## K8S (From Github @JayLikhare316) Q.What is kubernetes? - an open-source container orchestration system for automating the deployment, scaling, and management of container - it was originally designed by google, and is now maintained by the cloud native computing foundation - it allows for the deployment of applications and services in a scalable and highly available manner - it provides a lot of features such as self-healing, load balancing, and resource management - it is a hybrid cloud platform that can run on-premises and in the cloud Q.Architecture of kubernetes? # components:- Control Plane/Master Node Kube API server Etcd Scheduler Controller Manager Worker Node Kubelet Kube Proxy Container runtime Pods # Master Node (Control Plane) The brain of Kubernetes, managing the entire cluster. Key Components:- 1. API Server - Acts as the front door for the cluster. - Processes commands from users (kubectl) or other tools. - Communicates with all other components. - Ensures security and authentication. 2. Scheduler - Decides which worker node will run a new pod. - Matches resources (CPU, memory) with pod requirements. - Ensures workload is evenly distributed. 3. Controller Manager - Monitors the cluster to ensure the desired state is met. - Restarts pods if they crash. - Handles tasks like scaling and maintaining services. 4. etcd - A key-value store that holds all cluster data. - Keeps track of the cluster’s state and configuration. - Highly available and distributed. # Worker Node Where your application runs. Key Components:- 1. Kubelet - The worker node’s "agent." - Ensures containers are running as per instructions from the master node. - Communicates with the API Server. 2. Kube-Proxy - Manages network rules and routes traffic to the right pod. - Ensures pods within the cluster can communicate. - Handles services like load balancing. 3. Container Runtime - Runs containers on the worker node. - Examples: Docker, containerd, CRI-O. - Executes, stops, and monitors the containers. 4. Pod - A pod is the basic building block in Kubernetes. - Pods are temporary by design. Kubernetes can destroy and recreate pods to maintain the desired state or in response to failures. - Containers in the same pod share resources such as networking and storage. Q.Difference between kubelet and kubeproxy? ===================================================================================================================================================================== | Aspect | Kubelet | Kube-proxy | |---------------|------------------------------------------------------------------------|--------------------------------------------------------------------------- | Purpose |Manages containers and pods on a node. | Manages network rules and traffic routing for services. | | Scope |Node-level: Focuses on running containers and pods on a single node. | Network-level: Focuses on enabling communication between pods/services. | | Interaction |Works with the container runtime (e.g., Docker, containerd). | Works with network rules (e.g., IP tables, IPVS). | | Responsibility|Ensures containers are running as per PodSpecs. | Ensures traffic is routed correctly to pods based on Service definitions.| | Dependency |Directly interacts with the Kubernetes API server and container runtime.| Relies on the Kubernetes API server for Service and Endpoint updates. | ===============================================>>>====================================================================================================================== ## Creation Of cluster:-[kubernetes] ## Steps to install kubernetes (reference - https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html) # To install 'kubectl' curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.30.6/2024-11-15/bin/linux/amd64/kubectl chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc # To install 'eksctl' ARCH=amd64 PLATFORM=$(uname -s)_$ARCH curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz" curl -sL "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_checksums.txt" | grep $PLATFORM | sha256sum --check tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz sudo mv /tmp/eksctl /usr/local/bin ## Commands # To run a 'cluster' from CLI Give a IAM role of admin to the ec2 instance to create a cluster from CLI. eksctl create cluster --name --node-type --nodes --region= eksctl create cluster --name irondome -node-type t2.medium --nodes 2 --region=us-east-1 kubectl get pods -A --> to