├── Jobs ├── job-parallelism.yaml ├── pod-definition-restart-polity-always.yaml ├── pod-definition-restart-polity-never.yaml ├── job-definition.yaml ├── multiple-pods-definition.yaml ├── job-completions.yaml └── Readme.md ├── img ├── aww.gif ├── cron.png ├── k8s.png ├── final.png ├── killer.png ├── adapter.png ├── katakoda.png ├── pod │ └── pod.png ├── sidecar.png ├── ambassador.png ├── cheat-sheet.png ├── docker-architecture.png └── dockerfile-image-container.png ├── Services ├── namespace.yaml ├── 00-basic-service-definition.yml ├── pod.yml └── Readme.md ├── Secrets ├── secret.yaml ├── pod-defination.yaml └── Readme.md ├── Nodes └── Readme.md ├── Volumes ├── Persistent-Volumne-Claim.yaml ├── Persistent-Volume.yaml ├── pod-volumn.yaml ├── pvc-in-pod.yaml ├── simple-volume-example.yaml └── Readme.md ├── Resource-quota ├── 01-mem-cpu-demo.yml ├── 02-quota-mem-cpu-pod.yml └── Readme.md ├── Labels-Selectors-Annotations ├── pod-definition.yaml ├── replicaset-definition.yaml └── Readme.md ├── ConfigMaps ├── config-map.yaml ├── configmap-in-pod.yaml └── Readme.md ├── commands-arguments-containers.md ├── Networking-Policy ├── ingress-example.yaml ├── ingress-service.yaml ├── deployment-ingress-controller.yaml └── Readme.md ├── Variables └── Readme.md ├── Deployment ├── 02-deployment-definition.yml ├── basic-deployment.yaml ├── 01-deployment-definition.yml └── Readme.md ├── Replication-controller ├── rc-definition.yml └── Readme.md ├── Replicaset ├── 01-replicaset-definition.yml ├── 02-replicaset-definition.yml └── Readme.md ├── Multicontainer ├── multi-container.yaml └── Readme.md ├── commands-observability.md ├── Pods └── Readme.md ├── Rolling-Updates-Rollbacks-in-Deployments └── Readme.md ├── Service-Account └── Readme.md ├── Getting-started-Imperative-Commands ├── deployments.md ├── namespaces.md ├── services.md └── pods.md ├── Node-Selector-and-Node-Affinity └── Readme.md ├── Taints-and-Tolerations └── Readme.md ├── OtherTopics └── Security.md ├── commands-logging-debugging.md ├── Kubernetes-Security-Context └── Readme.md ├── Helm └── Readme.md ├── Readiness-and-Liveness-Probes └── Readme.md ├── more-commands.md └── README.md /Jobs/job-parallelism.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /img/aww.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/aww.gif -------------------------------------------------------------------------------- /img/cron.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/cron.png -------------------------------------------------------------------------------- /img/k8s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/k8s.png -------------------------------------------------------------------------------- /img/final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/final.png -------------------------------------------------------------------------------- /img/killer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/killer.png -------------------------------------------------------------------------------- /img/adapter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/adapter.png -------------------------------------------------------------------------------- /img/katakoda.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/katakoda.png -------------------------------------------------------------------------------- /img/pod/pod.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/pod/pod.png -------------------------------------------------------------------------------- /img/sidecar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/sidecar.png -------------------------------------------------------------------------------- /img/ambassador.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/ambassador.png -------------------------------------------------------------------------------- /img/cheat-sheet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/cheat-sheet.png -------------------------------------------------------------------------------- /img/docker-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/docker-architecture.png -------------------------------------------------------------------------------- /img/dockerfile-image-container.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edithturn/CKAD-training/HEAD/img/dockerfile-image-container.png -------------------------------------------------------------------------------- /Services/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | creationTimestamp: null 5 | name: myns 6 | spec: {} 7 | status: {} 8 | -------------------------------------------------------------------------------- /Secrets/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: app-secret 5 | data: 6 | DB_Host: mysql 7 | DB_User: cm9vdA 8 | DB_Password: cGFzdfesa -------------------------------------------------------------------------------- /Nodes/Readme.md: -------------------------------------------------------------------------------- 1 | ```bash 2 | # Check the Labels exist in a node 3 | k describe node 4 | ``` 5 | 6 | ```bash 7 | # Check the pods in a specific node 8 | kubectl get pods --field-selector spec.nodeName= -o wide 9 | ``` 10 | -------------------------------------------------------------------------------- /Volumes/Persistent-Volumne-Claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: claim-log-1 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 50Mi -------------------------------------------------------------------------------- /Volumes/Persistent-Volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: foo-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 1Gi 10 | hostPath: 11 | path: /tmp/data -------------------------------------------------------------------------------- /Jobs/pod-definition-restart-polity-always.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: math-pod 5 | spec: 6 | containers: 7 | - name: math-add 8 | image: ubuntu 9 | command: ['expr', '3', '+', '2'] 10 | restartPolicy: Always -------------------------------------------------------------------------------- /Jobs/pod-definition-restart-polity-never.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: math-pod 5 | spec: 6 | containers: 7 | - name: math-add 8 | image: ubuntu 9 | command: ['expr', '3', '+', '2'] 10 | restartPolicy: Never -------------------------------------------------------------------------------- /Resource-quota/01-mem-cpu-demo.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: mem-cpu-demo 5 | spec: 6 | hard: 7 | requests.cpu: "1" 8 | requests.memory: 1Gi 9 | limits.cpu: "2" 10 | limits.memory: 2Gi 11 | 12 | -------------------------------------------------------------------------------- /Services/00-basic-service-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: myapp-service 5 | spec: 6 | type: NodePort 7 | ports: 8 | - targetPort: 80 9 | port: 80 10 | nodePort: 30008 11 | selector: 12 | app: myapp 13 | type: front-end -------------------------------------------------------------------------------- /Jobs/job-definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: mth-aa-job 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: math-add 10 | image: ubuntu 11 | command: ["expr", "3", "+", "2"] 12 | restartPolicy: Never 13 | -------------------------------------------------------------------------------- /Jobs/multiple-pods-definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | random-error-job 5 | spec: 6 | completions: 3 7 | template: 8 | spec: 9 | containers: 10 | - name: random-error 11 | image: kodecloud/random-error 12 | 13 | restartPolicy: Never -------------------------------------------------------------------------------- /Labels-Selectors-Annotations/pod-definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: simple-webapp 5 | labels: 6 | app: App1 7 | function: Front-end 8 | spec: 9 | containers: 10 | - name: simple-webapp 11 | image: simple-webapp 12 | ports: 13 | - containerports: 8080 -------------------------------------------------------------------------------- /ConfigMaps/config-map.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: webapp-config-map 5 | data: 6 | APP_COLOR: blue 7 | APP_MODE: prod 8 | 9 | 10 | --- 11 | 12 | apiVersion: v1 13 | kind: ConfigMap 14 | metadata: 15 | name: app-config 16 | data: 17 | APP_COLOR: blue 18 | APP_MODE: prod -------------------------------------------------------------------------------- /commands-arguments-containers.md: -------------------------------------------------------------------------------- 1 | # Managing command in containers 2 | 3 | - args: ["-c", "while true; do date >> /var/log/app.txt; sleep 5; done"] 4 | - args: [/bin/sh, -c, 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'] 5 | - args: ["-c", "mkdir -p collect; while true; do cat /var/data/\*> /collect/data.txt; sleep 10; d 6 | -------------------------------------------------------------------------------- /Services/pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | run: nginx 7 | name: nginx1 8 | namespace: mynamespace 9 | spec: 10 | containers: 11 | - image: nginx 12 | name: nginx 13 | resources: {} 14 | dnsPolicy: ClusterFirst 15 | restartPolicy: Never 16 | status: {} 17 | -------------------------------------------------------------------------------- /Secrets/pod-defination.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: simple-webapp-color 5 | labels: 6 | name: simple-webapp-color 7 | spec: 8 | containers: 9 | - name: simple-webapp-color 10 | image: simple-webapp-color 11 | ports: 12 | - containerPort: 8080 13 | envFrom: 14 | - secretRef: 15 | name: app-secret 16 | -------------------------------------------------------------------------------- /Resource-quota/02-quota-mem-cpu-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: quota-mem-cpu-demo 5 | spec: 6 | containers: 7 | - name: quota-mem-cpu-demo-ctr 8 | image: nginx 9 | resources: 10 | limits: 11 | memory: "800Mi" 12 | cpu: "800m" 13 | requests: 14 | memory: "600Mi" 15 | cpu: "400m" 16 | -------------------------------------------------------------------------------- /Networking-Policy/ingress-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | namespace: critical-space 6 | annotations: 7 | nginx.ingress.kubernetes.io/rewrite-target: / 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - path: /pay 13 | backend: 14 | serviceName: pay-service 15 | servicePort: 8282 -------------------------------------------------------------------------------- /Variables/Readme.md: -------------------------------------------------------------------------------- 1 | # Variables in Kubernetes 2 | docker run -e APP_COLOR=pink simple-webapp-color 3 | 4 | ```bash 5 | apiVersion: v1 6 | kind: Pod 7 | metadata: 8 | name: simple-webapp-color 9 | spec: 10 | containers: 11 | - name: simple-webapp-color 12 | image: simple-webapp-color 13 | ports: 14 | - containerPort: 8080 15 | env: 16 | - name: APP_COLOR 17 | value: pink 18 | ``` -------------------------------------------------------------------------------- /Deployment/02-deployment-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | labels: 6 | app: http 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: http 12 | template: 13 | metadata: 14 | labels: 15 | app: http 16 | spec: 17 | containers: 18 | - name: frontend 19 | image: httpd:2.4-alpine -------------------------------------------------------------------------------- /Networking-Policy/ingress-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: ingress 5 | namespace: ingress-space 6 | spec: 7 | type: NodePort 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | protocol: TCP 12 | nodePort: 30080 13 | name: http 14 | - port: 443 15 | targetPort: 443 16 | protocol: TCP 17 | name: https 18 | selector: 19 | name: nginx-ingress -------------------------------------------------------------------------------- /Volumes/pod-volumn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: webapp 5 | spec: 6 | containers: 7 | - name: event-simulator 8 | image: kodecloud/event-simulator 9 | env: 10 | - name: LOG_HANDLERS 11 | value: file 12 | volumeMounts: 13 | - mountPath: /log 14 | name: log-volume 15 | volumes: 16 | - name: log-volume 17 | hostPath: 18 | path: /var/log/webapp -------------------------------------------------------------------------------- /Volumes/pvc-in-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: webapp 5 | spec: 6 | containers: 7 | - name: event-simulator 8 | image: kodekloud/event-simulator 9 | env: 10 | - name: LOG_HANDLERS 11 | value: file 12 | volumeMounts: 13 | - mountPath: /log 14 | name: log-volume 15 | volumes: 16 | - name: log-volume 17 | persistentVolumeClaim: 18 | claimName: claim-log-1 -------------------------------------------------------------------------------- /Replication-controller/rc-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: myapp-example 5 | labels: 6 | app: myapp 7 | type: front-end 8 | spec: 9 | template: 10 | metadata: 11 | name: myapp-pod 12 | labels: 13 | app: myapp 14 | type: front-end 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx 19 | replicas: 3 20 | -------------------------------------------------------------------------------- /Deployment/basic-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.14.2 20 | ports: 21 | - containerPort: 80 -------------------------------------------------------------------------------- /Volumes/simple-volume-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: random-number-generator 5 | spec: 6 | containers: 7 | - name: alpine 8 | image: alpine 9 | command: ["/bin/sh", "-c"] 10 | args: ["shuf -i 0-100 -n 1 >> /opt/number.out;"] 11 | volumeMounts: 12 | - mountPath: /opt 13 | name: data-volume 14 | volumes: 15 | - name: data-volume 16 | hostPath: 17 | path: /data 18 | type: Directory -------------------------------------------------------------------------------- /Labels-Selectors-Annotations/replicaset-definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReaplicaSet 3 | metadata: 4 | name: simple-webapp 5 | labels: 6 | app: App1 7 | function: Front-end 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: App1 13 | template: 14 | metadata: 15 | labels: 16 | app: App1 17 | function: Front-end 18 | spec: 19 | containers: 20 | - name: simple-webapp 21 | image: simple-webapp -------------------------------------------------------------------------------- /Deployment/01-deployment-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: myapp-deployment 5 | labels: 6 | app: myapp 7 | type: front-end 8 | spec: 9 | template: 10 | metadata: 11 | name: myapp-pod 12 | labels: 13 | app: myapp 14 | type: front-end 15 | tier: front-end 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx 20 | replicas: 3 21 | selector: 22 | matchLabels: 23 | tier: front-end 24 | -------------------------------------------------------------------------------- /Replicaset/01-replicaset-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: myapp-replicaset 5 | labels: 6 | app: myapp 7 | type: front-end 8 | spec: 9 | template: 10 | metadata: 11 | name: myapp-pod 12 | labels: 13 | app: myapp 14 | type: front-end 15 | tier: front-end 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx 20 | replicas: 3 21 | selector: 22 | matchLabels: 23 | tier: front-end 24 | -------------------------------------------------------------------------------- /Replicaset/02-replicaset-definition.