GITBOOK-2: No subject

Author: bashlogs

.gitbook/assets/5643187419873280.png

@@ -1,28 +1,49 @@
 ---
-description: Tools we are going to use in this course
+cover: .gitbook/assets/5643187419873280.png
+coverY: 0
+layout:
+  cover:
+    visible: true
+    size: hero
+  title:
+    visible: true
+  description:
+    visible: true
+  tableOfContents:
+    visible: true
+  outline:
+    visible: true
+  pagination:
+    visible: true
 ---
 
-# Tools
+# 👋 Welcome to Kubernetes
 
-## Open Source Kubernetes platform 
+{% hint style="info" %}
+**About this page:** The page summarizes Kubernetes architecture and applications, including components like nodes, API server, scheduler, and its versatility in deployments.
+{% endhint %}
 
-To learn about kubernetes in depth
 
-{% embed url="https://collabnix.github.io/kubelabs/" fullWidth="false" %}
 
-## Where and how to run kubernetes ?
+### Check the pre-requisites and go for the Kubernetes.
 
-### AWS and Google Cloud ( Paid / Billing)
+{% content-ref url="pre-requirements.md" %}
+[pre-requirements.md](pre-requirements.md)
+{% endcontent-ref %}
 
-You have to create instances to run cluster in aws and cloud. Chance of getting bills.
 
-### Katacoda ( Free / Temporary )
 
-It is a free service but it's cluster gets deleted after few minutes.
+### Different way to install cluster on your system.
 
-### Minikube ( Free )
+{% content-ref url="broken-reference" %}
+[Broken link](broken-reference)
+{% endcontent-ref %}
 
-It's let you create cluster on your local machine. Easy to learn from scratch.
 
-{% embed url="https://minikube.sigs.k8s.io/docs/handbook/controls/" %}
+
+### Kubernetes Architecture
+
+{% content-ref url="broken-reference" %}
+[Broken link](broken-reference)
+{% endcontent-ref %}
 

