Kubernetes

Intro
- Kubernetes or K8S(eight characters between k to s)
- It is a container orchestration/managment tool like docker swarm in docker, it was initially created by google but later it was made open source.
- Docker swarm is docker container orchestration tool with docker only while kubernetes is container orchestration tool means it is compatible with any container tools.
- Using kubernetes we can handle all the production related challenges like load balancing, scaling, rolling updates, failover scenarios etc.
- When you install an application on a docker container, it will difficult to monitor and check its status, if there is an issue either restart, or recreate or redeploy on container.
- Kubernetes will monitor all the containers 24 hours. if there is an issue kubernetes can redeploy or restart containers.
- Liveness probe: define time period on which kubernetes will check the containers are running or not in the specified interval.
- Rediness Probe: Define time period on which kubernetes will check the application are running or not and accessible or not in the specified interval.
- It will manage containers. Manage loads. Automate deployments.
- text4
- text5
- Features of Kubernetes
  - It is cluster platform where you will have multiple master/control plane and worker nodes/data plane.
  - It gives Autohealing feature where any pod/container get deleted or corrupted than automatically it creates a new one.
  - It provies autoscaling feature.
  - It provides enterprise level support.
  - It provides network/firewall security.
  - These above features are not available in Docker container, but few covers in docker swarm.
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code

Kubernetes Cluster Architecture/Components: Nodes + PODS+Containers

Kubernetes Cluster components= Nodes+PODS+Containers. Node is a VM which will have memory, cpu and storage.
Cluster:
- Cluster Configuration:
  - Cluster can be confugured using kubeadm or with file method.
  - If cluster is configured with kubeadm than system will create all components and its relevant pods, while if you choose to configured with file system than we have to create each component manually.
  - First master node/control plane is configured and then all Data plane/worker nodes join to master node.
  - kubeadm tool configuration:
    
    Kubeadm tool can be used to perform cluster configuration, it will configure all components and integrate with worker nodes.
    
    worker nodes can join with master node using kubeadm join followed by key.
  - File method configuration:
    
    In this method all components will be configured manually. It will be done using yaml file. Use this method to separate components in different pods.
  - Kops (AWS) can be used to configure cluster instead of tedeous process with kubeadm or file method.
  - Controlling Cluster: Administration of cluster can be performed remotely.
    
    Windows:
    
    Linux:
- Upgrade:
  - Before performing upgrade take backup.Take backup of configuration (/etc/kubernetes/manifest) and kubernetes database ETCD (/var/lib/etcd )
  - Should upgrade master node first and should not upgrade all at a time.
  - during upgrade kubernetes keep backup as well at /tmp (it keeps in the same node, if node get crashed then backup will not be available)
  - During upgrade master node services like api-server, etcd, scheduler etc which are running on pods will get restarted and it will give downtime. To avoid must have High Availability.
  - Keep node in draining mode so that new pods will not be created on node during upgrade.
  - If cluster consist of hundreds of nodes then upgrade will be performed using automation tool using Ansible, Terraform, shell script, python script etc..
  - Cannot roll back if upgrade get failed.
  - certificate also get upgraded. worker nodes communicate with master nodes using certificate. (certificate error then run rm -rf $HOME/.kube || true )
  - visit https://v1-29.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/
  - To check the version run $kubeadm version, $kubectl version, $kubelet --version
  - Determine which version to upgrade to: $apt update, $apt-cache madison kubeadm
    
    image
  - Upgrade the first control plane/master node:
    
    Step 1: run the following command, change x with the latest patch version
    
    sudo apt-mark unhold kubeadm && \ sudo apt-get update && sudo apt-get install -y kubeadm='1.29.4-2.1' && \ sudo apt-mark hold kubeadm
    
    step2: Verify that the download works and has the expected version:
    
    $kubeadm version (v1.29.4)
    
    Step 3: Verify the upgrade plan (This command checks that your cluster can be upgraded, and fetches the versions you can upgrade to. It also shows a table with the component config version states.)
    
    $kubeadm upgrade plan
    
    image kubeadm_plan
    
    Step 4: Choose a version to upgrade to, and run the appropriate command.
    
    $kubeadm upgrade apply v1.29.4 (can upgrade to kubeadm version)
    
    image
    
    Step 5: Manually upgrade your CNI provider plugin
    
    Step 6: upgrade the other master nodes of cluster: $sudo kubeadm upgrade node
    
    Step 7: Drain the node:
    
    $kubectl drain master --ignore-daemonsets
    
    Upgrade the kubelet and kubectl:
    
    Step 1: upgrade both kubelet and kubectl by running
    
    sudo apt-mark unhold kubelet kubectl && \
    sudo apt-get update && sudo apt-get install -y kubelet='1.29.4-2.1' kubectl='1.29.4-2.1' && \
    sudo apt-mark hold kubelet kubectl
    
    Step 2: Restart the kubelet
    
    $sudo systemctl daemon-reload
    
    $sudo systemctl restart kubelet
    
    Step 3: uncordoned the node (Bring the node backonline)
    
    $kubectl uncordon master
    
    $kubectl get nodes (master node is upgraded to v1.29.4)
    
    certificate error: after resetting cluster master node, got an error
    
    rm -rf $HOME/.kube || true
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
    
    Run the above commands after running kubeadm init
  - Worker Node Upgrade:
- Cluster Reset & Node Delete:
  - Image
  - Master Cluster node reset.
    
