Difference between revisions of "Kubernetes"

From 6bit.ch wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 2: Line 2:


== kubectl ==
== kubectl ==
=== api-resources ===
<code>kubectl api-resources</code> List available resources
=== explain ===
<code>kubectl explain <pods> --recursive</code> Explain something
=== get ===
=== get ===
<code>kubectl get <all/pods/replicationcontroller/replicaset/deployment/ns</code> Show all/replicationcontroller/replicaset/deployment objects</br>
<code>kubectl get <all/pods/replicationcontroller/replicaset/deployment/ns/svc/nodes</code> Show all/replicationcontroller/replicaset/deployment/namespace/service objects</br>
<code>kubectl get pods -o wide</code> Show all pods with more info</br>
<code>kubectl get pods -o wide</code> Show all pods with more info</br>
</br>
<code>kubectl get replicationcontroller</code> Show all replication controllers</br>
<code>kubectl get replicaset</code> Show all replica sets</br>


=== run/create ===
=== run/create ===
<code>kubectl run <pod-name> --image=nginx</code> Run new nginx pod</br>
<code>kubectl run <pod-name> --image=nginx</code> Run new nginx pod</br>
<code>kubectl create -f <defintion.yaml></code> Create new object from <definition.yaml> file</br>
<code>kubectl create -f <defintion.yaml></code> Create new object from <definition.yaml> file</br>
<code>kubectl run <pod-name> --image=nginx --dry-run=client -o yaml > sample.yaml</code> Write a defintion file without starting the pod</br>
=== describe/edit/delete ===
=== describe/edit/delete ===
<code>kubectl describe pod <pod-name></code> Describe pod</br>
<code>kubectl describe pod <pod-name></code> Describe pod</br>
Line 20: Line 22:
=== explain ===
=== explain ===
<code>kubectl explain <something></code> Explain <something>
<code>kubectl explain <something></code> Explain <something>
=== label ===
<code>kubectl label <something></code> Edit labels <something>


== Kubernetes Definition Files ==
== Kubernetes Definition Files ==
“Can I have more than one of these?”</br>
Yes → use -</br>
No → don’t use -</br>
=== Example .yaml for Pod ===
=== Example .yaml for Pod ===
This configuration defines a pod named "myapp-pod" that runs a single container using the nginx image.</br>
This configuration defines a pod named "myapp-pod" that runs a single container using the nginx image.</br>
Line 32: Line 39:
     type: front-end
     type: front-end
spec:
spec:
  tolerations:
  - key: "spray"
    operator: "Equal"
    value: "mortein"
    effect: "NoSchedule"
   containers:
   containers:
   - name: nginx-container
   - name: nginx-container
Line 58: Line 70:
   replicas: 3</nowiki>
   replicas: 3</nowiki>


