Kubernetes

9 min read

Kubernetes

What is Kubernetes? Why organizations are using it?

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.

To understand what Kubernetes is good for, let's look at some examples:

  • You would like to run a certain application in a container on multiple different locations. Sure, if it's 2-3 servers/locations, you can do it by yourself but it can be challenging to scale it up to additional multiple location.
  • Performing updates and changes across hundreds of containers
  • Handle cases where the current load requires to scale up (or down)

What is a Kubernetes Cluster?

Red Hat Definition: "A Kubernetes cluster is a set of node machines for running containerized applications. If you’re running Kubernetes, you’re running a cluster.

At a minimum, a cluster contains a worker node and a master node."

Kubernetes Nodes

What is a Node?

A node is a virtual machine or a physical server that serves as a worker for running the applications. It's recommended to have at least 3 nodes in Kubernetes production environment.

What the master node is responsible for?

The master coordinates all the workflows in the cluster:

  • Scheduling applications
  • Managing desired state
  • Rolling out new updates

What do we need the worker nodes for?

The workers are the nodes which run the applications and workloads.

What is kubectl?

Which command you run to view your nodes?

kubectl get nodes

True or False? Every cluster must have 0 or more master nodes and at least on a worker

False. A Kubernetes cluster consists of at least 1 master and can have 0 workers (although that wouldn't be very useful...)

What are the components of the master node?

  • API Server - the Kubernetes API. All cluster components communicate through it
  • Scheduler - assigns an application with a worker node it can run on
  • Controller Manager - cluster maintenance (replications, node failures, etc.)
  • etcd - stores cluster configuration

What are the components of a worker node?

  • Kubelet - an agent responsible for node communication with the master.
  • Kube-proxy - load balancing traffic between app components
  • Container runtime - the engine runs the containers (Podman, Docker, ...)

Kubernetes Pod

Deploy a pod called "my-pod" using the nginx:alpine image

kubectl run my-pod --image=nginx:alpine --restart=Never

How many containers can a pod contain?

Multiple containers but in most cases it would be one container per pod.

What does it mean that "pods are ephemeral?

It means they would eventually die and pods are unable to heal so it is recommended that you don't create them directly.

Which command you run to view all pods running on all namespaces?

kubectl get pods --all-namespaces

How to delete a pod?

kubectl delete pod pod_name

Kubernetes Deployment

How to create a deployment?

cat << EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
EOF

How to edit a deployment?

kubectl edit deployment some-deployment

What happens after you edit a deployment and change the image?

The pod will terminate and another, new pod, will be created.

Also, when looking at the replicaset, you'll see the old replica doesn't have any pods and a new replicaset is created.

How to delete a deployment?

One way is by specifying the deployment name: kubectl delete deployment [deployment_name]. Another way is using the deployment configuration file: kubectl delete -f deployment.yaml

What happens when you delete a deployment?

The pod related to the deployment will terminate and the replicaset will be removed.

How make an app accessible on private or external network?

Using a service.

Kubernetes Service

What is a Service in Kubernetes?

"An abstract way to expose an application running on a set of Pods as a network service."
In simpler words, it allows you to expose the service by attaching permanent IP address for example to a certain pod.

True or False? The lifecycle of Pods and Services isn't connected so when a pod dies, the service will stays

True

What Service types are there?

  • ClusterIP
  • NodePort
  • LoadBalancer
  • ExternalName

How to get information on a certain service?

kubectl describe service [service_name]

How to verify that a certain service forwards the requests to a pod

Run kubectl describe service and if the IPs from "Endpoints" match any IPs from the output of kubectl get pod -o wide

How to turn the following service into an external one?

spec:
  selector:
    app: some-app
  ports:
    - protocol: TCP
      port: 8081
      targetPort: 8081

Adding type: LoadBalancer and nodePort

spec:
  selector:
    app: some-app
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 8081
      targetPort: 8081
      nodePort: 32412

What would you use to route traffic from outside the Kubernetes cluster to services within a cluster?

