Kubernetes Presentation
A presentation of the basics concepts of Kubernetes
Plan of the session
- Introduction
- Theorical part
- Practice time !
Kubernetes Ecosysteme
Kubernetes kesako ?
Informations
- What is a cluster versus a node ?
- What is a namespace ?
- Kubernetes in enterprise
And why ?
- Use kubernetes as a PaaS
- Deployment reproductibility
- Resources quota flexibility
- HA and network managed easily
Kubernetes on a project
- Several clusters
Kubernetes on a project
- Several clusters
- dcluster: dev cluster
- rcluster: prod cluster
Kubernetes on a project
- Several namespaces
- dteam1 : dev namespace of team 1
- iteam1 : indus namespace of team 1
- rteam1 : prod namespace of team 1
Kubernetes on a project
- Several namespaces
- dteam1
- dteam2
- dteam3
- iteam1
- iteam2
- iteam3
- rteam1
- rteam2
- rteam3
- ...
View environment
Change context to switch between namespaces
cf: cheatsheet (kcontext, kns)CLI and configuration
- kubectl
- ~./kube/config
- More on that on the practice time
Some tools
- kubectl aliases (cf cheatsheet)
- k9s
K9S
Basic k8s resources
- Pods
Basic k8s resources
- Pods
apiVersion: v1
kind: Pod
metadata:
name: nginx-web
labels:
app: nginx
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
Basic k8s resources
- Pods
Basic k8s resources
- Pods
- Deployment
Basic k8s resources
- Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: web
image: nginx:1.14.2
ports:
- containerPort: 80
Basic k8s resources
- Deployment
Basic k8s resources
- Pods
- Deployment
- Service
Basic k8s resources
- Service
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 8100
Basic k8s resources
- Service
Basic k8s resources
- Pods
- Deployment
- Service
- Ingress
Basic k8s resources
- Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /app
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
Basic k8s resources
- Ingress
Basic k8s configuration resources
- Configmap
Basic k8s configuration resources
- Configmap
- Can be used as environment variables
- Can be used as files
Basic k8s configuration resources
- Configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: game-demo
data:
# property-like keys; each key maps to a simple value
ENVIRONMENT_NAME: "INDUS"
PROFILE: "indus-profile"
# file-like keys
application.properties: |
bootstrap.servers= "http://kafka-server-indus:9092"
max.poll.records=100
common.properties: |
log_level="info"
key.serializer="io.confluent.kafka.serializers.KafkaAvroSerializer"
value.serializer="io.confluent.kafka.serializers.KafkaAvroSerializer"
Basic k8s configuration resources
- Configmap
- Secret
Basic k8s configuration resources
- Configmap
- Secret
- Can be used same as Configmap use
- Are base64 encoded
Basic k8s configuration resources
- Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
USERNAME: YWRtaW4=
PASSWORD: MWYyZDFlMmU2N2Rm
Basic k8s configuration resources
- Configmap
- Secret
- Pod disruption budget
Basic k8s configuration resources
- Configmap
- Secret
- Pod disruption budget
- Limit non ready replicates of your app
- Almost mandatory for production pods
Basic k8s configuration resources
- Pod disruption budget
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nginx-pdb
spec:
minAvailable: 2 # maxUnavailable # % or fixed value
selector:
matchLabels:
app: nginx
Deploy your app
- Manually with kubectl apply 💪
- Automatically triggered with Gitlab-CI 👍
- The old way with Jenkins jobs 👎
- Other solutions are possible
Deploy your app
- How an example CI works ?
- From develop : CreateBranch 🌳
Deploy your app
- How an example CI works ?
- From develop : CreateBranch 🌳
- From the release branch : ReleaseTag 🔒
Deploy your app
- How an example CI works ?
- From develop : CreateBranch 🌳
- From the release branch : ReleaseTag 🔒
- From the newly created tag : Deploy 🚀
Deploy your app
- How an example CI works ?
- From develop : CreateBranch 🌳
- From the release branch : ReleaseTag 🔒
- From the newly created tag : Deploy 🚀
- From the release branch : Merge to master ✅
Deploy your app
- Focus on Tag and deploy steps
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- It can use a generic CI to build and deploy docker image.
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- It can use a generic CI to build and deploy docker image.
- Maven is mainly used for that.
