Kubernetes

Cheatsheet https://kubernetes.io/docs/reference/kubectl/cheatsheet/ Type kubectl in command prompt to get this - kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/ Basic Commands (Beginner): create Create a resource from a file or from stdin expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service run Run a particular image on the cluster set Set specific features on objects Basic Commands (Intermediate): explain Get documentation for a resource get Display one or many resources edit Edit a resource on the server delete Delete resources by file names, stdin, resources and names, or by resources and label selector Deploy Commands: rollout Manage the rollout of a resource scale Set a new size for a deployment, replica set, or replication controller autoscale Auto-scale a deployment, replica set, stateful set, or replication controller Cluster Management Commands: certificate Modify certificate resources. cluster-info Display cluster information top Display resource (CPU/memory) usage cordon Mark node as unschedulable uncordon Mark node as schedulable drain Drain node in preparation for maintenance taint Update the taints on one or more nodes Troubleshooting and Debugging Commands: describe Show details of a specific resource or group of resources logs Print the logs for a container in a pod attach Attach to a running container exec Execute a command in a container port-forward Forward one or more local ports to a pod proxy Run a proxy to the Kubernetes API server cp Copy files and directories to and from containers auth Inspect authorization debug Create debugging sessions for troubleshooting workloads and nodes events List events Advanced Commands: diff Diff the live version against a would-be applied version apply Apply a configuration to a resource by file name or stdin patch Update fields of a resource replace Replace a resource by file name or stdin wait Experimental: Wait for a specific condition on one or many resources kustomize Build a kustomization target from a directory or URL Settings Commands: label Update the labels on a resource annotate Update the annotations on a resource completion Output shell completion code for the specified shell (bash, zsh, fish, or powershell) Other Commands: api-resources Print the supported API resources on the server api-versions Print the supported API versions on the server, in the form of "group/version" config Modify kubeconfig files plugin Provides utilities for interacting with plugins version Print the client and server version information Usage: kubectl [flags] [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands). Describe items kubectl get all - describes all the entities(services, pods, deployments, replicasets etc) kubectl get pods - shows all the pods running for default namespace kubectl get svc - get all services kubectl get all rs - get all replica sets kubectl get pods -n <my-namespace> - shows running pods for <my-namespace> running. kubectl describe <resource-type> <resource-name> pod - kubectl describe pod my-pod service - kubectl describe service my-service deployment - kubectl describe deployment my-deployment namespace - kubectl describe namespace my-namespace configMap - kubectl describe configmap my-config node - kubectl describe node my-node ingress - kubectl describe ingress my-ingress statefulset - kubectl describe statefulset my-statefulset Delete resources kubectl delete pod <podname> -n <namespace> ...

Consider the following below topics and sub-topics to learn and understand to get into Devops. Kubernetes Architecture Api Server - REST, watched by multiple items(kubelet, k-proxy), certificate for request etcd - key-value store, cluster in eks for HA Scheduler - taints, tolerations, affinity based scheduling Kube Controller Manager - state of pods and changes, both watch api server kubelet(run on each node) and interaction with containerd(it creates the container asked by scheduler) k-proxy - runs on each node, handles networking and DNS. Flat networking Deployment, pod, service, secret, configmaps (understand their working and connection) Ingress Controller and ingress resource (ingress, egress etc and what they are) commands to run inside container pod lifecycles pod, node networking(DNS, fqdn) Service Account, roles, clusterrole, rolebinding and clusterrolebinding NetworkPolicies and how they work Volumes (types, mount location) important Authorization, authentication and Admission controller Flow of request (refer to image in Documents/devops folder) CRDs Go deeper into more topics and its API conventions AWS Knowledge of cloud practitioner course Working and knowledge of EC2 Setup Patching Security Groups subnets userdata Networking Knowledge Public and private subnets(internet access to private subnets) NAT and gateways VPC endpoints ALB vs NLB vpc peering vs transit gateway Security groups and their port mapping CIDR block Route53 record types working and health checks(setting them up) monitoring route53 Cloudwatch logs creating dashboard understanding metrics and querying Web Server(Apache and Nginx) need of web server virtual hosting allow/deny IPs .htaccess and htpasswd reverse proxy Implement thread and other directives configure logging understand various log formats server logs, audit logs enable, check tracking of users Docker (containerization) need of docker docker networking (types of docker networks) docker commands and creating dockerfile Docker compose docker swarm volume mounts and their types port mapping (left host: right container) Meaning of commands like - ENTRYPOINT ARG (how its used) WORKDIR etc Jenkins and Gitlab Pipeline setup understand groovy syntax understand .gitlab-ci.yml file as well create own groovy scripts terraform what is IAAC and why IAAC is needed? create own tf code and store locally ADHOC iops and throughput mail configure, smtp, send mail redirects openSSL postfix(similar to sendMail) sftp in linux, add user ipsec, ACL, port forwarding port forwarding in nginx jumpbox private to public network understand kernel, patching Consul and Istio setup and service mesh store env in consul and update them try istio for more like request tracing ArgoCD: TODO Setup Argo later for CD as CI needs its own jenkins/gitlab pipeline First learn pipelines and then use ArgoCD later Programming Python Automate anything and everything with this. Create and focus on logic with this Golang learn this for long time future complex solution sbuild from python to this Things to be good at Linux Administration Monitoring CI & CD Pipelines Some sort of scripting General cloud knowledge of a specific provider Communication Integrations Development workflows Performance tuning (web server, network, database)

