Course Objectives

Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
Cluster Architecture

❑ Kubernetes Architecture
❑ ETCD For Beginners
❑ ETCD in Kubernetes
❑ Kube-API Server
❑ Controller Managers
❑ Kube Scheduler
❑ Kubelet
❑ Kube Proxy
KUBERNETES
ARCHITECTURE
 Master
Manage, Plan, Schedule, Monitor
Nodes

Worker
Host Appli
 kube-apiserver Master
Manage, Plan, Schedule, Monitor
Nodes

kubelet

Controller-
Manager

ETCD
CLUSTER

kube-scheduler
kube-apiserver Master
Manage, Plan, Schedule, Monitor Nodes Worker Nodes
Host Application as Containers

kubelet

kubelet
Container Runtime Engine
Run containers
Controller
-Manager
Kube-proxy

Kube-
ETCD proxy
CLUSTER

Container Runtime Engine

kube-scheduler
Run containers
 Kubernetes Architect
Master Worke
Manage, Plan, Schedule, Monitor Host Appli
Nodes

kubelet

Kube-proxy

ETCD kube- Contai

CLUSTER apiserver Run containe

Kube
kubelet
Controller
Manager kube-scheduler
Kube-proxy

Contai
Run containe
ETCD
FOR BEGINNERS
Objectives
• What is ETCD?
• What is a Key-Value Store?
• How to get started quickly?
• How to operate ETCD?
• What is a distributed system?
• How ETCD Operates
• RAFT Protocol
• Best practices on number of nodes
 ETCD is a distr
reliable key-val
that is Simple, S
Fast
key-value store

Name Age Location Sa

John Doe 45 New York 50

Dave Smith 34 New York 40

Aryan Kumar 10 New York

Lauren Rob 13 Bangalore

Lily Oliver 15 Bangalore

 Key
key-value store Name
Key Value Age
Name John Doe Locatio
Age 45 Salary
Location New York Organiz

Salary 5000

Key Value Key Value

Name Aryan Kumar Name Lauren

Age 10 Age 13

Location New York Location Banga

Grade A Grade C
 key-value store
{
{
"nam
"name": "John Doe",
"age
"age": 45,
"loc
"location": "New York",
"sal
"salary": 5000
"org
}
}

{ {
"name": "Aryan Kumar",
"age": 10,
"location": "New York",
"Grade": "A"
} }
"name": "Lily Oliver"
"age": 15,
"location": "Bangalor
"Grade": "B"
Install ETCD

1. Download Binaries
curl -L https://github.com/etcd-io/etcd/releases/download
v3.3.11-linux-amd64.tar.gz -o etcd-v3.3.11-linux-amd64.ta

2. Extract
tar xzvf etcd-v3.3.11-linux-amd64.tar.gz

3. Run ETCD Service

./etcd
Operate ETCD
3. Run ETCD Service
./etcd

./etcdctl set key1 value1

./etcdctl get key1

value1

./etcdctl
NAME:
etcdctl - A simple command line client for etcd.

COMMANDS:
backup backup an etcd directory
cluster-health check the health of the etcd cluster
mk make a new key with a given value
mkdir make a new directory
rm remove a key or a directory
rmdir removes the key if it is an empty directory or a key-value pair
get retrieve the value of a key
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
ETCD
In Kubernetes
Master
Manage, Plan, Schedule, Monitor
Nodes

• Nodes
• PODs
• Configs
• Secrets
• Accounts
• Roles
• Bindings
• Others

ETCD
CLUSTER
Setup - Manual
wget -q --https-only \
"https://github.com/coreos/etcd/releases/download/v3.3.

etcd.service
ExecStart=/usr/local/bin/etcd \\
--name ${ETCD_NAME} \\
--cert-file=/etc/etcd/kubernetes.pem \\
--key-file=/etc/etcd/kubernetes-key.pem \\
--peer-cert-file=/etc/etcd/kubernetes.pem \\
--peer-key-file=/etc/etcd/kubernetes-key.pem \\
--trusted-ca-file=/etc/etcd/ca.pem \\
--peer-trusted-ca-file=/etc/etcd/ca.pem \\
--peer-client-cert-auth \\
--client-cert-auth \\
--initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\
--listen-peer-urls https://${INTERNAL_IP}:2380 \\
--listen-client-urls https://${INTERNAL_IP}:2379,https://127.0
--advertise-client-urls https://${INTERNAL_IP}:2379 \\
--initial-cluster-token etcd-cluster-0 \\
--initial-cluster controller-0=https://${CONTROLLER0_IP}:2380,
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Setup - kubeadm
kubectl get pods -n kube-system
NAMESPACE NAME READY STATUS
kube-system coredns-78fcdf6894-prwvl 1/1 Running
kube-system coredns-78fcdf6894-vqd9w 1/1 Running
kube-system etcd-master 1/1 Running
kube-system kube-apiserver-master 1/1 Running
kube-system kube-controller-manager-master 1/1 Running
kube-system kube-proxy-f6k26 1/1 Running
kube-system kube-proxy-hnzsw 1/1 Running
kube-system kube-scheduler-master 1/1 Running
kube-system weave-net-924k8 2/2 Running
kube-system weave-net-hzfcz 2/2 Running

