---===---
- K8s Core Concepts/useful-links.md
- K8s official documentation: https://kubernetes.io/docs/concepts/
- Enrypting Secret Data at Rest: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
- K8s Architecture Components: https://kubernetes.io/docs/concepts/overview/components/
- Kubectl - K8s CLI: https://kubernetes.io/docs/reference/kubectl/overview/
- Managing Objects Imperative (Kubectl): https://kubernetes.io/docs/tasks/manage-kubernetes-objects/imperative-command/
- Managing Objects Declarative (Config File): https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/
- Imperative vs Declarative: https://kubernetes.io/docs/concepts/overview/working-with-objects/object-management/
---===--- 02. Install Cluster/commands.md
mv ~/Downloads/k8s-node.pem ~/.ssh
chmod 400 ~/.ssh/k8s-node.pem
ssh -i ~/.ssh/k8s-node.pem [email protected]
sudo swapoff -a
sudo vim /etc/hosts
45.14.48.178 master
45.14.48.179 worker1
45.14.48.180 worker2
we can now use these names instead of typing the IPs, when nodes talk to each other. After that, assign a hostname to each of these servers.
sudo hostnamectl set-hostname master
sudo hostnamectl set-hostname worker1
sudo hostnamectl set-hostname worker2
sudo kubeadm init
service kubelet status
systemctl status kubelet
journalctl -u kubelet
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get node
kubectl get pod -n kube-system
kubectl get pod -A
kubectl get pod -n kube-system -o wide
kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml
Link to the Weave-net installation guide
kubectl exec -n kube-system weave-net-1jkl6 -c weave -- /home/weave/weave --local status
vim install-containerd.sh
chmod u+x install-containerd.sh
./install-containerd.sh
kubeadm token create --help
kubeadm token create --print-join-command
sudo kubeadm join 172.31.43.99:6443 --token 9bds1l.3g9ypte9gf69b5ft --discovery-token-ca-cert-hash sha256:xxxx
kubectl run test --image=nginx
---===--- 02. Install Cluster/install-containerd.sh
#!/bin/bash
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF
sudo modprobe overlay sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF
sudo sysctl --system
sudo apt-get update sudo apt-get -y install containerd
sudo mkdir -p /etc/containerd containerd config default | sudo tee /etc/containerd/config.toml sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml sudo systemctl restart containerd ---===--- 02. Install Cluster/install-k8s-components.sh
sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
apt-cache madison kubeadm
sudo apt-get install -y kubelet=1.21.0-00 kubeadm=1.21.0-00 kubectl=1.21.0-00 sudo apt-mark hold kubelet kubeadm kubectl
- Install Cluster/useful-links.md
- Troubleshooting SSH Connection on AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
- System Requirements: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
- Static Pods: https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/
- Certificates: https://kubernetes.io/docs/setup/best-practices/certificates/
- Kubeadm: https://kubernetes.io/docs/reference/setup-tools/kubeadm/
- Pre-Requisites: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#before-you-begin
- AWS Security Group Docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html
- Installing container runtime: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime
- Kubeadm init command details: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/
- kubeadm init workflow: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow
- Addons: https://kubernetes.io/docs/concepts/overview/components/#addons
- Kubeconfig File: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/
- Namespaces Official Docs: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- CoreDNS: https://coredns.io/plugins/kubernetes/
- CNI Specification: https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration
- Cluster Networking - Official Docs: https://kubernetes.io/docs/concepts/cluster-administration/networking/
- Weave Net: https://www.weave.works/docs/net/latest/kubernetes/kube-addon/
- Kubeadm Join Command: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/
- Troubleshooting Weave Connection: https://www.weave.works/docs/net/latest/tasks/ipam/troubleshooting-ipam/
