K8s

  • deployments
  • volumes
  • configmaps
  • secrets

What are deployments ?

01_deployments.yml

Deploy

kubectl create -f https://gist.githubusercontent.com/mateimicu/8b6ff7d06e5413862438afc2c12c5357/raw/154b19718ec5c67d828d16c642700980c211f59a/01_deployment.yal

Check status

kubectl rollout status deployment hello-world

What it did ?

kubectl get rs
REPLICA_SET=$(kubectl get rs | grep hello-world | awk '{print $1}')
kubectl describe rs "$REPLICA_SET"

Pod Hash

Used by replica sets

kubectl describe rs "$REPLICA_SET"
kubectl get pods --show-labels=true    

matchLabels

Used by Deployments to monitor overall status (across multiple replica sets)

Add a service over our

kubectl create -f https://gist.githubusercontent.com/mateimicu/1c7191ae666ca7aed7656f59e61d0937/raw/bfc14eab460bfd450150a6e2a4826016b1a7aff5/02_service.yml
kubectl get service service-hello-world
kubectl describe service service-hello-world
minikube service service-hello-world

Deploy new version

kubectl set image deployment/hello-world frontend=matei10/docker-hello-world:0.0.2

Check status

kubectl rollout status deployment hello-world
kubectl get rs

Bad Deployment

kubectl set image deployment/hello-world frontend=bad/bad:bad
kubectl rollout status deployment hello-world
kubectl get rs
kubectl get pods
Deployment history
kubectl rollout history deployment/hello-world
CHANGE-CAUSE empty ?
kubectl set image deployment/hello-world frontend=bad/bad:2bad --record
kubectl rollout history deployment/hello-world
kubectl rollout history deployment/hello-world --revision=1
kubectl rollout undo deployment/hello-world --to-revision=2
Status
kubectl rollout status deployment hello-world
Scaling
kubectl scale deployment hello-world --replicas=3
kubectl get pods
Autoscaling ?

Volumes

  • emptyDir
  • gitRepo
  • projected
  • ….
#!/usr/bin/env python
"""Dummy project"""
from __future__ import print_function

import socket
import os

import flask


APP = flask.Flask(__name__)
PATH = os.getenv("COUNTER_PATH")


def get_counter():
    """Get the counter from the local storage."""
    try:
        return int(open(PATH, "r").read())
    except Exception as exc:
        print("Exception :", exc)
        return 0

def inc_counter():
    """Increment the local storage counter."""
    c = get_counter()
    with open(PATH, "w") as fd:
        fd.write(str(c + 1))

@APP.route("/")
def index():
    """Return index."""
    inc_counter()
    return "[{}] Hello Mambu Labs {}".format(
        get_counter(),
        str(socket.gethostname())
    )


if __name__ == "__main__":
    APP.run(host="0.0.0.0", port=8080, debug=True)

Volumes

Service for our demo

Deploy

kubectl create -f https://gist.githubusercontent.com/mateimicu/273ffee7d9e1cb9d4a1a45cfed037a97/raw/f93c74f9e96519fafa953a44f37ea6cd0f0a8dfe/03_empty_dir.yml
kubectl create -f https://gist.githubusercontent.com/mateimicu/463c2706fe7404a18bc2343da90dbad1/raw/04561abc4597733376d16b4d429d5e50167bae85/04_empty_dir_service.yml
minikube service service-emptydir-volume

Where is the volume ?

kubectl get pod test-emptydir -o json
POD_UUID=$(kubectl get pod -n default test-emptydir -o 'jsonpath={.metadata.uid}')
echo "UUID :$POD_UUID"
minikube ssh
sudo su
cd /var/lib/kubelet/pods/

Secrets

Small amount of information stored in a “in memory” database. It uses tmpfs.


A default secret contains ca, token and namespace to access the API server.

echo -n 'cloudy2010' | base64 # => Y2xvdWR5MjAxMA==
kubectl create -f https://gist.githubusercontent.com/mateimicu/3b6c174cfb21e87cfbf22e3eb0291ef5/raw/acdb468a148d67546e4432bb41f8787a06e875aa/05_secret.yml
kubectl get secrets
kubectl describe secrets mambu-secret
echo -n 'cloudy2010' > password2
kubectl create secret generic mambu-secret2 --from-file=./password2
kubectl get secrets
kubectl describe secrets mambu-secret2

Deploy

kubectl create -f https://gist.githubusercontent.com/mateimicu/a9ddb794bf0cc62442d19eee3c2fd86c/raw/df7aa7a18b7a41c8ffa62c0e9754bc79414132eb/06_sercret_pod.yml
kubectl create -f https://gist.githubusercontent.com/mateimicu/e192589968d4876a6192712bc07e1bc5/raw/4514eedddeffc498cb0c09d1f9a3fadabf4da5b7/07_secret_service.yml
minikube service service-secret

Allow a specific path from a secret

 volumes:
  - name: second-secret
    secret:
      secretName: mambu-secret2
      items:
      - key: password
        path: new-dir/new-password

file permisions

decimal notation

 volumes:
  - name: second-secret
    secret:
      secretName: mambu-secret2
      defaultMode: 511
apiVersion: v1
kind: Pod
metadata:
  name: test-secret
  labels:
      type: python-fend2
spec:
  containers:
  - image: matei10/hello-mambu-local-storage:0.0.8
    name: python-fend2
    env:
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mambu-secret
            key: password

ConfigMaps

? secrets ?

Manual creation

kubectl create configmap manual-config --from-literal=manual.manual_1=manual_val_1 --from-literal=manual.manual_2=manual_val_2
kubectl get configmap
kubectl describe configmap manual-config
kubectl get configmaps manual-config -o yaml

From files

TEMP=$(mktemp -d)

echo "file_1a=file_val_1" >> "$TEMP/conf1"
echo "file_1b=file_val_2" >> "$TEMP/conf1"

echo "file_2a=file_val_1" >> "$TEMP/conf2"
echo "file_2b=file_val_2" >> "$TEMP/conf2"

ls "$TEMP"
cat "$TEMP/conf1"
cat "$TEMP/conf2"
kubectl create configmap file-config --from-file="$TEMP"
kubectl get configmap
kubectl describe configmap file-config
kubectl get configmaps file-config -o yaml

Deploy Pod

Deploy Pod

Deploy

kubectl create -f https://gist.githubusercontent.com/mateimicu/196396fab94b795d7c94575c4d2bfa1e/raw/467e05f46e9ad898b715abcb43d19d82a2ee7e6f/08_pod_config_map.yml
kubectl create -f https://gist.githubusercontent.com/mateimicu/b4892b0615d14f5c8d2bb1837f13ce17/raw/8589e7e3097ee404388a012fe2956b88713f1dca/09_configmap_service.yml
kubectl exec -ti configmap-file-pod ls /config
kubectl exec -ti configmap-file-pod ls /config

Deploy

kubectl create -f https://gist.githubusercontent.com/mateimicu/d8ab1f30f34c1dd14f2256b2604f7688/raw/da34cb2604eaefd79bc610bb9f51d96da2facfcb/10_pod_env_vars.yml
kubectl create -f https://gist.githubusercontent.com/mateimicu/d4902c5a89d5742a12fe2809fdad8c09/raw/83d9b555d36fe19592546399a646be0e960d3b6b/11_configmap_env_service.yml
kubectl exec -ti configmap-env-pod /bin/bash
echo "$SPECIAL_LEVEL_KEY"

Bibliography

Author

Matei-Marius Micu