kubectl exec etcd-master –n kube-system etcdctl get / --pref

/registry/apiregistration.k8s.io/apiservices/v1.
/registry/apiregistration.k8s.io/apiservices/v1.apps
/registry/apiregistration.k8s.io/apiservices/v1.authentication.k
/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8
/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v1.batch
/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.i
/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorizati
/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionre
Explore ETCD
kubectl exec etcd-master –n kube-system etcdctl get / --prefi
/registry/apiregistration.k8s.io/apiservices/v1.
/registry/apiregistration.k8s.io/apiservices/v1.apps
/registry/apiregistration.k8s.io/apiservices/v1.authentication.k
/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8
/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v1.batch
/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.i
/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorizati
/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionre

Registry minions

pods

replicasets

deployments

roles

secrets
 ETCD in HA Environm

etcd.service
ExecStart=/usr/local/bin/etcd \\
--name ${ETCD_NAME} \\
--cert-file=/etc/etcd/kubernetes.pem \\
--key-file=/etc/etcd/kubernetes-key.pem \\
--peer-cert-file=/etc/etcd/kubernetes.pem \\
--peer-key-file=/etc/etcd/kubernetes-key.pem \\
--trusted-ca-file=/etc/etcd/ca.pem \\
--peer-trusted-ca-file=/etc/etcd/ca.pem \\
--peer-client-cert-auth \\
--client-cert-auth \\
--initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\
--listen-peer-urls https://${INTERNAL_IP}:2380 \\
--listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1
--advertise-client-urls https://${INTERNAL_IP}:2379 \\
--initial-cluster-token etcd-cluster-0 \\
--initial-cluster controller-0=https://${CONTROLLER0_IP}:2380,cont
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
kube-api
server
 kube-apiserver Master
Manage, Plan, Schedule, Monitor
Nodes

kubelet

Controller-
Manager

ETCD
CLUSTER

kube-scheduler
 Kubernetes Architect
kubectl get nodes
NAME STATUS ROLES AGE VERSIO
master Ready master 20m v1.11.
node01 Ready <none> 20m v1.11.

1. Authenticate User

kube-apiserver 2. Validate Request Worke

Host Appl

3. Retrieve data
Contain
kubelet Run container

Controller- ETCD
manager
CLUSTER

Worke
Host Appl
kube-scheduler

Master kubelet
Contain
Manage, Plan, Schedule, Monitor Run containers

Nodes
 Kubernetes Architect
curl –X POST /api/v1/namespaces/default/po
Pod created!