=== Example .yaml for Replica Set ===
=== Example .yaml for ReplicaSet ===
This configuration defines a replica set for the example "myapp-pod" nginx pod.
This configuration defines a replica set for the example "myapp-pod" nginx pod.
  <nowiki>apiVersion: apps/v1
  <nowiki>apiVersion: apps/v1
Line 131: Line 143:
     limit.cpu: "10"
     limit.cpu: "10"
     limit.memory: 10Gi</nowiki>
     limit.memory: 10Gi</nowiki>
== Imperative Commands ==
Can be tested with: <code>--dry-run=client</code></br>
<code>kubectl run --image=nginx nginx</code></br>
<code>kubectl create deployment --image=nginx nginx</code></br>
<code>kubectl expose deployment nginx --port 80</code></br>
<code>kubectl edit deployment nginx</code></br>
<code>kubectl scale deployment nginx --replicas=5</code></br>
<code>kubectl set image deployment nginx nginx=nginx:1.18</code></br>
=== Taint ===
<code>kubectl taint node node01 key=value:NoSchedule</code> Add some taint to node01
=== Node Affinity ===
<code>requiredDuringSchedulingIgnoredDuringExecution</code></br>
<code>preferredDuringSchedulingIgnoredDuringExecution</code>
<nowiki>Deployment:
  spec:
    template:
      spec:
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: color
                  operator: In/NotIn/Exists
                  values:
                  - blue</nowiki>
=== Resource Requests & Limits ===
By default, a container has no limit to the resources it can consume on a node and may suffocate other pods or services on the same node.</br>
Usual best practice: Set Requests with no limits.</br>
<nowiki>spec:
  containers:
    resources:
      requests:
        cpu: 2
        memory: "4Gi"
      limits:
        cpu: 5
        memory: "8Gi"</nowiki>
LimitRange (CPU), applies to namespaces:
<nowiki>apVersion: v1
kind: LimitRange
metadata:
  name: cpu-resource-constraint
spec:
  limits:
  - default: (Limit)
      cpu: 500m
    defaultRequest: (Request)
      cpu: 500m
    max: (Limit)
      cpu: "1"
    min: (Request)
      cpu: 100m
    type:
      Container</nowiki>
LimitRange (CPU), applies to namespaces:
<nowiki>apVersion: v1
kind: LimitRange
metadata:
  name: memory-resource-constraint
spec:
  limits:
  - default: (Limit)
      memory: 1Gi
    defaultRequest: (Request)
      memory: 1Gi
    max: (Limit)
      memory: 1Gi
    min: (Request)
      memory: 500Mi
    type:
      Container</nowiki>
ResourceQuota, applies to namespaces:
<nowiki>apVersion: v1
kind: ResourceQuota
metadata:
  name: my-resource-quota
spec:
  hard:
    requests.cpu: 4
    requests.memory: 4Gi
    limits.cpu: 10
    limits.memory: 10Gi</nowiki>
=== DaemonSets ===
For monitoring or logs (kubeproxy).
Creation is similar to ReplicaSet.</br>
<nowiki>apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: monitoring-daemon
spec:
  template:
    metadata:
      labels:
        app: monitoring-agent
    spec:
      containers:
      - name: monitoring-agent
        image: monitoring-agent
  selector:
    matchLabels:
      app: monitoring-agent</nowiki>
=== Priority Classes ===
System range: 2'147'483'648 - 2'000'000'000</br>
Usable range: 1'000'000'000 - -2'147'483'648</br>
<nowiki>apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: high-priority
value: 1000000000
description: "Priority class for mission critical pods" (optional)
globalDefault: true (optional)
preemptionPolicy: PreemtLowerPriority (default)/ never (optional)</nowiki>
Assign by setting priorityClassName in pod definition under spec.
=== Admission Controllers ===
<code>ps -ef | grep admission</code> Show info about admission plugins
=== Performance and Monitoring ===
<nowiki>kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
serviceaccount/metrics-server created</nowiki>
<code>kubectl top <pod/node></code>
=== Logs ===
<code>kubectl logs <pod/node></code>

Latest revision as of 15:23, 28 January 2026

k8s

kubectl

api-resources

kubectl api-resources List available resources

explain

kubectl explain <pods> --recursive Explain something

get

kubectl get <all/pods/replicationcontroller/replicaset/deployment/ns/svc/nodes Show all/replicationcontroller/replicaset/deployment/namespace/service objects
kubectl get pods -o wide Show all pods with more info

run/create

kubectl run <pod-name> --image=nginx Run new nginx pod
kubectl create -f <defintion.yaml> Create new object from <definition.yaml> file
kubectl run <pod-name> --image=nginx --dry-run=client -o yaml > sample.yaml Write a defintion file without starting the pod

describe/edit/delete

kubectl describe pod <pod-name> Describe pod
kubectl edit pod <pod-name> Edit pod with editor
kubectl delete pod <pod-name> Delete pod from default namespace

scale

kubectl scale --replicas=5 replicaset <replicaset-name> Edit the current replicas without editing the file (fleeting?).

explain

kubectl explain <something> Explain <something>

label

kubectl label <something> Edit labels <something>

Kubernetes Definition Files

“Can I have more than one of these?”
Yes → use -
No → don’t use -

Example .yaml for Pod

This configuration defines a pod named "myapp-pod" that runs a single container using the nginx image.

apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
  labels:
    app: myapp
    type: front-end
spec:
  tolerations:
  - key: "spray"
    operator: "Equal"
    value: "mortein"
    effect: "NoSchedule"
  containers:
  - name: nginx-container
    image: nginx

Example .yaml for Replication Controller

This configuration defines a replication controller for the example "myapp-pod" nginx pod. 

apiVersion: v1
kind: ReplicationController
metadata:
  name: myapp-rc
  labels:
      app: myapp
      type: front-end
spec:
  template:
    metadata:
      name: myapp-pod
      labels:
        app: myapp
        type: front-end
    spec:
      containers:
      - name: nginx-container
        image: nginx
  replicas: 3

Example .yaml for ReplicaSet

This configuration defines a replica set for the example "myapp-pod" nginx pod. 

