Skip to content

Kubernetes

  • scopes indicate what access the nodes of clusters will have
  • Deployment deploy and manage pods that offers
    • upgrading strategy such as .strategy.type: RollingUpdate
    • ability record rollout history kubectl apply --record and rollback a deployment to previous version kubectl rollout undo deployment
    • maintain .replicas number of pods of type .selector.matchLabels all the time
  • Service types:
    • ClusterIP: internal IP, accessible only from within the cluster
    • NodePort: exposes same port on all nodes. Reachable via <nodeIP>:<port>
    • LoadBalancer: On GKE, uses Network Load Balancer that allocates a new IP for each service
      • A service with no selector requires an explicit Endpoint
    • ExternalName: maps service to an external name, useful for services running database, or another cluster
  • Ingress exposes manages external access to services within the cluster, typically HTTP(S)
    • Ingress provides load balancing, SSL termination and name-based virtual hosting
    • On GKE, Ingress spins up L7 HTTP load balancer that uses only one IP for each service.
    • other http proxy servers such as Nginx, istio and others can be used
    • types:
      • Single service: only backend section without rules
      • Simple fanout: one host with multiple paths, each pointing to different service
      • Virtual hosts: multiple host names each pointing to different service
  • various workload types offered: Deployment, Job, DaemonSets
    • controller manage pods by scheduling, providing health-check etc
    • use templates to create pods
  • use minikube service command to connect to a service that doesn't have an external IP
  • Pod can contain 1+ containers, but all share same IP, volume etc
  • Allows A/B testing and rolling updates

clusters

  • cluster autoscaler automatically resizes number of nodes from min to max in a node pool

gcloud

  • cluster: create, delete, obtain credentials gcloud auth configure-docker # configure docker to authenticate using gcloud gcloud container clusters {create,delete,get-credentials} [CLUSTER-NAME]
  • build image: gcloud builds submit --tag gcr.io/$PROJECT/app:v1

kubectl

  • create deployment: kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0
  • update deployment: kubectl set image deployment/hello-server --image=gcr.io/google-samples/hello-app:2.0 [--record]
  • edit deployment: kubectl edit deployment/hello-server
  • scale up/down: kubectl scale --replicas=3 deployment/mysql
  • autoscale: kubectl autoscale --min=3 --max=5 --cpu=80 deployment/mysql
  • expose deployment: kubectl expose deployment hello-server --type=LoadBalancer --port 8080
  • record command in deployment history: kubectl apply -f sa-frontend-deployment-green.yaml --record
  • check rollout history: kubectl rollout history deployment sa-frontend
  • rollback deployment: kubectl rollout undo deployment sa-frontend --to-revision=1
  • get information: kubectl get service kubectl get pods [pod] --show-labels kubectl config view # show default cluster and auth
  • redirect local port to k8s: kubectl port-forward pod/mypod <local-prt>:<pod-port>
  • grant role: kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account)

Helm package manager

kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

./helm repo add stable https://kubernetes-charts.storage.googleapis.com
./helm repo update
./helm install -n default cd stable/spinnaker -f spinnaker-config.yaml --version 1.23.0 --timeout 10m0s --wait