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: myapp-replicaset-scaled 5 | labels: 6 | app: myapp 7 | type: front-end 8 | spec: 9 | template: 10 | metadata: 11 | name: myapp-pod 12 | labels: 13 | app: myapp 14 | type: front-end 15 | tier: front-end 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx 20 | replicas: 6 21 | selector: 22 | matchLabels: 23 | tier: front-end 24 | -------------------------------------------------------------------------------- /Jobs/job-completions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | run: busybox 7 | name: busybox 8 | spec: 9 | completions: 5 # add this line 10 | template: 11 | metadata: 12 | creationTimestamp: null 13 | labels: 14 | run: busybox 15 | spec: 16 | containers: 17 | - args: 18 | - /bin/sh 19 | - -c 20 | - echo hello;sleep 30;echo world 21 | image: busybox 22 | name: busybox 23 | resources: {} 24 | restartPolicy: OnFailure 25 | status: {} -------------------------------------------------------------------------------- /Multicontainer/multi-container.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | run: busybox 7 | name: busybox 8 | spec: 9 | containers: 10 | - args: 11 | - /bin/sh 12 | - -c 13 | - ls; sleep 3600 14 | image: busybox 15 | name: busybox1 16 | - args: 17 | - /bin/sh 18 | - -c 19 | - echo Hello World; sleep 3600; 20 | image: busybox 21 | name: busybox2 22 | - args: 23 | - /bin/sh 24 | - -c 25 | - echo this is the third container; sleep 3600 26 | image: busybox 27 | name: busybox3 28 | resources: {} 29 | dnsPolicy: ClusterFirst 30 | restartPolicy: Always 31 | status: {} 32 | -------------------------------------------------------------------------------- /ConfigMaps/configmap-in-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | labels: 5 | name: webapp-color 6 | name: webapp-color 7 | namespace: default 8 | spec: 9 | containers: 10 | - envFrom: 11 | - configMapRef: 12 | name: webapp-config-map 13 | image: kodekloud/webapp-color 14 | name: webapp-color 15 | 16 | --- 17 | apiVersion: v1 18 | kind: Pod 19 | metadata: 20 | name: simple-web-color 21 | labels: 22 | name: simple-webapp-color 23 | spec: 24 | containers: 25 | - name: simple-webbapp-color 26 | image: simple-webbapp-color 27 | ports: 28 | - containerPort: 8080 29 | envFrom: 30 | - configMapRef: 31 | name: app-config 32 | -------------------------------------------------------------------------------- /commands-observability.md: -------------------------------------------------------------------------------- 1 | # Observability\*\* 2 | 3 | ```bash 4 | # Collect failed pods by namespace, searching for events where the Liveness probe failed 5 | kubectl -n qa get events | grep -i 'Liveness probe failed' 6 | 7 | # Check pods in all namespaces with READY status = 0 (not ready) 8 | k get pod --all-namespaces | grep -i 0 9 | 10 | # Check the Liveness status of the 'nginx' pod 11 | kubectl describe pod nginx | grep -i liveness 12 | 13 | # Check the Readiness status of the 'nginx' pod 14 | kubectl describe pod nginx | grep -i readiness 15 | 16 | # View error events in the cluster 17 | kubectl get events | grep -i error 18 | 19 | # Copy the 'passwd' file from the 'busybox' container to the local machine 20 | kubectl cp busybox:etc/passwd ./passwd 21 | ``` 22 | -------------------------------------------------------------------------------- /Pods/Readme.md: -------------------------------------------------------------------------------- 1 | ```bash 2 | kubectl replace --force /tmp/kubectl-edit-2354563.yaml 3 | kubectl get clusterroles --no-headers | wc -k 4 | kubectl get nodes --as michelle 5 | 6 | kubectl api-resources 7 | ``` 8 | 9 | k -n moon exec secret-handler -- env | grep SECRET1 10 | k -n moon exec secret-handler -- cat /tmp/secret2/key 11 | k -n moon exec secret-handler -- find /tmp/secret2 12 | 13 | ```` 14 | 15 | 16 | 17 | ```bash 18 | kubectl logs -n ckad-multi-containers pods/static-web-server main-container 19 | ```` 20 | 21 | more complext commands: 22 | 23 | ```bash 24 | k run ckad-ubuntu-qwfefefwe -n ckad-pod-design --image=ubuntu $do --command -- /bin/sh -c "sleep 3600" > 4-pod.yaml 25 | ``` 26 | 27 | ```bash 28 | kubectl get pods -A -o=custom-columns='POD_NAME:metadata.name,IP_ADDR:status.podIP' --sort-by=.status.podIP > /root/pod_ips_ckad02_svcn 29 | ``` 30 | -------------------------------------------------------------------------------- /Multicontainer/Readme.md: -------------------------------------------------------------------------------- 1 | # **Pod multi container** 2 | 3 | ```bash 4 | # Create the pod with a contianer 5 | kubectl --dry-run=client -o yaml busybox --image=busybox -- /bin/bash -c "ls; sleep 3600" > multi-container.yaml 6 | 7 | # Edit the pod to add more container 8 | vim multi-container.yaml 9 | ``` 10 | 11 | ```bash 12 | # See the logs of cotainer busybox1 13 | $ kubectl logs busybox -c busybox1 14 | bin 15 | dev 16 | etc 17 | home 18 | proc 19 | root 20 | sys 21 | tmp 22 | usr 23 | var 24 | ``` 25 | ```bash 26 | # See the logs of cotainer busybox2 27 | kubectl logs busybox -c busybox2 28 | ``` 29 | ```console 30 | $ Hello World 31 | ``` 32 | ```bash 33 | # See the logs of cotainer busybox3 34 | kubectl logs busybox -c busybox3 35 | ``` 36 | ```console 37 | $ this is the third container 38 | ``` 39 | ```bash 40 | # Run commands ls in the third container busybox3 41 | kubectl exec busybox -c busybox -- ls 42 | ``` 43 | -------------------------------------------------------------------------------- /Resource-quota/Readme.md: -------------------------------------------------------------------------------- 1 | # Resource Quota 2 | 3 | ## 01 example | 01-mem-cpu-demo.yml 4 | ```bash 5 | # Create a quota from a ResourceQuota definition 6 | kubectl create -f mem-cpu-demo --namespace=dev 7 | 8 | # Create a resource quota -> imperative 9 | kubectl create quota myrq --hard=cpu=1,memory=1G,pods=2 --dry-run=client -o yaml 10 | 11 | # View detailed information about the ResourceQuota: 12 | kubectl get resourcequota mem-cpu-demo --namespace=dev --output=yaml 13 | ``` 14 | 15 | ## 02 example | 02-quota-mem-cpu-pod.yml 16 | 17 | ```bash 18 | # Create ResourceQuota for a Pod 19 | kubectl create -f quota-mem-cpu-pod.yml --namespace=quota-mem-cpu-example 20 | 21 | # Verity that the Pod's Container is running 22 | kubectl get pod quota-mem-cpu-demo --namespace=quota-mem-cpu-example 23 | 24 | # View detailed information about the ResourceQuota 25 | kubectl get resourcequota mem-cpu-demo --namespace=quota-mem-cpu-example --output=yaml 26 | 27 | ``` -------------------------------------------------------------------------------- /Rolling-Updates-Rollbacks-in-Deployments/Readme.md: -------------------------------------------------------------------------------- 1 | ## Rolling Updates 2 | 3 | When we create a deployment, it triggers a rollout, a new rollout created a new deployment revision. 4 | Rolling update is the default deployment strategi 5 | 6 | 7 | ```bash 8 | # Shot the revisions and history of our deployment 9 | kubectl rollout status deployment/myapp-deployment 10 | kubectl rollout history deployment/myapp-deployment 11 | kubectl rollout undo deployment/myapp-deployment 12 | 13 | ``` 14 | ```bash 15 | #create 16 | kubectl create -f deployment-definition.yml 17 | 18 | # Get 19 | kubectl get deployments 20 | 21 | # Update 22 | kubectl apply -f deployment-definition.yml 23 | kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1 24 | 25 | # Status 26 | kubectl rollout status deployment/myapp-deployment 27 | 28 | # Rollback 29 | kubectl rollout history deployment/myapp-deployment 30 | 31 | kubectl rollout undo deployment/myapp-deployment 32 | ``` 33 | 34 | ```bash 35 | kubectl create -f deployment-definition.yml --record 36 | ``` 37 | 38 | 39 | ## Rollbacks in Deployments 40 | -------------------------------------------------------------------------------- /Replication-controller/Readme.md: -------------------------------------------------------------------------------- 1 | # Replication Controller 2 | 3 | ## Replication Controller | Replica Set 4 | 5 | The major difference between replication controller and replica set. 6 | is **selector** 7 | "Selector" is requeired in replica set. 8 | *ReplicaSet is the new recommended way for scaling* 9 | 10 | * Replication controller is possible just with a node, is possible to depele the previous pod and create a new one 11 | 12 | ```bash 13 | # Replication Controller 14 | kubectl create -f rc-definition.yaml 15 | kubectl get replicationcontroller 16 | kuebectl get pods 17 | ``` 18 | 19 | ```bash 20 | # Replica Set 21 | kubectl create -f rc-definition.yaml 22 | kubectl get replicationcontroller 23 | kuebectl get pods 24 | 25 | # Also delete all the pods into this replicaset 26 | kubectl delete replicaset myapp-replicaset 27 | kubectl replace -f replicaset-definitionyml 28 | kubectl scale -replicas=6 -f replicaset-definition.yml 29 | ``` 30 | 31 | ## 01 example 01 | rc-definition.yml 32 | 33 | ```bash 34 | # Replication Controller 35 | kubectl create -f rc-definition.yml 36 | kubectl get replicationcontroller 37 | kuebectl get pods 38 | ``` -------------------------------------------------------------------------------- /Networking-Policy/deployment-ingress-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ingress-controller 5 | namespace: ingress-space 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | name: nginx-ingress 11 | template: 12 | metadata: 13 | labels: 14 | name: nginx-ingress 15 | spec: 16 | serviceAccountName: ingress-serviceaccount 17 | containers: 18 | - name: nginx 19 | image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 20 | args: 21 | - /nginx-ingress-controller 22 | - --configmap=$(POD_NAMESPACE)/nginx-configuration 23 | - --default-backend-service=app-space/default-http-backend 24 | env: 25 | - name: POD_NAME 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.name 29 | - name: POD_NAMESPACE 30 | valueFrom: 31 | fieldRef: 32 | fieldPath: metadata.namespace 33 | ports: 34 | - name: http 35 | containerPort: 80 36 | - name: https 37 | containerPort: 443 -------------------------------------------------------------------------------- /Replicaset/Readme.md: -------------------------------------------------------------------------------- 1 | # ReplicaSet 2 | 3 | ## 01 example | 01-replicaset-definition.yml 4 | 5 | There are 03 sections more in the yml file: 6 | 7 | - templates 8 | - replicas 9 | - selector 10 | 11 | ```bash 12 | # Replica Set 13 | kubectl create -f 01-replicaset-definition.yml 14 | # or use a file in specific directory 15 | kubectl create -f /root/replicaset-definition.yaml 16 | kubectl get replicaset 17 | kuebectl get pods 18 | # Show the destails about a replicaset 19 | kubectl describe replicaset 20 | ``` 21 | 22 | ## 02 example | 02-replicaset-definition.yml 23 | 24 | Scaling the number of pods, updating the number of replicas from 03 to 06 pods 25 | 26 | ```yml 27 | # Before 28 | replicas: 3 29 | ``` 30 | 31 | ```yml 32 | # After 33 | replicas: 6 34 | ``` 35 | 36 | Then apply the changes: 37 | 38 | ```bash 39 | kubectl replace -f 02-replicaset-definition.yml 40 | ``` 41 | 42 | - Other ways to scaling 43 | 44 | ```bash 45 | kubectl scale --replicas=6 -f replicaset-definition.yml 46 | 47 | # TYPE: replicaset and NAME: myapp-replicaset 48 | kubectl scale --replicas=6 replicaset myapp-replicaset 49 | ``` 50 | 51 | ## 03 Example deliting replicaset 52 | 53 | ```bash 54 | kubectl delete replicaset myapp-replicaset 55 | # or use delete for more than one replicasets 56 | kubectl delete replicaset replicaset01 replicaset02 57 | ``` 58 | -------------------------------------------------------------------------------- /Service-Account/Readme.md: -------------------------------------------------------------------------------- 1 | # Service Account 2 | 3 | A service account in Kubernetes is a special type of account not linked to a person. It gives a unique identity to application pods, system components, and other entities within or outside the cluster. These entities use the service account's credentials to authenticate and access the Kubernetes API server or apply security policies based on identity. This ensures secure and controlled access to resources. 