Skip to content

Instantly share code, notes, and snippets.

@jeremypruitt

jeremypruitt/APIServer.md

Last active January 31, 2019 08:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jeremypruitt/66eb1f65a4b6599f560de30ca7b5fdea to your computer and use it in GitHub Desktop.
Save jeremypruitt/66eb1f65a4b6599f560de30ca7b5fdea to your computer and use it in GitHub Desktop.
Download ZIP
CKA Prep Notes
Raw
APIServer.md

Intro to API Server

The entire Kubernetes architecture is API driven, so the API server is the center of a Kubernetes cluster. All operations go through the API server, like accesssing data in etcd, accepting kubectl and controller requests, and more.

Get a list of API endpoints in given Kube cluster

$ curl -k https://127.0.0.1:6443/apis

Curl with cert auth

$ curl https://127.0.0.1:6443/apis \
    --cert <cert-pem-filename> \
    --key <key-pem-filename> \
    --cacert <ca-cert-pem-filename>

Checking Access

$ kubectl auth can-i create deploy
$ kubectl auth can-i create deploy --as bob
$ kubectl auth can-i create deploy --as bob --namespace foo

TODO: Add something about reconcile

Annotations

While labels can be used to interact with kubernetes objects, annotations cannot. Annotations hold metadata that can be useful outside of kubernetes objects. Eamples include timestamps, etc.

# Create annotation on all pods in "prod" namespace
$ k -n prod annotate pods --all description="Prod Pods"

# Modify annotation
$ k -n prod annotate --overwrite pods description="Old Prod Pods"

# Delete annotation
$ k -n prod annotate pods foo description-

Pod

Create pod-example.yaml file with the following

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - image: nginx
    name: foo

Create the example pod and verify

$ k create -f pod-example.yaml
$ k get pods
$ k get pod example-pod -o yaml
Raw
Installation.md 
# A context is a combination of cluster & user creds
$ kubectl config use-context foobar

GKE

$ gcloud container clusters create linuxfoundation
$ gcloud container clusters list
$ kubectl get nodes

# Don't forget to delete the cluster
$ gcloud container clusters delete linuxfoundation

Minikube

Downlaod & Install

$ curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64
$ chmod +x minikube
$ sudo mv minikube /usr/local/bin

Start & Verify

$ minikube start
$ kubectl get nodes

Kubeadm

Run on head node and get token in return

$ kubeadm init

Run on workers to connect to head node

$ kubeadm join --token <TOKEN> <IP_OF_HEAD_NODE>

Can also use kubectl to create the network

# For example, Weave network:
$ kubectl create -f https://git.io/weave-kube

Hyperkube

Hyperkube is similar to minikube in that it is a single binary to run all k8s components. But it is different in that it runs each k8s component in a separate container.

Get help/info on each hyperkube k8s component

$ docker run --rm gcr.io/google_containers/hyperkube:v1.10.12 /hyperkube apiserver --help
$ docker run --rm gcr.io/google_containers/hyperkube:v1.10.12 /hyperkube scheduler --help
$ docker run --rm gcr.io/google_containers/hyperkube:v1.10.12 /hyperkube controller-manager --help

Microk8s

TODO

Lorem ipsum dolor...

Pod Network

Calico

  • Flat layer 3
  • No IP encapsulation
  • Simple, flexible, scales well
  • Modifies iptables to allow for IP white and black listing

Flannel

  • Layer 3 IPv4 network
  • Focused on traffic between hosts
  • Can use different backends, like VXLAN
  • A flanneld agent on each node allocates subnet leases for the host

Canal

  • An integration of Calico with Flannel

Kube-Router

  • Feature-filled single binary. Tries to do it all.
  • Alpha stage, btu aims to be an LB, FW, and router for k8s

Romana

  • Aimed at large clusters, IPAM aware topology, and kops integration

Weave New

  • Typically used as add-on for CNI-enabled cluster
  • Optional network encryption, which also makes it much slower than alternatives

Additional Install Tools

Kubespray

  • Uses ansible to install and modify kerenetes cluster
  • Works on many different target environments

Kops

  • Creates k8s clusters on AWS
  • Can optionally generate Terraform or Cloud Formation templates
  • Beta support for GKE
  • Alpha support for VMware

Kube-aws

  • Uses AWS Cloud Formationto create k8s clusters on AWS

Kubicorn

  • Uses kubeadm to create k8s clusters
  • No dependency on DNS
  • Support for multiple OS
  • Uses snapshots to capture a cluster and move it

Kelsey Hightower's Kubernetes the Hard Way is also an excellent resource for learning how to install kubernetes

Installation Considerations

Foudation

  • Which provider should I use?
  • Public or private cloud?
  • Physical or virtual?
  • Which operating system?

Network

  • Which networking solution?
  • Do I need an overlay?

Control Plane

  • Where to run etcd cluster?
  • HA master nodes?

Additional reference: Picking the Right Solution

Kubernetes components are typically run as systemd unit files. Or via a kubelet on master ndoes in the case of kubeadm.

Architectural Considerations

Single Node

  • All copmonents on one server
  • For testing, learning, k8s development, etc

Single Master & Multiple Workers

  • Etcd & master on one node
  • Multiple workers allows for resilient workloads

HA Masters & Multiple Workers

  • 3 or 5 or 7 master k8s nodes
  • Etcd on each master
  • Multiple workers for resilient workloads

HA Etcd & HA Masters & Multiple Workers

  • 3 or 5 or 7 master k8s nodes
  • 3 or 5 or 7 etcd nodes
  • Multiple workers for resilient workloads

Federation

  • Multiple k8s clusters joined together
  • Common control plane
  • Move resources between clusters administratively or after failure

Systemd

Systemd Unit File for Kubernetes

Example of a systemd unit file for the kube-controller-manager

- name: kube-controller-manager.service
  command: start
  content: |
    [Unit]
    Description=Kubernetes Controller Manager
    Documentation=https://github.com/kubernetes/kubernetes
    Requires=kube-apiserver.service
    After=kube-apiserver.service
    [Service]
    ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-controller-manager -z /opt/bin/kube-controller-manager https://storage.googleapis.com/kubernetes-release/release/v1.7.6/bin/linux/amd64/kube-controller-manager
    ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager
    ExecStart=/opt/bin/kube-controller-manager \
      --service-account-private-key-file=/opt/bin/kube-serviceaccount.key \
      --root-ca-file=/var/run/kubernetes/apiserver.crt \
      --master=127.0.0.1:8008 \
      --logtostderr=true
    Restart=always
    RestartSec=10

This is not necessarily a complete example. More details in the kube-apiserver documentation.

Compiling from Source

$ cd $GOPATH
$ git clone https://github.som/kubernetes/kubernetes
$ cd kubernetes
$ make
Raw
Misc.md

Misc & Uncategorized

This is the place for thigns that don't quite fit in other files or haven't yet ben categorized.

Get allocated node port and use it to curl the host

$ export PORT=$(kubectl get svc first-deploy -o go-template='{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\n"}}{{end}}{{end}}')
$ curl host01:$PORT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment