Posts

Cheatsheet https://kubernetes.io/docs/reference/kubectl/cheatsheet/ Type kubectl in command prompt to get this - kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/ Basic Commands (Beginner): create Create a resource from a file or from stdin expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service run Run a particular image on the cluster set Set specific features on objects Basic Commands (Intermediate): explain Get documentation for a resource get Display one or many resources edit Edit a resource on the server delete Delete resources by file names, stdin, resources and names, or by resources and label selector Deploy Commands: rollout Manage the rollout of a resource scale Set a new size for a deployment, replica set, or replication controller autoscale Auto-scale a deployment, replica set, stateful set, or replication controller Cluster Management Commands: certificate Modify certificate resources. cluster-info Display cluster information top Display resource (CPU/memory) usage cordon Mark node as unschedulable uncordon Mark node as schedulable drain Drain node in preparation for maintenance taint Update the taints on one or more nodes Troubleshooting and Debugging Commands: describe Show details of a specific resource or group of resources logs Print the logs for a container in a pod attach Attach to a running container exec Execute a command in a container port-forward Forward one or more local ports to a pod proxy Run a proxy to the Kubernetes API server cp Copy files and directories to and from containers auth Inspect authorization debug Create debugging sessions for troubleshooting workloads and nodes events List events Advanced Commands: diff Diff the live version against a would-be applied version apply Apply a configuration to a resource by file name or stdin patch Update fields of a resource replace Replace a resource by file name or stdin wait Experimental: Wait for a specific condition on one or many resources kustomize Build a kustomization target from a directory or URL Settings Commands: label Update the labels on a resource annotate Update the annotations on a resource completion Output shell completion code for the specified shell (bash, zsh, fish, or powershell) Other Commands: api-resources Print the supported API resources on the server api-versions Print the supported API versions on the server, in the form of "group/version" config Modify kubeconfig files plugin Provides utilities for interacting with plugins version Print the client and server version information Usage: kubectl [flags] [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands). Describe items kubectl get all - describes all the entities(services, pods, deployments, replicasets etc) kubectl get pods - shows all the pods running for default namespace kubectl get svc - get all services kubectl get all rs - get all replica sets kubectl get pods -n <my-namespace> - shows running pods for <my-namespace> running. kubectl describe <resource-type> <resource-name> pod - kubectl describe pod my-pod service - kubectl describe service my-service deployment - kubectl describe deployment my-deployment namespace - kubectl describe namespace my-namespace configMap - kubectl describe configmap my-config node - kubectl describe node my-node ingress - kubectl describe ingress my-ingress statefulset - kubectl describe statefulset my-statefulset Delete resources kubectl delete pod <podname> -n <namespace> ...

Consider the following below topics and sub-topics to learn and understand to get into Devops. Kubernetes Architecture Api Server - REST, watched by multiple items(kubelet, k-proxy), certificate for request etcd - key-value store, cluster in eks for HA Scheduler - taints, tolerations, affinity based scheduling Kube Controller Manager - state of pods and changes, both watch api server kubelet(run on each node) and interaction with containerd(it creates the container asked by scheduler) k-proxy - runs on each node, handles networking and DNS. Flat networking Deployment, pod, service, secret, configmaps (understand their working and connection) Ingress Controller and ingress resource (ingress, egress etc and what they are) commands to run inside container pod lifecycles pod, node networking(DNS, fqdn) Service Account, roles, clusterrole, rolebinding and clusterrolebinding NetworkPolicies and how they work Volumes (types, mount location) important Authorization, authentication and Admission controller Flow of request (refer to image in Documents/devops folder) CRDs Go deeper into more topics and its API conventions AWS Knowledge of cloud practitioner course Working and knowledge of EC2 Setup Patching Security Groups subnets userdata Networking Knowledge Public and private subnets(internet access to private subnets) NAT and gateways VPC endpoints ALB vs NLB vpc peering vs transit gateway Security groups and their port mapping CIDR block Route53 record types working and health checks(setting them up) monitoring route53 Cloudwatch logs creating dashboard understanding metrics and querying Web Server(Apache and Nginx) need of web server virtual hosting allow/deny IPs .htaccess and htpasswd reverse proxy Implement thread and other directives configure logging understand various log formats server logs, audit logs enable, check tracking of users Docker (containerization) need of docker docker networking (types of docker networks) docker commands and creating dockerfile Docker compose docker swarm volume mounts and their types port mapping (left host: right container) Meaning of commands like - ENTRYPOINT ARG (how its used) WORKDIR etc Jenkins and Gitlab Pipeline setup understand groovy syntax understand .gitlab-ci.yml file as well create own groovy scripts terraform what is IAAC and why IAAC is needed? create own tf code and store locally ADHOC iops and throughput mail configure, smtp, send mail redirects openSSL postfix(similar to sendMail) sftp in linux, add user ipsec, ACL, port forwarding port forwarding in nginx jumpbox private to public network understand kernel, patching Consul and Istio setup and service mesh store env in consul and update them try istio for more like request tracing ArgoCD: TODO Setup Argo later for CD as CI needs its own jenkins/gitlab pipeline First learn pipelines and then use ArgoCD later Programming Python Automate anything and everything with this. Create and focus on logic with this Golang learn this for long time future complex solution sbuild from python to this Things to be good at Linux Administration Monitoring CI & CD Pipelines Some sort of scripting General cloud knowledge of a specific provider Communication Integrations Development workflows Performance tuning (web server, network, database)

Some common linux commands are - ls - show current files and directories ls -l - show files and directories with permissions cd - change directory hostname - shows the host device name ifconfig - display IP and MAC address top - show all running processes cat filename - shows the contents of the “filename” mkdir - create directories rm -rf dirname - removes directory and inside files. -r is for recursive and -f is for force. history - see the history of all the commands. ping host-ip - Check connectivity between hosts chmod 777 filename - Assign read, write and execute permissions(rwx) to owner, group and others. chmod -x filename - Remove execute functionality of file. chown - change owner and group ownership of file netstat -tulpn - check open ports which are listening of tcp and udp with their pid. tcp dump port_number - check packets incoming and outgoing to the given port number alias command to create a command alias such as alias lh="ls -lrth" and so later, when u do lh, it runs same as ls -lrth brctl show -Shows information about the bridge network and veth interfaces it is connected to and its attached ports of veth pair in kubernetes route- check the route table ip addr - Displays the addresses for every link configured on the system, same as ip a ip link sh - Inspect the network configuration within pod ethtool -S eth0 or veth12abcd - query or control network driver and hardware settings with statistics flag ip route sh - Show route table, same as route -n ping ip - shows connectivity to the IP(cannot use port) nc -vz ip_addr port - Checks tcp connectivity nc -vz 10.99.52.54 30080 traceroute - Shows route of packet flow traceroute ip w or sudo w - check current logged in session for terminal pv - monitor progress of a command execution pv file.tar.gz > /tmp/file.tar.gz htop - see current cpu utilization free -kh - see memory usage du -sh - see disk utilisation Git commands git rev-parse --short HEAD - get the latest commitId ...

https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/ LimitRange If you mention the limits but not the requests then pod is assigned limit value as the request(for both memory and cpu) Make sure to have limits set for atleast memory and requests as well. You can set a default memory and cpu limit for a namespace as well. These are namespace scoped. A LimitRange provides constraints that can: Enforce minimum and maximum compute resources usage per Pod or Container in a namespace. Enforce minimum and maximum storage request per PersistentVolumeClaim in a namespace. Enforce a ratio between request and limit for a resource in a namespace. Set default request/limit for compute resources in a namespace and automatically inject them to Containers at runtime. Reference - https://kubernetes.io/docs/tasks/administer-cluster/limit-storage-consumption/ ...

LLMs are the talk of the town going on for for the past 3-4 years with stocks of anything related to AI skyrocketing and more and more startups using AI to build something that will change the world. Now, while the aim and ideas floating around seem optimistic with POCs supporting the optimism, the reality of current GenAI powered apps are not revolutionary and are rather thin layers over LLMs. Here are the reasons why I think that is the case - ...

So the next steps after generating tests and testing the application is as follows - Build Dockerfile for the app and run the app locally with redis and mongodb running locally or via docker After testing them locally, run them inside docker-compose to understand docker networking and DNS resolution Build docker images with proper tags to be used for kubernetes deployment and upload to Dockerhub Install minikube and run it locally Generate YAML files for MongoDB and Redis with deployment and services configuration and run them stateless Note their FQDN <service>.<namespace>.svc.cluster.local and add them as K8s env variables to be used Create YAML file for FastAPI application with environment set and with deployment, service and ingress and apply it Check the application running and access it via command minikube tunnel Deploying to local Kubernetes Make sure to install minikube as per their documentation - https://minikube.sigs.k8s.io/docs/start/?arch=%2Fwindows%2Fx86-64%2Fstable%2F.exe+download ...