4 | 5 | ## Imperative Commands 6 | 7 | ```bash 8 | kubectl create serviceaccount dashboard-sa 9 | 10 | kubectl create sa ingress-serviceaccount -n ingress-space 11 | kubectl get serviceaccount 12 | 13 | kubectl describe serviceaccount dashboard-sa 14 | 15 | kubect describe secret dashboard-sa-token-kbbdm 16 | ``` 17 | 18 | ```bash 19 | kubectl exec -it my-kuberntes-dashboard ls /var/run/secrets/kubernetes.io/serviceaccount 20 | 21 | kubecctl exec -it my-kubernetes-dashboard cat /var/run/secrets/kuberentes.io/servicesaccount/token 22 | ``` 23 | 24 | ```yaml 25 | apiVersion: v1 26 | kind: Pod 27 | metadata: 28 | name: my-kubernetes-dashboard 29 | spec: 30 | containers: 31 | - name: my-kubernetes-dashboard 32 | image: my-kubernetes-dashboard 33 | serviceAccount: dashboard-sa 34 | ``` 35 | 36 | To create token 37 | 38 | ```bash 39 | kubectl create token dashboard-sa 40 | ``` 41 | -------------------------------------------------------------------------------- /Getting-started-Imperative-Commands/deployments.md: -------------------------------------------------------------------------------- 1 | 2 | ```bash 3 | 4 | # Generate Deployment YAML file. Don't create it. 5 | kubectl create deployment --image=nginx nginx --dry-run -o yaml 6 | 7 | # Save the Deployment YAML definition to a file. 8 | kubectl create deployment nginx --image=nginx --dry-run=client \ 9 | -o yaml > nginx-deployment.yaml 10 | 11 | 12 | 13 | # Generating Deployment with 03 Replicas 14 | kubectl create deployment nginx --image=nginx --replicas=3 15 | 16 | # Creating Deployment and scaling from 01 to 03 17 | kubectl create deployment alpine --image=httpd:2.4-alpine 18 | 19 | # Scale Deployment to 03 replicas 20 | kubectl scale deployment alpine --replicas=3 21 | 22 | 23 | 24 | # Deployment YAML definition 25 | 26 | 27 | 28 | # Create a Deployment from YAML file. 29 | kubectl create -f basic-deployment.yaml 30 | 31 | # Update the Pod in the Deployment 32 | kubectl set image deployment/nginx-deployment nginx=nginx:1.9.1 33 | 34 | 35 | 36 | # Verify if the Deployment has failed to progress 37 | kubectl rollout status deployment/nginx-deployment 38 | 39 | # Check the revisions of a Deployment: 40 | kubectl rollout history deployment/nginx-deployment 41 | 42 | # Checking details of each revision 43 | kubectl rollout history deployment/nginx-deployment --revision=1 44 | 45 | # Undo the current rollout and rollback to the previous revision 46 | kubectl rollout undo deployment/nginx-deployment 47 | 48 | ``` -------------------------------------------------------------------------------- /ConfigMaps/Readme.md: -------------------------------------------------------------------------------- 1 | # ConfigMap 2 | ConfigMaps are used to pass configuration data in the form of key value pairs in Kubernetes. 3 | 4 | ## Creating a ConfigMap 5 | 6 | **Imperative** 7 | 8 | ```bash 9 | # Create a config map with two variables, key, value format 10 | kubectl create configmap app-config --from-literal=APP_VERSION=1.0 --from-literal=APP_MODE=dev 11 | 12 | # Create a configmap from a file 13 | kubectl create configmap my-config-map --from-file= 14 | 15 | # Create a config map from a properties file 16 | kubectl create configmap app-config --from-file=app_config.properties 17 | 18 | # Create a configmap in a specific namespace 19 | kubectl create cm nginx-configuration -n ingress-space 20 | 21 | # List configmaps 22 | kubectl get configmaps 23 | ``` 24 | 25 | **Declarative** 26 | 27 | my-config-file.yaml 28 | ```yaml 29 | apiVersion: v1 30 | kind: ConfigMap 31 | metadata: 32 | name: app-config 33 | data: 34 | APP_VERSION: 1.0 35 | APP_MODE: dev 36 | ``` 37 | Creating config map from a yaml file 38 | ```bash 39 | kubectl create -f my-confg-fle.yaml 40 | kubectl get configmaps 41 | ``` 42 | 43 | ## ConfigMap in a Pod (Injection) 44 | 45 | pod-definition.yaml 46 | ```yaml 47 | apiVersion: v1 48 | kind: Pod 49 | metadata: 50 | name: simple-webapp-color 51 | labels: 52 | name: simple-webapp-color 53 | spec: 54 | containers: 55 | - name: simple-webapp-color 56 | image: simple-webapp-color 57 | ports: 58 | - containerPort: 808 59 | envFrom: 60 | - configMapRef: 61 | name: app-config 62 | ``` 63 | 64 | 65 | -------------------------------------------------------------------------------- /Node-Selector-and-Node-Affinity/Readme.md: -------------------------------------------------------------------------------- 1 | ## **Node Selector** 2 | 3 | ```yaml 4 | apiVersion: v1 5 | kind: Pod 6 | metadata: 7 | name: nginx 8 | labels: 9 | env: test 10 | spec: 11 | containers: 12 | - name: nginx 13 | image: nginx 14 | imagePullPolicy: IfNotPresent 15 | nodeSelector: # Deploy pod in nodes with ssd disk type 16 | disktype: ssd 17 | ``` 18 | 19 | ## **Node Affinity** 20 | 21 | ```yaml 22 | apiVersion: v1 23 | kind: Pod 24 | metadata: 25 | name: nginx 26 | spec: 27 | affinity: 28 | nodeAffinity: 29 | requiredDuringSchedulingIgnoredDuringExecution: 30 | nodeSelectorTerms: 31 | - matchExpressions: 32 | - key: disktype # Size # Size 33 | operator: In # NotIn # Exists 34 | values: 35 | - ssd # Small 36 | - hd # Medium 37 | containers: 38 | - name: nginx 39 | image: nginx 40 | imagePullPolicy: IfNotPresent 41 | ``` 42 | 43 | ## Node Affinity Types 44 | 45 | Available: 46 | 47 | ```bash 48 | requiredDuringSchedulingIgnoredDuringExecution 49 | preferredDuringSchedulingIgnoreDuringExecution 50 | ``` 51 | 52 | Planned: 53 | 54 | ```bash 55 | requieredDuringSchedulingRequireDuringExecution 56 | ``` 57 | 58 | | Type | DuringScheduling | DuringExecutiion | 59 | | ------ | ---------------- | ---------------- | 60 | | Type 1 | Required | Ignored | 61 | | Type 2 | Preferred | Ignored | 62 | | Type 3 | Required | Requiered | 63 | 64 | ## Aplying Labels in nodes 65 | 66 | ```bash 67 | kubectl label nodes node01 color=blue 68 | 69 | k describe nodes 70 | ``` 71 | 72 | ```bash 73 | k describe pods blue-8b4fdbcb5- | grep -i node 74 | ``` 75 | -------------------------------------------------------------------------------- /Getting-started-Imperative-Commands/namespaces.md: -------------------------------------------------------------------------------- 1 | # **Namespaces** 2 | 3 | ## **Basic Commands** 4 | 5 | ```bash 6 | # List all namespaces 7 | kubectl get namespaces 8 | kubectl get ns 9 | ``` 10 | 11 | ```bash 12 | # Create namespaces with a definition file 13 | kubectl create -f namespace-dev.yaml 14 | ``` 15 | 16 | ```yaml 17 | kind: Namespace 18 | apiVersion: v1 19 | metadata: 20 | name: test 21 | labels: 22 | name: test 23 | ``` 24 | 25 | ```bash 26 | # Create a namespace imperative commands 27 | 28 | kubectl create namespace mynamespace | kubectl get pods 29 | 30 | # Count how many namespaces exists 31 | 32 | kubectl get ns --no-headers | wc -l 33 | 34 | # Check the current namespace 35 | 36 | kubectl config view | grep namespace 37 | 38 | # Listing all pod in all the namespaces 39 | 40 | kubectl get pods --all-namespaces 41 | 42 | # Listing all pod in a specific namespace 43 | 44 | kubectl get pods --namespace=dev 45 | kubectl get pods -n dev 46 | ``` 47 | 48 | ```bash 49 | # Create the pod in the default namespace 50 | kubectl create -f pod-definition.yaml 51 | 52 | # Create the pod in a specific namespace 53 | kubectl create -f pod-definition.yaml --namespace=dev 54 | 55 | ``` 56 | 57 | ```bash 58 | # Add the namespace into the pod yaml definition: 59 | ``` 60 | 61 | ```yaml 62 | metadata: 63 | name: myapp-pod 64 | namespace: dev 65 | ``` 66 | 67 | ```bash 68 | # Create a namespace namespace-dev.yaml 69 | ``` 70 | 71 | ```yaml 72 | apiVersion: apps/v1 73 | kind: Namespace 74 | metadata: 75 | name: dev 76 | ``` 77 | 78 | ```bash 79 | # Set contex to the a namespace dev 80 | kubectl config set-context $(kubectl config current-context) --namespace=dev 81 | 82 | # Set contex to the a namespace default 83 | kubectl config set-context $(kubectl config current-context) --namespace=default 84 | ``` 85 | -------------------------------------------------------------------------------- /Taints-and-Tolerations/Readme.md: -------------------------------------------------------------------------------- 1 | # Taints and Torelations 2 | 3 | - **Taints** are set on nodes 4 | - **Toleration** are set in pods 5 | 6 | ```bash 7 | kubectl taint nodes node-name keyt=value:taint-effect 8 | kubectl taint nodes node1 app=my_app: NoSchedule 9 | ``` 10 | 11 | ### Telerations - Pods 12 | 13 | ```yaml 14 | apiVersion: 15 | kind: Pos 16 | metadata: 17 | name: myapp-pod 18 | spec: 19 | containers: 20 | - name: nginx-container 21 | 22 | tolerations: 23 | - key: "app" 24 | aperator: "Equal" 25 | value: "blue" 26 | effect: "NoSchedule" 27 | ``` 28 | 29 | ## Creating a taint in a node 30 | 31 | ```bash 32 | # Apply a taint to node01 that prevents new pods from being scheduled on it unless they tolerate the spray=mortein taint. 33 | kubectl taint node node01 spray=mortein:NoSchedule 34 | # Looking for taints 35 | kubectl describe node node01 | grep -i taint 36 | # Generates a YAML for a pod named "bee" that uses the "nginx" image, but it doesn't actually create the pod. 37 | kubectl run bee --image=nginx --restart=Never --dry-run=client -o yaml > bee.yaml 38 | 39 | kubectl explain pod --recursive | less 40 | kubectl explain pod --recursive | grep -A5 tolerations 41 | 42 | ``` 43 | 44 | ```bash 45 | # List all pods in a specifi Node 46 | kubectl get pods --field-selector spec.nodeName= -o wide 47 | ``` 48 | 49 | ## Remove a Tain from a node 50 | 51 | ```bash 52 | # List Tainst in another node 53 | kubectl describe node controlplane | grep -i taint 54 | # Taints: node-role.kubernetes.io/control-plane:NoSchedule 55 | 56 | # Remove the Taint from a node 57 | kubectl taint nodes controlplane node-role.kubernetes.io/control-plane:NoSchedule- 58 | ``` 59 | 60 | ## now which Node is a specific Pod 61 | 62 | ```bash 63 | kubectl get pod -o jsonpath='{.spec.nodeName}' 64 | ``` 65 | -------------------------------------------------------------------------------- /OtherTopics/Security.md: -------------------------------------------------------------------------------- 1 | # Security at kube-apiserver 2 | 3 | Who can access? 4 | 5 | - fils user admins and passwords 6 | - Files user names and tokens 7 | - Crtificates 8 | - LDAP 9 | - Service accounts 10 | 11 | What they can do? 12 | 13 | - RBAC authorization 14 | - ABAC 15 | - Node authorization 16 | - Webhook mode 17 | 18 | Kube ApiServer is secure with TLS Certificates 19 | 20 | - ETD Cluster 21 | - kubelet 22 | - kube proxy 23 | - kube control manager 24 | - kube scheeduler 25 | 26 | By default all pods can access all pods into the cluster. It is posible to restrict access using Network Polices. 27 | 28 | ## Authentication 29 | 30 | - Admins and Developers -> It is NOT possible manage it with Kubernetes 31 | - Boots -> Service Account It is possible to create to manage these users 32 | 33 | ## Admins and Developers 34 | 35 | All user accss is manage with kube-apiserver. 36 | The kube-api server autenticates before the request before processing. 37 | 38 | ## Kubeconfig 39 | 40 | - Clusters 41 | - Contexts: match user and clusters 42 | - Users 43 | 44 | ```bash 45 | kubectl config use-context prod-user@production 46 | ``` 47 | 48 | cat ca.crt| base64 49 | 50 | ## API Groups 51 | 52 | curl http://localhost:6443 -k 53 | curl http://localhost:6443/apis -k | grep "name" 54 | 55 | kube proxy =! kubectl proxy 56 | 57 | ## RBAC 58 | 59 | ```bash 60 | #existig rolebinding 61 | kubectl describe rolebinding devuser-developer-binding 62 | ``` 63 | 64 | ```bash 65 | kubeck auth can -i create deployment 66 | kubecl auth can -i delete nodes 67 | 68 | kubecl auth can-i create deployments --ass dev-user 69 | 70 | kubec auth can-i crate pods --as dev-user 71 | kubectl auth can-i crate pods --as dev-user --namespace test 72 | 73 | ``` 74 | 75 | ## Cluster Roles 76 | 77 | ## Admision Controlers 78 | 79 | ```bash 80 | kube-apiserver -h | grep enable-admission-plugins 81 | ``` 82 | -------------------------------------------------------------------------------- /commands-logging-debugging.md: -------------------------------------------------------------------------------- 1 | # Logging and Debugging 2 | 3 | ```bash 4 | 5 | # Run a busybox container that prints the date every 3 seconds 6 | k run --image=busybox bbox -- sh -c 'while true; do date; sleep 3; done ' 7 | 8 | # View logs of the busybox container 9 | kubectl logs busybox 10 | 11 | # Follow the logs of the busybox container 12 | kubectl logs busybox -f 13 | 14 | # View logs from 'webapp-1' container and filter for 'USER5' 15 | kubectl logs webapp-1 | grep USER5 16 | 17 | # to select the containers 18 | kubectl logs webapp-2 -c 19 | kubectl logs webapp-2 -c simple-webapp 20 | kubectl logs alta3pod | sudo tee ~/opt/answers/mypod.log 21 | 22 | # See the error of a pod 23 | kubectl get events | grep -i error 24 | 25 | # Get logs from 'log-x' container in 'dev-pod', filter for warnings, and save them to /opt/logs.txt 26 | kubectl dev-pod -c log-x | grep WARN > /opt/logs.txt 27 | 28 | # To keep watching the logs 29 | kubectl logs bbox --follow 30 | 31 | # Use describe 32 | kubectl describe bbox 33 | 34 | kubectl describe mydeploy 35 | 36 | # See events for all resources in the cluster 37 | kubectl get events 38 | 39 | # Filter events for 'Schedule' keyword 40 | kubectl get events | grep Schedule 41 | 42 | # View logs of a pod created using kubectl run (e.g., 'bbox') 43 | kubectl run --image=busybox bbox -- sh -c 'echo here; sleep 3600' 44 | 45 | # Access the shell of a running pod ('bbox') interactively 46 | kubectl exec -it bbox -- sh 47 | ls 48 | exit 49 | 50 | # List all deployments across all namespaces 51 | k get get deploy --all-namespaces 52 | 53 | # List pods and services in the 'elastic-stack' namespace 54 | kubectl -n elastic-stack get pod, svc 55 | 56 | # Check more options for describing pods (e.g., volume mounts) 57 | kubectl explain pods --recursive | less 58 | /volumeMounts 59 | 60 | # Monitor resource usage for nodes 61 | kubectl top node 62 | 63 | # Monitor resource usage for pods 64 | kubectl top pod 65 | ``` 66 | -------------------------------------------------------------------------------- /Kubernetes-Security-Context/Readme.md: -------------------------------------------------------------------------------- 1 | # Kuberentes Security 2 | 3 | The securityContext field in a Kubernetes Pod configuration is used to define privilege and access control settings for a Pod or Container. 