---===--- 03. Deploy Application/commands.md
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
kubectl get svc
kubectl describe svc {svc-name}
kubectl get ep
kubectl get svc --show-labels
kubectl get svc -l app=nginx
kubectl get pod --show-labels
kubectl get pod -l app=nginx
kubectl logs -l app=nginx
kubectl get pod -n kube-system --show-labels
kubectl logs -n kube-system -l="name=weave-net" -c weave
kubectl get node —show-labels
kubectl scale --help
kubectl scale deployment {depl-name} --replicas 4
kubectl scale deployment {depl-name} --replicas 3
kubectl scale deployment {depl-name} --replicas 5 --record
kubectl rollout history deployment {depl-name}
kubectl run test-nginx-service --image=busybox
kubectl exec -it {pod-name} -- bash
---===--- 03. Deploy Application/nginx-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.20
---===--- 03. Deploy Application/nginx-service.yaml
apiVersion: v1 kind: Service metadata: name: nginx-service labels: app: nginx svc: test-nginx spec: selector: app: nginx ports: - protocol: TCP port: 8080 targetPort: 80 ---===--- 03. Deploy Application/useful-links.md
- Recommended Labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
- DNS for Services and Pods: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
- Debugging DNS Resolution: https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/
- CoreDNS in K8s: https://kubernetes.io/docs/tasks/administer-cluster/coredns/
- CoreDNS: https://coredns.io/
- Kube API Server: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
- Kubeadm Init Defaults: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-config/
- Kubectl Cheatsheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
---===--- 04. External Access/ingress.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-app-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / kubernetes.io/ingress.class: "nginx" spec: rules:
- host: your-load-balancer-domain-name
http:
paths:
- backend: service: name: nginx-service port: number: 8080 path: /my-app pathType: Exact ---===---
- External Access/load-balancer-svc.yaml
apiVersion: v1 kind: Service metadata: name: nginx-service labels: app: nginx spec: type: LoadBalancer selector: app: nginx ports: - protocol: TCP port: 8080 targetPort: 80 nodePort: 30000 ---===--- 04. External Access/node-port-svc.yaml
apiVersion: v1 kind: Service metadata: name: nginx-service labels: app: nginx spec: type: NodePort selector: app: nginx ports: - protocol: TCP port: 8080 targetPort: 80 nodePort: 30000 ---===--- 04. External Access/README.md
If you get an error on creating ingress component related to "nginx-controller-admission" webhook, than manually delete the ValidationWebhook and try again. To delete the ValidationWebhook:
kubectl get ValidatingWebhookConfiguration
kubectl delete ValidatingWebhookConfiguration {name}
Link to a more detailed description of the issue ---===--- 04. External Access/useful-links.md
- NodePort Service: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
- Load Balancer Service: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
- Ingress: https://kubernetes.io/docs/concepts/services-networking/ingress/
- List of Ingress Controller: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
- Bare Metal Ingress Controller: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/
- Install Helm: https://helm.sh/docs/intro/install/
- Nginx Ingress Controller: https://kubernetes.github.io/ingress-nginx/ ---===---
- Users and Permissions/cicd-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cicd-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: cicd-role subjects:
- kind: ServiceAccount name: jenkins namespace: default ---===---
- Users and Permissions/cicd-role.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cicd-role rules:
- apiGroups:
- "" resources:
- services verbs:
- create
- update
- list
- apiGroups:
- apps resources:
- deployments verbs:
- create
- update
- list ---===---
- Users and Permissions/commands.md
openssl genrsa -out dev-tom.key 2048
openssl req -new -key dev-tom.key -subj "/CN=tom" -out dev-tom.csr
cat dev-tom.csr | base64 | tr -d "\n"
kubectl apply -f dev-tom-csr.yaml
