at https://1E8A67830070D01D369595AAD4DAB03D.gr7.eu-central-1.eks.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
+To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
+# list clusterrole bindings for all namespaces
+kubectl get clusterrolebindings system:node --all-namespaces -o json
+{
+    "apiVersion": "rbac.authorization.k8s.io/v1",
+    "kind": "ClusterRoleBinding",
+    "metadata": {
+        "annotations": {
+            "rbac.authorization.kubernetes.io/autoupdate": "true"
+        },
+        "creationTimestamp": "2023-11-19T11:19:05Z",
+        "labels": {
+            "kubernetes.io/bootstrapping": "rbac-defaults"
+        },
+        "name": "system:node",
+        "resourceVersion": "141",
+        "uid": "e9d7ef15-9313-4ec0-9676-521fd79073c3"
+    },
+    "roleRef": {
+        "apiGroup": "rbac.authorization.k8s.io",
+        "kind": "ClusterRole",
+        "name": "system:node"
+    }
+}
+# cubeconfig is the config-file, which makes k8s accessible
+# generates a "kubeconfig" in ~/.kube/config
+aws eks update-kubeconfig --name alf-dev-eks-auth0-eks --alias alf-dev-eks-auth0-eks
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyY0F3SUJBZ0lJYmFmWWVvbHRNWDh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUSFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpFeE1Ua3hNVEV6TXpCYUZ3MHpNekV4TVRZeE1URTRNekJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUNldCtjeGlLNWFPV21mUit1ZUZGRVZId3JEbEdaRU5DcjBGaEx2QzBmZFRWTnJvYS9HWWRsdGIxNEMKOVF0OWErbk5pTytsWDRSUWVUMks1ZlZVUkdHaVQwV0RvR05DdFp5QkhlTXdOeThWakhtOWV4ckNnTnJ1QTVERgpGVGw5OE5vTUdYVGdjV1BKNUk4NGxSU3E4WEVCZzdJYVZNdVVMeGFyczNnb3JoN1IvaWFvdjFLNkRXYmxhODNkCk9qUkpRR28rUXFHVkFENFRieFZPYmszR21JU1ROcFp2bStUQ251MkdFcXI2MUxqWXdHNjVyb3pZbUxyd3lZNncKSU14VFdtSXIzSHlYZjc1eXRmNDkwa04xSG43T1FTNkxFSlZqdjhmMTdHMDByU2xwQTR3QlN1RlhrV3hDbFZ0QwppOUp0RFVRNzJ1QkJCNlFFVUU3T3M4eWNvTGtWQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSYUM3WnJIZmM3UjJUY0Q5a2FDTDdIMDRsaVNUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVdYM0N1TXJ2QgpjeDRIa1FnNWRPZ0thb3J4OWVheGpPRGl6L3FBT2tIOStGaUU5RnJaTUpzQmYvYzUwZ3JJMzlSNDVmQWpvSm5SCml4UTVTOEs1dmRqdUlOQ3J1L0lMcVkyY09pZG56VWowMmtlME43QXpFWDlUaXNwUkpPdXRHZlY3UjNZTUFucEMKd0ttZTJyMGpjemNvcXlWK1NxTmNyZFcvNzJqVGxuQkc2YlRPWmVZKzJWZFZkeU1VQm9JaWhPUUJQb2lia0x3awovUlZFcUxLdHRpZTVqcFRTaFlmSzdhTnB5UUprQTFxbWxqWk5nZlVkcjVmUitReHlqc2h0MG9DaTFUODM2eTRGCnFjZld0L2xjY2hjMXU2ZmJzZWlvemh1OW5ndkdNL3FVWXFVNkFVZ1daVjIzYVNzQjhqSlJna09hUlBMUXZ4anUKbjdMMkdnekUyTWkwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://1E8A67830070D01D369595NMD4DAB03D.gr7.eu-central-1.eks.amazonaws.com
+  name: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+contexts:
+- context:
+    cluster: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+    user: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+  name: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+current-context: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+kind: Config
+preferences: {}
+users:
+- name: arn:aws:eks:eu-central-1:123456789012:cluster/alf-dev-eks-auth0-eks
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1beta1
+      args:
+      - --region
+      - eu-central-1
+      - eks
+      - get-token
+      - --cluster-name
+      - alf-dev-eks-auth0-eks
+      - --output
+      - json
+      command: aws
+</sxh>
@@ Line 16: / Line 106: @@
 https://circleci.com/blog/what-is-helm/
+=== Helm Charts ===
-Open HELM repository: https://artifacthub.io/
+A Helm chart is a package that contains all the necessary resources to deploy an application to a Kubernetes cluster. This includes **YAML** configuration files for **deployments**, **services**, **secrets**, and **config maps** that define the **desired state of your application**.