4 | 5 | ## Pod Level 6 | 7 | ```yaml 8 | apiVerson: v1 9 | kind: Pod 10 | metadata: 11 | name: web-pod 12 | spec: 13 | securityContext: 14 | runAsUser: 1000 15 | containers: 16 | - name: ubuntu 17 | image: ubuntu 18 | command: ["sleep", "3600"] 19 | ``` 20 | 21 | ## Container Level 22 | 23 | ```yaml 24 | apiVerson: v1 25 | kind: Pod 26 | metadata: 27 | name: web-pod 28 | spec: 29 | containers: 30 | - name: ubuntu 31 | image: ubuntu 32 | command: ["sleep", "3600"] 33 | securityContext: 34 | runAsUser: 1000 35 | ``` 36 | 37 | - Here: The User ID defined in the securityContext of the container overrrides the User ID in ther POD 38 | the user which the pod is created is the 1002 39 | 40 | ```yaml 41 | controlplane $ cat multi-pod.yaml 42 | apiVersion: v1 43 | kind: Pod 44 | metadata: 45 | name: multi-pod 46 | spec: 47 | securityContext: 48 | runAsUser: 1001 49 | containers: 50 | - image: ubuntu 51 | name: web 52 | command: ["sleep", "5000"] 53 | securityContext: 54 | runAsUser: 1002 55 | 56 | - image: ubuntu 57 | name: sidecar 58 | command: ["sleep", "5000"] 59 | ``` 60 | 61 | ## Example with Security Context as SYS_TIME capability 62 | 63 | ```yaml 64 | apiVersion: v1 65 | kind: Pod 66 | spec: 67 | securityContext: 68 | runAsUser: 0 69 | containers: 70 | - command: 71 | - sleep 72 | - "4800" 73 | image: ubuntu 74 | imagePullPolicy: Always 75 | name: ubuntu 76 | resources: {} 77 | securityContext: 78 | capabilities: 79 | add: ["SYS_TIME"] 80 | ``` 81 | 82 | - Note: 83 | Capabilities are only supported at the container level and not at the POD level 84 | -------------------------------------------------------------------------------- /Getting-started-Imperative-Commands/services.md: -------------------------------------------------------------------------------- 1 | # Services 2 | A Kubernetes Service is a way to create a single, constant point of entry for a group of Pods through a network service. 3 | 4 | 5 | # Kind of Services 6 | 1. NodePort: Exposes a service via a static port on each node's IP. 7 | **TargetPort**, is the port on which your container is running. 8 | **Port**, port redirects the traffic to the container from the service. 9 | **NodePort**,: is the port that enables the service to access the externally. 10 | 11 | 2. ClusterIp : Exposes a service which is only accessible from within the cluster. 12 | 13 | 3. LoadBalancer: Exposes the service via the cloud provider's load balancer. 14 | 4. ExternalName: Is a special case of Service that does not have selectors and uses DNS names instead 15 | 16 | Example: service-example.yaml 17 | 18 | ```yaml 19 | 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: my-service 24 | spec: 25 | selector: 26 | app: MyApp 27 | ports: 28 | - protocol: TCP 29 | port: 80 30 | targetPort: 9376 31 | 32 | ``` 33 | 34 | # Basic Commands 35 | 36 | ```bash 37 | 38 | 39 | kubectl get services 40 | kubectl get svc 41 | kubectl describe service my-service 42 | 43 | 44 | 45 | kubectl expose pod redis --port=6379 --name redis-service 46 | kubectl expose pod httpd --port=80 47 | kubectl create service clusterip redis --tcp=6379:6379 48 | kubectl create service nodeport nginx --tcp=80:80 --node-port=30087 49 | 50 | ``` 51 | 52 | 53 | ```bash 54 | 55 | 56 | 57 | # Create a new NodePort service named my-ns 58 | kubectl create service nodeport my-ns --tcp=5678:8080 59 | #Create a new ClusterIP service named my-cs 60 | kubectl create service clusterip my-cs --tcp=5678:8080 61 | # Create a new LoadBalancer service named my-lbs 62 | kubectl create service loadbalancer my-lbs --tcp=5678:8080 63 | # Create a new ExternalName service named my-ns 64 | kubectl create service externalname my-ns --external-name bar.com 65 | 66 | 67 | 68 | 69 | ``` 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /Labels-Selectors-Annotations/Readme.md: -------------------------------------------------------------------------------- 1 | ## Labels 2 | Labels will help you put a TAG to a Kubernetes resource to help you manage and identify the resource better 3 | 4 | ```bash 5 | # Create a pod with label 6 | kubectl run nginx1 --image=nginx --restart=never --labels=app=v1 7 | 8 | # Show all the labels of the pods 9 | kubectl get pods --show-labels 10 | 11 | # Get pods of a specific label 12 | kubectl get pods --selector app=App1 13 | 14 | # Change the label of a specific pod 15 | kubectl label nginx3 app=v2 --overwrite 16 | 17 | # Get the label 'app' for the pods (show a column with APP label) 18 | kubectl get pod -L app 19 | kubectl get pod --lagel-columns=app 20 | 21 | # Get pod for a specific label 22 | kubectl get pod -l app=v2 23 | kubectl get pod --selector=app=v2 24 | 25 | # Delete a specific label 26 | kubectl label pod nginx3 app- 27 | 28 | # Add a label a node 29 | kubectl label nodes minikube accelerator=nvidia-tesla-p100 30 | 31 | # Create a pod that will be deployed 32 | ``` 33 | 34 | ```bash 35 | kubectl get pods -l env=dev 36 | kubectl get pods -l env=dev --no-headers | we -l 37 | ``` 38 | ```bash 39 | k get pods --selector bu=finance --no-headers | wc -l 40 | get pods -l bu=finance --no-headers | wc -l 41 | ``` 42 | ```bash 43 | kubectl get -l env=prod --nno-headers 44 | kubectl get all -l env=prod --nno-headers 45 | 46 | kubectl get all -l env=prod --no-headers | wc -l 47 | ``` 48 | ```bash 49 | kubectl get pods -l env=prod, bu=finance, tier=frontend 50 | kubectl get all --selector env=prod,bu=finance,tier=frontend 51 | ``` 52 | 53 | ## Selectors 54 | Use Selectors to perform certain activities on resources with a particular label. 55 | 56 | 57 | ## Annotations 58 | Are ose to record other details for informatory purpose. 59 | ```yaml 60 | apiVersion: v1 61 | kind: Pod 62 | metadata: 63 | name: annotations-demo 64 | annotations: 65 | imageregistry: "https://hub.docker.com/" 66 | spec: 67 | containers: 68 | - name: nginx 69 | image: nginx:1.14.2 70 | ports: 71 | - containerPort: 80 72 | 73 | ``` 74 | ```bash 75 | k annotate po nginx1, nginx2, nginx3 description="My Pod Description" 76 | # or 77 | k annotate po nginx{1..3} description="My Pod Description" 78 | 79 | # Check the annotation 80 | k describe po nginx1 | grep -i "description" 81 | 82 | # Delete annotation 83 | k annotate po nginx{1..3} description- 84 | ``` -------------------------------------------------------------------------------- /Helm/Readme.md: -------------------------------------------------------------------------------- 1 | ```bash 2 | 3 | helm install wordpress 4 | helm upgrade wordpress 5 | helm rollback wordpress 6 | helm uninstall wordpress 7 | # Helm search. Community Drive repository 8 | helm search hub wordpress 9 | ``` 10 | 11 | ```bash 12 | hello-world-chart 13 | 14 | templates 15 | values 16 | Charts 17 | LICENCE 18 | README.md 19 | charts 20 | ``` 21 | 22 | # helm repo add 23 | 24 | helm repo --help 25 | helm repo add bitnami https://charts.bitnami.com/bitnami 26 | 27 | # he 28 | 29 | helm search repo wordpress 30 | helm search hub wordpress 31 | 32 | # Add a Chart repository 33 | 34 | helm repo add 35 | 36 | # Generate an index file given a directory containing packed charts 37 | 38 | helm repo index 39 | 40 | # List Chart Repositories 41 | 42 | helm repo list 43 | 44 | # Remove one or more repositories 45 | 46 | helm repo remove 47 | 48 | # Update information of available chart locally from Charts repositories 49 | 50 | ```bash 51 | helm repo update 52 | 53 | ``` 54 | 55 | ## Helm Commands 56 | 57 | ```bash 58 | # List all existing releases 59 | helm list 60 | helm list -A 61 | 62 | # Remove all kubernetes objects 63 | helm uninstall my-release 64 | 65 | helm pull --untar bitnami/wordpress 66 | ls wordpress 67 | helm install release-4 ./wordpress 68 | 69 | 70 | helm pull bitnami/wordpress 71 | 72 | helm pull --untar bitnami/wordpress 73 | 74 | ls wordpresss 75 | 76 | helm install my-release ./wordpress 77 | 78 | helm search repo bitnami | grep apache 79 | 80 | helm history nginx-release 81 | 82 | helm rollback nginx-release 1 83 | ``` 84 | 85 | helm lint 86 | helm template 87 | helm --dry-run 88 | 89 | ## Managing Kubernetes with Helm 90 | 91 | Creating a basic Helm chart 92 | 93 | ```bash 94 | helm create mychart 95 | # Check 96 | ls -R 97 | ``` 98 | 99 | Download a Helm chart from a repository 100 | 101 | ```bash 102 | helm pull [chart URL | repo/chartname] [...] [flags] ## this would download a helm, not install 103 | helm pull --untar [rep/chartname] # untar the chart after downloading it 104 | ``` 105 | 106 | - To list all of the releases in the test-apps-apd 107 | 108 | ```bash 109 | helm ls -n test-apps-apd 110 | ``` 111 | 112 | - Uninstall a application running in namespace 113 | 114 | ```bash 115 | helm uninstall -n testing-apd image-scanner 116 | ``` 117 | -------------------------------------------------------------------------------- /Jobs/Readme.md: -------------------------------------------------------------------------------- 1 | ## **Jobs** 2 | 3 | - backoffLimit: This attribute specifies the maximum number of retries a Job will attempt before it’s marked as failed. 4 | - activeDeadlineSeconds: This attribute specifies the maximum duration (in seconds) for the Job to complete. If the Job doesn’t finish within this time, it will be terminated and marked as failed. 5 | 6 | ```bash 7 | # Job definition 8 | kubectl create -f jobs-definition.yaml 9 | 10 | # Imperative commands 11 | kubectl create job pi --image=perl -- perl -Mbignum=bpi -wle 'print bpi(2000)' 12 | 13 | # Wait until it is done, get the output 14 | kubectl get jobs -w 15 | # get the name pod 16 | kubectl get po 17 | # Check the logs 18 | kubectl logs pi-rqjqr 19 | # Delete job pi 20 | kubectl delete job pi 21 | ``` 22 | 23 | **Completions** 24 | 25 | ```bash 26 | # Create a job, make it run 5 times, one after the other. Verify the status and delete it 27 | kubectl create job busybox --image=busybox --dry-run=client -o yaml -- /bin/sh -c 'echo hello;sleep 30;echo world' > job.yaml 28 | 29 | # Add the line: completions: 5 , after spec 30 | vim job.yaml 31 | 32 | # Create the job 33 | kubectl create -f job.yaml 34 | 35 | # Check if this is creating the pods 36 | kubectl get job busybox -w # will take two and a half minutes 37 | 38 | # Delete the job 39 | kubectl delete jobs busybox 40 | ``` 41 | 42 | **Completions** 43 | 44 | ```bash 45 | kubectl create job busybox --image=busybox --dry-run=client -o yaml -- /bin/sh -c 'echo hello;sleep 30;echo world' > job.yaml 46 | 47 | # Add this line after spec: parallelism: 5 # add this line 48 | vi job.yaml 49 | 50 | # Create the jobs 51 | kubectl create -f job.yaml 52 | 53 | # Check the jobs 54 | kubectl get jobs 55 | 56 | # Delete job 57 | kubectl delete job busybox 58 | ``` 59 | 60 | ```bash 61 | kubectl get jobs 62 | kubectl get pods 63 | kubectl logs mth-aa-job 64 | kubectl logs 65 | kubectl delete job mth-aa-job 66 | ``` 67 | 68 | ## CronsJobs 69 | 70 | ```bash 71 | # Create a cron job with image busybox that runs on a schedule of "*/1 * * * *" and writes 'date; echo Hello from the Kubernetes cluster' to standard output 72 | kubectl create cronjob busybox --image=busybox --schedule="*/1 * * * *" -- /bin/sh -c 'date; echo Hello from the Kubernetes cluster' 73 | 74 | kubectl create cronjob busybox --image=busybox --schedule="*/1 * * * *" --dry-run=client -oyaml -- /bin/sh -c 'date; echo Hello from the Kubernetes cluster' > file.yaml 75 | 76 | # See logs and deleted 77 | kubectl get cj 78 | kubectl get jobs --watch 79 | ``` 80 | 81 | ## Sources 82 | 83 | - The quick and simple editor for cron schedule expressions by Cronitor https://crontab.guru/examples.html 84 | - https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#example 85 | -------------------------------------------------------------------------------- /Secrets/Readme.md: -------------------------------------------------------------------------------- 1 | # Secrets 2 | 3 | Secrets to store sensitive information. They are similar to config-maps except that encode the date or hashed format. 