Aim Design, develop and deploy a working url shortener service which is able to handle huge number of requests and processing with high availability and fault tolerance. Best code practices have to be followed with optimisations made on asynchronous implementation, tests, max retries, high availability etc We start with building a local app to be deployed on docker with mongodb and redis running locally or on docker. This will then be shifted to kubernetes cluster once it works with tests. ...

There exist quite a number of RAG techniques aiming to improve chatbot systems to have better accuracy and relevance to questions being asked. Some of the popular techniques are - RAG Fusion Multi query Native RAG Stepback prompting Hierarchical indexes Document summary index + LLM rerank HyDe Query decomposition Refer to research paper with different RAG techniques compared are graded - https://arxiv.org/pdf/2404.01037 Here is how they compare to each other and what are the benefits and problems of each technique being used for implementing RAG based systems. ...

So I have been working on GenAI applications for past few months and decided to build something using RAG. I could not think of some interesting resources so I decided to take my own blog content as the data to build my RAG chatbot on. Please note that the following content is going to be almost same as my medium blog - https://medium.com/@varunarora1408/building-rag-chatbot-on-my-personal-blog-ff89ac772c69 So, here was the rough idea that came to my mind to create this application- ...

Here is guide how you can easily deploy nginx web server on minikube locally with common kubernetes terms explaied as well in the tutorial. Nginx Deployment apiVersion: apps/v1 kind: Deployment metadata: name: my-nginx-deployment spec: replicas: 3 selector: matchLabels: app: nginx-deployment template: metadata: labels: app: nginx-deployment spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 protocol: TCP resources: limits: cpu: "500m" # 500 milliCPU (0.5 CPU) memory: "512Mi" # 512 Mebibytes requests: cpu: "200m" # 200 milliCPU (0.2 CPU) memory: "256Mi" # 256 Mebibytes Note - we have to use apps/v1 for Deployment and metadata is very important. The name nginx-deployment in metadata refers to name of deployment. ...

https://www.upguard.com/blog/reverse-proxy-vs-load-balancer Load Balancer and reverse proxy are often same but not always. The similarity between the 2 is in the fact that they handle inbound requests across two or more web servers to spread the load. A reverse proxy, however, typically has any number of features: load balancing: as discussed above caching: it can cache content from the web server(s) behind it and thereby reduce the load on the web server(s) and return some static content back to the requester without having to get the data from the web server(s) ...

IOPS (Input/Output Operations Per Second) is a measure of NUMBER of input/output operations that a system can perform in a second. An I/O operation refers to any read or write operation that accesses data on a storage device, such as a hard disk drive or solid-state drive. IOPS is typically used to measure the random access performance of a storage system, since random I/O operations are typically more demanding than sequential I/O operations. ...

Pod Scheduling Flow in Kubernetes Open above image in new tab Pod scheduling is a core component of Kubernetes that manages how and where pods are placed across the cluster’s available nodes. The process ensures that each pod meets its requirements, such as resource allocation (CPU, memory), affinity rules, and node availability. Let’s break down the pod scheduling request flow, along with key details based on the provided diagram and Kubernetes principles. ...

Node affinity and taints/tolerations are Kubernetes features that allow you to control where and how pods are scheduled onto nodes in a cluster. They serve different purposes but can be used in combination to achieve more advanced scheduling requirements. Node Affinity: Node affinity is a feature that allows you to specify rules for which nodes your pods are scheduled on based on labels assigned to nodes. It can be used to influence pod placement based on node characteristics such as hardware capabilities, geographic location, or other custom attributes. ...

JSON, or JavaScript Object Notation, is a lightweight and easy-to-read format that is widely supported by many programming languages. It is also human-readable and easy to edit, making it a popular choice for storing configuration data, transmitting data over HTTP, and exchanging data between web services. BSON, or Binary JSON, is a binary-encoded serialization format that is designed to be more efficient than JSON when working with large amounts of data. It supports more data types than JSON, including binary data, dates, and regular expressions, and can be up to 20-30% smaller in size than JSON. ...

Kubernetes has a python client as well, which is very well underrated and should be used for a variety of tasks as follows - Automated Deployment: You want to automatically deploy a new version of your application when code changes are pushed to your Git repository. Use the Python client to create a new Kubernetes deployment, specifying the Docker image version to deploy. Set up a webhook or integration in your CI/CD tool (e.g., Jenkins, GitLab CI/CD, or GitHub Actions) to trigger this deployment when new code is pushed. Rolling Updates: You want to perform rolling updates to your application without downtime. ...