.gitbook/assets/image (1).png

@@ -1,42 +1,77 @@
 # Table of contents
 
-* [Tools](README.md)
-* [Index](index.md)
-* [Source / Documentation](source-documentation.md)
-* [Kubernetes for Beginners](kubernetes-for-beginners/README.md)
-  * [What is containers ?](kubernetes-for-beginners/what-is-containers.md)
-  * [What is container orchestration ?](kubernetes-for-beginners/what-is-container-orchestration.md)
-  * [What is Kubernetes ?](kubernetes-for-beginners/what-is-kubernetes.md)
-  * [What is Cluster ?](kubernetes-for-beginners/what-is-cluster/README.md)
-    * [Pod](kubernetes-for-beginners/what-is-cluster/pod.md)
-    * [Node / Worker Node](kubernetes-for-beginners/what-is-cluster/node-worker-node.md)
-    * [Kubernetes Master](kubernetes-for-beginners/what-is-cluster/kubernetes-master.md)
-    * [Kubernetes Services](kubernetes-for-beginners/what-is-cluster/kubernetes-services.md)
-  * [What is kubectl ?](kubernetes-for-beginners/what-is-kubectl.md)
-  * [Kubernetes Access Control](kubernetes-for-beginners/kubernetes-access-control.md)
-* [Practical with minikube](practical-with-minikube/README.md)
-  * [Installation](practical-with-minikube/installation.md)
-  * [Cluster Setup](practical-with-minikube/cluster-setup.md)
-  * [Minikube commands](practical-with-minikube/minikube-commands.md)
-  * [Deployment](practical-with-minikube/deployment.md)
-  * [Kubernetes Dashboard](practical-with-minikube/kubernetes-dashboard.md)
-  * [YAML File](practical-with-minikube/yaml-file.md)
-  * [Container Runtime](practical-with-minikube/container-runtime.md)
-  * [Volume Management](practical-with-minikube/volume-management.md)
-  * [Config Maps and Secrets](practical-with-minikube/config-maps-and-secrets.md)
-* [Kubernetes for Developers](kubernetes-for-developers/README.md)
-  * [Kubernetes Architecture](kubernetes-for-developers/kubernetes-architecture.md)
-  * [The Borg Heritage](kubernetes-for-developers/the-borg-heritage.md)
-* [Practical - 2](practical-2/README.md)
-  * [Kubernetes Installation in AWS](practical-2/kubernetes-installation-in-aws.md)
-  * [Build](practical-2/build.md)
-* [Temp Bookmarks](temp-bookmarks.md)
-* [NFS Server](nfs-server.md)
-
-## Troubleshooting
-
-* [Basic Troubleshooting](troubleshooting/basic-troubleshooting.md)
-
-## Group 1
-
-* [Other Things](group-1/other-things.md)
+* [👋 Welcome to Kubernetes](README.md)
+* [📚 Pre-Requirements](pre-requirements.md)
+
+## Cluster Setup
+
+* [Kubectl](cluster-setup/kubectl.md)
+* [Minikube](cluster-setup/minikube.md)
+* [K3s](cluster-setup/k3s.md)
+
+## Architecture
+
+* [What is Kubernetes](architecture/what-is-kubernetes.md)
+* [The Borg Heritage](architecture/the-borg-heritage.md)
+* [Kubernetes Arch.](architecture/kubernetes-arch..md)
+* [Containers](architecture/containers.md)
+* [Pods](architecture/pods.md)
+* [Services](architecture/services.md)
+* [Deployment](architecture/deployment.md)
+
+## Build
+
+* [Containerizion](build/containerizion.md)
+* [Dockerfile](build/dockerfile.md)
+* [Deployment](build/deployment.md)
+* [Multi-Container Pod](build/multi-container-pod.md)
+
+## Design
+
+* [Resources Management](design/resources-management.md)
+* [Label and Selector](design/label-and-selector.md)
+* [Jobs and CronJobs](design/jobs-and-cronjobs.md)
+
+## Deployments
+
+* [Basic Commands](deployments/basic-commands.md)
+* [Storage configs](deployments/storage-configs/README.md)
+  * [Volumes](deployments/storage-configs/volumes.md)
+  * [Volume Types](deployments/storage-configs/volume-types.md)
+  * [PVC and PV](deployments/storage-configs/pvc-and-pv.md)
+* [Config Maps](deployments/config-maps.md)
+
+## 🔐 Security
+
+* [Accessing the API](security/accessing-the-api/README.md)
+  * [Authentication](security/accessing-the-api/authentication.md)
+  * [Authorization](security/accessing-the-api/authorization.md)
+  * [Admission Controller](security/accessing-the-api/admission-controller.md)
+* [Security Contest](security/security-contest/README.md)
+  * [Pod Security Policies](security/security-contest/pod-security-policies.md)
+  * [Pod Security Standard](security/security-contest/pod-security-standard.md)
+* [Network Policies](security/network-policies/README.md)
+  * [Example](security/network-policies/example.md)
+* [Practical](security/practical/README.md)
+  * [Security Context](security/practical/security-context.md)
+  * [Create / Consume Secrets](security/practical/create-consume-secrets.md)
+  * [Service Account](security/practical/service-account.md)
+  * [Network Policies](security/practical/network-policies.md)
+  * [Test Policy](security/practical/test-policy.md)
+  * [Assignment](security/practical/assignment.md)
+
+## Services
+
+* [Service Types](services/service-types/README.md)
+  * [Cluster IP](services/service-types/cluster-ip.md)
+  * [NodePort](services/service-types/nodeport.md)
+  * [LoadBalancer](services/service-types/loadbalancer.md)
+* [Container Commands](services/container-commands.md)
+* [Ingress Resources](services/ingress-resources.md)
+
+## Others
+
+* [NFS Server](others/nfs-server.md)
+* [Shortcut](others/shortcut.md)
+* [Podman](others/podman.md)
+* [Overall Architecture](others/overall-architecture.md)