4 | 5 | There are two steps to implement Secrets: 6 | 7 | 1. Create a Secret 8 | 2. Injected into the pod 9 | 10 | ## Create a Secret 11 | 12 | ```console 13 | DB_Host: mariadb 14 | DB_User: root 15 | DB_Password: pass 16 | ``` 17 | 18 | ```bash 19 | # Imperative 20 | kubectl create secret generic --from-literal== 21 | 22 | kubectl create secret generic my-secret --from-literal=DB_Host=mysql 23 | --from-literal=DB_User=root 24 | --from-literal=DB_Password=pass 25 | 26 | kubectl create secret generic --from-file= 27 | 28 | kubectl create secret generic app-secret --from-file-app_secret.properties 29 | 30 | 31 | k create secret generic db-secret --from-literal=DB_Host=sql01 --from-literal=DB_User=root --from-literal=DB_Password=password123 32 | secret/db-secret created 33 | ``` 34 | 35 | ```bash 36 | # Declarative 37 | kubectl create -f my-secret.yaml 38 | ``` 39 | 40 | This is the structure of a Secret yaml but the data have to be encode (next yaml) 41 | 42 | ```yaml 43 | apiVersion: c1 44 | kind: Secret 45 | metadata: 46 | name: app-secret 47 | data: 48 | DB_Host: mariadb 49 | DB_User: root 50 | DB_Password: pass 51 | ``` 52 | 53 | ```yaml 54 | apiVersion: c1 55 | kind: Secret 56 | metadata: 57 | name: app-secret 58 | data: 59 | DB_Host: bXlzcWw= 60 | DB_User: cm9vdA== 61 | DB_Password: cGFzcw== 62 | ``` 63 | 64 | **Creatign secrets | Encode** 65 | 66 | ```bash 67 | echo -n 'mysql' | base64 68 | bXlzcWw= 69 | ``` 70 | 71 | ```bash 72 | echo -n 'root' | base64 73 | cm9vdA== 74 | ``` 75 | 76 | ```bash 77 | echo -n 'pass' | base64 78 | cGFzcw== 79 | ``` 80 | 81 | Checking secrets 82 | 83 | ```bash 84 | kubectl get secrets 85 | kubectl describe secrets 86 | kubectl get secret my-secret -o yaml 87 | ``` 88 | 89 | **Decoding secrets** 90 | 91 | ```bash 92 | * echo -n 'bXlzcWw=' | base64 --decode 93 | mysql 94 | * echo -n 'cm9vdA==' | base64 --decode 95 | root 96 | * echo -n 'cGFzcw+=' | base64 --decode 97 | pass 98 | ``` 99 | 100 | ## Inject into the Pod 101 | 102 | **Secret** 103 | 104 | ```yaml 105 | apiVersion: c1 106 | kind: Secret 107 | metadata: 108 | name: app-secret 109 | data: 110 | DB_Host: bXlzcWw= 111 | DB_User: cm9vdA== 112 | DB_Password: cGFzcw== 113 | ``` 114 | 115 | **Secret in Pod** 116 | 117 | ```yaml 118 | apiVersion: v1 119 | kind: Pod 120 | metadata: 121 | name: app-web 122 | labels: 123 | name: app-web 124 | spec: 125 | containers: 126 | - name: app-web 127 | image: app-web 128 | port: 129 | - containerPort: 8080 130 | envFrom: 131 | - secretRef: 132 | name: app-secret 133 | ``` 134 | 135 | ### TODO 136 | 137 | - Secrets kubernetes 138 | 139 | * Helm Secrets 140 | * HashiCorp Vault 141 | -------------------------------------------------------------------------------- /Services/Readme.md: -------------------------------------------------------------------------------- 1 | # Service 2 | The Service is like a server inside the node. It can expose a port for users or for other applications. 3 | 4 | 5 | # Kind of Services 6 | * NodePort 7 | * ClusterIp 8 | * LoadBalancer 9 | * ExternalName 10 | 11 | 12 | 13 | # 1. Service - NodePort 14 | **TargetPort**, the node of the pod 15 | **Port**, the port of the node 16 | **NodePort** => It could be any value between 3000 and 32767, this is the port on the node on which the application will be accesible 17 | 18 | **Definition** 19 | ```yml 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: myapp-service 24 | spec: 25 | type: NodePort 26 | ports: 27 | - targetPort: 80 28 | port: 80 29 | nodePort: 30008 30 | selector: 31 | app: myapp 32 | type: front-end 33 | ``` 34 | 35 | Notes: 36 | * To link the node port with the pod port we need labels and selectors. We can use the labels of the pod and put it in the selector section on the Service yml 37 | 38 | **What happen if the node has several pods?** 39 | Kubernetes use the random algorithm to balance the load across the three different pods. 40 | 41 | ### Basic Commands 42 | ```bash 43 | # Create the Service 44 | kubectl create -f 00-service-definition.yml 45 | 46 | # Create a service with expose 47 | kubectl expose deployment simple-webapp-deployment --name=webapp-service --target-port=8080 --type=NodePort --port=8080 --dry-run=client -o yaml > svc.yaml 48 | 49 | # Apply changes 50 | kubectl apply -f 00-service-definition.yml 51 | 52 | # List Services 53 | kubectl get services 54 | kubectl get svc 55 | 56 | # List all the services in the particular namespace 57 | kubectl get svc -n dev 58 | 59 | # Listing Services in a specific namespaces 60 | kubectl -n dev get svc 61 | kubectl -n dev get services 62 | 63 | # Another way to list more than one element 64 | kubectl get pods, svc 65 | kubectl describe service kubernetes 66 | ``` 67 | Note: 68 | After create the Service we can access to the pod with the IP od the Node and the nodPort number: 69 | ```bash 70 | curl http://192.1683.1.2:30008 71 | ``` 72 | 73 | # 2. Service - ClusterIp 74 | **Definition** 75 | ```yml 76 | apiVersion: v1 77 | kind: Service 78 | metadata: 79 | name: backend 80 | spec: 81 | type: ClusterIp 82 | ports: 83 | - targetPort: 80 84 | Port: 80 85 | selector: 86 | app: myapp 87 | type: back-end 88 | ``` 89 | Note: ClusterIp is the default type, if we don't specify this will take the kind of ClusterIp automatically 90 | 91 | 92 | # 3. Service - LoadBalancer 93 | Set the Service type in LoadBalancer, it works on GCP, Azure, AWS 94 | 95 | **Definition** 96 | ```yml 97 | apiVersion: v1 98 | kind: Service 99 | metadata: 100 | name: backend 101 | spec: 102 | type: LoadBalancer 103 | ports: 104 | - targetPort: 80 105 | Port: 80 106 | selector: 107 | app: myapp 108 | type: back-end 109 | ``` 110 | 111 | 112 | # Examples 113 | ```bash 114 | kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml 115 | 116 | kubectl expose pod httpd --port=80 --name httpd --dry-run=client -o yaml > yy.yaml 117 | 118 | kubectl create service clusterip redis --tcp=6379:6379 --dry-run=client -o yaml 119 | 120 | kubectl create service nodeport nginx --tcp=80:80 --node-port=30087 --dry-run=client -o yaml 121 | ``` 122 | 123 | -------------------------------------------------------------------------------- /Deployment/Readme.md: -------------------------------------------------------------------------------- 1 | # Deployments 2 | 3 | ```bash 4 | # Generate Deployment Yaml file (-o yaml). Don't create it. 5 | kubectl create deployment --image=nginx nginx --dry-run -o yaml 6 | 7 | # dry-run 8 | kubectl create deployment webapp --image=kodekloud/webapp-color --replicas=3 --dry-run=client -o yaml 9 | 10 | kubectl create deployment webapp --image=kodekloud/webapp-color --replicas=3 --dry-run=client -o yaml > my-pod-04.yaml 11 | 12 | kubectl apply -f my-pod-04.yaml 13 | 14 | # Another way to save the YAML definition to a file. 15 | kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml 16 | 17 | # Generating deployment with 03 Replicas 18 | kubectl create deployment nginx --image=nginx --replicas=3 19 | kubectl create deployment httpd-frontend --image=httpd:2.4-alpine --replicas=1 20 | 21 | # Creating deployment and scaling from 01 to 03 22 | kubectl create deployment alpine --image=httpd:2.4-alpine 23 | kubectl scale deployment alpine --replicas=3 24 | kubectl scale deployment redis-deploy --replicas=2 -n dev-ns 25 | ``` 26 | 27 | ## 01 example | deployment-definition.yml 28 | 29 | ```bash 30 | # Create a deployment from YAML file. 31 | kubectl create -f deployment-definition.yml 32 | # List all deployments 33 | kubect get deployments 34 | 35 | # List deployments in a specific namespace 36 | kubectl get deployments --namespace=develop 37 | 38 | 39 | kubectl get replicaset 40 | kubectl get pods 41 | ``` 42 | 43 | ```bash 44 | # Create a deployment with commands 45 | kubectl create deployment http-frontend --image=httpd:2.4-alpine 46 | ``` 47 | 48 | ## kubectl apply 49 | 50 | ```bash 51 | # Apply and set image command in deployments 52 | kubectl apply -f deployment-definition.yml 53 | 54 | # Update the Pod in the Deployment 55 | kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1 56 | ``` 57 | 58 | ## Rollback 59 | 60 | ```bash 61 | kubectl rollout status deployment/myapp-deployment 62 | 63 | kubectl rollout history deployment/myapp-deployment 64 | 65 | # The deployment will destroy the pods and create the other ones 66 | kubectl rollout undo deployment/myapp-deployment 67 | 68 | # Record in the revision history 69 | kubectl edit deployment myapp-deployment --record 70 | ``` 71 | 72 | ## More Commands 73 | 74 | ```bash 75 | # Create a deployment with image nginx, 2 replicas and 80 port 76 | kubectl create deploy nginx --image=nginx:1.18.0 --replicas=2 --port=80 77 | 78 | # Describe the deploy or check replicaset 79 | kubectl get rs -l run=nginx # if the deployment was created by 'run' 80 | kubectl get rs -l app=nginx # if the deployment was created by 'create' 81 | 82 | # Update the nginx image to nginx:1.19.8 83 | kubectl set image deploy nginx nginx=nginx:1.19.8 84 | 85 | # Undo the latest rollout and verify that new pods have the old image 86 | kubectl rollout undo deploy nginx 87 | 88 | # Check a specific revision 89 | kubectl rollout deploy nginx --revision=4 90 | 91 | # Scale replicas 92 | kubectl scale deploy --replicas=5 93 | 94 | # Autoscale 95 | kubectl autoscale deploy nginx --min=5 --max=10 --cpu-percent=80 96 | # view the horizontalpodautoscalers.autoscaling for nginx 97 | kubectl get hpa nginx 98 | # Delete hpa 99 | k delete hpa nginx 100 | ``` 101 | 102 | # Describe a deployment -A and -B to get lines before and after grep command 103 | 104 | ```bash 105 | k describe deployments.apps -A | grep -A 20 webapp-color:v1 106 | k describe deployments.apps -A | grep -B 20 webapp-color:v1 107 | ``` 108 | -------------------------------------------------------------------------------- /Networking-Policy/Readme.md: -------------------------------------------------------------------------------- 1 | # Networking Policy 2 | 3 | ## Ingress Sources Rules 4 | We have rules on the top for each host or domain name, and within each rule we have a different path to raute traffic based on URL. 5 | 6 | How to configure Ingress resources: 7 | 8 | ### Split traffic by domain name ONE rules 9 | 10 | ```yaml 11 | apiVersion: extensions/v1beta1 12 | kind: Ingress 13 | metadata: 14 | name: ingress-wear-watch 15 | spec: 16 | rules: 17 | - http: 18 | paths: 19 | - path: /wear 20 | backend: 21 | serviceName: wear-service 22 | servicePort: 80 23 | - path: /watch 24 | backend: 25 | serviceName: wear-service 26 | servicePort: 80 27 | ``` 28 | 29 | ### Split traffic by domain name TWO rules 30 | 31 | ```yaml 32 | apiVersion: extensions/v1beta1 33 | kind: Ingress 34 | metadata: 35 | name: ingress-wear-watch 36 | spec: 37 | rules: 38 | - host: wear.my-only-store.com 39 | http: 40 | - paths: 41 | - backend: 42 | serviceName: wear-service 43 | servicePort: 80 44 | - host: watch.my-onlie-store.com 45 | http: 46 | path: 47 | - backend : 48 | serviceName: watch-service 49 | servicePort: 80 50 | ``` 51 | 52 | ```bash 53 | kubectl describe ingress ingress-wear-watch 54 | ``` 55 | 56 | 57 | ## Ingress 58 | ```bash 59 | kubectl get netpol 60 | kubectl create -f policy-definition.yaml 61 | k get ingress --all-namespaces 62 | k describe ingress --namespace app-space 63 | 64 | kubectl -n app-space describe i ingress-wear-watch 65 | kubectl apply -f ingress.yaml 66 | 67 | # Edit or change a yaml 68 | kubectl edit ingress --namespace app-space 69 | kubectl -n app-space get ingress ingress-wear-watch -o yaml > ingress.yaml 70 | 71 | k delete ingress ingress-wear-watch -n=app-space 72 | k -n app-space delete ingress ingress-wear-watch 73 | k apply -f /tmp/kubectl-edit-0n15v.yaml 74 | k get services --all-namespaces 75 | k get deploy --all-namespaces 76 | k get deployments.app,svc -n critical-space 77 | 78 | 79 | kubectl get deployments.app, svc -n critical-space 80 | ``` 81 | 82 | # validate Service account 83 | 84 | ```bash 85 | 86 | # Check role and role binding in a Service Account 87 | kubectl get roles,rolebindings -n=ingress-space 88 | 89 | kubectl -n ingress-space get roles.rbac.authorization.k8.io 90 | kubectl -n ingress-space get rolebindings.rbac.authorization.k8s.io 91 | 92 | kubectl -n app-space describe ingress test-ingress 93 | 94 | ## Network Polices 95 | kubectl get netpol 96 | kubectl get pods -l name_payroll 97 | kubectl get pods -l name=internal 98 | kubectl describe netpol payroll-policy 99 | ``` 100 | 101 | ```bash 102 | Create a temporaly pod to test connection to a pod in a cluster Ip 103 | 104 | k get pod -o wide # To get the cluster IP 105 | 106 | # To test the conectivity 107 | k run tmp --restart=Never --rm -i --image=nginx:alpine -- curl 10.0.0.67 108 | 109 | ``` 110 | 111 | ## Network Polices 112 | 113 | To allow ingress just in a specific port 114 | 115 | ```yaml 116 | policyTypes: 117 | - Ingress 118 | ingress: 119 | - from: 120 | - podSelector: 121 | matchLabels: 122 | name: api-pod 123 | ports: 124 | - protocol: TCP 125 | port: 3306 126 | ``` 127 | Example of Network Policy 128 | 129 | ```yaml 130 | apiVersion: networking.k8s.io/v1 131 | kind: NetworkPolicy 132 | metadata: 133 | name: db-policy 134 | spec: 135 | podSelector: 136 | matchLabels: 137 | role: db 138 | policyTypes: 139 | - Ingress 140 | ingress: 141 | - from: 142 | - podSelector: 143 | matchLabels: 144 | role: frontend 145 | ports: 146 | - protocol: TCP 147 | port: 3306 148 | ``` 149 | 150 | 151 | ## Egress 152 | 153 | ```yaml 154 | apiVersion: networking.k8s.io/v1 155 | kind: NetworkPolicy 156 | metadata: 157 | name: test-network-policy 158 | namespace: default 159 | spec: 160 | podSelector: 161 | matchLabels: 162 | role: db 163 | policyTypes: 164 | - Egress 165 | egress: 166 | - to: 167 | - ipBlock: 168 | cidr: 10.0.0.0/24 169 | ports: 170 | - protocol: TCP 171 | port: 5978 172 | 173 | ``` 174 | -------------------------------------------------------------------------------- /Volumes/Readme.md: -------------------------------------------------------------------------------- 1 | # State Persistence 2 | 3 | ## Volumes 4 | 5 | The data that is on the container lives with the container, It means that if the container died the data is destroyed. 