kubectl get csr
kubectl certificate approve dev-tom
kubectl get csr dev-tom -o yaml
kubectl --server={api-server-address} \
--certificate-authority=/etc/kubernetes/pki/ca.crt \
--client-certificate=dev-tom.crt \
--client-key=dev-tom.key \
get pods
kubectl create clusterrole dev-cr --dry-run=client -o yaml > dev-cr.yaml
kubectl create clusterrolebinding dev-crb --dry-run=client -o yaml > dev-crb.yaml
kubectl auth can-i get pod
kubectl auth can-i get pod —-as {user-name}
kubectl create serviceaccount jenkins-sa --dry-run=client -o yaml > jenkins-sa.yaml
kubectl create role cicd-role
kubectl create clusterrolebinding cicd-binding \
--clusterrole=cicd-role \
--serviceaccount=default:jenkins
kubectl options
kubectl --server $server \
--certificate-authority /etc/kubernetes/pki/ca.crt \
--token $token \
--user jenkins \
get pods
---===--- 05. Users and Permissions/dev-crb.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dev-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dev-cr subjects:
- apiGroup: rbac.authorization.k8s.io kind: User name: tom ---===---
- Users and Permissions/dev-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dev-cr rules:
- apiGroups:
- "" resources:
- pods
- services verbs: ["*"]
- apiGroups:
- apps resources:
- deployments
- statefulSets verbs:
- get
- list
- create ---===---
- Users and Permissions/dev-tom-csr.yaml
apiVersion: certificates.k8s.io/v1 kind: CertificateSigningRequest metadata: name: dev-tom spec: request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBNQTBHQTFVRUF3d0dZVzVuWld4aE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQTByczhJTHRHdTYxakx2dHhWTTJSVlRWMDNHWlJTWWw0dWluVWo4RElaWjBOCnR2MUZtRVFSd3VoaUZsOFEzcWl0Qm0wMUFSMkNJVXBGd2ZzSjZ4MXF3ckJzVkhZbGlBNVhwRVpZM3ExcGswSDQKM3Z3aGJlK1o2MVNrVHF5SVBYUUwrTWM5T1Nsbm0xb0R2N0NtSkZNMUlMRVI3QTVGZnZKOEdFRjJ6dHBoaUlFMwpub1dtdHNZb3JuT2wzc2lHQ2ZGZzR4Zmd4eW8ybmlneFNVekl1bXNnVm9PM2ttT0x1RVF6cXpkakJ3TFJXbWlECklmMXBMWnoyalVnald4UkhCM1gyWnVVV1d1T09PZnpXM01LaE8ybHEvZi9DdS8wYk83c0x0MCt3U2ZMSU91TFcKcW90blZtRmxMMytqTy82WDNDKzBERHk5aUtwbXJjVDBnWGZLemE1dHJRSURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBR05WdmVIOGR4ZzNvK21VeVRkbmFjVmQ1N24zSkExdnZEU1JWREkyQTZ1eXN3ZFp1L1BVCkkwZXpZWFV0RVNnSk1IRmQycVVNMjNuNVJsSXJ3R0xuUXFISUh5VStWWHhsdnZsRnpNOVpEWllSTmU3QlJvYXgKQVlEdUI5STZXT3FYbkFvczFqRmxNUG5NbFpqdU5kSGxpT1BjTU1oNndLaTZzZFhpVStHYTJ2RUVLY01jSVUyRgpvU2djUWdMYTk0aEpacGk3ZnNMdm1OQUxoT045UHdNMGM1dVJVejV4T0dGMUtCbWRSeEgvbUNOS2JKYjFRQm1HCkkwYitEUEdaTktXTU0xMzhIQXdoV0tkNjVoVHdYOWl4V3ZHMkh4TG1WQzg0L1BHT0tWQW9FNkpsYWFHdTlQVmkKdjlOSjVaZlZrcXdCd0hKbzZXdk9xVlA3SVFjZmg3d0drWm89Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= signerName: kubernetes.io/kube-apiserver-client
usages:
- client auth---===---
- Users and Permissions/jenkins-sa.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: jenkins ---===--- 05. Users and Permissions/useful-links.md
- Authentication: https://kubernetes.io/docs/reference/access-authn-authz/authentication/
- Authorization: https://kubernetes.io/docs/reference/access-authn-authz/authorization/
- RBAC: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
- Manage TLS Certificates: https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
- Certificate Signing Request: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/
- Resource Types and corresponding apiGroup: https://kubernetes.io/docs/reference/kubectl/overview/#resource-types
- API Groups: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#-strong-api-groups-strong
- Configure Service Account: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- Managing Service Accounts: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
---===--- 06. Debugging & Troubleshooting/busybox-pod.yaml
apiVersion: v1 kind: Pod metadata: name: busybox-pod spec: containers:
- name: busybox-container image: busybox args: ["echo", "hello"]
apiVersion: v1 kind: Pod metadata: name: busybox-pod spec: containers:
- name: busybox-container image: busybox command: ["printenv"] args: ["HOSTNAME", "KUBERNETES_PORT"]
apiVersion: v1 kind: Pod metadata: name: busybox-pod spec: containers:
- name: busybox-container image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo hello; sleep 5; done"]
