Kubernetes overview

Architecture of Kubernetes
Overview of Kubernetes Objects
Structure of Kubernetes yaml
Kubernetes Objects in detail
* Pod
* ReplicaSet
* Deployment
* Service
Installation of Kubernetes
Kubernetes environment varibles
kubernetes volumes
kubernetes secrets
kubernetes networking
Kubernetes namespaces
===================================================================================
===================================
Kubernetes: Kubernetes is container orchestration tool or container management tool
developed by google.
Kubernetes is used for managing all containerization application.
Kubernetes provides self healing mechanism in case machine interrupts
or restarts due to network or resource issues.
Kubernetes has agents to monitor all the containers to keep the
application 24/7.
Kubernetes maintains zero downtime in case of rollback and ugrading
application.
Kubernetes manages all sensitive information via kubernetes secrets in
encrypted format.
Kubernetes provides an wrapper or layer to Docker containers to monitor
applicaton and containers to make sure application available always.
===================================================================================
====================================
Why Kubernetes?
===================================================================================
====================================
Docker -> Building images(OS file and application) and create/running container ->
Push images to dockerhub.com

eg: 1 host machine -> docker service -> 1 container -> Access application/website
docker run -> manually -> whenever machine is down -> docker service will go
down and if docker service goes down -> all running container will be down and
after machine is up and running still docker container will down.

Disadvantages:

1. Downtime for application whenever we have network issue or machine restart due
to unknown reason.
2. Time consumping activity to bring up an container.
3. We dont any agent to monitor all the docker container.
4. No self healing mechanism for container to recovery automatically.
5. No proper memory and cpu management on container, as it uses complete resources
from base machine OS.
6. IN case of rollback or upgrading the application, downtime is required as
container needs to be deleted and recreated with new application.
7. In Docker, sensitive information like user and password are stored in plain text
format
===================================================================================
===================================
Architecture of Kubernetes:
===================================================================================
===================================
Master Node: Control plane component:
1. API Server
2. Controller
3. Scheduler
4. ETCD

Worker Node:
1. Kubelet
2. Docker
3. Kube proxy

Command line utility:

kubectl
===================================================================================
=======================================
Kubernetes Objects:
===================================================================================
=======================================
1. Pod : Pod is smallest object of kubernetes for managing the containers and
application.

2. ReplicaSet: Replicaset is used for scaling up and down the pods depends up the
load on application.

3. Deployment: Deployment is combination of Pod and Replicaset.

4. Service: Service is used for exposing the application running inside the
container to outside world.
===================================================================================
=======================================
Structure of Kubernetes yaml:
===================================================================================
=======================================
apiVersion: v1,apps/v1
v1 => Pod, Service
apps/v1 => Replicaset, Deployment
apiVersion is used for mentioning the version of kubernetes objects.

kind: Pod/ReplicaSet/Deployment/Service
Kind is used for indentify , what type of object kubernetes apiVersion is
going to use.

metadata:
name: mypod
Information about the kubernetes object like name, unique identity as label.

spec:
containers:
image: nginx:latest
name: mypod
Specification about the kubernetes objects which contains information like
image details, container details, secrets, volumes, etc
===================================================================================
=======================================
vi sample-pod-def.yml
===================================================================================
======================================
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
image: nginx:latest
name: nginx-container
===================================================================================
==========================================Pod : Pod is smallest object of
kubernetes for managing the containers and application.
Pod contains the containers.
Pod contains the single unique instance of container.
Inside a pod we can multiple unique container like helper container(DB).
Pod has its own IP Address
No Duplicate containers are created inside a pod

commands: kubectl run my-pod --image nginx:latest // adhoc command for creating
an pod
kubectl get pods // list all the running pods
kubectl describe pod my-pod // Detailed information about
the pod
kubectl delete pod my-pod // delete a pod
kubectl get pods -o wide // list all the running pods
and displays the Node Ip and Pod IP
kubectl exec -it my-pod bash

========================
vi sample-pod-def.yml
========================
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx-container
image: nginx:latest
======================

commands: kubectl create -f sample-pod-def.yml // create an pod with yaml

file
kubectl get pods // list all the running pods
kubectl describe pod pod_name // Detailed information about
the pod
kubectl delete pod pod_name // delete a pod
kubectl get pods -o wide // list all the running pods
and displays the Node Ip and Pod IP
kubectl logs -f pod_name

============================================
How to edit the pod details ?
============================================
1. Edit running pod via kubectl edit command:
kubectl edit pod pod_name -> vi editor -> make change -> :wq save
2. vi sample-pod-def.yml -> vi editor -> make change -> :wq save
kubectl apply -f sample-pod-def.yml
===================================================================================
================================
ReplicaSet: Replicaset is used for scaling up and down the pods depends up the
load on application.