    $kubeadm reset
    
    After reset the services will be deleted like, API-Server connection lost, kubelet closed, configuration file deleted, certification file deleted, etcd will be deleted.
    
    if etcd database exist in another node then it will not be deleted and to reset database run run $kubeadm reset etcdctl del
    
    After reset perform the following
    
    $kubeadm init
  - Worker cluster node reset
    
    $kubeadm reset (it will reset the entire cluster node, if need to reset on different stages of cluster follow below)
    
    It will be part of cluster but will come out of working stage.
    
    $kubeadm join
  - Reset can also be done on different stages as well, .
    
    Preflight: $kubeadm reset preflight
    
    update-cluster-status: $kubeadm reset update-cluster-status
    
    remove-etcd-member: $kubeadm reset-etcd-member
    
    cleanup-node: $kubeadm reset cleanup-node
    
    if you use the above commands only then it will reset the entire cluster node, reset stages are use to skip any stage like
    
    $kubeadm reset --skip-phases preflight
    
    $kubeadm reset --skip-phases update-cluster-status
    
    $kubeadm reset --skip-phases remove-etcd-member
    
    $kubeadm reset --skip-phases cleanup-node
- Cluster Token & CA Public Key:
  - CA & public key combination is used to join worker nodes to master nodes. After master node configurtion bootstrap generates the token and ca public key.
  - When you configure master node using kubeadm init, it generates kubeadm join token+CA key, which will be use on worker nodes to join master node.
  - kubeadm join 192.168.171.50:6443 --token yclr1v.52d0nqes4gau7qpk \
    --discovery-token-ca-cert-hash sha256:2e6b96b1299559c84dbe79d896d02be59c50c57048a821c69c82b05894ab767e
  - create kubeadm join command if lost:
    
    $kubeadm token create --print-join-command
  - 192.168.171.50:6443: This is API-Server ip and port number:
    
    When a worker node joins with the above command, it first contact with API server and then it varifies token & CA
  - --token xxxxx: default token
    
    This token is valid for 5 hours
    
    $kubeadm token list
    
    Generate custom token: Custom tokens are generated to keep separate woker nodes for different projects.
    
    $kubeadm token create
    
    $kubeadm token create --ttl 30m (token will expire after 30 minutes)
    
    $kubeadm token create --ttl 0 (token will never expire)
  - discovery-token-ca-cert-hash sha256:xxxxxx: default CA public key
    
    on google search: kubernetes token > in the bottom click kubeadm join and select token based discovery with CA pinning, copy command and run on master node.
    
    $openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  - skip CA cert public key to join master node:
    
    jldf
  - Disable Auto approval: When worker node join to master node, API-Server checks token and CA public key and auto approved when it matches. it is use if kubeadm join key is compromised.
    
    Required approval to join master node:
  - Check all nodes are working on master node:
    
    $kubectl -n kube-system get pods
Nodes:
- Master node / Control Plane Node: In any master/worker node you can create 110 pods by default, which can be scaleup/down.
  - components of master node:
    - API Server:
      
      communication between worker node to master node where request first comes to API server in the master node.
      
      You can keep API server/etcd/scheduler/controller on one or multiple master nodes. In Docker Swarm it is not possible to keep in different nodes.
      
      API server perform the following tasks
      
      Authentication:
      
      Authorization:
      
      Admission Control:
      
      Watch for Updates:
    - ETCD Database:
      
      location of etcd database /var/lib/etcd in which snap & wal folders
      
      It stores all the information in key value form.
      
      ETCD perform the following tasks:
      
      WAL
      
      Protobuf
      
      Raft Consensus
      
      Data Not Encrypted
    - Kube Scheduler:
      
      It schedule the pods creation and decide which node to be allocate.
      
      it perform the following tasks
    - Controller Manager:
      
      It checks and make sure the pods status.
      
