Kubernetes - Up and Running

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How to get the list of pods running in the cluster?

kubectl get pods

What does Deployment manage?

Deployments manage ReplicaSets. ReplicaSets manage Pods. All of K8s works through selectors and there's no hierarchy in management.

How to imperatively change objects in K8s?

$ kubectl edit <resource-name> <obj-name> After you save the file, it will be automatically uploaded back to the Kubernetes cluster. (Not recommended for Production)

What's the function of kubeproxy?

- Responsible for routing network traffic to load-balanced services in the Kubernetes cluster. Proxy must be present on every node in the cluster (DaemonSet).

What are the key elements in the Pod manifest?

1. metadata section for describing the Pod and its labels, 2. spec section for describing volumes, and a list of containers that will run in the Pod.

What is a DaemonSet?

A DaemonSet ensures a copy of a Pod is running across a set of nodes in a Kubernetes cluster. DaemonSets are used to deploy system daemons such as log collectors and monitoring agents, which typically must run on every node. You can use "spec.template.spec.nodeSelector" on your DaemonSets to target specific containers.

What is a ReplicaSet?

A ReplicaSet acts as a cluster-wide Pod manager, ensuring that the right types and number of Pods are running at all times. The actual act of managing the replicated Pods is an example of a reconciliation loop - Desired state vs Current state recon.

How to create a Service object?

A Service object is a way to create a named label selector. $ kubectl run alpaca-prod \ --image=gcr.io/kuar-demo/kuard-amd64:1 \ --replicas=3 \ --port=8080 \ --labels="ver=1,app=alpaca,env=prod" $ kubectl expose deployment alpaca-prod $ kubectl get services -o wide

What is a Job?

A job creates one or more pods and ensures that a specified number of them successfully terminate (Suitable for oneshot runs)

What is a kubelet daemon?

A node daemon. It makes sure that containers are running and healthy in a pod.

How does the ReplicaSet spec look like?

All ReplicaSets must have a 1. unique name (defined using the metadata.name field), 2. a spec section that describes the number of Pods (replicas) that should be running cluster-wide at a given time, and 3. a Pod template that describes the Pod to be created when the defined number of replicas is not met.

What's etcd?

Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data. Always have a backup plan for etcd's data for your Kubernetes cluster.

How to use a ConfigMap?

Filesystem You can mount a ConfigMap into a Pod. A file is created for each entry based on the key name. The contents of that file are set to the value. Environment variable A ConfigMap can be used to dynamically set the value of an environment variable. Command-line argument Kubernetes supports dynamically creating the command line for a container based on ConfigMap values.

What are Annotations?

Githash etc - that doens't suit for labels are set to the Pods through annotations.

What is a ConfigMap?

It is a set of variables that can be used when defining the environment or command line for your containers.

What's a kube-apiserver?

Master daemon that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally - that is, it scales by deploying more instances.

What is a kube-controller-manager?

Master daemon that runs controllers . Each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. These controllers include: Node Controller: Responsible for noticing and responding when nodes go down. Replication Controller: Responsible for maintaining the correct number of pods for every replication controller object in the system. Endpoints Controller: Populates the Endpoints object (that is, joins Services & Pods). Service Account & Token Controllers: Create default accounts and API access tokens for new namespaces.

What is a kube-scheduler?

Master daemon that watches newly created pods that have no node assigned, and selects a node for them to run on. Factors taken into account for scheduling decisions include : 1. individual and collective resource requirements 2. hardware/software/policy constraints 3. affinity and anti-affinity specifications 4. data locality 5. inter-workload interference and deadlines.

What is a bootstrapper=kubeadm?

TODO

What is Recreate Deployment strategy?

The Deployment updates the ReplicaSet it manages to use the new image and terminates all of the Pods associated with the Deployment. The ReplicaSet notices that it no longer has any replicas, and re-creates all Pods using the new image. Once the Pods are re-created, they are running the new version. Potentially catastrophic, and will almost certainly result in some site downtime. Use it for Test

How does the pod gets scheduled?

The Kubernetes API server accepts and processes Pod manifests before storing them in persistent storage (etcd). The scheduler also uses the Kubernetes API to find Pods that haven't been scheduled to a node. The scheduler then places the Pods onto nodes depending on the resources and other constraints expressed in the Pod manifests. The Kubernetes scheduler tries to ensure that Pods from the same application are distributed onto different machines for reliability in the presence of such failures.

