Kubernetes in Action Book
Chapter - Introducing Kubernetes API Objects
An example of parsing yaml files using yq
kubectl get node kind-control-plane -o yaml | yq e ".status.nodeInfo"
Status Conditions
Understand the difference between lastHeartbeatTime vs lastTransitionTime under .status.conditions
If a node starts to behave strangely, check the conditions.
kubectl get node kind-control-plane -o yaml | yq e ".status.conditions"
Chapter - Running worklodas in Pods
5.1 - Understanding PODs
Understanding why we need PODs
- POD - is a running instance of an application
- Each container is like an isolated computer or virtual machine.
- Running multiple processes in a container makes it difficult to manage the container, hence the POD is introuduced.
- POD is a wrapper around the containers. Related containers can be grouped together in a POD.
- PODs are the smallest unit of deployment in Kubernetes.
- POD allows inter connected containers to share resources and communicate with each other.
- POD allows related containers to be managed as a single unit.
- Container run time restarts the container only when the root process dies.
- Containers inside a POD does not share PID namespace, hence they can not send signals to each other.
- ... signals like SIGINIT, SIGTERM, SIGKILL etc...
- Its the sharing of namespaces that gives the processes running in different containers inside a POD the impression that they are are running together eventhough they are running in separate containers.
Organizing Containers into PODs
- Frontend POD
- Backend POD
- Splitting the frontend and backend into separate PODs allows Kubernetes to run them on different nodes, which improves the utilization of hardware resources, horizontal scaling.
- Sidecar containers are used to provide additional functionality to the main container. ex: logging, monitoring, debugging, rverse proxy (to convert https to http and forward to main container).
5.2 - Creating PODs from YAML
kubectl run kiada --image=santosharakere/kiada:0.1 --dry-run=client -o yamlkubectl run kiada --image=santosharakere/kiada:0.1 --dry-run=client -o yaml > test.yamlkubectl apply -f pod.kiada.yamlkubectl get pod kiada -o yamlkubectl get pod kiadakubectl get pod kiada -o widekubectl describe pod kiadakubectl get events
5.3 - Interacting with PODs and Application
Kubernetes network model dictates that each POD should be accessible from any other POD in the cluster. Each Node can reach POD in any other Node in the cluster.
docker exec -it kind-worker bash
Run a bash container on one of the Nodes and try to access the POD running on any of the Node in the cluster.
kubectl run --image=curlimages/curl -it --restart=Never --rm client-pod curl 10.244.1.2:8080curl 10.244.1.2:8080
To open a communication path with the POD, start a proxy on your local computer which forwards your local computer's port to the POD's port.
kubectl port-forward kiada 8080:8080long communication pathcurl localhost:8080in a separate terminalport-forwardcan also be used with Serviceskubectl logs kiada -fstream application logs in realtime, current container logskubectl logs kiada --previous -fprevious container logskubectl logs kiada --timestamps=true -fwith timestampskubectl logs kiada --timestamps -ffor boolean flags, the value can be omittedkubectl logs kiada --since=12mfilter by timekubectl logs kiada --since-time=2023-09-17T18:30:00Zfilter by timekubectl logs kiada --tail=10last several lineskubectl logs kiada --tail 10equals (=) can be omitted- Restart the command when the logs are rotated or a new container is created
- Deleting a POD will delete the logs
kubectl cp kiada:html/index.html /tmp/index.htmlcp /tmp/index.html kiada:htmlkubectl exec kiada -- ps auxexecute any binary present in the containerkubectl exec kiada -- curl -s localhost:8080withuout--,-sis interprested an an argument to kubectlkubectl exec -it kiada -- bashkubectl debug -it kiada --image=busybox --target=kiadakubectl attach kiadakubectl apply -f pod.kiada-stdin.yamlkubectl attach -i kiada-stdin
5.4 - Running multiple containers in a POD
- Envoy Proxy - https://www.envoyproxy.io/
kubectl port-forward kiada-ssl 8080 8443 9901curl https://localhost:8443 --insecurecurl https://localhost:8443 -kcurl http://localhost:8080curl https://example.com:8443 --resolve example.com:8443:127.0.0.1 --cacert kiada-ssl-proxy-0.1/example-com.crtkubectl logs kiada-ssl -c kiada -fkubectl logs kiada-ssl --container kiada -fkubectl logs kiada-ssl --container envoy -fkubectl logs kiada-ssl --all-containerskubectl exec -it kiada-ssl -c envoy -- bash
5.5 - Running additional containers at POD startup
Introducing init Containers
- Init containers are run in sequence, one after the other
- They must all finish successfully before the main containers of the POD is/ are started
- Initialize files in the volume before the main container starts
- Initialize PODs networking system
- Delay the start of main container until a pre-condition is met
- Notify an external service that the POD is about to start
Adding init Containers to a POD
kubectl apply -f pod.kiada-init.yaml
Inspecting init Containers
kubectl logs kiada-init -c network-checkkubectl apply -f pod.kiada-init-slow.yamlkubectl exec -it kiada-init-slow -c init-demo -- sh
5.6 - Deleting PODs and Other Objects
Deleting a POD by name
kubectl delete pod kiadakubectl delete pod kiada --wait=false- Knowing exactly how containers are shut down is important, if you want to give good experience to your clients.
- You an not stop and start a POD. You can only delete and recreate it
kubectl delete pods kiada-init kiada-init-slowdelete multiple PODs
Deleting Objects defined in the manifest file
kubectl delete -f pod.kiada-ssl.yamlkubectl delete -f pod.kiada-ssl.yaml,pod.kiada.yamlkubectl apply -f Chappter05/kubectl delete -f Chappter05/kubectl delete -f Chappter05/ --recursiveif the directory contains sub-directories
Deleting all PODs
kubectl delete pods --all
Deleting objects using all keyword
kubectl delete all --allkubectl delete events,all --all
Chapter 6 - Managing the POD Lifecycle
List of Yaml files used in order
pod.kiada.yamlpod.kiada-liveness.yaml
6.1 - Understanding the POD's status
Understanding the POD phase
kubectl apply -f pod.kiada.yamlkubectl get pod kiada -o yaml | yq e '.status.phase'
Understanding the POD conditions
- PodScheduled
- Initialized
- ContainersReady
- Ready
kubectl get pod kiada -o yaml | yq e '.status.conditions'
Understanding the Container status
kubectl get pod kiada -o yaml | yq e '.status.containerStatuses'- init containers will have their status reported under
initContainerStatuses
6.2 - Keeping Containers Healthy
Understanding Container Auto Restart
Checking the Container's state using Liveness Probe
Creating HTTP GET Liveness probe
Observing Liveness Probe in action
kubectl exec kiada-liveness -c envoy -- tail -f /tmp/envoy.admin.log
kubectl logs kiada-liveness -c envoy -p
Using the exec and tcpSocket liveness probe types
Using a startup probe when application is slow to start
Creating effective liveless probe handlers
6.3 - Executing actions at Container startup and shutdown
Using post-start hooks to perform actions when the container starts
Using pre-stop hooks to run a process just before the container terminates
6.4 - Understanding the POD's lifecycle
Understanding the initialization stage
Understanding the run stage
Understanding the termination stage
Visualizing the full lifecycle of the PODs containers
Other Commands
kubectl describe node kind-workeris more readable and and displays more informationkubectl get node kind-worker -o yamlkubectl get eventskubectl get events -o widekubectl get events --field-selector type=Normalkubectl explain events
Notes
Events are crucial for debugging a cluster.
Controllers reconcile the actual state of the object/ cluster with the desired state. They generate events to reveal what they have done.
Controllers bring the objects to life.