Resource https://www.mongodb.com/docs/v2.4/core/master-slave/ IMPORTANT If stuck, first check netstat -tulnp and mongod -f config.conf to see if it is running or not. Make sure both are on same VPC with security groups configured. Use mongod -f config_file.conf to start with forked processes to run them. Here is SECONDARY node config file slave.conf storage: dbPath: /usr/local/var/mongodb/slave net: bindIp: 0.0.0.0 port: 27017 security: authorization: enabled keyFile: /usr/local/var/mongodb/pki/replicaset-keyfile systemLog: destination: file path: /usr/local/var/log/mongodb/slave/mongod.log logAppend: true processManagement: fork: true replication: replSetName: master-slave BindIp means it is listening to IP addresses mentioned. Here 0.0.0.0 means all of them, 127.0.0.1 is same as localhost only. It must listen at 0.0.0.0 to listen to all connections as slave. ...

Kubernetes YAML syntax https://betterprogramming.pub/understanding-kubernetes-yaml-syntax-83359d33f9c2 Key-values multiple key-values key1: value 1 key2: value 2 single key with map key1: subkey1: value 1 subkey1: value 2 subkey1: value 3 equivalent json for above { "key1": { "subkey1": "subvalue1", "subkey2": "subvalue2", "subkey3": "subvalue3" } } Lists list: - item1 - item2 - item3 - item4 - item5 equivalent json { "list": ["item1", "item2", "item3", "item4", "item5"] } List can contain multiple maps list: - item1 - mapItem1: value mapItem2: value - item3 - item4 - item5 equivalent json ...

MongoDB is also known as DocumentDB or NoSQL database. The reason it is called documentDB is it stores and retrieves data in the form of semi-structured or unstructured documents DocumentDB DocumentDB is AWS offering for NoSQL database which stores data in semi-structured data as documents than traditional relational data with fixed schema. It provides high scalability, high availability and security and works well for applications that require LOW latency and HIGH throughput for read/write operations. ...

StatefulSets and Deployments are both controllers in Kubernetes that are used to manage the deployment and scaling of pods. StatefulSets are designed to manage stateful applications, such as databases or other distributed systems, that require stable network identities, stable storage, and ordered deployment and scaling. StatefulSets use stable network identities, which means that each pod in the set has a stable, unique hostname that persists across restarts. They also use stable storage, which means that each pod has its own persistent storage that is managed by a persistent volume claim. ...

Pods and nodes are both fundamental concepts in the Kubernetes architecture, but they serve different purposes. A pod is the smallest deployable unit in Kubernetes, representing a single instance of a running process in a cluster. A pod can contain one or more tightly-coupled containers that share the same network namespace and storage volumes. All containers in a pod run on the same node, and they can communicate with each other using local host networking. ...

Consider a huge monolith application which is running on a single EC2 and you want to swap it into the microservices architecture. From the infra perspective, you have to setup cluster with a namespace for these microservices and associate pods as applications to run in. Now as pods are running, it how do you manage user sessions? Let’s say if a pod gets deleted somehow, the user will be signed out of the application which you do not want to happen. ...

pod priority via their yaml - preemptionPolicy: PreemptLowerPriority priority: 0 https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Priority class - non-namespaced object that defines a mapping from a priority class name to the integer value of the priority. They are used to prioritize pods to be scheduled before and come with apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: name: high-priority value: 1000000 globalDefault: false description: "This priority class should be used for XYZ service pods only." (preemptionPolicy: PreemptLowerPriority is default) ...

Multi-container design patterns Sidecar pattern An extra container in your pod to enhance or extend the functionality of the main container. Ambassador pattern A container that proxy the network connection to the main container. Adapter pattern A container that transform output of the main container. Reference - https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns/ The idea for a sidecar container is to add some functionality not present in the main container. Rather than bloating code, which may not be necessary in other deployments, adding a container to handle a function such as logging solves the issue, while remaining decoupled and scalable. Prometheus monitoring and Fluentd logging leverage sidecar containers to collect data. ...

References https://stackoverflow.com/questions/45511339/kubernetes-minikube-with-local-persistent-storage https://platform9.com/blog/tutorial-dynamic-provisioning-of-persistent-storage-in-kubernetes-with-minikube/ https://stackoverflow.com/questions/66355331/deployment-cannot-find-pvc-on-minikube minikube supports hostPath mount out of box - minikube mount D:/vscode/devops:/usr/volume kubectl api-resources --namespaced=false # returns resources which are cluster-wide kubectl api-resources --namespaced=true # resources which are ns scoped PVCs request from storage classes - https://kubernetes.io/docs/concepts/storage/storage-classes/ PVC are ns scoped so 2 pvc can have same name if in different ns. for minikube generate another storage class as classic uses a specific path Setting up own PV and VPC For creating own pv, pvc you need to create a storage class as well as only then it will use the pv you creted otherwise will create dynamic allocation. ...