kube-apiserver Worke
Host Appl

Contain
kubelet Run container

Controller- ETCD
manager
CLUSTER

Worke
Host Appl
kube-scheduler

Master kubelet
Contain
Manage, Plan, Schedule, Monitor Run containers

Nodes
Kube-api Server

1. Authenticate User

2. Validate Request

3. Retrieve data

4. Update ETCD

5. Scheduler

6. Kubelet
Installing kube-api se
wget https://storage.googleapis.com/kubernetes-release/rele

kube-apiserver.service
ExecStart=/usr/local/bin/kube-apiserver \\
ExecStart=/usr/local/bin/kube-apiserver \\
--advertise-address=${INTERNAL_IP} \\
--advertise-address=${INTERNAL_IP} \\
--allow-privileged=true \\
--allow-privileged=true \\
--apiserver-count=3 \\
--apiserver-count=3 \\
--authorization-mode=Node,RBAC \\
--authorization-mode=Node,RBAC \\
--bind-address=0.0.0.0 \\
--bind-address=0.0.0.0 \\
--enable-admission-
--client-ca-file=/var/lib/kubernetes/ca.pem \\
plugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRa
--enable-admission-
urceQuota \\
plugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRa
--enable-swagger-ui=true \\
urceQuota \\
--etcd-servers=https://127.0.0.1:2379 \\
--enable-swagger-ui=true \\
--event-ttl=1h \\
--etcd-cafile=/var/lib/kubernetes/ca.pem \\
--experimental-encryption-provider-config=/var/lib/kubernetes
--etcd-certfile=/var/lib/kubernetes/kubernetes.pem \\
--runtime-config=api/all \\
--etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem \\
--service-account-key-file=/var/lib/kubernetes/service-accoun
--etcd-servers=https://127.0.0.1:2379 \\
--service-cluster-ip-range=10.32.0.0/24 \\
--event-ttl=1h \\
--service-node-port-range=30000-32767 \\
--experimental-encryption-provider-config=/var/lib/kubernetes
--v=2
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \\
--kubelet-client-certificate=/var/lib/kubernetes/kubernetes.p
--kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem \
--kubelet-https=true \\
--runtime-config=api/all \\
--service-account-key-file=/var/lib/kubernetes/service-accoun
View api-server - kub
kubectl get pods -n kube-system
NAMESPACE NAME READY STATUS
kube-system coredns-78fcdf6894-hwrq9 1/1 Runnin
kube-system coredns-78fcdf6894-rzhjr 1/1 Runnin
kube-system etcd-master 1/1 Runnin
kube-system kube-apiserver-master 1/1 Runnin
kube-system kube-controller-manager-master 1/1 Runnin
kube-system kube-proxy-lzt6f 1/1 Runnin
kube-system kube-proxy-zm5qd 1/1 Runnin
kube-system kube-scheduler-master 1/1 Runnin
kube-system weave-net-29z42 2/2 Runnin
kube-system weave-net-snmdl 2/2 Runnin
View api-server optio
cat /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --authorization-mode=Node,RBAC
- --advertise-address=172.17.0.32
- --allow-privileged=true
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --disable-admission-plugins=PersistentVolumeLabel
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.
- --etcd-servers=https://127.0.0.1:2379
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserve
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubele
- --kubelet-preferred-address-types=InternalIP,ExternalIP,H
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-c
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
View api-server optio
cat /etc/systemd/system/kube-apiserver.service
[Service]
ExecStart=/usr/local/bin/kube-apiserver \\
--advertise-address=${INTERNAL_IP} \\
--allow-privileged=true \\
--apiserver-count=3 \\
--audit-log-maxage=30 \\
--audit-log-maxbackup=3 \\
--audit-log-maxsize=100 \\
--audit-log-path=/var/log/audit.log \\
--authorization-mode=Node,RBAC \\
--bind-address=0.0.0.0 \\
--client-ca-file=/var/lib/kubernetes/ca.pem \\
--enable-admission-
plugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRa
ultStorageClass,ResourceQuota \\
--enable-swagger-ui=true \\
--etcd-cafile=/var/lib/kubernetes/ca.pem \\
--etcd-certfile=/var/lib/kubernetes/kubernetes.pem \\
--etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem \\
--etcd-
servers=https://10.240.0.10:2379,https://10.240.0.11:2379,https
--event-ttl=1h \\
--experimental-encryption-provider-config=/var/lib/kubernetes
\\
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \\
--kubelet-client-certificate=/var/lib/kubernetes/kubernetes.p
View api-server optio
ps -aux | grep kube-apiserver
root 2348 3.3 15.4 399040 315604 ? Ssl 15:46 1:2
advertise-address=172.17.0.32 --allow-privileged=true --client-
admission-plugins=PersistentVolumeLabel --enable-admission-plug
auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-
client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-cl
insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pk
key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-
types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/
client-key-file=/etc/kubernetes/pki/front-proxy-client.key--req
requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca
Extra- --requestheader-group-headers=X-Remote-Group --requesthe
port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub
cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-f
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
Kube
Controller
Manager
 Master
Manage, Plan, Schedule, Monitor
Nodes

Controller-Manager

ETCD
CLUSTER

kube-scheduler
 Controller

Node-Controller kube-apiserver

kubectl get nodes

NAME STATUS ROLES AGE VERSION
worker-1 Ready <none> 8d v1.13.0
worker-2 NotReady
Ready <none> 8d v1.13.0
Controller

kube-apiserver

Replication-
Controller
Controller

Service- Nod
CronJ
Account- Contr
Deployment- ob
Controller
Controller
Job- Statef PV-Bin
Controller ul-Set Contr
Namespace-
Controller