see all pods vim pod.yaml --> pod manifest file kubectl apply -f pod.yaml --> to apply manifest kubectl get pod/po --> small commands to see pods kubectl describe pod/po nginx --> to describe pods nginx kubectl get rs --> to see all replica sets kubectl get deployments --> to see all deployments # Manifest Pod RS Deployment SERVICES LB NP CIP Confg services CMP Namespace Resource replace ingress volumes HPD ## Manifest syntax:-{interview question} apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 client cluster can work on maximum -2 version ,if not you have to update the cluster. industry standards is -1. alias k=kubectl -->to change the name of kubectl to k. >>>task :- how to set permanent alias >>>task need to perform lamp server. ## ReplicaSet:- RS is used to maintain the number of replicas of a pod. apiVersion: apps/v1 kind: ReplicaSet metadata: name: frontend labels: app: guestbook tier: frontend spec: # modify replicas according to your case replicas: 3 selector: matchLabels: tier: frontend template: metadata: labels: tier: frontend spec: containers: - name: nginx image: nginx ports: - containerPort: 80 ## Deployment:- Deployment is used to maintain the number of replicas of a pod. Deploy -> ReplicaSet -> pods [deployment k andar aati hai replica set & replicaset k ander aate hai pods] ## Services:- type: LB -> LoadBalancer --> only availabe in cloud NP -> NodePort CIP -> ClusterIP -> cluster's default service #imperative / declarative #commands / manifest >>>task --> complete Pod ,RS ,Deploy # Q.Difference between replicaset and deployment? # A. Deployment is used to maintain the number of replicas of a pod. ReplicaSet is used to # maintain the number of replicas of a pod. >>> demo service manifest file:- filename --> service.yaml apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app.kubernetes.io/name: MyApp # the selector should match the label in the deployment to attach srvice to it otherwise it will not be attached. ports: - protocol: TCP port: 80 targetPort: 9376 we can use different manifest in a single yaml file by using --- separator. eg:- apiVersion: v1 kind: Pod metadata: name: nginx labels: app.kubernetes.io/name: proxy spec: containers: - name: nginx image: nginx:stable ports: - containerPort: 80 name: http-web-svc # --- apiVersion: v1 kind: Service metadata: name: nginx-service spec: selector: app.kubernetes.io/name: proxy ports: - name: name-of-service-port protocol: TCP port: 80 targetPort: http-web-svc >>> commands kubectl get service -> to get service kubectl get service -A -> to get all services in namespaces kubectl get service -o wide -> to get additional information about service # imperative / declarative --> way of creating service # commands / manifest #Q. Difference between Replicaset and Deployment? interview que #Q. How can do we upgrade pods in kubernetes if the user is live? #Q. Difference between services i.e. LB,NP and CIP >>> task learn about next 2 services ## Config Map - non-confidential information are sent and stored by configmap. - # commands This command will create a configmap directly from the data we gave it in the command itself. kubectl create configmap/cm (configmap_name) --from-literal=KEY=VALUE .. eg:- kubectl create configmap/cm exampleconfigmap --from-literal=1_database_name=data1 --from-literal=2_database_name=data2 If we have one or more files that contains data and we want to create a configmap from those files, we can do that with the following command. imperative way: kubectl create configmap/cm (configmap_name) --from-file=KEY=VALUE .. eg:- kubectl create configmap/cm exampleconfigmap --from-file=data1.txt --from-file=data2.txt If we have a directory that contains the files that contains imp data and we want to make a configmap from those files. kubectl create configmap/cm (configmap_name) --from-file=directory_name/ eg:- kubectl create configmap/cm exampleconfigmap --from-file=demo_dir/ #demo configmap yaml file:- apiVersion: v1 kind: ConfigMap metadata: name: exampleconfigmap data: 1_database_name: data1 2_database_name: data2 we can create a config map from a yaml file like this. To use a configmap in a pod, we need to "reference" it in the pod spec. apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: nginx:1.14.1 envform: - configMapRef: name: exampleconfigmap To use a configmap in a pod as a "Volume", we need to provide the path where the pod to be attached and provide the configmap. apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: nginx:1.14.1 volumeMounts: - name: examplevolumemount mountPath: "/config" readOnly: "true" Volumes: - name: examplevolumemount configMap: name: exampleconfigmap declarative way: first create a yaml file by dry running a configmap file kubectl create configmap/cm nginx-cm --from-file=index.html --dry-run=client -o yaml > cm.yaml then make changes in the created yaml file. (reffer to sir repo) ## secret - confidential information are sent and stored by secret. - it encodes the data in base64. - it is used to store sensitive information such as database credentials, api keys, etc. #commands kubectl secret --help --> to get all the options. kubectl create secret generic (secret_name) --from-literal=KEY=VALUE .. eg:- kubectl create secret generic mysecret --from-literal=name=prathamesh This command will create a secret named mysecret with a key named name and value prathamesh and it will encrypt the value in base64. kubectl get secret --> to get all the secrets. kubectl get secret --> to get a specific secret. kubectl get secret -o yaml--> to get the content of a specific secret. But it will be encrypted in base64. echo | base64 --decode/-d --> to decode the base64 encoded string. # demo secret yaml file:- apiVersion: v1 kind: Secret metadata: name: exampleSecret data: 1_password: "hello" 2_password: "world" To use secret as a volume in pod. apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: nginx:1.14.1 volumeMounts: - name: secretvolumemount mountPath: "/secret" Volumes: - name: secretvolumemount secret: secretName: exampleSecret #namespace _> it provides logical divison #namespace schedules in all the cluster nodes you have. kubectl get ns kubectl get ns dev --> to make our own namespaces kubectl get ns -o wide --> to get additional information about namespace >>> external volume lagane ke liye # volume in kubernetes:[persistant volume] host addons -> CSI drives ebs volume # pod # \/ # volume # \/ # persistent volume # \/ # persistent volume claim{EBS} -->Refer EBS volume documentation in AWS addon # stateful set --> db --> mysql,mongodb Every stateful set has a PVC[persistance volume] on it. It is spetially used for database. It is not deleted instantly. >>>Q. Stateful set V/S Deployment >>>Q. Daemon set V/S Deployment #Daemon Set --> todays topic- memory & HPA # Horizontal Pod Autoscaler (HPA) ## Persistant Volume (PV) - When we store data in a pod, it is not persistent. It will be deleted when the pod is restarted or deleted. - Persistant volume ensures that the data is stored even after the pod is restarted or deleted. - We use PVC(persistant volume claim) to use the PV in our pod. PV can not be used directly in pod. - The PV should match the PVC(persistant volume claim) in terms of storage size and access mode while writing it in a yaml file. # demo yaml file of Persistant Volume (PV):- apiVerssion : v1 kind: PersistentVolume metadata: name: example-pv labels: type: local spec: storageClassName: manual capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: "/mnt/data" # demo yaml file of Persistant Volume Claim(PVC):- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: example-pvc spec: storageClassName: manual accessModes: - ReadWriteOnce resources: requests: storage: 3Gi # demo yaml pod file using pvc as volume:- apiVersion: v1 kind: Pod metadata: name: example-pod spec: volumes: - name: task-pv-storage persistentVolumeClaim: claimName: example-pvc containers: - name: task-pv-container image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: task-pv-storage In above first we create a PV to allocate storage space on the host machine. Then we create a PVC to request storage space from the cluster. Then we assigned the PVC as a volume to the pod. The pod can now use the storage space allocated by the PV. Types: Host Addons fsx is for windows Volume Add-ons: These are extensions or plugins that enhance how Kubernetes handles storage. Types of Kubernetes Volume Add-ons:-(some of the types) Container Storage Interface (CSI) Persistent Volume Claims (PVC) Enhancers Container Storage Interface (CSI) ## Namespace - a logical grouping of resources. - Namespace is not specified to a node it is seen across the cluster. # command imperative way: kubectl create namespace/ns (namespace_name) #Q. Difference between stateful set and deployment?