.gitbook/assets/image (2).png

@@ -0,0 +1,52 @@
+# Containers
+
+There are many competing organizations working with containers. As an orchestration tool, Kubernetes is being developed to work with many of them, with the overall community moving toward open standards and easy interoperability. 
+
+The early and strong presence of Docker meant that historically, this was not the focus. As Docker evolved, spreading their vendor-lock characteristics through the container creation and deployment life cycle, new projects and features have become popular. 
+
+As other container engines become mature, Kubernetes continues to become more open and independent.
+
+
+
+## Container Runtime Interface
+
+The goal of the Container Runtime Interface (CRI) is to allow easy integration of container runtimes with kubelet. By providing a protobuf method for API, specifications and libraries, new runtimes can easily be integrated without needing deep understanding of kubelet internals.
+
+
+
+## Types of Containers
+
+### 1. Containerd
+
+The intent of the containerd project is not to build a user-facing tool; instead, it is focused on exposing highly-decoupled low-level primitives. Because of it modularity and low overhead, large cloud providers use this engine. User facing tools such as crictl, ctr, and nerdctl are being further developed.
+
+* ​Defaults to runC to run containers according to the OCI Specifications
+* Intended to be embedded into larger systems
+* Minimal CLI, focused on debugging and development.
+
+### 2. CRI-O
+
+This project is currently in incubation as part of Kubernetes. It uses the Kubernetes Container Runtime Interface with OCI-compatible runtimes, thus the name [CRI-O](https://github.com/cri-o/cri-o). Currently, there is support for runC (default) and Clear Containers, but a stated goal of the project is to work with any OCI-compliant runtime.
+
+### 3. Docker
+
+Launched in 2013
+
+Docker made containerizing, deploying, and consuming applications easy. As a result, it became the default option in production. With an open registry of images, 
+
+[Docker Hub](https://hub.docker.com/), you can download and deploy vendor or individual-created images on multiple architectures with a single and easy to use toolset. 
+
+This ease meant it was the sensible default choice for any developer as well. Issues with rapid updates and interaction with stakeholders lead to major vendors moving away from Docker soon after it became part of Mirantis.
+
+### 4. rkt
+
+The rkt runtime, pronounced rocket, provides a CLI for running containers. Announced by CoreOS in 2014, it is now part of the Cloud Native Computing Foundation family of projects. 
+
+Learning from early Docker issues, it is focused on being more secure, open and interoperable. Many of its features have been met by Docker improvements. 
+
+It is not quite an easy drop-in replacement for Docker, but progress has been made. rkt uses the appc specification, and can run Docker, appc and OCI images. It deploys immutable pods.
+
+
+
+
+

.gitbook/assets/image (3).png

@@ -0,0 +1,57 @@
+# Deployment
+
+A Deployment provides declarative updates for Pods and ReplicaSets.
+
+You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.
+
+
+
+## Creating a Deployment
+
+{% code title="app.yaml" %}
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+```
+{% endcode %}
+
+```
+kubectl create -f app.yaml
+```
+
+### Get the deployments
+
+```
+kubectl get deployment
+```
+
+### Scale the Deployment
+
+```
+kubectl scale deployment nginx --replicas=4
+```
+
+### Delete the deployments
+
+```
+kubectl delete deployment nginx
+```