      It perform the following tasks:
      
      Node Controller:
      
      Service Controller:
      
      Namespace Controller:
      
      Daemon set Controller:
      
      Cronjob Controller:
      
      Custom Controllers:
    - Configuration File:
      
      Location : /etc/kubernetes
      
      admin.conf
      
      controller-manager.conf
      
      kubelet.conf
      
      manifests
      
      etcd.yaml
      
      kube-apiserver.yaml
      
      kube-controller-manager.yaml
      
      kube-scheduler.yaml
      
      pki (it contains all keys)
      
      apiserver.crt
      apiserver-kubelet-client.key
      front-proxy-ca.key
      apiserver-etcd-client.crt
      ca.crt
      front-proxy-client.crt
      apiserver-etcd-client.key
      ca.key
      front-proxy-client.key
      apiserver.key
      etcd (ca.crt healthcheck-client.crt peer.crt server.crt ca.key healthcheck-client.key peer.key server.key)
      sa.key
      apiserver-kubelet-client.crt
      front-proxy-ca.crt
      sa.pub
      
      scheduler.conf
- Woker Node:
  - Components of worker nodes
    - Kubelet:
      
      is a program which is responsible for executing kubernetes commands. The kubelet is an agent that runs on each worker node and is responsible for managing the node's containers, ensuring they run in the desired state. It communicates with the master node's API server to receive instructions about pod deployment and health checks.
    - Container Runtime:
      
      Kubernetes supports various container runtimes like Docker, containerd, CRI-O, etc. The container runtime (e.g., Docker) is responsible for pulling container images, creating and managing containers based on the specifications provided by the kubelet.
      
      find out the container runtime used on a node
      
      $kubectl get nodes -o wide (check under container)
      
      Migrate Docker Engine nodes from dockership to cri-dockered:
      
      What is cri-dockerd?
      In Kubernetes 1.23 and earlier, you could use Docker Engine with Kubernetes, relying on a built-in component of Kubernetes named dockershim. The dockershim component was removed in the Kubernetes 1.24 release; however, a third-party replacement, cri-dockerd, is available. The cri-dockerd adapter lets you use Docker Engine through the Container Runtime Interface.
    - Kube-Proxy:
      
      It provides IP addresses to Pods. This component maintains network rules (iptables or other mechanisms) on each worker node. It performs network routing and load balancing, enabling communication between different pods and services across the cluster.
  - Delete Worker Nodes
    
    Go to worker node and run $kubeadm reset
    
    Go to master node and run $kubeadm delete node node-name
    
    To rejoin user $kubeadm join xxxxx xxxx command.
  - Error on Worker Nodes
    
    If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
    
    If $KUBECONFIG environment variable is set, then it is used as a list of paths (normal path delimiting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
    
    Otherwise, ${HOME}/.kube/config is used and no merging takes place (/root/.kube/config if using sudo).
    
    $sudo cp /etc/kubernetes/kubelet.conf /root/.kube/config & $sudo kubectl get nodes

PODS:

It is a logical boundary in which containers are created. Application runs on containers. In kubernetes we cannot create containers directly but it will be created within a pod. It is a collection of containers. In docker we deploy application on containers directly.
When a request is generated to deploy an application using image, a pod is created.
when pod is created a pause container along with application container is created.
IP will be assign to POD from clusterIP, it can be access within a cluster.
Pause container maintian namespace in which all containers information stored. Pod is a wrapper of container.
To access an application stored in container, request comes to pod which has an IP address and information of other containers in namespace which will be forwarded accordingly.
For any reason any container is deleted/corrupt, a new container will be created.
For redundancy multiple containers of an application can be created within a pod.
In docker we defind all argument in command line while creating like: docker run -d or -t or -it container name -d image name -p port number -v volume mount -network xyx
in kubernetes we can define all arguments in pod.yaml
kubectl is the command line tool for kubernetes.
POD Creation, Pause Container, Get into PODS, Delete PODS, POD Limits, Taints & Tolerance.
- It can be created with command or using file (yaml or jason)
- $kubectl describe node master/worker1: check the node details
- Deployment through Command:
  - $kubectl run web-server --image=nginx or $kubectl run -it web-server --image=nginx (pod will be created in which nginx container and will get interactive terminal )
  - $kubectl get pods (pod status )
  - $kubectl get pod -o wide (it will show pod is created in which node and other details)
  - $kubectl describe pod web-server1 (complete detail of pod, node, namespace, labels, IP, containers, conditions etc)
- Through Definition File method using yaml:
  - to get syntax $kubectl explain pod
  - to get syntax: google search kubernetes pod creation yaml
  - create a yaml file $vim web1.yaml (use vim for colour coding in yaml file)
  - $kubectl apply -f web1.yaml
  - $kubectl get pods or $kubectl get pods -owide
  - $kubectl exec -it podname /bin/bash
  - $kubectl exec -it podname -c container_name /bin/bash (if multiple container in pod)
- Pause Container
  - nginx pod has been created in which a container is also created, you can check in the node $docker container ls
  - first a pause container gets created which contain namesapce and then your desired container gets created.
  - when you delete a container then both container and pause container gets deleted.
- Get into PODS
  - $kubectl exec -it podname /bin/bash
  - if you have more than one container then use
  - $kubectl exec -it podname -c containername /bin/bash
- POD Deletion
  - $kubectl delete pod pod-name
  - $kubectl delete pod --all
- Labels:
  - Labels are define to PODs to use them as reference, in replication we define to manage pods with their label name.
  - $kubectl run web-server --image=nginx (Pod will be created using default label, run=web-server)
  - $kubectl get pod --show-labels
  - remove label: $kubectl label pod web-server run- (it will remove label run=web-server and will show <none>)
  - Add label: $kubectl label pod web-server team=dev (label team=dev will be assign)

