Search This Blog

Kubernetes YAML Basics & Kubernetes command line

Kubernetes YAML

This article explains about what is Kubernetes YAML, its structure, references for different activities. Talks about YAML editors & validator and different techniques to generate YAML file from existing system. It contains 4 main parts

  1. apiVersion: Version of API to create or modify the object. [v1 | v2]
  2. kind: 
    1. Represent Kubernetes objects and state of your cluster.
    2. [Deployment | Pod | ConfigMap | Replicaset | Screte | LimitRanges DaemonSet | ReplicationController | Job]. 
    3. The first character of 'kind' should always be capital as per naming conventions of Kubernetes.
    4. Is a “record of intent”–once you create the object, the Kubernetes system will constantly work to ensure that the object exists.
    5. Ensure cluster desired state
  3. metadata: 
    1. Uniquely identify the object using the name, UID or namespace.
    2. [Meta information about kind, usually it contains key-value pair]
    3. Each object in the cluster has a NAME that is unique for that type of resource.
    4. Kubernetes auto-assign a unique ID to each object in the cluster. Universally unique.
    5. You can apply labels to object to define its characteristics, like
      metadata:
  name: label-demo
  labels:
    environment: production
    app: nginx
  4. spec: 
    1. Desired state of the object
    2. Specification of a kind

Specification

  1. Deployment 
    1. Upgrade instance [Tolling (default), blue-green, canery]
    2. Run multiple instances
    3. Rollback changes
    4. Apply changes with pause
    5. Replicaset - Ensure desire state configuration for pod
    6. Deployment is a higher-level concept that manages ReplicaSets
    7. Use Deployments instead of directly using ReplicaSets
  2. Pod 
  3. ConfigMap
    1. Allow you to decouple configuration artifacts from image content to keep containerized applications portable.
  4. Secrete 
    1. Store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.
    2. contains a small amount of sensitive data
    3. To use a secret, a pod needs to reference the secret. A secret can be used with a Pod in two ways: 
      1.  As files in a volume mounted on one or more of its containers. 
      2. By the kubelet when pulling images for the Pod. 
    4. Built-in secrete -  automatically creates secrets that contain credentials for accessing the API and automatically modifies your pods to use this type of secret. 
    5. Custom Secrete  - for example, user credentials required by Pods to access a database
    6. Secrets are not secure as they are base64 encoded strings only.
  5. LimitRange
    1. Assign a resource request and a resource limit to a Container.
  6. ReplicaSet
    1. Ensure a stable set of replica pods at a given point of time.
    2. Guarantee availability of a specified number of identical pods
    3. Use Deployments instead of directly using ReplicaSets as Deployment is the higher-level component that manages REplicaSets
    4. Alternative to ReplicaSet
      1. Deployment (Recommended)
      2. Job
      3. DaemonSet
      4. ReplicationController
      5. BarePod
  7. Job
    1. creates one or more Pods and ensures that a specified number of them successfully terminate.
    2. Deleting a job will clean up its pods
    3. The job object will create a new pod if the first pod fails of deleted.
    4. Reliably run a pod to its completion
    5. Use a job to run multiple pods in parallel
  8. DaemonSet
    1. Ensure all or some nodes runs a copy of a pod.
    2. Deleting a DaemonSet will cleanup the pod created by DaemonSet.
    3. Use case
      1. Storage daemon
      2. Logs collection
      3. Monitoring
    4. Scheduling
      1. Scheduled by the default scheduler
      2. DaemonSet pods are created and scheduled by the DaemonSet controller
      3. DaemonSet pods are not created in the Pending state.
    5. Communicating with daemon pod
      1. Push - 
      2. Node IP & known port
      3. DNS
      4. Service
    6. Alternative to DaemonSet
      1. Bare Pods
      2. Static Pods
      3. Deployments
  9. ReplicationController
    1. Ensures a homogeneous set of pods is always up and available.

Examples

Pod

YAML 
apiVersion: v1
    kind: Pod
    metadata:
      name: rss-site
      labels:
        app: web
    spec:
      containers:
        - name: front-end
          image: nginx
          ports:
            - containerPort: 80
CLI 
        kubectl run --generator=run-pod/v1 --image=nginx
        #Only generate Yaml file
        kubectl run --generator=run-pod/v1 --image=nginx --dry-run -o yaml
Reference
https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-initialization/

Deployment Yaml

YAML 
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
    spec:
      replicas: 3
CLI
        kubectl run --generator=run-pod/v1 --image=nginx
        #Only generate Yaml file
        kubectl run --generator=run-pod/v1 --image=nginx --dry-run -o yaml
Reference
https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

ConfigMap Yaml - kubectl get configmaps app-config -o yaml 

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: app-config
    data:
      queue.properties:
        maxlength:10
        topic: abx
      sql.properties:
          server: .
          database: app-db
CLI 
    
kubectl create configmap  
kubectl describle configmap app-config
# Create the configmap from directories
#command packages each file, in /configmap directory into the game-config ConfigMap
kubectl create configmap game-config --from-file=configure-pod-container/configmap/

Reference
https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/

ReplicaSet YAML

apiVersion: v1
    kind: LimitRange
    metadata:
      name: mem-limit-range
    spec:
      limits:
      - default:
          memory: 512Mi
        defaultRequest:
          memory: 256Mi
        type: Container
CLI 
kubectl describe replicaset
kubectl create replicaset
Reference
https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/

Secrete YAML

    
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
----------------------------------------------------------------
Below is an example of a Pod that mounts a Secret in a volume:
----------------------------------------------------------------
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
CLI 
kubectl describe secerete
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
Reference
https://kubernetes.io/docs/concepts/configuration/secret/

LimitRange YAML

apiVersion: v1
    kind: LimitRange
    metadata:
      name: mem-limit-range
    spec:
      limits:
      - default:
          memory: 512Mi
        defaultRequest:
          memory: 256Mi
        type: Container
    
    ----------------------
    Limiting pod compute resources
    ---------------------
    apiVersion:v1
    kind:LimitRange
    metadata:
     name:limit-cpu-per-pod
    spec:
     limits:
     - max:
          cpu:"2"
          memory:"2Gi"
       type:pod
CLI
kubectl create limitrange/mem-limit-range
kubectl describe limitrange/mem-limit-range
Reference
https://kubernetes.io/docs/tasks/configure-pod-container/

DaemonSet

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      name: fluentd-elasticsearch
  template:
    metadata:
      labels:
        name: fluentd-elasticsearch
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: fluentd-elasticsearch
        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
CLI
kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml

kubectl describe daemonset/fluentd-elasticsearch
Reference
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

Job

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
      restartPolicy: Never
  backoffLimit: 4
CLI
kubectl apply -f https://kubernetes.io/examples/controllers/job.yaml
kubectl describe job/pi
Reference
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

Replication Controller

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx
spec:
  replicas: 3
  selector:
    app: nginx
  template:
    metadata:
      name: nginx
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
CLI
kubectl apply -f https://k8s.io/examples/controllers/replication.yaml

kubectl describe replicationcontroller/nginx
Reference
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/

By
Labels: ,