How to access the K8s UI (if it's not exposed in the cloud by default)?

The UI is run as a single replica, but it is still managed by a Kubernetes deployment for reliability and upgrades. You can see this UI server using: $ kubectl get deployments --namespace=kube-system kubernetes-dashboard (Desired and current = 1) The dashboard also has a service that performs load balancing for the dashboard: $ kubectl get services --namespace=kube-system kubernetes-dashboard We can use the kubectl proxy to access this UI. Launch the Kubernetes proxy using: $ kubectl proxy (For minikube, minikube dashboard)

What is a container-runtime?

The container runtime (node daemon) is the software that is responsible for running containers. Kubernetes supports several runtimes: Docker, rkt, runc and any OCI runtime-spec implementation.

How to find the ReplicaSet from a Pod?

The key for the annotation is kubernetes.io/created-by. kubectl get pods <pod-name> -o yaml

Does ReplicaSet own the Pods?

They don't. They use label queries to identify the set of Pods they should be managing. Since ReplicaSets are decoupled from the Pods they manage, you can simply create a ReplicaSet that will "adopt" the existing Pod, and scale out additional copies of those containers.

How to configure resources(cpu/memory) for a container in a Pod?

Two resource metrics : Resource requests specify the minimum amount of a resource required to run the application. Resource limits specify the maximum amount of a resource that an application can consume. spec.resources.containers.requests spec.resources.containers.limits cpu: "500m" memory: "128Mi"

How to persist data using volumes?

Two stanzas in Pod manifest : 1. spec.volumes - This array defines all of the volumes that may be accessed by containers in the Pod manifest. spec: volumes: - name: "kuard-data" hostPath path: "/var/lib/kuard" 2. spec.containers.volumeMounts - This array defines the volumes that are mounted into a particular container, and the path where each volume should be mounted. volumeMounts: - mountPath: "/data" name: "kuard-data" Note that two different containers in a Pod can mount the same volume at different mount paths. Note that hostPath is not to be used in Production

What is RollingUpdate strategy?

Updating a few Pods at a time, moving incrementally until all of the Pods are running the new version of your software. Using RollingUpdate, you can roll out a new version of your service while it is still receiving user traffic, without any downtime. (refer maxSurge and maxUnavailable)

How to get more details from any object?

Use describe and the -o wide flag kubectl get pods my-pod -o jsonpath --template={.status.podIP}

How to limit memory and CPU in docker

docker run -d --name kuard \ --publish 8080:8080 \ --memory 200m \ --memory-swap 1G \ --cpu-shares 1024 \ gcr.io/kuar-demo/kuard-amd64:1

How to create a K8s cluster in GKE

gcloud container clusters create kuar-cluster

What are the selector operators?

key=value key!=value key in (value1, value2) key notin (value1, value2) key (key is set) !key (key is not set)

What are the master-components?

kube-apiserver, etcd, kube-scheduler, kube-controller-manager, cloud-controller-manager

What's the relationship between kube-proxy and Cluster IPs?

kube-proxy watches for new services in the cluster via the API server. Modifies the iptables rules in the kernel of that host to rewrite the destination of packets so they are directed at one of the endpoints for that service. If the set of endpoints for a service changes (due to pods coming and going or due to a failed readiness check) the set of iptables rules is rewritten.

How to scale a replicaset?

kubectl autoscale rs kuard --min=2 --max=5 --cpu-percent=80

How to set a default namespace?

kubectl config set-context my-context --namespace=mystuff This creates a new context, but it doesn't actually start using it yet. To use this newly created context, you can run: kubectl config use-context my-context

How to copy data from and to containers?

kubectl cp <pod-name>:/captures/capture3.txt ./capture3.txt kubectl cp $HOME/config.txt <pod-name>:/config.txt

How to create a ConfigMap?

kubectl create configmap my-config \ --from-file=my-config.txt \ --from-literal=extra-param=extra-value \ --from-literal=another-param=another-value

How to use a private docker registry for container images?

kubectl create secret docker-registry my-image-pull-secret \ --docker-username=<username> \ --docker-password=<password> \ --docker-email=<email-address> spec. imagePullSecrets: - name: my-image-pull-secret

How would you delete a DaemonSet/Deployment/ReplicaSet without deleting the containers?

kubectl delete --cascade=false <objecttype/object>

How to delete an object?