Endpoint- PV- Replic Replic

Controller Protection- aset Contr
Controller
Controller

Kube-Controlle
Service-
Repl
Stat
PV-
Deployment-
Namespace-
Replication-
PV-Binder-
Endpoint-
Node-
Cron
Job-

Manager
Protection-
Account-
icase
eful-
Controller
Job
Controller
Set
t
Installing kube-contro
wget https://storage.googleapis.com/kubernetes-release/rele

kube-controller-manager.service
ExecStart=/usr/local/bin/kube-controller-manager \\
--address=0.0.0.0 \\
--cluster-cidr=10.200.0.0/16 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/var/lib/kubernetes/ca.pem \\
--cluster-signing-key-file=/var/lib/kubernetes/ca-key.pem \\
--kubeconfig=/var/lib/kubernetes/kube-controller-manager.kube
--leader-elect=true \\
--root-ca-file=/var/lib/kubernetes/ca.pem \\
--service-account-private-key-file=/var/lib/kubernetes/servic
--service-cluster-ip-range=10.32.0.0/24 \\
--use-service-account-credentials=true \\
--v=2

--controllers stringSlice Default: [*]

A list of controllers to enable. '*' enables all on-by-default
named 'foo', '-foo' disables the controller named 'foo'.
All controllers: attachdetach, bootstrapsigner, clusterrole-ag
csrcleaner, csrsigning, daemonset, deployment, disruption, end
horizontalpodautoscaling, job, namespace, nodeipam, nodelifecy
persistentvolume-expander, podgc, pv-protection, pvc-protectio
 Installing kube-contro

--controllers stringSlice Default: [*]

A list of controllers to enable. '*' enables all on-by-defau
named 'foo', '-foo' disables the controller named 'foo'.
All controllers: attachdetach, bootstrapsigner, clusterrole-
csrcleaner, csrsigning, daemonset, deployment, disruption, e
horizontalpodautoscaling, job, namespace, nodeipam, nodelife
persistentvolume-expander, podgc, pv-protection, pvc-protect
resourcequota, root-ca-cert-publisher, route, service, servi
tokencleaner, ttl, ttl-after-finished
Disabled-by-default controllers: bootstrapsigner, tokenclean
View kube-controller-m
kubectl get pods -n kube-system
NAMESPACE NAME READY STATUS
kube-system coredns-78fcdf6894-hwrq9 1/1 Runnin
kube-system coredns-78fcdf6894-rzhjr 1/1 Runnin
kube-system etcd-master 1/1 Runnin
kube-system kube-apiserver-master 1/1 Runnin
kube-system kube-controller-manager-master 1/1 Runnin
kube-system kube-proxy-lzt6f 1/1 Runnin
kube-system kube-proxy-zm5qd 1/1 Runnin
kube-system kube-scheduler-master 1/1 Runnin
kube-system weave-net-29z42 2/2 Runnin
kube-system weave-net-snmdl 2/2 Runnin
View kube-controller-m
- kubeadm
cat /etc/kubernetes/manifests/kube-controller-man
spec:
containers:
- command:
- kube-controller-manager
- --address=127.0.0.1
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --service-account-private-key-file=/etc/kubernetes/pki/s
- --use-service-account-credentials=true
View controller-mana
cat /etc/systemd/system/kube-controller-manager.se
[Service]
ExecStart=/usr/local/bin/kube-controller-manager \\
--address=0.0.0.0 \\
--cluster-cidr=10.200.0.0/16 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/var/lib/kubernetes/ca.pem \\
--cluster-signing-key-file=/var/lib/kubernetes/ca-key.pem \\
--kubeconfig=/var/lib/kubernetes/kube-controller-manager.kube
--leader-elect=true \\
--root-ca-file=/var/lib/kubernetes/ca.pem \\
--service-account-private-key-file=/var/lib/kubernetes/servic
--service-cluster-ip-range=10.32.0.0/24 \\
--use-service-account-credentials=true \\
--v=2
Restart=on-failure
RestartSec=5
View controller-mana
ps -aux | grep kube-controller-manager
root 1994 2.7 5.1 154360 105024 ? Ssl 0
address=127.0.0.1 --cluster-signing-cert-file=/etc/ku
key-file=/etc/kubernetes/pki/ca.key --controllers=*,b
kubeconfig=/etc/kubernetes/controller-manager.conf --
file=/etc/kubernetes/pki/ca.crt --service-account-pri
--use-service-account-credentials=true
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
Kube
Scheduler
 Master
Manage, Plan, Schedule, Monitor
Nodes

