Skip to content

K8s

K8s Port

K8s api is available at 6443 port

Architecture

High Availability

Classic architecture for high availability

  • 3 Controllers
  • 5 Workers

Terms

  • Manager / Controller orchestrate the load.

  • Node / Worker execute the workload.

  • Namespaces are workspaces that can be filtered by user.

  • Pods are a small group of containers sharing same network, can discuss on localhost and sharing mounting points too. (But )
  • Reverse-Proxy Pods specific pod running a L7 reverse proxy.
  • Side-Car are small container hookted to a pods. As is place beetween pods and the others k8s services, the side car do MiTM and can provide a lot of services to pods. Authentification, autorization, and more.
  • Ingress Controller is a reverse proxy acting as a gateway to k8s.
  • Services are L4 load balancers.
  • LoadBalancer/Ingress Controller are L4 load balancers acting as a gateway beetween internet and k8s.

  • ClusterIP are L4 load balancers before pods.

  • CNI provide network functions to k8s.

Tooling

  • kubectl is a client to interact with k8s nodes and clusters. You can control remote or local k8s installation.
  • Helm is a package manager for k8s. It can do templating and distribute a complete app.
  • K9s is a terminal UI design to interact easily with k8s clusters.

Components

Dashboard

K8S provide a web dashboard for monitoring.

Install the dashboard

Bash
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml

Kubectl

Proxify k8s to localhost

Bash
kubectl proxy

Get informations from cluster

Bash
kubectl cluster-info

Configuration

Config file

The kubectl config is available in ./kube/

Show the kubectl config

Bash
kubectl config view

Pods

Show list of running pods

Bash
# Get the all list of pods
kubectl get pods
# Get a specific pod
kubectl get pod <podName>

Get list of pods from a namespace

Bash
kubectl get pod -n <namespace>

Namespaces

Create namespace

Bash
kubectl create -f ./myNamespace.yaml

Namespace template

YAML
apiVersion: v1
kind: Namespace
metadata:
  name: <namespaceName>

Delete/List namespaces

Bash
kubectl delete/get namespaces

User

Service Account

List service accounts

Bash
kubectl get serviceAccounts

Create / Delete service account

Bash
# Create
kubectl create serviceaccount/<userAccount>
# Delete
kubectl delete serviceaccount/<userAccount>

Create an account from a .yaml file

Bash
kubectl create -f <file.yaml>

ServiceAccount Template

YAML
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: <username>
  namespace: <namespace>
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: <username>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: <username>
subjects:
- kind: ServiceAccount
  name: <username>
  namespace: <namespace>

Sources