https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/ LimitRange If you mention the limits but not the requests then pod is assigned limit value as the request(for both memory and cpu) Make sure to have limits set for atleast memory and requests as well. You can set a default memory and cpu limit for a namespace as well. These are namespace scoped. A LimitRange provides constraints that can: Enforce minimum and maximum compute resources usage per Pod or Container in a namespace. Enforce minimum and maximum storage request per PersistentVolumeClaim in a namespace. Enforce a ratio between request and limit for a resource in a namespace. Set default request/limit for compute resources in a namespace and automatically inject them to Containers at runtime. Reference - https://kubernetes.io/docs/tasks/administer-cluster/limit-storage-consumption/ ...

So the next steps after generating tests and testing the application is as follows - Build Dockerfile for the app and run the app locally with redis and mongodb running locally or via docker After testing them locally, run them inside docker-compose to understand docker networking and DNS resolution Build docker images with proper tags to be used for kubernetes deployment and upload to Dockerhub Install minikube and run it locally Generate YAML files for MongoDB and Redis with deployment and services configuration and run them stateless Note their FQDN <service>.<namespace>.svc.cluster.local and add them as K8s env variables to be used Create YAML file for FastAPI application with environment set and with deployment, service and ingress and apply it Check the application running and access it via command minikube tunnel Deploying to local Kubernetes Make sure to install minikube as per their documentation - https://minikube.sigs.k8s.io/docs/start/?arch=%2Fwindows%2Fx86-64%2Fstable%2F.exe+download ...

Here is guide how you can easily deploy nginx web server on minikube locally with common kubernetes terms explaied as well in the tutorial. Nginx Deployment apiVersion: apps/v1 kind: Deployment metadata: name: my-nginx-deployment spec: replicas: 3 selector: matchLabels: app: nginx-deployment template: metadata: labels: app: nginx-deployment spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 protocol: TCP resources: limits: cpu: "500m" # 500 milliCPU (0.5 CPU) memory: "512Mi" # 512 Mebibytes requests: cpu: "200m" # 200 milliCPU (0.2 CPU) memory: "256Mi" # 256 Mebibytes Note - we have to use apps/v1 for Deployment and metadata is very important. The name nginx-deployment in metadata refers to name of deployment. ...

Pod Scheduling Flow in Kubernetes Open above image in new tab Pod scheduling is a core component of Kubernetes that manages how and where pods are placed across the cluster’s available nodes. The process ensures that each pod meets its requirements, such as resource allocation (CPU, memory), affinity rules, and node availability. Let’s break down the pod scheduling request flow, along with key details based on the provided diagram and Kubernetes principles. ...

Node affinity and taints/tolerations are Kubernetes features that allow you to control where and how pods are scheduled onto nodes in a cluster. They serve different purposes but can be used in combination to achieve more advanced scheduling requirements. Node Affinity: Node affinity is a feature that allows you to specify rules for which nodes your pods are scheduled on based on labels assigned to nodes. It can be used to influence pod placement based on node characteristics such as hardware capabilities, geographic location, or other custom attributes. ...

Kubernetes has a python client as well, which is very well underrated and should be used for a variety of tasks as follows - Automated Deployment: You want to automatically deploy a new version of your application when code changes are pushed to your Git repository. Use the Python client to create a new Kubernetes deployment, specifying the Docker image version to deploy. Set up a webhook or integration in your CI/CD tool (e.g., Jenkins, GitLab CI/CD, or GitHub Actions) to trigger this deployment when new code is pushed. Rolling Updates: You want to perform rolling updates to your application without downtime. ...

Kubernetes YAML syntax https://betterprogramming.pub/understanding-kubernetes-yaml-syntax-83359d33f9c2 Key-values multiple key-values key1: value 1 key2: value 2 single key with map key1: subkey1: value 1 subkey1: value 2 subkey1: value 3 equivalent json for above { "key1": { "subkey1": "subvalue1", "subkey2": "subvalue2", "subkey3": "subvalue3" } } Lists list: - item1 - item2 - item3 - item4 - item5 equivalent json { "list": ["item1", "item2", "item3", "item4", "item5"] } List can contain multiple maps list: - item1 - mapItem1: value mapItem2: value - item3 - item4 - item5 equivalent json ...

StatefulSets and Deployments are both controllers in Kubernetes that are used to manage the deployment and scaling of pods. StatefulSets are designed to manage stateful applications, such as databases or other distributed systems, that require stable network identities, stable storage, and ordered deployment and scaling. StatefulSets use stable network identities, which means that each pod in the set has a stable, unique hostname that persists across restarts. They also use stable storage, which means that each pod has its own persistent storage that is managed by a persistent volume claim. ...