apiVersion: v1 kind: Pod metadata: name: busybox-pod spec: containers:
- name: busybox-container image: busybox command: ["/bin/sh"] args: ["-c", "sleep 100"]---===---
- Debugging & Troubleshooting/commands.md
kubectl run debug-pod --image=busybox -it
nslookup nginx-service.default.svc.cluster.local
nslookup nginx-service
ping service-ip
kubectl exec -it pod-name -- sh -c "ping nginx-service"
kubectl exec -it pod-name -- sh -c "printenv"
kubectl exec -it pod-name -- sh -c "netstat -lntp"
kubectl get node -o json
kubectl get pod -o json
kubectl get pod -o jsonpath='{.items[0].metadata.name}'
kubectl get pod -o jsonpath='{.items[*].metadata.name}'
kubectl get pod -o jsonpath="{.items[*]['metadata.name', 'status.podIP']}"
kubectl get pod -o jsonpath="{.items[*]['metadata.name', 'status.podIP', 'status.startTime']}"
kubectl get pod -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'
kubectl get pod -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\t"}{.status.startTime}{"\n"}{end}'
kubectl get pods -o custom-columns=POD_NAME:.metadata.name,POD_IP:.status.podIP,CREATED_AT:.status.startTime
service kubelet status
sudo vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
sudo systemctl daemon-reload
sudo systemctl restart kubelet
service kubelet status
---===--- 06. Debugging & Troubleshooting/useful-links.md
- Troubleshoot Applications: https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/
- Troubleshoot Clusters: https://kubernetes.io/docs/tasks/debug-application-cluster/debug-cluster/
- BusyBox Image: https://hub.docker.com/_/busybox
- Debug running Pods: https://kubernetes.io/docs/tasks/debug-application-cluster/debug-running-pod/
- Get Shell of running container: https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/
- Define Command & Arguments for Container: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
- Output Options: https://kubernetes.io/docs/reference/kubectl/overview/#output-options
- Kubectl jsonpath: https://kubernetes.io/docs/reference/kubectl/jsonpath/ ---===---
- Multi-container Pods/expose-pod-info.yaml
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers:
- name: myapp-container image: nginx:1.20
- name: logging-sidecar
image: busybox:1.28
command: [ "sh", "-c"]
args:
- while true; do echo sync logs; echo -en '\n'; printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE; printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT; sleep 20; done; env:
- name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName
- name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name
- name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace
- name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP
- name: MY_POD_SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName---===---
- Multi-container Pods/multi-container-pod.yaml
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers:
- name: myapp-container image: nginx:1.20
- name: logging-sidecar image: busybox:1.28 command: ['sh', '-c', "while true; do echo sync logs; sleep 20; done"] initContainers:
- name: myservice-available image: busybox:1.28 command: ['sh', '-c', "until nslookup mydb-service; do echo waiting for myservice; sleep 4; done"]
- name: logging-sidecar
image: busybox:1.28
command:
- 'sh'
- '-c'
- "while true; do echo sync logs; sleep 20; done"
- name: logging-sidecar
image: busybox:1.28
command: [ "sh", "-c"]
args:
- while true; do echo sync logs; sleep 20; done;---===---
- Multi-container Pods/useful-links.md
- Init Containers: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- Sidecar Container: https://kubernetes.io/docs/concepts/workloads/pods/#how-pods-manage-multiple-containers
- Exposing Pod Information: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ ---===---
- Data Persistence/deployment-with-emptydir.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-app labels: app: my-app spec: replicas: 1 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app image: busybox:1.28 command: ['sh', '-c'] args: - while true; do echo "$(date) INFO some app data" >> /var/log/myapp.log; sleep 5; done
volumeMounts:
- name: log
mountPath: /var/log
- name: log-sidecar
image: busybox:1.28
command: ['sh', '-c']