6 | To persit the date, we have to attach a volumne in the container to retain permanently. 7 | 8 | **Example** 9 | - In volumes, firt we need to create the volume call it: data-volume, then the hostPath where we will store the data 10 | - In container section, we mount the data-volume in a container directory /opt 11 | - If the pod is deleted the file /data still on the host 12 | 13 | ```bash 14 | kubect create -f pod-definition.yaml 15 | ``` 16 | 17 | ```yaml 18 | apiVersion: v1 19 | kind: Pod 20 | metadata: 21 | name: random-number-generator 22 | spec: 23 | containers: 24 | - name: alpine 25 | image: alpine 26 | command: ["/bin/sh", "-c"] 27 | args: ["shuf -i 0-100 -n 1 >> /opt/number.out;"] 28 | volumeMounts: 29 | - mountPath: /opt 30 | name: data-volume 31 | volumes: 32 | - name: data-volume 33 | hostPath: 34 | path: /data 35 | type: Directory 36 | ``` 37 | 38 | ## Persistent Volumes - PV 39 | A persistent volume is a cluster wide pool of storage volumes configured by an administrator to be used. The users can select storage from this pool using Persisten Volume claims. 40 | 41 | Note: 42 | AccessModes support: 43 | - ReadOnlyMany 44 | - ReadWriteOnce 45 | - ReadWriteMany 46 | 47 | ```bash 48 | kubectl create -f pv-definition.yaml 49 | kubectl get persistentvolume 50 | ``` 51 | 52 | ```yaml 53 | apiVersion: v1 54 | kind: PersistentVolume 55 | metadata: 56 | name: pv-vo11 57 | spec: 58 | accessModes: 59 | - ReadWriteOnde 60 | capacity: 61 | storage: 1Gi 62 | hostPath: 63 | path: /data 64 | ``` 65 | 66 | ## Persistent Volumns Claims - PVC 67 | Persistent volumes and persisten volume claims are separate objects in Kubernetes namespaces. An administrator create a persistent volumes and an user create a persisten volume claims to use storage. 68 | 69 | Kubernetes binds the Persisten Volumes to Claims based. Every persistent Volume Claim is bound to a single Persistent Volume. 70 | 71 | ```bash 72 | kubectl create -f pvc-definition.yaml 73 | kubectl get persistentvolumeclaim 74 | ``` 75 | 76 | ```yaml 77 | apiVersion: v1 78 | kind: PersistentVolumeClaim 79 | metadata: 80 | name: myclaim 81 | spec: 82 | accessModes: 83 | - ReadWriteOnce 84 | resources: 85 | requests: 86 | storage: 500Mi 87 | ``` 88 | 89 | Note: The Persistent Volume Claim after creation will be on Pending status, when claim is created Kubernetes looks for a "volume" created previously, if the accessModes match, the capacity is less thatn Persistent Volume, since there are not other who match with the claim requierement, the persistent volume claim will be bound to the persisten volume. 90 | 91 | ```bash 92 | kubectl get persistentvolumeclaim 93 | kbuectl create -f pvc-definition.yaml 94 | ``` 95 | 96 | ### Deleting PVCs 97 | 98 | ```bash 99 | kubectl delete persistencevolumeclaim myclaim 100 | 101 | # We can choose what do with the volume,, by default is Retain 102 | PesistentVolumeReaclaimPolicy: Retain # The persistent volume will remain until it is deleted manually by the administrator, is not available for other claims 103 | PesistentVolumeReaclaimPolicy: Delete # Delete automatically, if the claim is deleted the volume will be deleted too 104 | PesistentVolumeReaclaimPolicy: Recycle # The data in the data volume will be scrubbed before making it availabe to other claims 105 | 106 | ``` 107 | 108 | ## Using PVCs in PODs 109 | In the pod we are using the Persistent Claim that we already created "myclaim" as a volume. Then mount that volumen in the container. 110 | 111 | ```yaml 112 | apiVersion: v1 113 | kind: Pod 114 | metadata: 115 | name: mypod 116 | spec: 117 | containers: 118 | - name: myfrontend 119 | image: nginx 120 | volumeMounts: 121 | - mountPath: "/var/www/html" 122 | name: mypd 123 | volumes: 124 | - name: mypd 125 | persistentVolumeClaim: 126 | claimName: myclaim 127 | ``` 128 | 129 | ```bash 130 | #logs 131 | kubectl exec webapp -- cat /log/app.log 132 | ``` 133 | 134 | 135 | ### Other commands 136 | ```bash 137 | kubectl get pvc 138 | kubectl get pv 139 | k get pv,pvc 140 | k delete pvc claim-log-1 141 | ``` -------------------------------------------------------------------------------- /Readiness-and-Liveness-Probes/Readme.md: -------------------------------------------------------------------------------- 1 | # Readiness Probes and Liveness Probes 2 | 3 | In Kubernetes, readiness probes and liveness probes are mechanisms used to monitor the health and status of containers. 4 | 5 | For HTTP: 6 | 7 | ```yaml 8 | readinessProbe: 9 | httpGet: 10 | path: /app/ready 11 | port: 8080 12 | ``` 13 | 14 | For TCP: 15 | 16 | ```yaml 17 | readinessProbe: 18 | tcpSocket: 19 | port: 3306 20 | ``` 21 | 22 | For EXEC: 23 | 24 | ```yaml 25 | readinessProbe: 26 | exec: 27 | command: 28 | - cat 29 | - /ls 30 | ``` 31 | 32 | Example Pod Definition with Readiness Probe: 33 | 34 | ```yaml 35 | apiVersion: v1 36 | kind: Pod 37 | metadata: 38 | name: example-pod 39 | spec: 40 | containers: 41 | - image: nginx 42 | name: example-container 43 | ports: 44 | - containerPort: 8080 45 | readinessProbe: 46 | httpGet: 47 | path: /api/ready 48 | port: 8080 49 | initialDelaySecond: 10 # If we know our application will take 10 sencond in start 50 | periodSeconds: 5 # How oftern to probe the readiness 51 | failureThreshold: 8 # More than 3 attemps 52 | ``` 53 | 54 | `initialDelaySeconds`: Specifies the number of seconds to wait before performing the first readiness probe after the container has started. 55 | `periodSeconds`: Defines how often (in seconds) to perform the readiness probe. 56 | `failureThreshold`: Indicates the number of consecutive failures required before marking the container as not ready. 57 | 58 | ## Liveness Probe 59 | 60 | A liveness probe in Kubernetes is used to determine if a container is still running. If a liveness probe fails, Kubernetes will restart the container to try to recover it. This helps ensure that applications can self-heal and recover from failures automatically. 61 | 62 | For HTTP: 63 | 64 | ```yaml 65 | livenessProbe: 66 | httpGet: 67 | path: /app/ready 68 | port: 8080 69 | ``` 70 | 71 | For TCP: 72 | 73 | ```yaml 74 | livenessProbe: 75 | tcpSocket: 76 | port: 3306 77 | ``` 78 | 79 | For EXEC: 80 | 81 | ```yaml 82 | livenessProbe: 83 | exec: 84 | command: 85 | - cat 86 | - /ls 87 | ``` 88 | 89 | Example Pod Definition with Liveness Probe: 90 | 91 | ```yaml 92 | apiVersion: v1 93 | kind: Pod 94 | metadata: 95 | name: example-pod 96 | spec: 97 | containers: 98 | - image: nginx 99 | name: example-container 100 | ports: 101 | - containerPort: 8080 102 | livenessProbe: 103 | httpGet: 104 | path: /api/healthy 105 | port: 8080 106 | initialDelaySeconds: 10 107 | periodSeconds: 5 108 | failureThreshold: 3 109 | ``` 110 | 111 | ## Adding Liveness and Readiness Probes 112 | 113 | 1. **Create a Deployment Imperatively**: 114 | 115 | ```bash 116 | kubectl create deployment example-deployment --image=nginx 117 | ``` 118 | 119 | 2. **Edit the Deployment to Add Probes:** 120 | 121 | ```bash 122 | kubectl edit deployment example-deployment 123 | ``` 124 | 125 | Imperative commands in Kubernetes, such as `kubectl run` or `kubectl create`, do not directly support the configuration of liveness probes and readiness probes. These probes are typically configured in the YAML definition of a pod or deployment. 126 | 127 | However, you can create a basic pod or deployment using imperative commands and then edit the configuration to add the probes. 128 | 129 | ### Example Steps: 130 | 131 | 1. **Create a Deployment Imperatively**: 132 | 133 | ```bash 134 | kubectl create deployment example-deployment --image=nginx 135 | ``` 136 | 137 | 2. **Edit the Deployment to Add Probes**: 138 | 139 | ```bash 140 | kubectl edit deployment example-deployment 141 | ``` 142 | 143 | This will open the deployment configuration in your default text editor. You can then add the liveness and readiness probes. 144 | 145 | ### Example YAML Configuration: 146 | 147 | ```yaml 148 | apiVersion: apps/v1 149 | kind: Deployment 150 | metadata: 151 | name: example-deployment 152 | spec: 153 | replicas: 1 154 | selector: 155 | matchLabels: 156 | app: example 157 | template: 158 | metadata: 159 | labels: 160 | app: example 161 | spec: 162 | containers: 163 | - name: example-container 164 | image: nginx 165 | ports: 166 | - containerPort: 80 167 | livenessProbe: 168 | httpGet: 169 | path: /healthz 170 | port: 80 171 | initialDelaySeconds: 10 172 | periodSeconds: 5 173 | readinessProbe: 174 | httpGet: 175 | path: /ready 176 | port: 80 177 | initialDelaySeconds: 5 178 | periodSeconds: 10 179 | ``` 180 | -------------------------------------------------------------------------------- /Getting-started-Imperative-Commands/pods.md: -------------------------------------------------------------------------------- 1 | # **Pods** 2 | 3 | **Pods** are a group of containers represented for deployable objects in Kubernetes. It could contain one or more containers. 4 | 5 | ## **Basic Commands** 6 | 7 | ```bash 8 | # List pods in the default namespace 9 | kubectl get pods 10 | 11 | # List all the pods in al namespaces 12 | kubectl get po --all-namespaces 13 | 14 | # List pods in a particular namespace 15 | kubectl get pods --namespace=dev 16 | kubectl get po -n dev 17 | 18 | # More details about all the Pods | Get the Ip address of the pod 19 | kubectl get pods -o wide 20 | kubectl get po nginx -o wide 21 | 22 | # More details about a single Pod 23 | kubectl describe pod basicpod 24 | 25 | ``` 26 | 27 | ```bash 28 | kubectl get pods 29 | NAME READY STATUS RESTARTS AGE 30 | myapp-pod 1/1 Running 1 33m 31 | ``` 32 | 33 | ```bash 34 | # Creating a pod 35 | kubectl run nginx --image nginx 36 | 37 | # Restart Never 38 | kubectl run nginx --image nginx --restart=Never 39 | 40 | # Specify the version of the image 41 | kubectl run nginx --image=nginx:alpine 42 | kubectl run redis --image redis123 43 | 44 | # Creating pods based in yaml files 45 | kubectl create -f my_pod.yml 46 | kubectl apply -f /var/examples/my-pod.yaml 47 | kubectl apply -f my-pod.yaml 48 | 49 | # Creating pods in a specific namespace 50 | kubectl create -f my-pod.yml --namespace=dev 51 | kubectl run redis --image=redis --namespace=prod 52 | kubectl run alpine --image=https:alpine -n limit 53 | ``` 54 | 55 | If we want to create a pod in diferent namespace, using yaml 56 | 57 | ```yaml 58 | apiVersion: v1 59 | kind: Pod 60 | metadata: 61 | name: my-app 62 | namespace: dev 63 | labels: 64 | app: myapp 65 | type: front-end 66 | spec: 67 | containers: 68 | - name: nginx-container 69 | image: nginx 70 | ``` 71 | 72 | ```bash 73 | # Edit a pod yml 74 | vim 01-pod-definition.yml 75 | 76 | # Get the yml file of the pod we just created 77 | kubectl get pod nginx -o yaml 78 | 79 | # Extract the definition to a file from a created Pod: 80 | kubectl get pod nginx -o yaml > other-pod.yml 81 | 82 | # Create a dry run of the Pod, It will not create the pod, but we can use the yaml to redirect the yamls definition into a file called pod.yaml 83 | kubectl run redis --image=redis123 --dry-run=client -o yaml > pod.yaml 84 | 85 | # Edit the file, and save the changes. 86 | vim pod.yaml 87 | 88 | # Apply to create the pod 89 | kubectl apply -f pod.yaml 90 | 91 | # Edit the file, and save the changes, add namespace=dev 92 | vi pod.yaml 93 | kubectl apply -f pod.yaml 94 | 95 | # Other ways to edit a file, edit will automatically apply the changes 96 | kubectl edit pod myapp-pod 97 | kubectl edit pod redis 98 | Nota: Only the properties listed below are editable 99 | - spec.container[*].image 100 | - spec.initContainer[*].image 101 | - spec.activeDeadlineSeconds 102 | - spec.tolerations 103 | - spec.terminationGracePeriodSeconds 104 | 105 | # Delete a pod, it will be created again by the deployment 106 | kubectl delete pod pod-name 107 | 108 | # Delete with the name of the file 109 | kubectl delete -f nginx-pod.yml 110 | 111 | # Delete Deployment that manages the Pod, this will delete the Pod definitelly 112 | kubectl delete deployment pod-name 113 | 114 | # Deliting all pods in a namespace 115 | kubectl delete --all pods --namespace=dev 116 | 117 | # Delete all the pods created 118 | kubectl delete pod --all 119 | 120 | # Delete the pod without any delay 121 | kubectl delete pods nginx --grace-period=0 --force 122 | ``` 123 | 124 | ## **More Commands** 125 | 126 | ```bash 127 | # Create the nginx pod with version 1.17.4 and expose it on port 80 128 | kubectl run nginx --image=nginx:1.17.4 --restart=Never --port=80 129 | 130 | # Change the image version of the pod 131 | kubectl set image pod/nginx nginx=nginx:1.15-alpine 132 | kubectl set image pod/nginx nginx=nginx:1.17.1 133 | 134 | # Check the image version without the describe command 135 | kubectl get po nginx -o jsonpath='{.spec.containers[].image}{"\n"}' 136 | 137 | # Create the nginx pod and execute the simple shell on the pod 138 | kubectl run nginx --image=nginx --restart=Never 139 | kubectl exec -it nginx /bin/sh 140 | 141 | # Create a busybox pod and run commands ls while creating it and check the logs 142 | kubectl run busibox --image=busibox --restart=Never -- ls 143 | kubectl logs busybox 144 | 145 | # If pod ccrashed check the previous logs of the pod 146 | kubectl logs busibox -p 147 | 148 | # Create a pod with a command 149 | kubectl run busibox --image=busibox restart=Never -- /bin/sh -c "sleep 3600" 150 | 151 | # Create a busibox image pod and echo message "Hello! How are you?" 152 | kubectl run busibox --image=nginx --restart=Never -it -- echo "Hello! How are you?" 153 | 154 | # Create a pod busibox, show a message and then delete 155 | kubectl run busybox --image=nginx --restart=Never -it --rm -- echo "Hello, How are you?" 156 | 157 | # Create a nginx pod and list the pod with different levels of verbosity 158 | kubectl run nginx --image=nginx --restart=Never --port=80 159 | 160 | kubectl get po nginx --v=7 161 | kubectl get po nginx --v=8 162 | kubectl get po nginx --v=9 163 | 164 | # List the pod with custom columns POD_NAME and POD_STATUS 165 | kubectl get po -o=custom-columns="POD_NAME:.metadata.name, POD_STATUS:.status.containerStatuses[].state" 166 | 167 | # List all the pods sorted by name 168 | kubectl get pods --sort-by=.metadata.name 169 | 170 | # List all the pods created by timestamp 171 | kubectl get pods--sort-by=.metadata.creationTimestamp 172 | ``` 173 | 174 | # FINAL 175 | 176 | Pods are a group of containers represented for deployable objects in Kubernetes. A Pod could contain one or more containers (applications), one for the main process and one or more containers to “help” the main process. 