====================================
vi replicaset-def.yml
====================================
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx-replicaset
spec:
template:
metadata:
name: nginx-pod
labels:
name: mypod
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx:latest
replicas: 3
selector:
matchLabels:
name: mypod
tier: frontend

===================================================================================
===============================
Labels and Selector:
===================================================================================
================================
With Labels and Selector, we can an unique identity for pods.
Using Labels and Selector, replicaset will identify the respective pods which needs
to monitored.
===================================================================================
=================================
commands: kubectl create -f replicaset-def.yml // create an replicaset
kubectl get replicaset // list all replicaset
kubectl get pods // list all the running pods
kubectl describe replicaset nginx-replicaset // Detailed information
about the replicaset
kubectl delete replicaset nginx-replicaset // delete a replicaset

How to scale up and down the pods?

kubectl scale --replicas=6 replicaset nginx-replicaset

kubectl scale --replicas=2 replicaset nginx-replicaset
============================================
How to edit the replicaset details ?
============================================
1. Edit running replicaset via kubectl edit command:
kubectl edit replicaset nginx-replicaset -> vi editor -> make change -> :wq save

2. vi replicaset-def.yml -> vi editor -> make change -> :wq save

kubectl apply -f replicaset-def.yml
===================================================================================
====================================
Deployment: Deployment is an kubernetes object which is combination of Pods and
Replicasets.
We have 2 Deployment Strategies:
1. Recreate
2. RollingUpdate - Default Strategy for Kubernetes

========================================
deployment-def.yml
========================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-recreate
spec:
template:
metadata:
name: nginx-pod
labels:
name: mypod
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx:latest
replicas: 3
selector:
matchLabels:
name: mypod
tier: frontend

commands: kubectl create -f deployment-def.yml // create an deployment

kubectl get deployment // list all deployments
kubectl get replicase // list all replicaset
kubectl get pods // list all the running pods
kubectl describe deployment deployment_name // Detailed information about
the deployment
kubectl delete deployment deployment_name // delete a deployment

How to scale up and down the pods?

kubectl scale --replicas=6 deployment deployment_name

kubectl scale --replicas=2 deployment deployment_name
============================================
How to edit the deployment details ?
============================================
1. Edit running deployment via kubectl edit command:
kubectl edit deployment deployment_name -> vi editor -> make change -> :wq save

2. vi deployment-def.yml -> vi editor -> make change -> :wq save

kubectl apply -f deployment-def.yml
===================================================================================
=========
1. Recreate: In Recreate stragtegy all pods will go down and new pods will come in
case of upgrade or rollback. This leads to application downtime.
========================================
deployment-recreate.yml
========================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-recreate
spec:
template:
metadata:
name: nginx-pod
labels:
name: mypod
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx:latest
replicas: 30
strategy:
type: Recreate
selector:
matchLabels:
name: mypod
tier: frontend

=============================================================
How to upgrade or rollback application ?
=============================================================
1. Edit running deployment via kubectl edit command:
kubectl edit deployment deployment_name -> vi editor -> make change -> :wq save

2. vi deployment-def.yml -> vi editor -> make change -> :wq save

kubectl apply -f deployment-def.yml

3. kubectl set image deployment nginx-deployment-recreate nginx-

container=nginx:1.23 --record
===================================================================================
==========================
2. RollingUpdate: RollingUpdate strategy is also called as blue green deployment
where one pod at a time gets upgraded/rollback to make sure application is up and
running 24/7. We can further customize the pod count for upgrade and rollback.

deployment-rollingupdate.yml
========================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-rollingupdate
labels:
name: mypod
tier: frontend
spec:
template:
metadata:
name: nginx-pod
labels:
name: mypod
 tier: frontend
spec:
containers:
- name: nginx-container
image: nginx:latest
replicas: 30
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 // how many pods we want to upgrade at a time
maxUnavailable: 1 // Keep one pod untill the rollback or upgrade is completed
to keep existing application up.
selector:
matchLabels:
name: mypod
tier: frontend

=============================================================
How to upgrade or rollback application ?
=============================================================
1. Edit running deployment via kubectl edit command:
kubectl edit deployment deployment_name -> vi editor -> make change -> :wq save

2. vi deployment-def.yml -> vi editor -> make change -> :wq save

kubectl apply -f deployment-def.yml

3. kubectl set image deployment nginx-deployment-rollingupdate nginx-

container=nginx:1.19 --record

kubectl rollout status deployment nginx-deployment-rollingupdate

kubectl rollout restart deployment nginx-deployment-rollingupdate
kubectl rollout history deployment nginx-deployment-rollingupdate
kubectl rollout pause deployment nginx-deployment-rollingupdate
kubectl rollout undo deployment nginx-deployment-rollingupdate
===================================================================================
===============
Service: Service is kubernetes object which is used for exposing the application
running inside container to outside world.
Service is used making communication between application, containers, pods
etc

