GCP & Kubernetes

Get Started. It's Free
or sign up with your email address
GCP & Kubernetes by Mind Map: GCP & Kubernetes

1. OMG this is old and some may be wrong...

1.1. cookbooks

1.1.1. Download docker image & put in in my Google Cloud Repository (GCR) find image on dockerhub docker search <search-text> pull from dockerhub docker pull <tag> check the list of images, get a tag docker images tag the image with my GCR info docker tag <current-tag> <new-repo-specific-tag-and-version> push the image to my GCR 1. gcloud auth configure-docker 2. docker push <new-repo-specific-tag-and-version> DEPRECATED: gcloud docker -- push <new-repo-specific-tag-and-version>

1.1.2. delete all exited & dead containers in docker docker ps -f status=exited -f status=dead --format "{{.ID}}" | xargs docker rm

1.1.3. create a cluster use the gui. Look at command line if you want it. then, add the cluster to your kubectl config gcloud container clusters get-credentials <cluster-name> --zone <zone> --project <project-name>

1.1.4. add a container to the cluster, creating a pod along the way make sure the image is in your local repository first! docker images use kubectl run to add the container kubectl run <image-name> --image=<image-tag>

1.1.5. delete all clusters in your kubectrl config (eg, the clusters have been deleted in GKE) kubectl config get-clusters | grep -v NAME | xargs -n 1 kubectl config delete-cluster

1.1.6. get to a command line in a container. Replace "bash"with "sh" if bash not supported in container If its the only container in the pod kubectl exec -it <pod-name> -- "bash" If there are multiple containers in the pod first find the container name for the container you want then exec the shell

1.1.7. list all the containers in all your clusters (close, but not working yet) kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].name}" kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.name}{", "}{end}{end}' |\ sort

1.1.8. list all your clusters kubectl config view and then look in the contexts section

1.1.9. delete a pod/deployment kubectl get pods list the pods to see your pod is there kubectl get deployments get the name of your pod's deployment kubectl delete deployment <deployment-name> you need to delete the deployment. If you delete the pod, kubernetes will recreate it kubectl get deployments make sure your deployment is gone kubectl get pods make sure your pod is gone

1.1.10. show all gke instances by name, zone, tags, & status gcloud compute instances list --filter 'name~gke.*' --format "table(name:sort=1,zone,tags.items.list():label=TAGS,status)"

1.1.11. scaling scale pods up and down kubectl scale deploy <deployment> -n <namespace> --replicas <replica count> scale nodes up and down gcloud container clusters resize <cluster> --size <number of nodes per zone> --project <project> --zone <master zone>

1.1.12. restart a container without killing a pod exec into the container and run kill -HUP 1 eg, exec in to the sidecar to restart nginx to pick up a new cert

1.1.13. check a certificate in a running pod openssl s_client -connect <domain-name>:<port> | openssl x509 -noout -text in the secret for a pod list all the certs first then describe the cert

1.2. Kubernetes (K8s)

1.2.1. Documentation what is kubernetes User Guide Xoriant Blog - K Building Blocks Network Design Tutorials Security Best Practices good, only slightly TwistLock biased 4-Day Docker & Kubernetes Training KubeWeekly TONS of K8s relevant info

1.2.2. has Cluster - a group of nodes Node - a physical or virtual machine allow isolation between pods within a cluster - perhaps for different teams, perhaps by environment (dev, test, prod) A production cluster should have at least 3 nodes disks Master Controller (typically 1) has command line utility kubectl Services integrate w HashiCorp Vault? single endpoint to multiple pods to provide consistent point of entry for service consumer Networking IP-per-Pod model: IP addresses applied at a Pod level Google Compute Engine Service namespaces create subdomains for services. <service-name>.<namespace-name>.svc.cluster.local. Labels Secrets implemented in etcd available to all containers in cluster Secrets Management (more here than just K8s) contexts seems to be console GUI can be used to explore API