177 | 178 | # Get the documentation for Pod manifests 179 | 180 | kubectl explain pods 181 | 182 | # A basic Pod manifest basic-pod-manifest.yaml 183 | 184 | ```yaml 185 | apiVersion: v1 186 | kind: Pod 187 | metadata: 188 | name: static-web 189 | labels: 190 | role: myrole 191 | spec: 192 | containers: 193 | - name: web 194 | image: nginx 195 | ports: 196 | - containerPort: 80 197 | protocol: TCP 198 | ``` 199 | 200 | # Creating pods based in YAML file 201 | 202 | kubectl create -f basic-pod-manifest.yaml 203 | 204 | # Get the YAML file of the Pod just created 205 | 206 | kubectl get pod nginx -o yaml 207 | 208 | # List Pods and their state in the default Namespace 209 | 210 | kubectl get pods 211 | 212 | # Get the definition of the Pod into a file 213 | 214 | kubectl get pod static-web -o yaml > manifest.yml 215 | 216 | # List all the Pods in all Namespaces 217 | 218 | kubectl get pods --all-namespaces 219 | 220 | # List Pods in a particular Namespace 221 | 222 | kubectl get pods --namespace=dev 223 | 224 | # Show more details about a single Pod 225 | 226 | kubectl describe pod static-web 227 | 228 | # Create a Pod using imperative commands 229 | 230 | kubectl run nginx --image nginx 231 | 232 | # Preview the object that would be sent to your cluster. 233 | 234 | # Don't create the Pod 235 | 236 | kubectl run nginx --image=nginx --dry-run=client -o yaml 237 | 238 | # Edit a Pod 239 | 240 | kubectl edit pod static-web 241 | 242 | # Delete a pod 243 | 244 | kubectl delete pod nginx 245 | 246 | # Delete a pod force 247 | 248 | kubectl delete pod nginx --force 249 | 250 | # Pod logs 251 | 252 | kubectl logs static-web -c web 253 | 254 | # Pod port forwarding 255 | 256 | kubectl port-forward static-web 8884:80 257 | 258 | # execute the simple shell on the pod 259 | 260 | kubectl exec -it static-web bash 261 | 262 | # Connecting to the pod through the port forwarder: 263 | 264 | curl localhost:8884 265 | -------------------------------------------------------------------------------- /more-commands.md: -------------------------------------------------------------------------------- 1 | # Tips and Tricks 2 | 3 | These are some extra commands you might find useful. They are more specific, so I added them to this new sheet of tips and tricks. I hope they help make your work easier. Don’t forget to practice them to get better at using these tools! 4 | 5 | Work In Progress 🚜 🛠️ 🚧 6 | 7 | > Note: I will keep updating this document with more tips and tricks. 8 | 9 | ## 📙️ Help 10 | 11 | Use the power of `help`. 12 | Which provides help documentation and usage details (syntax, flags, and options available) for the specific command. Also Offers examples of usage. 13 | 14 | Example: 15 | 16 | Running `kubectl run --help` might give you information like: 17 | 18 | ```bash 19 | Create and run a particular image in a pod on the cluster. 20 | 21 | Examples: 22 | # Start a single instance of nginx. 23 | kubectl run nginx --image=nginx 24 | 25 | Options: 26 | --image: The container image to use. 27 | --port: The port to expose on the pod. 28 | ... 29 | ``` 30 | 31 | ## 📗 Explain 32 | 33 | Use the power of `explain` which provides schema information about a specific Kubernetes resource, including its fields and structure. It also helps you understand the API definition for the resource and how to configure it in YAML or JSON. 34 | 35 | Example: 36 | 37 | Running `kubectl explain pod` might give you information like: 38 | 39 | ```bash 40 | KIND: Pod 41 | VERSION: v1 42 | 43 | DESCRIPTION: 44 | Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. 45 | 46 | FIELDS: 47 | apiVersion 48 | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. 49 | kind 50 | Kind is a string value representing the REST resource this object represents. 51 | ``` 52 | 53 | ## When to use `help` or `explain`? 54 | 55 | Use `--help` to understand how to execute a command. 56 | Use `kubectl explain` to understand how a Kubernetes resource is defined and structured. 57 | 58 | ```bash 59 | kubectl get pods --all-namespaces | grep 60 | kbuectl get ns | wc -l (answer: total - one) 61 | ``` 62 | 63 | ## Counting containers in a pod 64 | 65 | ```bash 66 | kubectl get pod mypod -o jsonpath='{.spec.containers[*].name}' | wc -w 67 | ``` 68 | 69 | ## Print the name of the containers in the pod named 'mypod' 70 | 71 | ```bash 72 | kubectl get pod mypod -o jsonpath='{.spec.containers[*].name}' 73 | ``` 74 | 75 | ## Roles 76 | 77 | ```bash 78 | # Describe the role named 'kube-proxy' in the 'kube-system' namespace. 79 | k describe role kube-proxy -n kube-system 80 | 81 | # Create a role named 'developer' with the following permissions: 82 | kubectl create role developer --verb=create --verb=get --verb=delete --resource=pods 83 | 84 | # Create a rolebinding named 'dev-user-binding' that binds the role 'developer' to the user 'dev-user 85 | kubectl create rolebinding dev-user-binding --role=developer --user=dev-user 86 | 87 | # Checks if the kube-apiserver is running and whether it has admission plugins enabled 88 | ps -ef | grep kube-apiserver | grep admission-plugins 89 | ``` 90 | 91 | ## Grep, awk and jsonpath 92 | 93 | ```bash 94 | # Print all environment variables in the pod named 'james' 95 | kubectl exec james -- printenv | grep FRONT_ROW 96 | 97 | # Counts the number of pods in the dev environment 98 | kubectl get pods --selectors env=dev --no-headers | wc -l 99 | ``` 100 | 101 | ```bash 102 | # Shows pod details and highlights the annotations: section with 10 lines before and after it. 103 | kubectl describe pods | grep --context=10 annotations: 104 | 105 | # Shows pod details and highlights the Events: section with 10 lines before and after it. 106 | kubectl describe pods | grep --context=10 Events: 107 | 108 | # Total count of pods with the label env=dev, excluding the header. 109 | kubectl get pods --show-labels | grep -c 'env=dev' 110 | 111 | # Total count of objects with the label env=prod, excluding the header. 112 | k get all --show-labels | grep '-c' env=prod 113 | 114 | # Total count of objects with diferent labels 115 | k get pod --show-labels | grep env=prod | grep bu=finance | grep tier=frontend 116 | 117 | # lists all deployments in all namespaces (-A) in a detailed format (-o wide) and filters by image. 118 | k get deployments.apps -A -o wide | grep kodekloud/webapp-color:v1 119 | ``` 120 | 121 | ### Using grep and awk to Extract Pod Information 122 | 123 | ```bash 124 | # Lists all pods in the current namespace with additional details 125 | $ k get pod -owide 126 | NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 127 | mypod 1/1 Running 0 2m56s 192.168.1.6 node01 128 | nginx 1/1 Running 0 5m23s 192.168.1.4 node01 129 | 130 | # Extract the Pod Name and IP Address 131 | $ k get pod -owide | awk '{ print $1, $6 }' 132 | NAME IP 133 | mypod 192.168.1.6 134 | nginx 192.168.1.4 135 | ``` 136 | 137 | ### Extract Specific Values from Pod Descriptions 138 | 139 | Filter Pods by Status 140 | 141 | ```bash 142 | # To find all pods that are not in the "Running" status: 143 | $ k get pod | grep -v "Running" 144 | NAME READY STATUS RESTARTS AGE 145 | fail-pod 0/1 ErrImagePull 0 14s 146 | 147 | # To find all pods that are in the "Running" status: 148 | controlplane $ k get pod | grep "Running" 149 | mypod 1/1 Running 0 9m48s 150 | nginx 1/1 Running 0 12m 151 | ``` 152 | 153 | ### Extract Specific Values from Pod Descriptions 154 | 155 | ```bash 156 | # Retrieves details of the pod named and filters to show the line containing the Node: information 157 | k describe pod mypod | grep "Node:" 158 | Node: node01/172.30.2.2 159 | 160 | # Extracts the Node name from the output 161 | $ k describe pod mypod | grep "Node:" | awk '{print $2}' 162 | node01/172.30.2.2 163 | ``` 164 | 165 | ```bash 166 | # Get the container image in a pod using jsonpath 167 | k get pod nginx -ojsonpath='{.spec.containers[*].image}' 168 | nginx 169 | 170 | # Retrieves details of the nginx pod and filters by the line containing Image: 171 | k describe pod nginx | grep "Image:" 172 | Image: nginx 173 | 174 | # Retrieves the image name used by the nginx pod. It filters the Image: line and uses awk to extract and print the second column 175 | k describe pod nginx | grep "Image:" | awk '{print $2}' 176 | nginx 177 | ``` 178 | 179 | ### Resource Requests and Limits 180 | 181 | ```bash 182 | # -A 2: This option tells grep to print 2 lines after the matching line. 183 | # For Limits 184 | $ k describe pod nginx | grep -A 2 "Limits" | awk '{print $1, $2}' 185 | Limits: 186 | cpu: 500m 187 | memory: 128Mi 188 | 189 | # For Requests 190 | $ k describe pod nginx | grep -A 2 "Request" | awk '{print $1, $2}' 191 | Requests: 192 | cpu: 250m 193 | memory: 64Mi 194 | ``` 195 | 196 | ### Filtering Events for Troubleshooting 197 | 198 | ```bash 199 | # Searches for lines containing "Warning" and displays the match along with the next 5 lines for each match. 200 | $ kubectl describe pod mypod | grep -A 5 "Warning" 201 | 202 | # Output to a file 203 | kubectl logs nginx | sudo tee ~/opt/answers/nginx.logs 204 | ``` 205 | 206 | ### Service and Endpoint Information 207 | 208 | Get the Cluster IP of a Service 209 | 210 | ```bash 211 | # With jsonpath 212 | $ k get svc nginx -o jsonpath='{.spec.clusterIP}' 213 | 10.97.243.240 214 | 215 | # With Grep and AWK 216 | $ kubectl describe svc mypod | grep "NodePort" | awk '{print $3}' 217 | 30288/TCP 218 | 219 | ``` 220 | 221 | Count and List Pods by Labels 222 | 223 | ```bash 224 | # Count Pods with a Specific Label 225 | 226 | k get pods --show-labels 227 | NAME READY STATUS RESTARTS AGE LABELS 228 | nginx 1/1 Running 0 27s run=nginx 229 | # wc -l is a Linux command that counts the number of lines in the output it receives. 230 | k get pods -l run=nginx --no-headers | wc -l 231 | 1 232 | 233 | 234 | # List Pod Names with a Specific Label 235 | $ k get pods -l run=nginx -o custom-columns=":metadata.name" 236 | nginx 237 | ``` 238 | 239 | ### Extract and Format Timestamps of Pod Events 240 | 241 | ```bash 242 | k get pod nginx -o jsonpath='{.status.startTime}' 243 | 2024-11-11T18:20:14Z 244 | ``` 245 | 246 | ### Custom Column Outputs for Readability 247 | 248 | ```bash 249 | k get pods -o custom-columns="POD:metadata.name,STATUS:status.phase" 250 | POD STATUS 251 | nginx Running 252 | ``` 253 | 254 | ```bash 255 | # For each line, it would print the first field (typically the username): 256 | cat /etc/passwd | awk -F ":" '{print $1}' 257 | ``` 258 | 259 | ## Decode a Base64 string 260 | 261 | To Encode: 262 | 263 | ```bash 264 | echo -n "your_word" | base64 265 | ``` 266 | 267 | To Decode: 268 | 269 | ```bash 270 | echo -n "your_base64_string" | base64 --decode 271 | 272 | ``` 273 | 274 | ## How to Test Things 275 | 276 | ### When to Choose Which in Kubernetes? 277 | 278 | - Use curl for: 279 | 280 | API interaction or testing HTTP responses (GET, POST, PUT, DELETE). 281 | Debugging advanced HTTP headers or response status. 282 | Validating DNS resolution with specific request formats. 283 | 284 | Examples: 285 | 286 | ```bash 287 | # Test Connectivity to a Pod or Service. In this case validate if a service named my-service running on port 8080 is accessible. 288 | kubectl run tmp --image=busybox --rm -i -- curl -m 5 http://my-service:8080 289 | 290 | # Check the Headers or Debug Responses. Here validate the HTTP headers returned by a service to debug load balancer configurations or caching. 291 | kubectl run tmp --image=busybox --rm -i -- curl -I http://my-service:8080 292 | 293 | # Fetch Cluster DNS Resolution. Ensure DNS resolves a specific pod or service correctly within the cluster. 294 | kubectl run tmp --image=busybox --rm -i -- curl -m 5 http://my-pod.my-namespace.svc.cluster.local 295 | 296 | ``` 297 | 298 | - Use wget for: 299 | 300 | Simple connectivity checks (e.g., "Is this service reachable?"). 301 | Downloading files (e.g., downloading a binary or a script for setup). 302 | 303 | Examples: 304 | 305 | ```bash 306 | 307 | # Test Connectivity to a Pod or Service or Basic DNS and Service Testing. Similar to the curl example but focuses on retrieving content quickly. 308 | kubectl run tmp --image=busybox --rm -i -- wget -O- -T 5 http://my-service:8080 309 | 310 | # Download a File. Retrieve and save a file from an external URL for use in your container. 311 | kubectl run tmp --image=busybox --rm -i -- wget -O myfile.txt http://example.com/file.txt 312 | ``` 313 | 314 | ### Test network polices 315 | 316 | ```bash 317 | 318 | k -n space1 exec app1-0 -- curl -m 1 microservice1.space2.svc.cluster.local 319 | 320 | k -n space1 exec app1-0 -- nslookup tester.default.svc.cluster.local 321 | ``` 322 | 323 | ## Test svc 324 | 325 | ```bash 326 | k run test --image=nginx --rm -n ckad12-svcn -it -- sh 327 | k run test --image=nginx --rm -it -- sh 328 | ``` 329 | 330 | ## helm 331 | 332 | ```bash 333 | helm install kubernetes-dashboard-server kubernetes-dashboard/kubernetes-dashboard -n cd-tool-apd 334 | 335 | ``` 336 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Certified Kubernetes Application Developer (CKAD) :dolphin: 2 | 3 |