Ingress

Kubernetes Ingress

What is Ingress?

From Kubernetes docs: "Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource."

Complete the following configuration file to make it ingress

metadata:
  name: someapp-ingress
spec:

There are several ways to answer this question.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: someapp-ingress
spec:
  rules:
  - host: my.host
    http:
      paths:
      - backend:
          serviceName: someapp-internal-service
          servicePort: 8080

Explain the meaning of "http", "host" and "backend" directives

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: someapp-ingress
spec:
  rules:
  - host: my.host
    http:
      paths:
      - backend:
          serviceName: someapp-internal-service
          servicePort: 8080

Host is the entry point of the cluster, so basically a valid domain address that maps to cluster's node IP address the http line used for specifying that incoming requests will be forwarded to the internal service using http. Backend is referencing the internal service (serviceName is the name under metadata and servicePort is the port under the ports section).

What is Ingress Controller?

An implementation for Ingress. It's basically another pod (or set of pods) that does evaluates and processes ingress rules and this it manages all the redirections.

There are multiple Ingress Controller implementations (the one from Kubernetes is Kubernetes Nginx Ingress Controller).

What are some use cases for using Ingress?

  • Multiple sub-domains (multiple host entries, each with its own service)
  • One domain with multiple services (multiple paths where each one is mapped to a different service/application)

How to list Ingress in your namespace?

kubectl get ingress

What is Ingress Default Backend?

It specifies what do with an incoming request to the Kubernetes cluster that isn't mapped to any backend (no rule to for mapping the request to a service). If the default backend service isn't defined, it's recommended to define so users still see some kind of message instead of nothing or unclear error.

How to configure a default backend?

Create Service resource that specifies the name of the default backend as reflected in kubectl describe ingress ... and the port under the ports section.

How to configure TLS with Ingress?

Add tls and secretName entries.

spec:
  tls:
  - hosts:
    - some_app.com
    secretName: someapp-secret-tls

True or False? When configuring Ingress with TLS, the Secret component must be in the same namespace as the Ingress component

True

Kubernetes Configuration File

Which parts a configuration file has?

It has three main parts:

  1. Metadata
  2. Specification
  3. Status (this automatically generated and added by Kubernetes)

What is the format of a configuration file?

YAML

How to get latest configuration of a deployment?

kubectl get deployment [deployment_name] -o yaml

Where Kubernetes gets the status data (which is added to the configuration file) from?

etcd

Kubernetes etcd

What is etcd?

True or False? Etcd holds the current status of any kubernetes component

True

True or False? The API server is the only component which communicates directly with etcd

True

True or False? application data is not stored in etcd

Kubernetes Namespaces

What are namespaces?

Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense is completely separated from the other groups (so you can for example create an app with the same name in two different workspaces)

Why to use namespaces? What is the problem with using one default namespace?

When using the default namespace alone, it becomes hard over time to get an overview of all the applications you manage in the cluster. Namespaces make it easier to organize the applications into groups that makes sense, like a namespace of all the monitoring applications and a namespace for all the security applications, etc.

Namespaces can also be useful for managing Blue/Green environments where each namespace can include a different version of an app and also share resources that are in other namespaces (namespaces like logging, monitoring, etc.).

Another use case for namespaces is one cluster, multiple teams. When multiple teams use the same cluster, they might end up stepping on each other toes. For example, if they end up creating an app with the same name it means one of the teams overriden the app of the other team because there can't be too apps in Kubernetes with the same name (in the same namespace).

True or False? When a namespace is deleted all resources in that namespace are not deleted but moved to another default namespace

False. When a namespace is deleted, the resources in that namespace are deleted as well.

What special namespaces are there by default when creating a Kubernetes cluster?

  • default
  • kube-system
  • kube-public
  • kube-node-lease

What can you find in kube-system namespace?

