-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
472 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# GKE Workload Identity | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# Deployment | ||
|
||
`Deployment` is a wrapper around replica set, which allows to do controlled updates to pods. | ||
When we update the pod template in the deployment, it will update the pods. | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: hello | ||
labels: | ||
app.kubernetes.io/name: hello | ||
spec: | ||
replicas: 3 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: hello | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: hello | ||
spec: | ||
containers: | ||
- name: hello-container | ||
image: busybox | ||
command: ['sh', '-c', 'echo Hello from deployment! && sleep 3600'] | ||
``` | ||
```sh | ||
kubectl apply -f deployment.yaml --record | ||
kubectl get deployment | ||
kubectl get rs | ||
kubectl get pod | ||
kubectl scale deployment hello --replicas=5 | ||
kubectl get po --watch | ||
kubectl scale deploy hello --replicas=3 | ||
kubectl set image deploy hello hello-container=busybox:1.31.1 --record | ||
kubectl rollout history deploy hello | ||
kubectl rollout undo deploy hello | ||
``` | ||
|
||
Deployment strategies: | ||
|
||
- `Recreate` - deletes all pods and starts new ones | ||
- `RollingUpdate` - you optionally define maximum unavailable and maximum surge numbers (default is 25%), new pods are created before old pods are deleted | ||
|
||
```yaml | ||
spec: | ||
strategy: | ||
type: Recreate | ||
``` | ||
```yaml | ||
spec: | ||
strategy: | ||
type: RollingUpdate | ||
rollingUpdate: | ||
maxUnavailable: 40% | ||
maxSurge: 40% | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,208 @@ | ||
# Ingress | ||
|
||
`Ingress` resource exposes multiple services to the outside of the cluster and manages access. | ||
It is a collection of rules and paths but needs something to apply these rules the `Ingress controller`. | ||
Ingress controller acts as a gateway and routes external traffic to services based on the Ingress resource and its rules. | ||
|
||
Ingress controller is a collection of: | ||
|
||
- kubernetes deployment, with pods running containers with a gateway or proxy server, eg. nginx, ambassador | ||
- kubernetes service that exposes ingress controller pods | ||
- supporting resources: configuration maps, secrets etc. | ||
|
||
```yaml | ||
apiVersion: networking.k8s.io/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: ingress-example | ||
spec: | ||
rules: | ||
- host: example.com | ||
http: | ||
paths: | ||
- path: /blog | ||
backend: | ||
serviceName: blogservice | ||
servicePort: 80 | ||
- path: /music | ||
backend: | ||
serviceName: musicservice | ||
servicePort: 8080 | ||
``` | ||
Ingress controller will have annotations that depend on the type of Ingress Controller you are using (Traeffik. Nginx, HAProxy, Ambassador, ...) | ||
Example with Ambassador gateway: | ||
```sh | ||
kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-crds.yaml | ||
kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-rbac.yaml | ||
kubectl get deploy | ||
kubectl get po | ||
kubectl get svc | ||
``` | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: ambassador | ||
spec: | ||
type: LoadBalancer | ||
externalTrafficPolicy: Local | ||
selector: | ||
service: ambassador | ||
ports: | ||
- port: 80 | ||
targetPort: 8080 | ||
``` | ||
```sh | ||
kubectl apply -f ambassador-lb.yaml | ||
minikube service ambassador # opens browser to the service address; diagnostics: /ambassador/v0/diag/ | ||
``` | ||
|
||
Ingress without rules: | ||
|
||
```yaml | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
annotations: | ||
kubernetes.io/ingress.class: ambassador | ||
name: my-ingress | ||
spec: | ||
defaultBackend: | ||
service: | ||
name: hello-world | ||
port: | ||
number: 3000 | ||
``` | ||
```sh | ||
kubectl apply -f simple-ing.haml | ||
kubectl get ing | ||
minikube service ambassador | ||
``` | ||
|
||
Example with path-based routing: | ||
|
||
```yaml | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
annotations: | ||
kubernetes.io/ingress.class: ambassador | ||
name: my-ingress | ||
spec: | ||
rules: | ||
- http: | ||
paths: | ||
- path: /hello | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: hello-world | ||
port: | ||
number: 3000 | ||
- path: /dog | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: dog-service | ||
port: | ||
number: 3000 | ||
``` | ||
```sh | ||
kubectl apply -f path-ing.haml | ||
kubectl describe ing my-ingress | ||
minikube ip | ||
# access: | ||
# http://.../hello | ||
# http://.../dog | ||
``` | ||
|
||
Hostname based access: | ||
|
||
```yaml | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
annotations: | ||
kubernetes.io/ingress.class: ambassador | ||
name: my-ingress | ||
spec: | ||
rules: | ||
- host: example.com | ||
http: | ||
paths: | ||
- path: /hello | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: hello-world | ||
port: | ||
number: 3000 | ||
- path: /dog | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: dog-service | ||
port: | ||
number: 3000 | ||
``` | ||
```sh | ||
kubectl apply -f hostname-ing.yaml | ||
kubectl describe ing my-ingress | ||
# add DNS record to your domain registrar and access: http://example.com/hello | ||
``` | ||
|
||
Some ingress controllers will automatically set up default backend service. | ||
In Ambassador you can combine `defaultBackend` and `rules`. | ||
|
||
Subdomain ingress: | ||
|
||
```yaml | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
annotations: | ||
kubernetes.io/ingress.class: ambassador | ||
name: my-ingress | ||
spec: | ||
defaultBackend: | ||
service: | ||
name: hello-world | ||
port: | ||
number: 3000 | ||
rules: | ||
- host: example.com | ||
http: | ||
paths: | ||
- path: /hello | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: hello-world | ||
port: | ||
number: 3000 | ||
- host: dog.example.com | ||
http: | ||
paths: | ||
- path: / | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: dog-service | ||
port: | ||
number: 3000 | ||
``` | ||
```sh | ||
kubectl apply -f subdomain-ing.yaml | ||
kubectl describe ing my-ingress | ||
# http://example.com/hello | ||
# http://dog.example.com/ | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Replica set | ||
|
||
`Replica set` maintains a stamble number of pod copies (replicas). | ||
|
||
Replica set controller guarantees that a specified nymber of identical pods are running at all times. | ||
It uses the selector field and pod labels to find pods that it owns. | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: ReplicaSet | ||
metadata: | ||
name: hello | ||
labels: | ||
app.kubernetes.io/name: hello | ||
spec: | ||
replicas: 3 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: hello | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: hello | ||
spec: | ||
containers: | ||
- name: hello-container | ||
image: busybox | ||
command: ["sh", "-c", "echo Hello from replica set! && sleep 3600"] | ||
``` | ||
```sh | ||
kubectl apply -f replicaset.yaml | ||
kubectl get replicaset | ||
kubectl get pods -l app.kubernetes.io/name=hello | ||
kubectl get pods hello-xxxxx -o yaml | grep -A5 ownerReferences | ||
kubectl delete po hello-xxxxx | ||
kubectl edit rs hello | ||
kubectl get po hello-xxxxx | grep Image | ||
kubectl delete rs hello | ||
``` | ||
|
||
Replica set can be managed by a `deployment`, which can update pods managed by this replica set in a controlled, zero-downtime manner. |
Oops, something went wrong.