kubectl delete -f obj.yaml kubectl delete <resource-name> <obj-name>

How to delete the ReplicaSet without deleting the Pods?

kubectl delete rs kuard --cascade=false

How to get more information about Nodes?

kubectl describe nodes node-1

How to get information on the running Pods from Nodes?

kubectl describe nodes/kubectl describe nodes node1

How to run commands in your container with exec?

kubectl exec kuard date kubectl exec -it kuard ash

What are Kubernetes master components?

kubectl get componentstatuses

How to get the labels of all deployments?

kubectl get deployments --show-labels

How to get the labels of Kubernetes as columns?

kubectl get deployments -L canary

How to list pods that match a specific selector?

kubectl get pods --selector="ver=2" kubectl get pods --selector="app=bandicoot,ver=2" kubectl get pods --selector="app in (alpaca,bandicoot)" kubectl get deployments --selector="canary" Or simply: (-l is a shortcut for --selector) kubectl get pods -l app=kuard,version=2

How would you add a Label to a Node?

kubectl label nodes k0-default-pool-35609c18-z7tb ssd=true kubectl get nodes --selector ssd=true

How to update the label of a pod from kubectl?

kubectl label pods bar color=red For deployment : kubectl label deployments alpaca-test "canary=true"

How to see logs in Kubernetes?

kubectl logs kuard (where kuard is your pod name) kubectl logs -f kuard --previous flag will get logs from a previous instance of the container.

How to see the history of rollouts for a deployment?

kubectl rollout history kubectl rollout history deployment nginx (The revision history is given in oldest to newest order)

How to pause, resume and undo a rollout?

kubectl rollout pause deployments nginx kubectl rollout resume deployments nginx kubectl rollout undo deployments nginx

How would you declare a oneshot Job?

kubectl run -i oneshot \ --image=gcr.io/kuar-demo/kuard-amd64:1 \ --restart=OnFailure \ -- --keygen-enable \ --keygen-exit-on-complete \ --keygen-num-to-gen 10 -i option indicates that this is an interactive command. kubectl will wait until the Job is running and then show the log output from the first (and in this case only) pod in the Job. --restart=OnFailure is the option that tells kubectl to create a Job object

How to run a pod?

kubectl run kuard --image=gcr.io/kuar-demo/kuard-amd64:1 Note that kubectl apply -f <pod-manifest-yaml> does the same trick

How to scale a deployment?

kubectl scale deployments nginx --replicas=2 Compare this with replicasets scaling : kubectl scale replicasets nginx-1128242161 --replicas=1

What are the daemons of K8s node?

kubelet, kube-proxy and container-runtime

How to start minikube with CPU and memory limits

minikube start --cpus 6 --memory 8192 --vm-driver virtualbox --bootstrapper kubeadm

How to refer to another object using label selector?

selector: matchLabels: app: alpaca matchExpressions: - {key: ver, operator: In, values: [1, 2]}

How to increase the revision history limit for a Deployment?

spec: revisionHistoryLimit: 14

How to do port forwarding?

ssh <node> -L 8080:localhost:32711

How to do a rolling update on Deployment?

strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate The maxUnavailable parameter sets the maximum number of Pods that can be unavailable during a rolling update. The maxSurge parameter controls how many extra resources can be created to achieve a rollout. Optional : maxUnavailable parameter can either be set to an absolute number (e.g., 3 meaning a maximum of three Pods can be unavailable) or to a percentage (e.g., 20% meaning a maximum of 20% of the desired number of replicas can be unavailable). The maxSurge parameter controls how many extra resources can be created to achieve a rollout. We set maxUnavailable to 0 and maxSurge to 20%. The first thing the rollout will do is scale the new ReplicaSet up to 2 replicas, for a total of 12 (120%) in the service. It will then scale the old ReplicaSet down to 8 replicas, for a total of 10 (8 old, 2 new) in the service. This process proceeds until the rollout is complete. At any time, the capacity of the service is guaranteed to be at least 100% and the maximum extra resources used for the rollout are limited to an additional 20% of all resources.


Ensembles d'études connexes

1. Islands of Indonesia and facts

View Set

Tumor Staging, Tumor Grade, and Tumor Markers

View Set

study set for quiz 2; graphing quadratic functions

View Set

Chapter 9: Multiple Regression-FIN 360

View Set

305 Financial Chapter 1 (Part 2)

View Set