  • Master and Kubectl processes
  • System processes

How to list all namespaces?

kubectl get namespaces

What kube-public contains?

  • A configmap, which contains cluster information
  • Publicely accessible data

How to get the name of the current namespace?

kubectl config view | grep namespace

What kube-node-lease contains?

It holds information on hearbeats of nodes. Each node gets an object which holds information about its availability.

How to create a namespace?

One way is by running kubectl create namespace [NAMESPACE_NAME]

Another way is by using namespace configuration file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: some-cofngimap
  namespace: some-namespace

What default namespace contains?

Any resource you create while using Kubernetes.

True or False? With namespaces you can limit the resources consumed by the users/teams

True. With namespaces you can limit CPU, RAM and storage usage.

How to switch to another workspace? In other words how to change active namespaces?

kubectl config set-context --current --namespace=some-namespace and validate with kubectl config view --minify | grep namespace:

OR

kubens some-namespace

What is Resource Quota?

How to create a Resource Quota?

kubectl create quota some-quota --hard-cpu=2,pods=2

Which resources are accessible from different namespaces?

Service.

Let's say you have three namespaces: x, y and z. In x namespace you have a ConfigMap referencing service in z namespace. Can you reference the ConfigMap in x namespace from y namespace?

No, you would have to create separate namespaces in y namespace.

Which service and in which namespace the following file is referencing?

apiVersion: v1
kind: ConfigMap
metadata:
  name: some-configmap
data:
  some_url: samurai.jack

It's referencing the service "samurai" in the namespace called "jack".

Which components can't be created within a namespace?

Volume and Node.

How to list all the components that bould to a namespace?

kubectl api-resources --namespaced=true

How to create components in a namespace?

One way is by specifying --namespace like this: kubectl apply -f my_component.yaml --namespace=some-namespace. Another way is by specifying it in the YAML itself:

apiVersion: v1
kind: ConfigMap
metadata:
  name: some-configmap
  namespace: some-namespace

and you can verify with: kubectl get configmap -n some-namespace

Kubernetes Commands

What kubectl exec does?

What kubectl get all does?

What the command kubectl get pod does?

How to see all the components of a certain application?

kubectl get all | grep [APP_NAME]

What kubectl apply -f [file] does?

What the command kubectl api-resources --namespaced=false does?

Lists the components that doesn't bound to a namespace.

How to print information on a specific pod?

kubectl describe pod pod_name

How to execute the command "ls" in an existing pod?

kubectl exec some-pod -it -- ls

How to create a service that exposes a deployment?

kubectl expose deploy some-deployment --port=80 --target-port=8080

How to create a pod and a service with one command?

kubectl run nginx --image=nginx --restart=Never --port 80 --expose

Describe in detail what the following command does kubectl create deployment kubernetes-httpd --image=httpd

Why to create kind deployment, if pods can be launched with replicaset?

How to scale a deployment to 8 replicas?

kubectl scale deploy some-deployment --replicas=8

How to get list of resources which are not in a namespace?

kubectl api-resources --namespaced=false

How to delete all pods whose status is not "Running"?

kubectl delete pods --field-selector=status.phase!='Running'

What kubectl logs [pod-name] command does?

How to display the resources usages of pods?

kubectl top pod

What kubectl get componentstatus does?

Outputs the status of each of the control plane components.

What is Minikube?

Minikube is a lightweight Kubernetes implementation. It creates a local virtual machine and deploys a simple (single node) cluster.

How do you monitor your Kubernetes?

You suspect one of the pods is having issues, what do you do?

Start by inspecting the pods status. We can use the command kubectl get pods (--all-namespaces for pods in system namespace)

If we see "Error" status, we can keep debugging by running the command kubectl describe pod [name]. In case, we still don't see anything useful, we can try stern for log tailing.

Orestis Pantazos

Orestis Pantazos

DevOps Engineer