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- Deploy :
- Use embedded files from the current repo or centralized files from git
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- Deploy :
- Use embedded files from the current repo or centralized files from git
- Files can be templatized using a templating tool
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- Deploy :
- Use the embedded files from the current repo or the centralized files
- Files can be templatized using a templating tool
- Kustomize can be used to reuse components
Deploy your app
- Focus on Tag and deploy steps
- Tag :
- Deploy :
- Use the embedded files from the current repo or the centralized files
- Files are templatized using d4x cli
- Kustomize can be used to reuse components
- Finally, just a command `kubectl apply -k` is used to deploy your app
Practice Time ! 🍾 🎉
Configuration
- kubectl config view
Configuration
- kubectl config view
➜ kubectl config view
kind: Config
apiVersion: v1
preferences: {}
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: http://apiserver-my-cluster.my-domain.com:8443
name: dcluster
contexts:
- context:
cluster: dcluster
user: user_ident
namespace: dteam1
name: dteam1@dcluster
current-context: dteam1@dcluster
users:
- name: user_ident
user:
token: REDACTED
Configuration
- kubectl config view
- Edit it at ~/.kube/config
View resources
- kubectl get < type >
View resources
- kubectl get < type >
➜ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-32j54h2 1/1 Running 0 48m25s
front-app-34s53d4 0/1 Init 0/1 0 5s
backend-app-45r65g6 0/1 CrashloopBackoff 4 19m58s
View resources
- kubectl get < type >
- kubectl describe < type > < name >
View resources
- kubectl describe < type > < name >
➜ kubectl describe pod nginx-32j54h2
Name: nginx-32j54h2
Namespace: dteam1
Priority: 0
Node: docker-desktop/192.168.65.4
Start Time: Fri, 25 Mar 2022 17:50:27 +0100
Labels: app=nginx
Annotations:
Status: Running
IP: 10.1.0.15
IPs:
IP: 10.1.0.15
Containers:
nginx:
Container ID: docker://ec3d2dc0aafbd88c7fba3a0d9bd3f4d49030bb88c28a3c0a6649c0a80794aeaf
Image: nginx:latest
Image ID: docker-pullable://nginx@sha256:4ed64c2e0857ad21c38b98345ebb5edb01791a0a10b0e9e3d9ddde185cdbd31a
Port:
Host Port:
State: Running
Started: Mon, 28 Mar 2022 13:24:49 +0200
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Fri, 25 Mar 2022 17:50:29 +0100
Finished: Mon, 28 Mar 2022 13:24:38 +0200
Ready: True
Restart Count: 1
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-m67dr (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-m67dr:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SandboxChanged 29m kubelet Pod sandbox changed, it will be killed and re-created.
Normal Pulling 29m kubelet Pulling image "nginx:latest"
Normal Pulled 29m kubelet Successfully pulled image "nginx:latest" in 1.355729459s
Normal Created 29m kubelet Created container nginx
Normal Started 29m kubelet Started container nginx
Normal Killing 9s kubelet Container nginx definition changed, will be restarted
Normal Pulling 9s kubelet Pulling image "nginx:1.0.0"
Warning Failed 8s kubelet Failed to pull image "nginx:1.0.0": rpc error: code = Unknown desc = Error response from daemon: manifest for nginx:1.0.0 not found: manifest unknown: manifest unknown
Warning Failed 8s kubelet Error: ErrImagePull
Warning BackOff 7s kubelet Back-off restarting failed container
Start troubleshooting
- Only pods can have logs
- kubectl logs < name >
Start troubleshooting
- kubectl logs < name >
➜ kubectl logs nginx-32j54h2
2022/03/28 11:24:49 [notice] 1#1: using the "epoll" event method
2022/03/28 11:24:49 [notice] 1#1: nginx/1.21.6
2022/03/28 11:24:49 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2022/03/28 11:24:49 [notice] 1#1: OS: Linux 5.10.104-linuxkit
2022/03/28 11:24:49 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/03/28 11:24:49 [notice] 1#1: start worker processes
2022/03/28 11:24:49 [notice] 1#1: start worker process 31
...
Start troubleshooting
- kubectl logs < name >
➜ kubectl logs --help
# Retrieve only logs since Xh
➜ kubectl logs < name > --since Xh
# Specify a container to display his logs
➜ kubectl logs < name > -c < container_name >
# Follow the new logs printed by the pod
➜ kubectl logs < name > -f
Start troubleshooting
- Only pods can have logs
- kubectl logs < name >
- Stern (on github)
Start troubleshooting
- Stern (on github)
➜ stern nginx
+ nginx-0 › nginx
+ nginx-1 › nginx
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: using the "epoll" event method
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: nginx/1.21.6
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: start worker processes
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: start worker process 31
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: start worker process 32
nginx-1 nginx 2022/03/28 13:15:05 [notice] 1#1: nginx/1.21.6
nginx-1 nginx 2022/03/28 13:15:05 [notice] 1#1: start worker processes
nginx-1 nginx 2022/03/28 13:15:05 [notice] 1#1: start worker process 32
nginx-1 nginx 2022/03/28 13:15:05 [notice] 1#1: start worker process 33
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: start worker process 33
nginx-0 nginx 2022/03/28 13:15:29 [notice] 1#1: start worker process 34
Edit resources
- kubectl delete < type > < name >
- kubectl edit < type > < name >
- kubectl scale < type > --replicas X < name >
Edit resources
➜ kubectl delete pod nginx-32j54h2
pod "nginx-32j54h2" deleted
➜ kubectl edit deploy nginx
... open with vim
deployment/nginx edited
➜ kubectl scale deploy --replicas 2 nginx
deployment/nginx scaled
Troubleshooting
- Retrieve deployment template on the doc
Troubleshooting
- Retrieve deployment template on the doc
- Change image reference to a fake one
Troubleshooting
- Change image reference to a fake one
kind: Deployment
spec:
template:
spec:
containers:
- name: nginx
image: nginx:1.0.0 # image not exists
Troubleshooting
- Retrieve deployment template on the doc
- Change image reference to a fake one
- Add resources quota with huge values
Troubleshooting
- Add resources quota with huge values
kind: Deployment
spec:
template:
spec:
containers:
- name: nginx
resources:
limits:
cpu: 12 # huge amount of cpu ! => forbidden
memory: 30Gi
requests:
cpu: 500m
memory: 175Mi
Troubleshooting
- Add resources quota with huge values
- kubectl describe deploy < name >
- kubectl describe replicatset < name >
Troubleshooting
- Try it by yourself !
Cheatsheet
Cheatsheet linkThe end
Thanks for your time ! ⏱
Some questions ? 🙋♂️