Get Started. It's Free
or sign up with your email address
Rocket clouds
dummy by Mind Map: dummy

1. Kubernetes (K8s)

1.1. Documentation

1.1.1. what is kubernetes

1.1.2. User Guide

1.1.3. Xoriant Blog - K Building Blocks

1.1.4. Network Design

1.1.5. Tutorials

1.1.6. Security Best Practices

1.1.6.1. good, only slightly TwistLock biased

1.1.7. 4-Day Docker & Kubernetes Training

1.1.8. KubeWeekly

1.1.8.1. TONS of K8s relevant info

1.2. has

1.2.1. Cluster - a group of nodes

1.2.1.1. Node - a physical or virtual machine

1.2.1.1.1. has

1.2.1.1.2. is

1.2.1.2. allow isolation between pods within a cluster - perhaps for different teams, perhaps by environment (dev, test, prod)

1.2.1.2.1. Default: within a namespace, all pods can talk to each other

1.2.1.2.2. DefaultDeny: Pods in the namespace will be inaccessible from any source except the pod's local Node

1.2.1.3. A production cluster should have at least 3 nodes

1.2.1.4. disks

1.2.2. Master Controller (typically 1)

1.2.2.1. has

1.2.2.1.1. Deployments

1.2.2.1.2. Discovery Service

1.2.2.1.3. Replication Controller

1.2.2.1.4. Scheduling Manager

1.2.2.1.5. Heapster

1.2.2.1.6. GCE only: GLBC - GCE Load Balance Controller

1.2.2.1.7. KubeDNS

1.2.2.1.8. dashboard

1.2.2.1.9. API

1.2.3. command line utility

1.2.3.1. kubectl

1.2.3.1.1. has

1.2.4. Services

1.2.4.1. integrate w HashiCorp Vault?

1.2.4.2. single endpoint to multiple pods to provide consistent point of entry for service consumer

1.2.4.2.1. LoadBalancer

1.2.4.2.2. NodePort

1.2.5. Networking

1.2.5.1. IP-per-Pod model: IP addresses applied at a Pod level

1.2.5.1.1. All containers within a Pod use different ports on same IP

1.2.5.1.2. Pod's single IP is the same inside and outside the pod.

1.2.5.2. Google Compute Engine

1.2.5.2.1. Each VM

1.2.5.3. Service

1.2.5.3.1. pod load balancing

1.2.5.3.2. virtual IP for client access

1.2.6. namespaces

1.2.6.1. create subdomains for services. <service-name>.<namespace-name>.svc.cluster.local.

1.2.6.1.1. See https://kubernetes.io/docs/admin/namespaces/

1.2.7. Labels

1.2.8. Secrets

1.2.8.1. implemented in etcd

1.2.8.1.1. not encrypted

1.2.8.2. available to all containers in cluster

1.2.8.3. Secrets Management (more here than just K8s)

1.2.9. contexts

1.2.9.1. seems to be

1.2.10. console

1.2.10.1. GUI

1.2.10.1.1. 127.0.0.1:8001/ui

1.2.10.2. can be used to explore API

1.2.10.2.1. 127.0.0.1:8001/api

1.3. kubectl commands

1.3.1. kubectl cheat sheet

1.3.2. kubectl cluster-info

1.3.2.1. gets info about the cluster

1.3.3. kubectl get

1.3.3.1. lists the objects in the cluster

1.3.3.1.1. kubectl get nodes

1.3.3.1.2. kubectl get services

1.3.3.1.3. kubectl get deployments

1.3.3.1.4. kubectl get pods -l <label-name>=<label-value>

1.3.4. kubectl proxy

1.3.4.1. create a route between the terminal and K8s cluster - allows access to the API

1.3.4.2. open a browser to http://localhost:8001/ui for the K8s GUI

1.3.5. kubectl expose

1.3.5.1. exposes deployment as a service externally

1.3.5.1.1. EG kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080

1.3.5.1.2. how to determine if an exposed service requires authentication or not? How to require auth?

1.3.6. kubectl describe

1.3.6.1. describes object w a lot of details

1.3.6.1.1. kubectl describe deployment

1.3.6.1.2. kubectl describe services

1.3.6.1.3. kubectl describe services/kubernetes-bootcamp

1.3.7. kubectl run

1.3.7.1. creates a deployment

1.3.8. kubectl config

1.3.8.1. kubectl config get-contexts

1.3.8.1.1. list all the contexts available in the k8s config

1.3.8.2. kubectl config use-context <context-name>

1.3.8.2.1. sets current context

1.3.9. kubectl exec

1.3.9.1. run a command on container. Often used to get to a shell

1.3.9.1.1. kubectl exec <pod-name> -it -- "bash"

1.3.10. kubectl attach

1.3.10.1. (look this up)

1.3.10.1.1. kubectl attach nettools-3282871191-3m089 -c nettools -ti

1.3.11. kubectl top pods

1.3.11.1. show top pods by CPU load

1.4. k8s runs

1.4.1. deployments

1.4.2. jobs

1.4.2.1. if a job fails, it will try again

1.4.2.1.1. check to see if this is really true or if there is a setting to control

1.4.3. bare pod

1.4.3.1. if you want something to just terminate if it fails (eg, building new infrastructure)

1.4.4. Replication Controllers

1.5. DNS

1.5.1. creates its own dns

1.5.1.1. service.namespace.svc.cluster.local

1.6. deployments

1.6.1. deployment YAML

1.6.1.1. resources

1.6.1.1.1. limits

1.6.1.1.2. requests