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: myapp-replicaset
  labels:
      app: myapp
      type: front-end
spec:
  template:
    metadata:
      name: myapp-pod
      labels:
        app: myapp
        type: front-end
    spec:
      containers:
      - name: nginx-container
        image: nginx
  replicas: 3
  selector:
    matchLabels:
      type: front-end

Example .yaml for Deployment

This configuration defines a deployment for the example "myapp-pod" nginx pod. 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-replicaset
  labels:
      app: myapp
      type: front-end
spec:
  template:
    metadata:
      name: myapp-pod
      labels:
        app: myapp
        type: front-end
    spec:
      containers:
      - name: nginx-container
        image: nginx
  replicas: 3
  selector:
    matchLabels:
      type: front-end

Example .yaml for Namespace

This configuration defines a new namespace dev. 

apiVersion: v1
kind: Namespace
metadata:
  name: dev

Command: kubectl create namespace dev

Example .yaml for Resource Quota

This configuration defines a resource quota compute-quota for namespace dev. 

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
  namespace: dev
spec:
  hard:
    pods: "10"
    requests.cpu: "4"
    requests.memory: 5Gi
    limit.cpu: "10"
    limit.memory: 10Gi

Imperative Commands

Can be tested with: --dry-run=client
kubectl run --image=nginx nginx
kubectl create deployment --image=nginx nginx
kubectl expose deployment nginx --port 80
kubectl edit deployment nginx
kubectl scale deployment nginx --replicas=5
kubectl set image deployment nginx nginx=nginx:1.18

Taint

kubectl taint node node01 key=value:NoSchedule Add some taint to node01

Node Affinity

requiredDuringSchedulingIgnoredDuringExecution
preferredDuringSchedulingIgnoredDuringExecution 

Deployment:
  spec:
    template:
      spec:
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: color
                  operator: In/NotIn/Exists
                  values:
                  - blue

Resource Requests & Limits

By default, a container has no limit to the resources it can consume on a node and may suffocate other pods or services on the same node.
Usual best practice: Set Requests with no limits.

spec:
  containers:
    resources:
      requests:
        cpu: 2
        memory: "4Gi"
       limits:
         cpu: 5
         memory: "8Gi"

LimitRange (CPU), applies to namespaces: 

apVersion: v1
kind: LimitRange
metadata:
  name: cpu-resource-constraint
spec:
  limits:
  - default: (Limit)
      cpu: 500m
    defaultRequest: (Request)
      cpu: 500m
    max: (Limit)
      cpu: "1"
    min: (Request)
      cpu: 100m
    type:
      Container

LimitRange (CPU), applies to namespaces: 

apVersion: v1
kind: LimitRange
metadata:
  name: memory-resource-constraint
spec:
  limits:
  - default: (Limit)
      memory: 1Gi
    defaultRequest: (Request)
      memory: 1Gi
    max: (Limit)
      memory: 1Gi
    min: (Request)
      memory: 500Mi
    type:
      Container

ResourceQuota, applies to namespaces: 

apVersion: v1
kind: ResourceQuota
metadata:
  name: my-resource-quota
spec:
  hard:
    requests.cpu: 4
    requests.memory: 4Gi
    limits.cpu: 10
    limits.memory: 10Gi

DaemonSets

For monitoring or logs (kubeproxy). Creation is similar to ReplicaSet.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: monitoring-daemon
spec:
  template:
    metadata:
      labels:
        app: monitoring-agent
    spec:
      containers:
      - name: monitoring-agent
        image: monitoring-agent
  selector:
    matchLabels:
      app: monitoring-agent

Priority Classes

System range: 2'147'483'648 - 2'000'000'000
Usable range: 1'000'000'000 - -2'147'483'648

apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: high-priority
value: 1000000000
description: "Priority class for mission critical pods" (optional)
globalDefault: true (optional)
preemptionPolicy: PreemtLowerPriority (default)/ never (optional)

Assign by setting priorityClassName in pod definition under spec.

Admission Controllers

ps -ef | grep admission Show info about admission plugins

Performance and Monitoring

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
serviceaccount/metrics-server created

kubectl top <pod/node>

Logs

kubectl logs <pod/node>

Retrieved from "http://wiki.6bit.ch/index.php?title=Kubernetes&oldid=276"