.gitbook/assets/image (4).png

@@ -0,0 +1,45 @@
+# Kubernetes Arch.
+
+<figure><img src="../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
+
+In its simplest form, Kubernetes is made of one or more central managers (aka masters) and worker nodes. The manager runs an API server, a scheduler, various operators and a datastore to keep the state of the cluster, container settings, and the networking configuration.
+
+Kubernetes exposes an API via the API server. you can communicate with the API using a local client called kubectl or you can write your own client. The kube-scheduler sees the API requests for running a new container and finds a suitable node to run that container.&#x20;
+
+Each node in the cluster runs two components: kubelet and kube-proxy. The kubelet systemd service receives spec information for container configuration, downloads and manages any necessary resources and works with the container engine on the local node to ensure the container runs or is restarted upon failure. The kube-proxy pod creates and manages local firewall rules and networking configuration to expose containers on the network.
+
+
+
+## Control Plane Nodes
+
+The Kubernetes master runs various server and manager processes for the cluster. Among the components of the master node are the kube-apiserver, the kube-scheduler, and the etcd database. As the software has matured, new components have been created to handle dedicated needs, such as the cloud-controller-manager; it handles tasks once handled by the kube-controller-manager to interact with other tools, such as Rancher or DigitalOcean for third-party cluster management and reporting.
+
+### 1. Kube-apiserver
+
+All calls, both internal and external traffic, are handled via this agent. All actions are accepted and validated by this agent, and it is the only agent which connects to the etcd database. As a result, it acts as a master process for the entire cluster, and acts as a frontend of the cluster's shared state. Each API call goes through three steps: authentication, authorization, and several admission controllers.
+
+### 2. Kube Scheduler
+
+The kube-scheduler uses an algorithm to determine which node will host a Pod of containers. The scheduler will try to view available resources (such as available CPU) to bind, and then assign the Pod based on availability and success. The scheduler uses pod-count by default, but complex configuration is often done if cluster-wide metrics are collected.
+
+### 3. etcd Database
+
+The state of the cluster, networking, and other persistent information is kept in an etcd database, or, more accurately, a _b+tree_ key-value store. Rather than finding and changing an entry, values are always appended to the end. Previous copies of the data are then marked for future removal by a compaction process. It works with curl and other HTTP libraries, and provides reliable watch queries.
+
+### 4. Kube Controller Manager
+
+The kube-controller-manager is a core control loop daemon which interacts with the kube-apiserver to determine the state of the cluster. If the state does not match, the manager will contact the necessary controller to match the desired state. There are several controllers in use, such as endpoints, namespace, and replication. The full list has expanded as Kubernetes has matured.
+
+
+
+## Worker Node
+
+All worker nodes run the kubelet and kube-proxy, as well as the container engine, such as containerd or cri-o. Other management daemons are deployed to watch these agents or provide services not yet included with Kubernetes.
+
+### Kubelet
+
+The kubelet interacts with the underlying Docker Engine also installed on all the nodes, and makes sure that the containers that need to run are actually running. The kubelet agent is the heavy lifter for changes and configuration on worker nodes. It accepts the API calls for Pod specifications (a PodSpec is a JSON or YAML file that describes a Pod). It will work to configure the local node until the specification has been met.
+
+### Kube-proxy
+
+The kube-proxy is in charge of managing the network connectivity to the containers. It does so through the use of iptables entries. It also has the userspace mode, in which it monitors Services and Endpoints using a random high-number port to proxy traffic. Use of ipvs can be enabled, with the expectation it will become the default, replacing iptables.

.gitbook/assets/image (5).png

@@ -0,0 +1,46 @@
+# Pods
+
+The whole point of Kubernetes is to orchestrate the life cycle of a container. We do not interact with particular containers. Instead, the smallest unit we can work with is a [Pod](https://kubernetes.io/docs/concepts/workloads/pods/pod/).
+
+A Pod is similar to a set of containers with shared namespaces and shared filesystem volumes.
+
+Pods in a Kubernetes cluster are used in two main ways:
+
+* **Pods that run a single container**. The "one-container-per-Pod" model is the most common Kubernetes use case; in this case, you can think of a Pod as a wrapper around a single container; Kubernetes manages Pods rather than managing the containers directly.
+*   **Pods that run multiple containers that need to work together**. A Pod can encapsulate an application composed of [multiple co-located containers](https://kubernetes.io/docs/concepts/workloads/pods/#how-pods-manage-multiple-containers) that are tightly coupled and need to share resources. These co-located containers form a single cohesive unit.
+
+    Grouping multiple co-located and co-managed containers in a single Pod is a relatively advanced use case. You should use this pattern only in specific instances in which your containers are tightly coupled.
+
+### Run the pod using command
+
+```
+kubectl run newpod --image=nginx --generator=run-pod/v1
+```
+
+### Run the pod using a file
+
+{% code title="simple-pod.yaml" %}
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.14.2
+    ports:
+    - containerPort: 80
+```
+{% endcode %}
+
+```
+kubectl apply -f simple-pod.yaml
+```
+
+### To view pods
+
+```
+kubectl get pods
+kubectl get pods -o wide
+```