(interview que) ## Stateful Set - Every stateful set has a PV(persistant volume) on it. - It is espesally used for Databases - It is not deleted instantly. - ## Daemon Set - It is used for running a pod on every node in the cluster. - It is espesialy used for monitoring. - it has a higher priority than deployment. - eg:- kubelet, #Q. Difference between Daemon set and Deployment? #Q. Difference between Stateful set, Daemon set and Deployment? (min 5 points) #Ans # Stateful set: # - Manages stateful applications with stable, unique network identities and persistent storage.( Stateful applications are # those that maintain data or state across restarts, meaning the application's data and network identity persist over time.) # - Pods have unique, stable identities (e.g., pod-0, pod-1) that persist across rescheduling. # - Uses persistent volume claims (PVCs) to provide stable storage linked to pod identity. Every stateful set has a # PV(persistant volume) on it. # - Pods are scheduled in a specific order; replicas are not started until previous ones are running. # - Use Cases:- Databases (e.g., MySQL, Cassandra), applications requiring stable identity or storage. # Daemon set: # - A DaemonSet ensures that a single instance of a pod is running on each node in a cluster.This is particularly useful # for running pods as system daemons or background processes that need to run on every node in the cluster. # - Each pod is tied to a specific node, and no two pods run on the same node. # - Storage is node-specific and generally ephemeral(temporary storage that exists only during the lifecycle of a pod). # - Ensures a pod is scheduled on every eligible node. # - use cases:- Logging agents, monitoring daemons, and node-level services. # Deployment: # - Manages stateless applications with replicas of pod. # - All pods are identical and interchangeable. # - Can use ephemeral storage and PVCs as per the need. # - Pods are scheduled independently and can run simultaneously. # - use cases:- Stateless web applications, APIs, and batch processing. interview topics: Architecture imp components / basic components pod , deploymnet , replicaset , service gives pod cpu consumption --> eskctl top pods gives nodes cpu consumption --> eksctl top nodes to see logs of pod --> kubectl logs pod/pod_name -n kube-system to see logs of deployment --> kubectl logs deployment/deplopyment_name -n kube-system ## HPA (Horizontal Pod Autoscaler) >>>INGRESS {imp} Provides traffic into cluster,there is a diff betw service & ingress. Ingress service is used to expose a pod to outside world,ingress is used to expose multiple pods to outside world. - It is also a load balancer {ALB}. Q. LoadBalancer v/s Ingress service? Ans: - LoadBalancer is used to expose a single service to outside world. - Ingress service is used to expose multiple services to outside world. - LoadBalancer is used to expose a service to outside world using a load balancer. - Ingress service is used to expose multiple services to outside world using a load balancer. - LoadBalancer is used to expose a service to outside world using a load balancer. - Ingress service is used to expose multiple services to outside world using a load balancer. # 2 types of Controller --> aws loadbalance controllor [alb] , nginx ingress controllor. bitnami lena hai for ingress.{Artifact hub} Q.What is probe? - liveness probe: checks if the container is running or not. - readiness probe: checks if the container is ready to accept traffic or not. - startup probe: checks if the container is ready to accept traffic or not. Q.Difference between loadbalancer controller and ingress controller? - loadbalancer controller is used to expose a service to outside world using a load balancer. - ingress controller is used to expose multiple services to outside world using a load balancer. Q.How loadbalancer checks if the service is healthy? - it checks the liveness probe of the service. - it checks the readiness probe of the service. - it checks the startup probe of the service. task:- want tomcat service one node pr 1 tomcat replica 1 nodeselector lgane hai to check service is running have to implemant probe. database cluster k andar banana hai with persistant volume. ingress for service access. tomcat pod ko resource allocation krna hai =500m [1/2core] cpu request limit 1core , memory =2gbram provider "aws" { region = "us-east-1" # Set your desired AWS region } resource "aws_s3_bucket" "buckets" { count = 5 # Creates 5 identical resources bucket = "my-bucket-${count.index + 1}" # Unique name for each bucket # Optional additional configuration tags = { Environment = "Test" } }