Skip to content

Commit

Permalink
Kubernetes lessons
Browse files Browse the repository at this point in the history
  • Loading branch information
dpurge committed Oct 27, 2024
1 parent 6adfc74 commit 86d9dde
Show file tree
Hide file tree
Showing 7 changed files with 472 additions and 1 deletion.
2 changes: 2 additions & 0 deletions content/docs/devops/gcp/gke-workload-identity.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# GKE Workload Identity

60 changes: 60 additions & 0 deletions content/docs/devops/kubernetes/deployment.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# Deployment

`Deployment` is a wrapper around replica set, which allows to do controlled updates to pods.
When we update the pod template in the deployment, it will update the pods.

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
labels:
app.kubernetes.io/name: hello
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: hello
template:
metadata:
labels:
app.kubernetes.io/name: hello
spec:
containers:
- name: hello-container
image: busybox
command: ['sh', '-c', 'echo Hello from deployment! && sleep 3600']
```
```sh
kubectl apply -f deployment.yaml --record
kubectl get deployment
kubectl get rs
kubectl get pod
kubectl scale deployment hello --replicas=5
kubectl get po --watch
kubectl scale deploy hello --replicas=3
kubectl set image deploy hello hello-container=busybox:1.31.1 --record
kubectl rollout history deploy hello
kubectl rollout undo deploy hello
```

Deployment strategies:

- `Recreate` - deletes all pods and starts new ones
- `RollingUpdate` - you optionally define maximum unavailable and maximum surge numbers (default is 25%), new pods are created before old pods are deleted

```yaml
spec:
strategy:
type: Recreate
```
```yaml
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 40%
maxSurge: 40%
```
208 changes: 208 additions & 0 deletions content/docs/devops/kubernetes/ingress.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,208 @@
# Ingress

`Ingress` resource exposes multiple services to the outside of the cluster and manages access.
It is a collection of rules and paths but needs something to apply these rules the `Ingress controller`.
Ingress controller acts as a gateway and routes external traffic to services based on the Ingress resource and its rules.

Ingress controller is a collection of:

- kubernetes deployment, with pods running containers with a gateway or proxy server, eg. nginx, ambassador
- kubernetes service that exposes ingress controller pods
- supporting resources: configuration maps, secrets etc.

```yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-example
spec:
rules:
- host: example.com
http:
paths:
- path: /blog
backend:
serviceName: blogservice
servicePort: 80
- path: /music
backend:
serviceName: musicservice
servicePort: 8080
```
Ingress controller will have annotations that depend on the type of Ingress Controller you are using (Traeffik. Nginx, HAProxy, Ambassador, ...)
Example with Ambassador gateway:
```sh
kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-crds.yaml
kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-rbac.yaml
kubectl get deploy
kubectl get po
kubectl get svc
```

```yaml
apiVersion: v1
kind: Service
metadata:
name: ambassador
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
service: ambassador
ports:
- port: 80
targetPort: 8080
```
```sh
kubectl apply -f ambassador-lb.yaml
minikube service ambassador # opens browser to the service address; diagnostics: /ambassador/v0/diag/
```

Ingress without rules:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ambassador
name: my-ingress
spec:
defaultBackend:
service:
name: hello-world
port:
number: 3000
```
```sh
kubectl apply -f simple-ing.haml
kubectl get ing
minikube service ambassador
```

Example with path-based routing:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ambassador
name: my-ingress
spec:
rules:
- http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 3000
- path: /dog
pathType: Prefix
backend:
service:
name: dog-service
port:
number: 3000
```
```sh
kubectl apply -f path-ing.haml
kubectl describe ing my-ingress
minikube ip
# access:
# http://.../hello
# http://.../dog
```

Hostname based access:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ambassador
name: my-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 3000
- path: /dog
pathType: Prefix
backend:
service:
name: dog-service
port:
number: 3000
```
```sh
kubectl apply -f hostname-ing.yaml
kubectl describe ing my-ingress
# add DNS record to your domain registrar and access: http://example.com/hello
```

Some ingress controllers will automatically set up default backend service.
In Ambassador you can combine `defaultBackend` and `rules`.

Subdomain ingress:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ambassador
name: my-ingress
spec:
defaultBackend:
service:
name: hello-world
port:
number: 3000
rules:
- host: example.com
http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 3000
- host: dog.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dog-service
port:
number: 3000
```
```sh
kubectl apply -f subdomain-ing.yaml
kubectl describe ing my-ingress
# http://example.com/hello
# http://dog.example.com/
```
2 changes: 1 addition & 1 deletion content/docs/devops/kubernetes/pod.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Kubernetes assigns a unique IP address to a pod.
Containers within a pod can listen on different ports.

When the pod restarts, it gets a different IP address.
A `service` is an abstraction that gets a stable IP address and DNS name.
A `service` is an abstraction that gets a stable IP address and DNS name and acts as a load balancer for pods.

All containers within a pod will get scaled together - a pod is the unit of scale.
You cannot scale individual containers within the pod.
Expand Down
42 changes: 42 additions & 0 deletions content/docs/devops/kubernetes/replica-set.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Replica set

`Replica set` maintains a stamble number of pod copies (replicas).

Replica set controller guarantees that a specified nymber of identical pods are running at all times.
It uses the selector field and pod labels to find pods that it owns.

```yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: hello
labels:
app.kubernetes.io/name: hello
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: hello
template:
metadata:
labels:
app.kubernetes.io/name: hello
spec:
containers:
- name: hello-container
image: busybox
command: ["sh", "-c", "echo Hello from replica set! && sleep 3600"]
```
```sh
kubectl apply -f replicaset.yaml
kubectl get replicaset
kubectl get pods -l app.kubernetes.io/name=hello
kubectl get pods hello-xxxxx -o yaml | grep -A5 ownerReferences
kubectl delete po hello-xxxxx
kubectl edit rs hello
kubectl get po hello-xxxxx | grep Image
kubectl delete rs hello
```

Replica set can be managed by a `deployment`, which can update pods managed by this replica set in a controlled, zero-downtime manner.
Loading

0 comments on commit 86d9dde

Please sign in to comment.