==========================
service-def.yml
==========================
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: LoadBalancer
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
externalIPs:
- Public-IP-workernode/Loadbalancerurl
selector:
 name: mypod
tier: frontend
===================================================================================
==============
commands: kubectl create -f service-def.yml // create an service
kubectl get service // list all service
kubectl describe service service_name // Detailed information about
the deployment
kubectl delete service service_name // delete a service

To Access url : External-IP:nodePort

eg: http://52.14.179.178:32040

[root@ip-172-31-18-90 ~]# kubectl get svc

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 50m
nginx-service LoadBalancer 10.97.176.91 52.14.179.178 80:32040/TCP 47s
[root@ip-172-31-18-90 ~]#
=============================================================
How to edit service ?
=============================================================
1. Edit running service via kubectl edit command:
kubectl edit service service_name -> vi editor -> make change -> :wq save

2. vi service-def.yml -> vi editor -> make change -> :wq save

kubectl apply -f service-def.yml
===================================================================================
===========================
===================================================================================
====================================
Kubernetes Installation:
===================================================================================
====================================
Step 1: Install and Configure Docker on Master and Worker Nodes.

Prerequisite:
2 Instances : 1 master , 1 worker
Operating system: Amazon AMI 2 (Amazon Linux 2 Kernel 5.10 AMI 2.0.20230418.0
x86_64 HVM gp2)
Instance Type: t2. medium (2 core CPU and 4GB RAM)
Security group: Port 22 ssh
all traffic 0.0.0.0/0
HardDisk : 10 GB

Step a: Install docker package using yum command

sudo su
yum install docker -y

Step b: Start docker Service and check status

systemctl enable docker
systemctl start docker
systemctl status docker

===================================================================================
====================================
Step 2: Add Kubernetes repo to both Master and Worker Nodes.

vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl

===================================================================================
====================================
Step 3: Turn of the swap space and check if selinux in disabled on master and
worker

swapoff --all
sestatus //checking selinux security should be in disabled mode
===================================================================================
====================================
Step 4: Install kubelet, kubeadm , kubectl & start and enable service on both
master and worker

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable kubelet && systemctl start kubelet

===================================================================================
====================================
Step 5: Initialize kubeadm only on Master Node:

kubeadm init

Now Run the command below only on master node, same commands
will be display above output from kubeadm init command.
Preserve the output in Notepad for join more worker nodes in future.

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

===================================================================================
====================================
Step 6: Run Kubeadm Join command from output of kubeadm init only on Worker Nodes

<kubeadm join command copies from master node>

[root@ip-172-31-29-163 ~]# kubeadm join 172.31.18.90:6443 --token

8nyfv4.2ft0qmf9191rd3ld \
> --discovery-token-ca-cert-hash
sha256:b839a709e4ebc7958940c0d0210de2725f1a9bec3265e6c99d3ff882d2d7dfa6
[preflight] Running pre-flight checks
[WARNING FileExisting-tc]: tc not found in system path
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get
cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file
"/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file
"/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@ip-172-31-29-163 ~]#
===================================================================================
====================================
Step 7: Set the path using export command.

Master Node:
vi /etc/profile.d/k8s-master.sh
export KUBECONFIG=/etc/kubernetes/admin.conf
swapoff --all

load file : source /etc/profile.d/k8s-master.sh

Worker Node:
vi /etc/profile.d/k8s-worker.sh
export KUBECONFIG=/etc/kubernetes/kubelet.conf
swapoff --all

load file : source /etc/profile.d/k8s-worker.sh

===================================================================================
====================================
Step 8: Run kubectl get nodes to check system state which is not ready state.
kubectl get nodes

[root@ip-172-31-18-90 ~]# kubectl get nodes

NAME STATUS ROLES AGE
VERSION
ip-172-31-18-90.us-east-2.compute.internal NotReady control-plane 5m56s
v1.28.2
ip-172-31-29-163.us-east-2.compute.internal NotReady <none> 2m29s
v1.28.2
[root@ip-172-31-18-90 ~]#
===================================================================================
====================================
Step 9: Configure the networking using calico yamls for bringing states of nodes to
ready on Master Node

curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/
calico.yaml -O

kubectl apply -f calico.yaml

===================================================================================
====================================
Step10: Check the kubectl commands to see if all services are running.
kubectl get nodes
kubectl get pods --all-namespaces
===================================================================================
====================================
Volumes:
===================================================================================
=====================================
Volumes are used to mount the data from host(worker node) machine into container
filesystem. Volumes are persistent because even if the pod is deleted , still data
exist in host(worker node) machine.
Data will be synced between host and container filesystem

eg:
=================================
sample-volumes.yml
=================================
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-volume
spec:
containers:
- name: nginx-container
image: nginx:latest
volumeMounts:
- name: host-vol
mountPath: /apps
volumes:
- name: host-vol
hostPath:
path: /apps

