- K3s
- Helm
- Kubectl
- service account
- call kubernetes api within a pod
- buzybox
- formation
- advanced k8s concepts https://adevinta.docebosaas.com/learn/courses/228/advanced-kubernetes-1-core-concepts/lessons
- Running Kubernetes on AWS (EKS) (2021) https://adevinta.docebosaas.com/learn/courses/227/running-kubernetes-on-aws-eks-2021/lessons/1364:160/running-kubernetes-on-aws-eks-2021
- Running Kubernetes on AWS (EKS) https://adevinta.docebosaas.com/learn/courses/245/running-kubernetes-on-aws-eks/lessons/1402:196/running-kubernetes-on-aws-eks
docker
Kubernetes
→ K3s
→ Install
sudo apt -y install open-iscsi
curl -sfL https://get.k3s.io | sh -
sudo cp /etc/rancher/k3s/k3s.yaml .kube/config
sudo kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.1.2/deploy/longhorn.yaml
→ Stop/Start
/usr/local/bin/k3s-killall.sh
systemctl start k3s
→ Run together with other remote
export KUBECONFIG=~/.kube/config-k3s
# use tools
kubectl ...
helm ...
k9s ...
→ Helm
→ Pass variables
helm install airflow apache-airflow/airflow --namespace airflow --values custom-values.yml
→ Kubectl
→ Volumes
# List the pvc
kubectl get pvc -n airflow
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
logs-airflow-worker-0 Bound pvc-4e9fdfef-7a16-4299-b68a-89ee92a12589 100Gi RWO local-path 8m15s
data-airflow-postgresql-0 Bound pvc-94c585fd-451f-4728-a790-f6b61a2f2b6e 8Gi RWO local-path 8m15s
redis-db-airflow-redis-0 Bound pvc-95d2ca98-0fe3-424b-a939-6ffd23edacc7 1Gi RWO local-path 8m15s
# Delete one pvc
kubectl delete pvc logs-airflow-worker-0 -n airflow
# Delete ALL the pvc
kubectl delete pvc -n airflow --all
→ service account
- pod using a service account get access to services
- secrets are mounted in the pod
- it can also be environment variables
- a given service account is bounded to a namespace
→ call kubernetes api within a pod
curl -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default/api/v1/namespaces/dev-data-streams/pods?labelSelector=app%3Ddev-flink-cluster-session%2Ccomponent%3Dtaskmanager%2Ctype%3Dflink-native-kubernetes&resourceVersion=0&allowWatchBookmarks=true&watch=true
→ buzybox
kubectl run -i --tty --rm debug --image=ubuntu --restart=Never -n the-namespace -- bash
## Pod Security Policy
- [history of psp](https://kubernetes.io/blog/2022/08/23/podsecuritypolicy-the-historical-context/)
- [migration to psa](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/)
→ formation
→ advanced k8s concepts https://adevinta.docebosaas.com/learn/courses/228/advanced-kubernetes-1-core-concepts/lessons
control-plane
- scheduler
- apiserver
- controller-manager
worker
kubelet
kube-proxy: it's in fact a controller, it pulls ips from the etcd and sync the local iptables so that traffic to the pods works
container runtime
kernel space:
user space:
etcd keeper: to query etcd, it's like a filesystem with yaml stored as binaries
service account works with a security token
cloud manager controler: the only component to talk to the cloud provider
horizontal pod autoscaler: scales pods
cluster autoscaler: scales nodes
cluster dns: attaches dns to internal load balancers (=Services resources). It calls the kube api to get the results and returns the response as a dns
cert-manager:
ingress controller: has pods that redirect outside traffics to those pod (nginx proxy), it reconciles the ingress resources
cloud controler managers, service controler: creates the external load balancer
external dns: attaches dns to external load balancers (=NLB, ELB...) it syncs route53, it's a controler that reconciles Service resources of type LoadBalancer: it grabs the public IP and puts it in route 53
→ Running Kubernetes on AWS (EKS) (2021) https://adevinta.docebosaas.com/learn/courses/227/running-kubernetes-on-aws-eks-2021/lessons/1364:160/running-kubernetes-on-aws-eks-2021
- ingress-controller (eg: nginx-controller)
- eksctl : command line for eks
k get configmaps --namespace kube-system aws-auth -o yaml|yq
→ Running Kubernetes on AWS (EKS) https://adevinta.docebosaas.com/learn/courses/245/running-kubernetes-on-aws-eks/lessons/1402:196/running-kubernetes-on-aws-eks
to give access publicly to a pod:
- make your subnets discoverable by the aws load-balancer-controller by adding specific tags
- load-balancer-controller w/ a service account able to create a ELB (elastic load balancer)
- create an ingress