+Each Helm chart can be versioned and managed independently, making it easy to maintain multiple versions of an application with different configurations.
+The whole idea of HELM - is about splitting IaC in
+- Infrastructure code (templates)
+- Parameters per environment
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/ExuHJEwsZX.png}}
+This is how HELM helps apply DontRepeatYourself
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/H4kBo6QBDo.png}}
+=== Repository ===
+Public HELM repository: https://artifacthub.io/
 ===== Achitecture =====
@@ Line 34: / Line 141: @@
 ==== Vagrant environment ====
 Use the Vagrant environment for the experiments
-https://github.com/skipidar/Vagrant-Kubernetes
+<del>https://github.com/skipidar/Vagrant-Kubernetes</del>
+https://github.com/alfrepo/Vagrant_Templates/tree/master/Workspace
@@ Line 43: / Line 152: @@
-=== On Windows - Dont deploy in minikube===
+=== Prefered: On Windows - do use minikube===
-Why not Minukube: the **minikube** may only be started from disk C:\ Otherwise it will throw an error, that it does not recognize the path.
+- install "Docker Desktop"
+- install minikube directly on Windows, in order not to mess around with port forwarding etc.
+see
+https://wiki.alf.digital/doku.php?id=devops:docker:kubernetes:tutorial-win-minikube
+=== Alternative: On Windows - Deploy in Linux-guest Vagrant VM - Minikube distribution ===
-=== On Windows - Deploy in Linux-guest Vagrant VM - Minikube distribution ===
+Challenges: redirecting the minikube console etc. is challenging.
 OS: Ubuntu
@@ Line 869: / Line 985: @@
 https://github.com/Apress/Kubernetes-Native-Development/blob/main/snippets/chapter1/webserver-deployment.yaml
+Generate deployment config with a service.
+<sxh shell>
+kubectl create deployment demo --image=springguides/demo --dry-run -o=yaml > deployment.yaml
+echo --- >> deployment.yaml
+kubectl create service clusterip demo --tcp=8080:8080 --dry-run -o=yaml >> deployment.yaml
+</sxh>
+Generated deployment config:
+<sxh shell>
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: demo
+  name: demo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: demo
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: demo
+    spec:
+      containers:
+      - image: springguides/demo
+        name: demo
+        resources: {}
+status: {}
+</sxh>
+Lets go step by step through the config:
+<sxh shell>
+metadata:
+  creationTimestamp: null
+  labels:
+    app: demo
+  name: demo
+Assign label "app". Value: demo
+Labels help identify and categorize resources. By assigning specific labels, you can easily distinguish between different types or groups of resources within your cluster.
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: demo
+In the provided Kubernetes deployment specification, the selector section defines a criteria for matching Pods to the deployment. Let's break it down:
+selector:
+This key signifies the start of the selector configuration within the deployment spec.
+matchLabels:
+This key specifies that the selector will use labels for matching.
+app: demo:
+This entry defines the actual matching criteria. It specifies that the selector will only consider Pods with a label named app and a value of demo.
+spec:
+  replicas: 1
+    spec:
+      containers:
+      - image: springguides/demo
+        name: demo
+        resources: {}
+This defines the name assigned to the container within the Pod.
+</sxh>