Kubernetes OneShot

Tushar PantTushar Pant
7 min read

Creating a complete Kubernetes one-shot is a challenge due to the sheer breadth of topics within Kubernetes. However, I will give you an extensive guide that covers almost every major concept and component in Kubernetes, organized by topics, providing an overview, essential commands, and key resources to master Kubernetes.


1. Kubernetes Architecture

Kubernetes follows a master-worker architecture, where the master controls the cluster, and the worker nodes run the containerized applications.

1.1 Key Components:

  • Control Plane: Manages the cluster.

    • API Server: The front-end for the Kubernetes control plane.

    • etcd: A key-value store used for configuration data and service discovery.

    • Scheduler: Assigns pods to nodes.

    • Controller Manager: Runs various controllers (e.g., Replication Controller, Node Controller).

  • Worker Nodes: Where the actual application workloads run.

    • Kubelet: Communicates with the API server, manages the lifecycle of containers.

    • Kube-Proxy: Manages networking for services.

    • Container Runtime: Runs the containers (e.g., Docker, containerd, CRI-O).


2. Basic Kubernetes Concepts

2.1 Installation

  1. Windows

    1. Install Docker Desktop (includes Kubernetes support)

      1. Download Docker Desktop: https://www.docker.com/products/docker-desktop

      2. Enable Kubernetes in Docker Desktop settings.

    2. Install kubectl:

       choco install kubernetes-cli
      
  2. Ubuntu

    1. Disable Swap:

       sudo swapoff -a
       sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
      
    2. Install Docker:

       sudo apt install -y docker.io
       sudo systemctl enable docker
       sudo systemctl start docker
      
    3. Install Kubernetes (kubeadm, kubectl, and kubelet):

    sudo apt update
    sudo apt install -y apt-transport-https curl
    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
    sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
    sudo apt update
    sudo apt install -y kubelet kubeadm kubectl
    sudo apt-mark hold kubelet kubeadm kubectl
  1. macOS

    1. Install Docker Desktop (includes Kubernetes):

      1. Download Docker Desktop: https://www.docker.com/products/docker-desktop

      2. Enable Kubernetes in Docker Desktop settings.

    2. Install kubectl using Homebrew:

    brew install kubectl

2.2 Pods

  • The smallest deployable unit in Kubernetes. A pod can contain one or more containers.

    • Single-container Pod: The most common type.

    • Multi-container Pod: Useful when containers share resources like storage.

CommandsFunctionality
kubectl get podsList all pods
kubectl describe pod [pod-name]Describe a pod
kubectl delete pod [pod-name]Delete a pod
kubectl exec -it [pod-name] -- /bin/shAccess a pod shell

2.3 Replica Sets

  • Ensures a specified number of pod replicas are running at all times.
CommandsFunctionality
kubectl get rsList Replica Sets
kubectl scale --replicas=[n] rs/[rs-name]Scale Replica Set

2.4 Deployments

  • Provides declarative updates for Pods and Replica Sets. Used for rolling updates and rollbacks.
CommandsFunctionality
kubectl create deployment [name] --image=[image]Create a deployment from an image
kubectl get deploymentsList Deployments
kubectl rollout undo deployment [name]Rollback to the previous version
kubectl delete deployment [name]Delete Deployment

3. Services and Networking

3.1 Service Types

  • Cluster IP: Default, exposes the service only inside the cluster.

  • Node Port: Exposes the service on a static port on each node.

  • Load Balancer: Exposes the service externally using a cloud provider’s load balancer.

  • External Name: Maps a service to an external DNS name.

CommandsFunctionality
kubectl expose pod [pod-name] --type=NodePort --port=8080Expose a port
kubectl get servicesList all services

3.2 Ingress

  • Manages external access to services, typically via HTTP/HTTPS, and provides load balancing, SSL termination, and name-based virtual hosting.

Example Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80
CommandsFunctionality
kubectl get ingressList Ingress resources
kubectl describe ingress [ingress-name]Describe Ingress

3.3 Network Policies

  • Define how pods communicate with each other and other network endpoints. They are used to enforce network security rules.