Both Deployments and ReplicaSets are designed to manage stateless applications in Kubernetes. This means that they are not responsible for managing any application state or data storage. Instead, they manage the deployment and scaling of stateless pods that run the application code. In a stateless application, each pod is independent and interchangeable, and can be scaled up or down as needed. The application state is typically stored in a separate data store, such as a database, that is managed independently of the pods. ...

Topic in SNS In Amazon Simple Notification Service (SNS), a topic is an access point for allowing subscribers to receive notifications or messages. When you publish a message to a topic, SNS sends the message to all the subscribers of that topic. Sending files as attachments Yes, you can use Amazon Simple Notification Service (SNS) to send a CSV file stored in an Amazon S3 bucket as an attachment in an email notification. Here are the high-level steps to achieve this: ...

Devops is mainly three things - Infrastructure Automation Monitoring Infrastructure You need a server for hosting, server is an infrastructure. You need database for backend, database is infrastructure. It refers to the underlying system and hardware responsible for development and delivery. Automation It means automating stuff being done manually to waste less time doing the same stuff. Monitoring It means keeping track of application working, finding problems and bugs and fixing them right away. ...

MaxRequestWorkers MaxRequestWorkers is a configuration directive in the Apache web server that specifies the maximum number of simultaneous connections that the server can handle. It determines the maximum number of child processes or threads that can be spawned by the server to handle incoming requests. The MaxRequestWorkers directive is typically set in the Apache configuration file (httpd.conf) and determines the maximum number of worker processes that Apache can create to serve client requests. Each worker process can handle one client request at a time. When the maximum number of workers is reached, additional requests will be queued, waiting for a worker process to become available. ...

For rstarting up a 3 node cluster with 1 master and 2 slaves follow this https://medium.com/swlh/mongodb-creating-a-3-node-replica-set-cluster-7ca94849b139 First we need a keyfile and appropriate permissions. If the mongod processes were actually running on different machines, then each machine will have a copy of this keyfile. Use OpenSSL to create keyfile - sudo mkdir -p /usr/local/var/mongodb/pki/ openssl rand -base64 741 > /usr/local/var/mongodb/pki/replicaset-keyfile chmod 400 /usr/local/var/mongodb/pki/replicaset-keyfile Create Mongod config files to start mongod processes. Here we will fork the processes to run multiple mongo. ...

RSA and SHA are two different cryptographic algorithms used for different purposes. RSA is an asymmetric encryption algorithm, while SHA is a hash function. RSA RSA is primarily used for encryption and digital signatures. It is based on the mathematical problem of factorization, and it uses a pair of keys (public and private) to encrypt and decrypt messages. RSA is commonly used in secure email, online banking, and other secure communication protocols. ...

httpd.conf vs .htacess httpd.conf and .htaccess are both configuration files used in Apache web server, but they have different scopes and purposes. 1. httpd.conf httpd.conf is the main configuration file for Apache, which contains global configuration settings that apply to the entire server. It is usually located in the Apache installation directory or in the /etc/httpd/ (or /etc/apache2/ on some systems) directory, and it requires administrative privileges to edit. The httpd.conf file is used to configure various aspects of the Apache server, including server-wide settings such as server name, ports, server modules, virtual hosts, and security settings. Changes made to httpd.conf require a server restart to take effect. ...

Creating a MongoDB Replica Set with authentication using StatefulSets involves several steps. Below is a manifest example for deploying a MongoDB Replica Set with authentication using StatefulSets in Kubernetes. This assumes you have a Kubernetes cluster set up and kubectl configured. Create a Secret for MongoDB Authentication: Create a Kubernetes Secret to store the MongoDB admin credentials. You can encode the username and password using echo -n 'yourpassword' | base64: ...

WiredTiger WiredTiger is a high-performance, open-source storage engine used by MongoDB to store and manage data. WiredTiger is designed to support high concurrency and high throughput workloads while maintaining low latency and high reliability. It is optimized for modern hardware architectures, including solid-state drives (SSDs), multi-core processors, and large memory configurations. Key features of WiredTiger: Document-level concurrency control: Allows multiple operations on the same document to be processed concurrently, improving performance and reducing lock contention. ...