1.2.3. kubectl commands kubectl cheat sheet kubectl cluster-info gets info about the cluster kubectl get lists the objects in the cluster kubectl proxy create a route between the terminal and K8s cluster - allows access to the API open a browser to http://localhost:8001/ui for the K8s GUI kubectl expose exposes deployment as a service externally kubectl describe describes object w a lot of details kubectl run creates a deployment kubectl config kubectl config get-contexts kubectl config use-context <context-name> kubectl exec run a command on container. Often used to get to a shell kubectl attach (look this up) kubectl top pods show top pods by CPU load

1.2.4. k8s runs deployments jobs if a job fails, it will try again bare pod if you want something to just terminate if it fails (eg, building new infrastructure) Replication Controllers

1.2.5. DNS creates its own dns service.namespace.svc.cluster.local

1.2.6. deployments deployment YAML resources

1.3. Docker

1.3.1. sample Dockerfiles

1.3.2. Dockerfile commands FROM MAINTAINER RUN ENTRYPOINT

1.3.3. commands docker pull pull an image from another repo docker pull <tag> docker push push an image to a repo docker images list all images docker ps show currently running docker processes -a docker build docker build -t <tag> <Dockerfile location> docker run docker run <tag> <params> -it -v <from>:<to>:<permissions> docker logs docker logs <container name> docker inspect docker inspect <container name> docker rm docker rm <container name> docker rmi remove image <tag> docker cp docker cp <from> <to>

1.3.4. cookbooks delete all images with <none> tag (find a better way) docker images | grep '<none>' | cut -c 72-83 | xargs -n1 docker image rm

1.3.5. tools container diff GoogleContainerTools/container-diff

1.4. Google Cloud Platform

1.4.1. Networking https://cloud.google.com/compute/docs/networking Different networks - even in the same project - cannot communicate directly with each other - they must communicate through the internet (or possibly through a common VPN) Each network can have different subnets. Subnets can communicate with each other - given appropriate firewall rules Even hosts on the same subnet can not communicate without a firewall rule allowing it, creating much greater granularity than available with traditional networks. Tags can be used for creating firewall rules, greatly simplifying granular firewall rule creation. The same tags can be used in multiple networks, however, Tags are not recognized across networks. E.G., If I tag server A as "ping-from" on network X and server B as "ping-to" on network Y, and attempt to ping from A to B's external IP, it won't work if my rule on network Y is to allow ping-from to ping ping-to. But, I can create a rule on network Y to allow A's external IP to ping any ping-to systems, and A will be able to ping B. commands gcloud compute networks create <network_name> --mode auto

1.4.2. regions & zones gcloud config set compute/zone us-east1-d

1.4.3. Container Engine built on Kubernetes Kubernetes clusters Docker gcloud docker -- <docker command> Container Registry gcr.io/<project-name> gcloud container images list Good Intro

1.4.4. Compute Engine gcloud compute images list list all the images available

1.4.5. Cloud Shell appears to be one instance per user - same instance across multiple projects Appears to be independent of project (my k8s config shows clusters in multiple projects)

1.4.6. Cook Books Take a standard image, add an application, make an image, deploy in a pod

1.4.7. Tutorials Jenkins in GKE See also

1.4.8. Projects gcloud projects list Guide to projects, permissions, & accounts

1.4.9. AAA 2FA Enforcement Google Cloud Directory Sync best practices

1.4.10. to authenticate in SDK: gcloud auth application-default login

1.4.11. Documentation Google Cloud Compute Tips

1.4.12. gcloud config gcloud config configurations list gcloud config configurations activate <configuration-name> --format table format, no labels json format

2. K8s

2.1. What version of docker/containerd am I running?

2.1.1. kubectl get nodes -o wide

3. GCP Service Accounts

3.1. Service agents  |  IAM Documentation  |  Google Cloud

4. gcloud

4.1. formatting

4.1.1. how to show the default formatting for a command: force a broken table EG g compute routes list --format="table(" ERROR: (gcloud.compute.routes.list) More tokens expected [ table( name, network.basename(), destRange, firstof( nextHopInstance, nextHopGateway, nextHopIp, nextHopVpnTunnel, nextHopPeering, nextHopNetwork, nextHopHub).scope() :label=NEXT_HOP, priority ) table( *HERE*].