Example:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-specific-traffic
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend

4. Storage

4.1 Volumes

  • Allow data to persist even after a pod is deleted.

Common Volume Types:

  • empty Dir: Temporary storage that exists as long as the pod is running.

  • host Path: Maps a directory from the host to the pod.

  • Persistent Volume (PV): Represents physical storage.

  • Persistent Volume Claim (PVC): Requests storage from a PV.

CommandsFunctionality
kubectl get pvList Persistent Volumes
kubectl get pvcList Persistent Volume Claims

4.2 Storage Classes

  • Dynamically provisions storage when a PVC is created.

Example Storage Class:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: fast
provisioner: kubernetes.io/gce-pd
parameters:
  type: pd-ssd

5. Config Maps and Secrets

5.1 Config Maps

  • Store configuration data in key-value pairs that can be consumed by pods.
CommandsFunctionality
kubectl create configmap [name] --from-literal=[key=value]Create a Config Map
kubectl get configmapsList Config Maps
kubectl describe configmap [name]Describe Config Map

5.2 Secrets

  • Store sensitive information such as passwords, OAuth tokens, and SSH keys.
CommandsFunctionality
kubectl create secret generic [name] --from-literal=[key=value]Create a new Secret
kubectl get secretsList secrets
kubectl describe secret [name]Describe a secret

6. Controllers

6.1 Daemon Sets

  • Ensures that a copy of a pod runs on all or some nodes in the cluster.
CommandsFunctionality
kubectl create -f [daemonset.yaml]Create a Daemon Set
kubectl get dsList Daemon Sets

6.2 Stateful Sets

  • Manages stateful applications, where each pod has a unique, stable identity and storage.
CommandsFunctionality
kubectl create -f [statefulset.yaml]Create a Stateful Set
kubectl get statefulsetsList Stateful Sets

6.3 Jobs and Cron Jobs

  • Job: Ensures a task runs to completion.

  • Cron Job: Schedules jobs to run at specific times.

Example Cron Job:

apiVersion: batch/v1
kind: CronJob
metadata:
  name: example-cronjob
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure

7. Security

7.1 Role-Based Access Control (RBAC)

  • Controls access to the Kubernetes API.

Example Role and Role Binding:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: "jane"
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

7.2 Pod Security Policies (PSP)

  • Controls security settings for pods, such as running as root, using host namespaces, or allowing privileged containers.

8. Helm

  • Helm is a package manager for Kubernetes. It packages multiple Kubernetes manifests into charts, making them reusable.
CommandsFunctionality
helm repo add [repo-name] [repo-url]Add a repo using helm
helm install [release-name] [chart-name]install a helm chart to your cluster
helm listList all releases
helm upgrade [release-name] [chart-name]Upgrade a release
helm delete [release-name]Delete a release

9. Monitoring and Logging

9.1 Metrics Server

  • Provides resource usage data for pods and nodes. It's required for Horizontal Pod Autoscaling (HPA).
CommandsFunctionality
kubectl top nodesView resource usage for nodes
kubectl top podsView resource usage for pods

9.2 Prometheus and Grafana

  • Prometheus is widely used for monitoring Kubernetes clusters. Grafana is used to visualize metrics.

9.3 Logs

  • Kubernetes logs can be accessed using the kubectl logs command.
CommandsFunctionality
kubectl logs [pod-name]View logs for a pod
kubectl logs -f [pod-name]Follow logs for a pod

10. High Availability

10.1 Horizontal Pod Autoscaling (HPA)

  • Automatically adjusts the number of pods based on resource usage (e.g., CPU).

Commands:

kubectl autoscale deployment [name] --cpu-percent=50 --min=1 --max=10

10.2 Cluster Auto scaler

  • Automatically scales worker nodes based on pending pods.

This one-shot guide covers the most important components of Kubernetes, from core architecture and concepts to advanced topics like autoscaling, storage, networking, and monitoring. Each section can be explored in much more depth, but this guide should give you a solid foundation. Let me know if you need further elaboration on any topic!

10
Subscribe to my newsletter

Read articles from Tushar Pant directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Tushar Pant
Tushar Pant