args:
- tail -f /var/log/myapp.log
volumeMounts:
- name: log
mountPath: /var/log
volumes:
- name: log
emptyDir: {}
---===--- 08. Data Persistence/deployment-with-pvc.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-db labels: app: my-db spec: replicas: 1 selector: matchLabels: app: my-db template: metadata: labels: app: my-db spec: containers: - name: mysql image: mysql:8.0
volumeMounts:
- name: db-data
mountPath: "/var/lib/mysql"
volumes:
- name: db-data
persistentVolumeClaim:
claimName: mysql-data-pvc---===---
- Data Persistence/pv-and-pvc.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: data-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: "/mnt/data"
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mysql-data-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi---===--- 08. Data Persistence/useful-links.md
- Storage Official Docs: https://kubernetes.io/docs/concepts/storage/
- Volume types: https://kubernetes.io/docs/concepts/storage/volumes/#volume-types
- Example k8s manifests https://gitlab.com/nanuchi/bootcamp-kubernetes/-/tree/master/kubernetes-volumes
- Hostpath Volume Type: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
- How hostpath is different from local volume type: https://kubernetes.io/blog/2019/04/04/kubernetes-1.14-local-persistent-volumes-ga/#how-is-it-different-from-a-hostpath-volume
- Configure Pod to use PV: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/
- Access Modes: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
- emptyDir Volume Type: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
---===--- 09. Secret & ConfigMap/config-as-env-vars.yaml
apiVersion: v1 kind: Secret metadata: name: myapp-secret type: Opaque data: username: dXNlcm5hbWU= password: cGFzc3dvcmQ=
apiVersion: apps/v1 kind: Deployment metadata: name: my-app labels: app: my-app spec: replicas: 1 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app image: busybox:1.28 command: ['sh', '-c', "printenv MYSQL_USER MYSQL_PASSWORD MYSQL_SERVER"] env: - name: MYSQL_USER valueFrom: secretKeyRef: name: myapp-secret key: username - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: myapp-secret key: password - name: MYSQL_SERVER valueFrom: configMapKeyRef: name: myapp-config key: db_host---===--- 09. Secret & ConfigMap/config-as-volumes.yaml
apiVersion: v1 kind: ConfigMap metadata: name: mysql-config data: mysql.conf: | [mysqld] port=3306 socket=/tmp/mysql.sock key_buffer_size=16M max_allowed_packet=128M
apiVersion: v1 kind: Secret metadata: name: mysql-secret type: Opaque data: secret.file: | c29tZXN1cGVyc2VjcmV0IGZpbGUgY29udGVudHMgbm9ib2R5IHNob3VsZCBzZWU=
apiVersion: apps/v1 kind: Deployment metadata: name: my-db labels: app: my-db spec: replicas: 1 selector: matchLabels: app: my-db template: metadata: labels: app: my-db spec: containers: - name: my-db image: busybox:1.28 command: ['sh', '-c', "cat /mysql/db-config; cat /mysql/db-secret"]
volumeMounts:
- name: db-config
mountPath: /mysql/db-config
- name: db-secret
mountPath: /mysql/db-secret
readOnly: true
volumes:
- name: db-config
configMap:
name: mysql-config
- name: db-secret
secret:
secretName: mysql-secret---===---
- Secret & ConfigMap/useful-links.md
- Complete ConfigMap docs: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
- Complete Secret docs: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/ ---===---
- Resource Requests & Limits/commands.md
kubectl get pod -o jsonpath="{range .items[*]}{.metadata.name}{.spec.containers[*].resources}{'\n'}"
---===--- 10. Resource Requests & Limits/my-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-app labels: app: my-app spec: replicas: 1 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app image: nginx:1.20 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: logging-sidecar image: busybox:1.28 command: ['sh', '-c', "while true; do echo sync logs; sleep 20; done"] resources: requests: memory: "32Mi" cpu: "125m" limits: memory: "64Mi" cpu: "250m"---===--- 10. Resource Requests & Limits/useful-links.md
- Managing Resources in K8s: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- Resource Unit in K8s: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes ---===---