Exploring Kubernetes: From Cloud & On-Prem Clusters , Images, Debug container & Pods, kubectl

AnasAnas
9 min read

also includes piyush lec and task7

clusters:

cluster is a group of nodes

kind cluster:

kubernetes in docker

# To create a kind cluster: which is a single node cluster
kind create a cluster --name anas

A configuration file to create a double node cluster:

# cluster.yaml
kind: cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  image: kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865
- role: worker-node
  image: kindest/node:v1.30.3@sha256:bf91e1ef2f7d92bb7734b2b896b3dddea98f0496b34d96e37dd5d7df331b7e56

Note: The worker node’s current running version can’t be greater than the control plane (master node).

Why: Because some backward compatibility issues occur.

Note the command to create the double node cluster:

kind create cluster --name day3 --config cluster.yaml

Interview question:

Run the specific version of the K8s?

  • release of kube6 then paste in config file

kubeadm cluster

for online practice use: Killr coda

Minikube cluster

Minikube is a tool that allows you to run a single-node Kubernetes cluster on your local machine.

Kind, Minikube, and Kubeadm are three popular tools used for running Kubernetes locally on a machine. Kind is designed for testing Kubernetes itself, Minikube is designed for learning and testing Kubernetes, and Kubeadm is designed for creating a production-ready Kubernetes cluster.

  • Kind supports Podman and rootless mode, while Minikube supports multiple drivers and container runtimes.

  • Kubeadm supports multiple nodes, container runtimes, and network plugins.

cluster why? - its consist node , master node , worker node and object etc.

object like pods, ingress, operators , service

Objects:

Kubernetes objects are persistent entities in a Kubernetes cluster that represent the desired state of the cluster. They can be used to describe:

  • The containerized applications running and on which nodes

  • The resources available to those applications

  • The policies around how those applications behave

Some examples of Kubernetes objects include:

  • Pods: The smallest unit of deployment in Kubernetes, pods can host one or more containers and provide storage and networking resources.

  • Deployments: Manage the lifecycle of one or more identical pods.

  • ReplicaSets: Ensure that the desired number of replicas are running at all times.

  • StatefulSets: Manage stateful applications.

  • Services: Abstract access to a set of pods, providing stable IP addresses and DNS names.

  • Ingress: Manages external access to services, typically HTTP, with routing rules.

  • ConfigMaps: Store non-confidential configuration data in key-value pairs for pods.

  • Secrets: Securely store and manage sensitive information like passwords and tokens.

  • Volumes: Provide persistent storage solutions for pods, abstracting underlying storage types.

  • **Persistent Volumes (PV)**: A cluster resource representing a piece of storage provisioned by an administrator.

  • Persistent Volume Claims (PVC): A request for storage by a user, abstracting the details of the underlying infrastructure.

  • Namespaces: Create isolated environments within a cluster to manage resources for different teams or projects.

  • NetworkPolicies: Define rules for how pods can communicate with each other and external endpoints.

  • DaemonSets: Ensure that all or some nodes run a copy of a specific pod for tasks like monitoring or logging.

  • Jobs: Create pods to run a specific task to completion, useful for batch processing.

  • CronJobs: Schedule jobs to run at specified times or intervals for recurring tasks.

  • Horizontal Pod Autoscalers (HPA): Automatically adjust the number of pod replicas based on resource utilization metrics.

  • Custom Resource Definitions (CRDs): Extend Kubernetes functionality by defining your own resou

  • Admission Controllers: Intercept and enforce policies on requests to the Kubernetes API server.

2. Images

A Docker image is a file that contains the instructions and resources needed to create a Docker container.

Note: Image name: tag

What is contains: A Docker image includes all the files, dependencies, and libraries required to run a container. This can include code, config files, environment variables, runtimes, applicaiton, system libraries and more.

The image is stored in the registery

Here are some cloud-native container registries that are commonly used

  1. Google Container Registry (GCR)
  • A managed Docker container registry that stores container images in Google Cloud, integrated with Google Cloud services.
  1. Amazon Elastic Container Registry (ECR)
  • A fully managed Docker container registry provided by AWS, making it easy to store, manage, and deploy Docker images.

  1. Azure Container Registry (ACR)

    • A managed Docker container registry service provided by Microsoft Azure that allows for the storage and management of private Docker container images.
  1. IBM Cloud Container Registry (ICR)
  • A fully managed container registry service on IBM Cloud, providing secure storage for Docker images.
  1. Docker Hub
  • The default public registry for Docker images, allowing users to share and distribute images with the community.
  1. Harbor
  • An open-source cloud-native registry that stores, signs, and scans container images, providing enhanced security features.
  1. Quay
  • A container registry by Red Hat that offers features like repository management, vulnerability scanning, and image signing.
  1. GitHub Container Registry (GHCR)
  • A container registry integrated with GitHub that allows you to host and manage container images directly in your GitHub repositories.
  1. JFrog Artifactory
  • A universal repository manager that supports multiple types of packages including Docker images, providing enterprise-level features and integrations.
  1. Nexus Repository
  • A repository manager that supports a variety of formats, including Docker, allowing you to host and manage container images.

Interview question:

Can we use the latest tag?

No. because the backword compatability ruins and unable to know which specific version is there.

Images names:

Distroless: Contains only the application and its runtime dependencies, minimizing the attack surface. Adoption is still limited.

Scratch: An empty base image ideal for statically compiled binaries, resulting in ultra-lightweight images.

Alpine: A minimal Linux distribution providing a small footprint (~5 MB) with a package manager, suitable for lightweight applications needing some dependencies.

