tto / docs / k8s / kubernetes

overview

a k8s installation typically consists of minimum:

• 3 management nodes
• 2 worker nodes

pods are the smallest deployable units. pods contain one or more containers.

brew install kubernetes-cli installs kubectl which is used to control k8s.

kubectl uses a config file at ~/.kube/config which contains clusters and connection credentials.

use Import-AzAksCredential -ResourceGroupName $rgName -Name $k8sName -Force to import azure kubernetes services credential.

k8s supports imperative commands like docker, however the declarative way is much preferred. applications are described in yaml files.

services and pods

pods and services are defined in yaml or json files. use kubectl apply -f pod.yaml to apply a file.

services “find” pods based on labels.

services are registered in the internal DNS, pods are not registered! communication between pods is only possible using services.

Three important types of services:

• ClusterIP: internal service that allows communication between pods
• NodePort: publishes a service on the node’s IP, this service is also accessible internally buy another pod!
• Loadbalancer: the load balancer is always external, the load balancer service can control the load balancer but it runs outside of k8s. the loadbalancer service is accessible internally, and on the nodeport, and externally via the load balancer ip.

endpoints show which service connects to which pod. versioning would happen with version labels, as soon as the pods with the new version are ready, the service points to the new version label.

pods can have labels that are not used by the service. but all labels defined in the service must be included on the pod.

deployments

a deployment groups pods in a deployment. makes sure pods are running. service automatically load balances across pods based on label.

plugins

network and storage are handled by plugins.

• CNI: Container network interface
• CSI: Container storage interface

storage pvc and configmaps

storage is made available with persistent volume claims. the persistent volume claim can then be mapped as volume in a pod.

a config map can create files based on key value pairs defined in the yaml.

namespaces

not a security boundary! but namespaces can be used to group pods. namespaces are defined in the metadata section of the yaml file and must be given in the cli: kubectl get pods --namespace namespace

when --namespace is not given, the default namespace is used.

the internal DNS server resolves service names with namespace: <service>.<namespace>

k8s clusters

clusters can run anywhere, they all provide the same features.

rancher

can be used to create new clusters on various infrastructure. can also manage existing clusters.

vmware tanzu

managed kubernetes cluster on esxi. vmware deploys 5 VMs in the vcenter and provides kubeconfig.

commands

# get information
kubectl get nodes # worker servers
kubectl get pods # containers
kubectl get services 
kubectl get endpoints # services and containers matched with labels
kubectl get namespaces # logical grouping

# describe shows detailed information
kubectl describe nodes
kubectl describe pods
kubectl describe services

# apply file
kubectl apply -f cfg.yml