Kubectl create -f sample-volumes.yml

kubectl get pods
kubect exec -it nginx-pod-volume
nginx-pod-volume> cd /apps
touch f1 f2 f3 f4

Worker Node/host machine: cd /apps

ls -lrt //f1 f2 f3 f4
===================================================================================
=================================
Secrets:
===================================================================================
=================================
Secret is kubernetes object used for managing the sensitive data which can be
usernames, password, token , IPaddress etc.
With Kubernetes Secrets, we can manage the sensitive data without displaying the
passwords on screen or in logs.

================================
How to create an secret :
================================
vi secret-def.yml
================================
apiVersion: v1
kind: Secret
metadata:
name: nginx-secret
type: Opaque
data:
user: bmdpbngtdXNlcg==
password: bmdpbngtcGFzc3dvcmQ=
======================================================
kubectl create -f secret-def.yml
kubectl get secrets
kubectl describe secret secret_name
kubectl delete secret secret_name

===============================================
How to encrypt and decode the sensitive data?
================================================
bydefault - base64 encryption and decryption mechansim

encrypt: echo -n "nginx-user" | base64

bmdpbngtdXNlcg==

echo -n "nginx-password" | base64

bmdpbngtcGFzc3dvcmQ=

decrypt: echo -n "bmdpbngtdXNlcg==" | base64 --decode

nginx-user

echo -n "bmdpbngtcGFzc3dvcmQ=" | base64 --decode

nginx-password
================================================================================
How to use secrets in kubernetes yaml:
================================================================================
=================================
sample-secret.yml
=================================
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-secret
spec:
containers:
- name: nginx-container
image: nginx:latest
env:
- name: USER
valueFrom:
secretKeyRef:
name: nginx-secret
key: user
- name: PASSWORD
valueFrom:
secretKeyRef:
name: nginx-secret
key: password

kubectl create -f sample-secret.yml

kubectl get pods
kubectl exec -it pod-name bash
pod-name> env
echo $USER // nginx-user
echo $PASSWORD // nginx-password

root@nginx-pod-secret:/# echo $USER

nginx-user
root@nginx-pod-secret:/# echo $PASSWORD
nginx-password
root@nginx-pod-secret:/#
===================================================================================
===============
Environment varibles:
===================================================================================
========
Variable is temporary storage location for storing the values.

=============================
vi env-variables.yml
=============================
eg:
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-secret
spec:
containers:
- name: nginx-container
image: nginx:latest
env:
- name: USER
value: john
- name: PASSWORD
value: test123
- name: server
value: db-server-01

kubectl create -f env-variables.yml

kubectl get pods
kubectl exec -it pod-name bash
pod-name> env
echo $USER // john
echo $PASSWORD // test123
===================================================================================
====
Kubernetes namespaces:
===================================================================================
=====
Namespace is kubernetes object which will provide an sub-cluster or namespace will
create an virtual cluster from physical cluster.
Namespace is used for setting up deployment from different teams for working on
different application.

kubernetes Default namespaces:

* default -> all users deployment/pods/service/replicaset etc
* kube system -> cluster objects
* kube public -> public resources
* kube proxy -> Networking objects

eg:

apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-secret
namespace: qa-team
spec:
containers:
- name: nginx-container
 image: nginx:latest
=====================================
How to create an namespace by user:
=====================================
kubectl create namespace ds-team
kubectl get namespace/ns
kubectl describe namespace namespace_name
kubectl delete namespace namespace_name

Always namespace should be passed after every command to execute

pod/deployment/services in particular namespace.

kubectl create -f sample-pod.yml -n ds-team

kubectl get pods -n ds-team
kubectl describe pod pod_name -n ds-team
kubectl delete pod pod-name -n ds-team

===================================================================================
====================================

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as
root:

kubeadm join 172.31.18.90:6443 --token 8nyfv4.2ft0qmf9191rd3ld \

--discovery-token-ca-cert-hash
sha256:b839a709e4ebc7958940c0d0210de2725f1a9bec3265e6c99d3ff882d2d7dfa6
[root@ip-172-31-18-90 ~]#