Images are made of multiple layers:

⇒ What are the number of layers in Dockerfile , it depends on:

  • Your application

  • and how you are writing your dockerfile

⇒ Dockerfile is not case-sensitive, but yeah naming convention should be correct.

Containers:

⇒ stateless

⇒ statefull

⇒ Init

⇒ Ephemeral

⇒ debug containers

stateless - doesn’t preserve own state means current data store or not . example - frontend

statefull- store data ex- database

Interview question: can we both stateless and full workload run in k8s?

yes, You can run multiple types of workloads in the same cluster, and K8s will manage them accordingly

kubectl:

kubectl is a specific command line uitlity for kubernetes

Format of writing kubetcl command:

[kubectl] [command] [type] [name]

NOTE: for CKE or CKS exams we’ve time constraints and for saving time we create alias of kubectl commad like this way:

alias k=kubectl

But don’t use alias in production.


kubectl get nodes

Use a lot while debugging ⇒ Gives more informtation

kubectl get nodes -o wide

To get all the information about the node

kubectl describe node

Gives information about everything happened in your cluster: generally used in production

kubectl get events

To know how many resources kubernetes has

kubectl api-resources

K9S - Visual representation( a Dashboard) for your resources in your cluster. Used in production.

GitHub repo link: https://github.com/derailed/k9s

what is k3s

K3s is a lightweight, certified Kubernetes distribution designed for production workloads in resource-constrained environments, such as edge and IoT locations. It's a single binary of less than 40MB that implements the Kubernetes API, making it easy to install and manage.

PODS:

Pods is ephemeral, mean whatever container will do pods also helps to do so.

⇒ We don’t run standalone pod

⇒ Disposable(after work desptroy) & Ephemeral(not permanent)

Let’s see how pod is made:

apiVersion: v1                         # Specifies the API version of the Kubernetes object.
kind: Pod                              # Defines the type of Kubernetes resource being created (in this case, a Pod).
metadata:                              # Contains metadata information about the Pod.
  name: nginx                          # Sets the name of the Pod to "nginx".
spec:                                 # Defines the desired state and specification of the Pod.
  containers:                         # Starts the definition of the containers within the Pod.
  - name: nginx                       # Names the container as "nginx".
    image: nginx:1.14.2              # Specifies the Docker image to use for the container (nginx version 1.14.2).
    ports:                            # Lists the ports to expose from the container.
    - containerPort: 80              # Exposes port 80 of the container for incoming traffic.

Role and ClusterRole

An RBAC Role or ClusterRole contains rules that represent a set of permissions. Permissions are purely additive (there are no "deny" rules).

Complete blog https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Role example

Here's an example Role in the "default" namespace that can be used to grant read access to pods:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""] *# "" indicates the core API group***resources**: ["pods"]
  verbs**: ["get", "watch", "list"]`

Create a pod:

kubectl run anas --image nginx -- sleep 1d

or

kubectl run anas --image=nginx -- sleep 1d

kubectl get pods

describe po/anas
# or
describe pod/anas

kubectl get pods -o wide  # all the info or extend it give ip and node as well as but get pod doesnt give it 
# or 
kubectl get pods -owide

# to edit the pod 
kubectl edit pod anas(name of pod)

kubectl apply -f 11.yaml
# or 
kubectl create -f 11.yaml

Here we are deleting pod and pod/nginx is a pod name


kubectl delete pod/nginx

kubectl exec -it nginx -- bash

  • it: Here means interactive terminal, allowing you to interact with the container via the terminal.

  • exec: Command used to run a command in a running container.

  • nginx: Name of the pod or container you are interacting with.

  • - bash: Specifies that the command to run inside the container is bash, allowing you to access the container's shell.

NOTE: In production we never use exec

in production all things cpu, memory consumed . pods are Ephemeral that’s why pods are flushed

exec only for when high priority workload is not work.

how to out of exec process - write exit

It’ll not create a pod but show you how it’ll look like

--dry-run=client: This flag tells kubectl to not actually create the pod but to simulate the creation and print the resulting configuration to the console. It's useful for testing or validating the command without making any changes.

kubectl run anas --image nginx --dry-run=client
kubectl run anas --image nginx --dry-run=client -o yaml # it gives in yaml form 
# with sleep parameter
kubectl run anas --image nginx --dry-run=client -o yaml --sleep 1d

kubectl get pod/anas -o yaml>1.yaml

# to check
cat 1.yaml

Kubernetes Release Stages:

  1. Alpha: Features are experimental, not enabled by default, and may change or be removed in future releases. Not ready for production.

  2. Beta: Features are more stable and enabled by default; they are considered safe for use but may still undergo changes. Can apply in production.

  3. **Stable (V1)**: Features have been tested extensively and are fully supported; recommended for production use.

Debug containers:

Learn more on official k8s docs about debug running pod :

https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/

Debug containers are used to diagnose and fix issues in Docker containers or Kubernetes applications

debug make the copy in container

debug container / Ephemeral can’t be kill we need to kill main container.

kubectl debug -it anas --image=nginx --target=anas2 -- /bin/bash

The kubectl debug command creates a new debugger container in the anas pod using the nginx image, attaches to it, targets the anas2 container for debugging, and runs a bash command inside the debugger container, allowing you to inspect and debug the anas2 container.

I would like to extend my heartfelt thanks to Preet Munjal for providing valuable insights and content on kubernetes.

  • Let's stay connected and continue to learn from each other. If you have any more questions or topics you'd like to discuss, feel free to reach out to me anytime.

    LinkedIn: [https://www.linkedin.com/in/anas133/]

day 07 piyush task

0
Subscribe to my newsletter

Read articles from Anas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

premclusterdebugcontainerclusterimagesObjects#Pods debuggingephemeralkindminikubeDevops

Written by

Anas
Anas