Controller-
Manager

ETCD
CLUSTER

Kube-S
 Kube-Scheduler

To: New
York

New
York
Kube-Scheduler
To: New
York

4 4
 Kube-Scheduler
CPU: 10

1. Filter Nodes

2. Rank Nodes

4 4
More Later…

• Resource Requirements and Limits

• Taints and Tolerations
• Node Selectors/Affinity
 Course Objectives

Scheduling
Labels & Selectors Resource Limits

Daemon Sets Multiple Schedulers

Configure Kubernetes Scheduler

Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Troubleshooting
Installing kube-sched
wget https://storage.googleapis.com/kubernetes-release/rele

kube-scheduler.service
ExecStart=/usr/local/bin/kube-scheduler \\
--config=/etc/kubernetes/config/kube-scheduler.yaml \\
--v=2
View kube-scheduler o
kubeadm
cat /etc/kubernetes/manifests/kube-scheduler.yaml
spec:
containers:
- command:
- kube-scheduler
- --address=127.0.0.1
- --kubeconfig=/etc/kubernetes/scheduler.conf
- --leader-elect=true
View kube-scheduler
ps -aux | grep kube-scheduler
root 2477 0.8 1.6 48524 34044 ? Ssl 1
address=127.0.0.1 --kubeconfig=/etc/kubernetes/schedu
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
Kubelet
 kube-apiserver Master
Manage, Plan, Schedule, Monitor
Nodes

kubelet

Controller-
Manager

ETCD
CLUSTER

kube-scheduler
 Kubernetes Architect
Master Worker N
Manage, Plan, Schedule, Monitor Host Applica
Nodes

kube-apiserver
kubelet

ETCD
CLUSTER

Controller kube-scheduler kubelet

-Manager
Installing kubelet
wget https://storage.googleapis.com/kubernetes-release/rele

kubelet.service
ExecStart=/usr/local/bin/kubelet \\
--config=/var/lib/kubelet/kubelet-config.yaml \\
--container-runtime=remote \\
--container-runtime-endpoint=unix:///var/run/containerd/conta
--image-pull-progress-deadline=2m \\
--kubeconfig=/var/lib/kubelet/kubeconfig \\
--network-plugin=cni \\
--register-node=true \\
--v=2
View kubelet options
ps -aux | grep kubelet
root 2095 1.8 2.4 960676 98788 ? Ssl 0
kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --k
config=/var/lib/kubelet/config.yaml --cgroup-driver=c
conf-dir=/etc/cni/net.d --network-plugin=cni
 Course Objectives
Core Concepts
Cluster Architecture API Pri

Services & Other Network Primitives

Scheduling
Logging Monitoring

Application Lifecycle Management

Cluster Maintenance

Security

Storage

Networking

Installation, Configuration & Validation

Troubleshooting
Kube-proxy
Kube-proxy
POD
Network

10.32.0.14
10.96.0.12 10.32.0.15

Kube-proxy

service: db
10.96.0.12
Installing kube-proxy
wget https://storage.googleapis.com/kubernetes-release/rele

kube-proxy.service
ExecStart=/usr/local/bin/kube-proxy \\
--config=/var/lib/kube-proxy/kube-proxy-config.yaml
Restart=on-failure
RestartSec=5
View kube-proxy - ku
kubectl get pods -n kube-system
NAMESPACE NAME READY STATUS
kube-system coredns-78fcdf6894-hwrq9 1/1 Runnin
kube-system coredns-78fcdf6894-rzhjr 1/1 Runnin
kube-system etcd-master 1/1 Runnin
kube-system kube-apiserver-master 1/1 Runnin
kube-system kube-controller-manager-master 1/1 Runnin
kube-system kube-proxy-lzt6f 1/1 Runnin
kube-system kube-proxy-zm5qd 1/1 Runnin
kube-system kube-scheduler-master 1/1 Runnin
kube-system weave-net-29z42 2/2 Runnin
kube-system weave-net-snmdl 2/2 Runnin

kubectl get daemonset -n kube-system

NAME DESIRED CURRENT READY UP-TO-DATE AVAILAB
kube-proxy 2 2 2 2 2