4 | 5 |

6 | 7 | This repository contains my notes, definitions, tips, sources, and commands that I used to prepare for the Certified Kubernetes Application Developer exam. 8 | 9 | ## **About the Certified Kubernetes Application Developer (CKAD)** 10 | 11 | ```mermaid 12 | pie showData 13 | title CKAD categories 14 | "Application Design and Build" : 20 15 | "Application Deployment" : 20 16 | "Application Observability and Maintenance" : 15 17 | "Application Environment, Configuration and Security" : 25 18 | "Services and Networking" : 20 19 | ``` 20 | 21 | ## More Details 🧚🏻 22 | 23 |
24 | Application Design and Build (20%) 25 | 26 | - Define, build, and modify container images 27 | - Choose and use the right workload resource (Deployment, DaemonSet, CronJob, etc.) 28 | - Understand multi-container Pod design patterns (e.g., sidecar, init, and others) 29 | - Utilize persistent and ephemeral volumes 30 | 31 |
32 | 33 |
34 | Application Deployment (20%) 35 | 36 | - Use Kubernetes primitives to implement common deployment strategies (e.g., blue/green or canary) 37 | - Understand Deployments and how to perform rolling updates 38 | - Use the Helm package manager to deploy existing packages 39 | - Kustomize 40 | 41 |
42 | 43 |
44 | Application Observability and Maintenance (15%) 45 | 46 | - Understand API deprecations 47 | - Implement probes and health checks 48 | - Use built-in CLI tools to monitor Kubernetes applications 49 | - Utilize container logs 50 | - Debugging in Kubernetes 51 | 52 |
53 | 54 |
55 | Application Environment, Configuration, and Security (25%) 56 | 57 | - Discover and use resources that extend Kubernetes (CRD, Operators) 58 | - Understand authentication, authorization, and admission control 59 | - Understand requests, limits, quotas 60 | - Understand ConfigMaps 61 | - Define resource requirements 62 | - Create & consume Secrets 63 | - Understand ServiceAccounts 64 | - Understand Application Security (SecurityContexts, Capabilities, etc.) 65 | 66 |
67 | 68 |
69 | Services and Networking (20%) 70 | 71 | - Demonstrate basic understanding of NetworkPolicies 72 | - Provide and troubleshoot access to applications via services 73 | - Use Ingress rules to expose applications 74 | 75 |
76 | 77 |

78 | Get more information [Training Linux Fundation](https://www.cncf.io/training/certification/ckad/) Updated September 28, 2021. You can also check the [curriculum](https://github.com/cncf/curriculum/blob/master/CKAD_Curriculum_v1.31.pdf) 79 | 80 | ## Useful commands 👾 81 | 82 | ### Shortcuts for Kubernetes Objects ✂️ 83 | 84 | You can use the following shortcuts for common Kubernetes objects: 85 | 86 | | Shortcut | Object | Shortcut | Object | 87 | | -------- | ------------------ | ----------- | ---------------------- | 88 | | `po` | Pods | `cm` | ConfigMaps | 89 | | `rs` | ReplicaSets | `secret` | Secrets | 90 | | `deploy` | Deployments | `ing` | Ingresses | 91 | | `svc` | Services | `endpoints` | Endpoints | 92 | | `ns` | Namespaces | `netpol` | Network Policies | 93 | | `pv` | Persistent Volumes | `pvc` | PersistentVolumeClaims | 94 | | `sa` | Service Accounts | | 95 | 96 | ### Use the right context always 97 | 98 | ```bash 99 | # List all kubectl contexts configured in the kubeconfig file 100 | kubectl config get-context 101 | 102 | # Switch the current context to the specified cluster (replace 'new-context' with your desired context name) 103 | kubectl config set current-context new-context 104 | 105 | # Every time before to start the question 106 | kubectl config use-contex 107 | ``` 108 | 109 | ### **My Setup (Optional) - Use Alias and ShortCuts** 110 | 111 | ```bash 112 | alias k=kubectl 113 | # Example: k get pods 114 | 115 | alias kn='kubectl config set-context --current --namespace' 116 | # Example: kn mynamespace 117 | 118 | alias ka='kubectl apply -f' 119 | # Example: ka pod.yaml 120 | 121 | alias kr='kubectl replace --force -f' 122 | # Example: kr pod.yaml 123 | 124 | alias kd='kubectl delete --force --grace-period=0' 125 | # Example: kd pod pod.yaml 126 | 127 | export do='--dry-run=client -o yaml' 128 | # Example: k run my-pod --image=nginx $do > pod.yaml 129 | ``` 130 | 131 | ### Kubectl Contexts 132 | 133 | ```bash 134 | # List all kubectl contexts configured in the kubeconfig file 135 | kubectl config get-context 136 | 137 | # Switch the current context to the specified cluster (replace 'new-context' with your desired context name) 138 | kubectl config set current-context new-context 139 | ``` 140 | 141 | # **Tips** :gift: 🩴 142 | 143 | - Attempt all questions - don’t get stuck on any single one. 144 | - Get comfortable with YAML. 145 | - Use shortcuts and aliases to save time. 146 | - Refer to Kubernetes documentation for most of what you need (And practice using it). 147 | - Practice using imperative commands as much as possible [Kubectl Gettign Started](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-strong-getting-started-strong-). 148 | - Use the `kubectl explain` command to understand resources better. 149 | - Manage your time effectively. 150 | - Improve your speed and proficiency with VIM. 151 | - If studying alone feels unmotivating, find a study buddy who is also preparing for the exam. 152 | - Divide your study time equally between learning concepts and hands-on practice. 153 | - Consider using AI to help study and practice for the exam. While some may disagree, I found it incredibly helpful for clarifying simple concepts. 154 | 155 | ## Vim Setup 156 | 157 | Understand what these commands do and how to use it in Vim: 158 | Open `vim ~/.vimrc` 159 | 160 | ```sh 161 | set expandtab # This tells Vim to convert tabs into spaces. 162 | set tabstop=2 # This sets the width of a tab character to 2 spaces. 163 | set shiftwidth=2 # This controls the number of spaces used for auto-indentation when using commands like >> (indent) or << (outdent) in Vim. 164 | ``` 165 | 166 | ## YAML file navigation in Vim 🫰 167 | 168 | ```bash 169 | # Move the cursor left, down, up or right 170 | - Use: 171 | h -> move to lef 172 | l -> move to right 173 | j -> move down 174 | k -> move up 175 | # Edit/view/find words or lines 176 | - Esc + w -> move word to word, set cursor at the beginning of the word 177 | - Esc + b -> move word to word, set cursor at the start of the previous word 178 | - Esc + $ -> move to the end of the line 179 | - Esc + 0 -> move to the beginning of the line 180 | - Esc + e -> move word to word, set cursor at the end of the word 181 | - Esc + dw -> Delete a word, set cursor at the beginning of the word, then a, to start typing 182 | - Esc + / -> Find a word 183 | 184 | # Move cursos in the file 185 | - Esc + gg -> move to the beginning of the file 186 | - Esc + G -> move to the end of the file 187 | - Ctrl-u: Scroll up half a page. 188 | - Ctrl-d: Scroll down half a page. 189 | 190 | # Edit/view/find lines 191 | - Esc + DD -> delete a line 192 | - Esc + o -> add a new line 193 | - Esc + :set nu -> to add line numbers 194 | - Esc :num + Enter -> go a specific number line in a file, example: Esc :22 195 | - Esc + u -> revert changes 196 | 197 | # Indent several lines 198 | - Shift + v -> to visual mode and up and down arrows to move the cursor 199 | - Shift + > -> indentation to the right 200 | - Shift + < -> indentation to the left 201 | - Shift + 2> -> indentation to the right, two times 202 | - Shift + 3< -> indentation to the left, three times 203 | 204 | # Copy and paste single line 205 | - Esc + y -> copy a line 206 | - Esc + p -> paste the line 207 | - Esc + d -> cut the line 208 | 209 | # Copy and paste several lines 210 | - Esc + v -> Mark lines, then arrow keys to select several lines 211 | - Esc + y -> Copy marked lines 212 | - Esc + p -> Past lines 213 | 214 | # Vim Shortcuts 215 | 216 | | Command | Action | Scope | 217 | | ------- | ----------------------------------------------------- | ------------------------------------------------- | 218 | | `cc` | Delete the current line and enter insert mode | Entire line | 219 | | `dd` | Delete the current line | Entire line | 220 | | `diw` | Delete the word under the cursor (no spaces) | Word only | 221 | | `viw` | Visually select the word under the cursor (no spaces) | Word only | 222 | | `dip` | Delete the paragraph under the cursor | Paragraph (text + surrounding blank lines) | 223 | | `vip` | Visually select the inner paragraph | Paragraph (text only, no surrounding blank lines) | 224 | 225 | ``` 226 | 227 | ### [Terminal] Move the Cursor in the terminal 228 | 229 | ```bash 230 | CTRL + A # Move to the beginning of the line 231 | CTRL + E # Move to the end of the line 232 | Press left or right arrow keys + keep pressing CTRL # Move one word to the left or right with speed (I use this a lot) 233 | ``` 234 | 235 | 🚦 get more commands here: [See more details in the other README](./more-commands.md) 236 | 237 | ## Resources :bell: :bell: 238 | 239 | ### Kubernetes Documentation :blue_book: 240 | 241 | - [Kubernetes documentation](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) - bookmarks have to be based in the oficial documentation 242 | - [Kubectl Getting Started ](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-strong-getting-started-strong-) 243 | 244 | ### Course :radio: 245 | 246 | - [Udemy CKAD preparation](https://www.udemy.com/course/certified-kubernetes-application-developer/?start=0#overview) -> Mumshad Mannambeth 247 | 248 | ### Practice :pencil2: 249 | 250 | - [Kodecloud Kubernetes Challenge](https://learn.kodekloud.com/courses/kubernetes-challenges) A set of fun challenges to learn and practice your skills on Kubernetes 251 | - [KillerCoda - Killer Shell CKAD](https://killercoda.com/killer-shell-ckad) 252 | - [Kubernetes CKAD Weekly Challenge](https://lnkd.in/eZ6-Jtst) by Kim Wuestkamp 253 | - [Kubernetes CKAD Example Exam Questions Practical Challenge Series 2019](https://codeburst.io/kubernetes-ckad-weekly-challenges-overview-and-tips-7282b36a2681) by Kim Wuestkamp 254 | - [Certified Kubernetes Application Developer Simulator](https://killer.sh/ckad) , it is free to use if you are registered in the Linux Foundation CKAD exam 255 | - [Practice Enough With These 150 Questions for the CKAD Exam 2019](https://medium.com/bb-tutorials-and-thoughts/practice-enough-with-these-questions-for-the-ckad-exam-2f42d1228552) by Bhargav Bachina 256 | - [Github CKAD Exercises dgkanatsios](https://github.com/dgkanatsios/CKAD-exercises) 257 | - [Kubernetes Network Policy Recipes](https://github.com/ahmetb/kubernetes-network-policy-recipes) by Ahmet Alp Balkan 258 | - [Tutorial helps you get started with Kubernetes NetworkPolicy](https://networkpolicy.io/) by Kubernetes and Cilium 259 | - [CKAD Resources by lucassha](https://github.com/lucassha/CKAD-resources) 260 | - [CKAD Exam Guide](https://blog.kubesimplify.com/ckad-exam-april-2022) by Navneet Nandan Jha 261 | 262 | ### Videos :movie_camera: 263 | 264 | - [How to Pass CKA, CKAD with Flying Colors?](https://www.youtube.com/watch?v=TJSAcwUP0pE) by I AM DINUTH, 03 year ago but still very useful 265 | - [How to CRUSH the CKAD Exam!](https://www.youtube.com/watch?v=5cgpFWVD8ds) by Alta3 Research. Not updated but some useful tips and tricks that still valid for the exam 266 | - [Higher Level Editing with Vim Text Objects](https://www.youtube.com/watch?v=Tk_vqJA4gK4) by matt-savvy 267 | 268 | ### Other Resources 269 | 270 | Other resources that I did not use but are also recommended: 271 | 272 | - [Kubernetes Introduction - Docker, Kubernetes + Hands On Labs](https://www.udemy.com/user/james-spurin/?srsltid=AfmBOoor4vPLpvU2wKbBFVg0a6r3sGf-EImUsLKsry-hyhhGpf1Y6syB) by James Spurin 273 | - [Kubernetes for Developers: Core Concepts](https://www.pluralsight.com/courses/kubernetes-developers-core-concepts) by Nigel Poulton 274 | - [Containers Courses](https://labs.iximiuz.com/courses?category=containers) by labs.iximiuz.com 275 | 276 | ### AI 🤖 277 | 278 | Use AI to help you to study and practice for the exam 279 | 280 | - [ChatGPT](https://chatgpt.com/) by OpenAI 281 | - [Microsoft Copilot](https://copilot.microsoft.com/) 282 | - others of your preference 283 | 284 | > Note: Use it to understand to support your study and expand your knowledge. Take as a main source the official documentation of Kuberentes! 285 | 286 | Get ready to get certified! You got this!! 🤗 🚀 287 | 288 | ![Alt text](img/aww.gif) 289 | --------------------------------------------------------------------------------