March 3, 2024

My Kubernetes Notes

My Kubernetes Notes

My Kubernetes Notes

Table of Contents

  1. Introduction to Kubernetes
  2. Kubernetes Architecture
  3. Kubernetes Objects
  4. Working with Pods, Deployments, and Services
  5. Kubernetes Networking
  6. Port Forwarding
  7. Sealed Secrets using Kubeseal
  8. ConfigMaps and Secrets
  9. Persistent Storage in Kubernetes
  10. Kubernetes Monitoring and Logging
  11. Helm: Package Manager for Kubernetes
  12. Kubernetes Security Best Practices

1. Introduction to Kubernetes

Kubernetes (K8s) is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

Key Features:

  • Automated Scaling: Scale applications up/down based on demand.
  • Self-Healing: Restarts failed containers and replaces them.
  • Load Balancing: Distributes network traffic.
  • Rolling Updates & Rollbacks: Updates applications with zero downtime.
  • Storage Orchestration: Manages persistent storage.

2. Kubernetes Architecture

Master Node Components:

  • API Server: Entrypoint for all commands.
  • Scheduler: Assigns workloads to nodes.
  • Controller Manager: Ensures desired state.
  • etcd: Key-value store for cluster data.

Worker Node Components:

  • Kubelet: Communicates with the master.
  • Kube-Proxy: Manages network rules.
  • Container Runtime: Runs containers (e.g., Docker, containerd).

3. Kubernetes Objects

Common Objects:

  • Pod: Smallest deployable unit (1+ containers).
  • Deployment: Manages Pods (scaling, updates).
  • Service: Exposes Pods via stable IP/DNS.
  • ConfigMap & Secret: Stores configuration data.
  • PersistentVolume (PV) & PersistentVolumeClaim (PVC): Manages storage.

4. Working with Pods, Deployments, and Services

Create a Pod:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
    - name: nginx
      image: nginx:latest
      ports:
        - containerPort: 80

Apply: kubectl apply -f pod.yaml

Create a Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80

Apply: kubectl apply -f deployment.yaml

Expose a Service:

kubectl expose deployment nginx-deployment --type=LoadBalancer --port=80

Or via YAML:

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: LoadBalancer

5. Kubernetes Networking

  • ClusterIP: Internal IP (default).
  • NodePort: Exposes on a static port.
  • LoadBalancer: External cloud-based LB.
  • Ingress: Manages external HTTP(S) traffic.

6. Port Forwarding

Allows accessing a Pod directly from localhost.

Forward Port to a Pod:

kubectl port-forward pod/nginx-pod 8080:80

Access: http://localhost:8080

Forward Port to a Service:

kubectl port-forward svc/nginx-service 8080:80

7. Sealed Secrets using Kubeseal

Sealed Secrets encrypts Kubernetes Secrets so they can be safely stored in Git.

Install Kubeseal:

brew install kubeseal  # macOS
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml

Create a Sealed Secret: Create a Secret:

kubectl create secret generic my-secret --from-literal=<api_key>=1234 --dry-run=client -o yaml > <filename>.secret.yaml

Seal it:

kubeseal --format yaml < secret.yaml > sealed-secret.yaml

Apply:

kubectl apply -f sealed-secret.yaml

8. ConfigMaps and Secrets

ConfigMap Example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  config.properties: |
    db.url=jdbc:mysql://db-host:3306/mydb

Apply: kubectl apply -f configmap.yaml

Secret Example:

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4= # base64 encoded
  password: MTIzNA==

9. Persistent Storage in Kubernetes

PersistentVolume (PV) & PersistentVolumeClaim (PVC)

# PV
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-volume
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"
 
# PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pv-claim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

10. Kubernetes Monitoring and Logging

Check Logs:

kubectl logs <pod-name>

Monitor Resources:

kubectl top pods
kubectl top nodes

Prometheus & Grafana Setup Install using Helm:

helm install prometheus prometheus-community/prometheus
helm install grafana grafana/grafana

11. Helm: Package Manager for Kubernetes

Install Helm:

brew install helm  # macOS

Create a Helm Chart:

helm create mychart

Install a Chart:

helm install my-release ./mychart

12. Kubernetes Security Best Practices

  • Use RBAC: Restrict access via Roles & RoleBindings.
  • Enable Network Policies: Control Pod-to-Pod traffic.
  • Scan Images for Vulnerabilities: Use tools like Trivy.
  • Avoid Running as Root: Set securityContext.runAsNonRoot: true.
CommandDescription
kubectl get podsList all Pods
kubectl describe pod <pod-name>Inspect Pod details
kubectl logs <pod-name>View logs
kubectl exec -it <pod-name> -- /bin/shEnter Pod shell
kubectl delete pod <pod-name>Delete a Pod
kubectl apply -f file.yamlApply YAML config
kubectl get nodesList cluster nodes
kubectl config viewView kubeconfig

Conclusion

This guide covers essential Kubernetes concepts, including port-forwarding, Sealed Secrets, Helm, and security practices. Kubernetes is a powerful tool for managing containerized applications at scale.

🚀 Happy Kubernetting! 🚀

See all blogs