Replication of PODS: Replication Controller, Replicaset, Deployment

If a pod gets deleted then it will not created automatically untill a controller is configured.
To maintain the desired number of pods in a Kubernetes cluster, you can use a Replication Controller, ReplicaSet, Deployment. These resources ensure that a specified number of pod replicas are running at all times. If any pod gets deleted or fails, Kubernetes will automatically create a new one to replace it. It is used to control pods. It is similar like Autoscaling in VMs where any VM gets deleted than a new VM created. In kubernetes we call controller.
Types of POD replication: More details on these topics click here

Replication Controller:

It Monitors/manages all pods of a node.
There will be lot of pods in a node, controller will manage those with the defined label name. label is a key value pair.
Replication controller will mange with only one label, it will not manage with multiple labels.
Rolling update can be done (update the version of image used in pod)
Replication controller uses elements like replicas, selector.
- Replicas: Define replicas field in yaml/jason file, which specifies the desired number of pod replicas.
- Selector (label): The selector field ensures that only the pods with the matching labels are managed by the Deployment or ReplicaSet, this facility is not available in Replica Controller.
Lab:
1 Master and 1 worker node in a cluster.
Create a node and delete to check if a new pod is creating:
- $watch kubectl get pod (open another window and run the following)
- $kubectl run web-server --image=nginx (in another window where we ran watch command, shows the progress)
- $kubectl get rc
- Delete pod to check it recreates: $kubectl delete pod web-server(if it is not recreates means there is no controller is configured) or run the following
- kubectl describe pod web-server (if controller is configured than an entry will be there)
Configure Replication Controller with YAML file:
$create rc.yaml
To get fields for yaml file, run $kubectl explain rc: apiversion, kind, metadata, spec
Enter values of apiVersion,Kind which is mentioned
To get fields of metadata run $kubectl explain rc --recursive | less : take the required field for metadata and spec

apiVersion: v1
kind: ReplicationController
metadata:
name: star-rc
spec:
replicas: 3
selector:
team: dev
template:
metadata:
name: dev
labels:
team: dev
spec:
containers:
- name: webserver2
image: nginx
ports:
- containerPort: 80

apiVersion: v1
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80

Taken from kubernetes site

replication controller with 3 replicas is created, labels team=dev has been used. if any pod is deleted then it will be created automatically to maintain desired value of 3

Go to kubernetes site to get help to write yaml file: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/
$kubectl apply -f rc.yaml
Two pods has been created (star-rc-tcj78 & star-rc-xlnts), pod web-server was already exist with labels team=dev which has been acquired.
only one label can be use in replication controller.
check replication is running on pod: $kubectl describe star-rc-tvj78
- Controlled By: ReplicationController/star-rc
if you delete any pod then it will be automatically created.
- $kubectl delete pod star-rc-tvj78 (immediately another pod will be created)
Rolling Update:
- During rolling update, a new replication controller will be created and a new pod will be created and old one from old replication controller get deleted.
- once all pods got created in new replication controller then old replication controller get deleted.
- on top of replication controller there will be service created which receive request and forward it to replication controller.
- when old replication controller get deleted then its name will be transferred to new replication cotroller during this time there will be a downtime.
- for any reason if the update got failed then there is no way to go back as old replication controller got deleted.
- Rolling update is not supported in new kubernetes version, it is supported upto 1.14 version. It can be achieved by installing some plugins.
- LAB:
- kubernetes version 1.14 supports rolling update of replication controller. for newer version need to install some plugins.
Commands:
- Create replicas with command
  - $kubectl create deployment web-server --image=nginx --replicas 4
- Create rc with yaml
  - $kubectl apply -f rc.yaml
- Display details of rc
  - $kubectl describe replicationcontroller/nginx
- To list all the pods that belong to the ReplicationController
  - $pods=$(kubectl get pods --selector=app=nginx --output=jsonpath={.items..metadata.name}) echo $pods
- Delete replication controller
  - $kubectl delete replicationcontroller/nginx or kubectl delete -f rc.yaml
- Delete any pod of rc
  - $kubectl delete pod podname (it will recreate as replication controller is configured)
- Show rc pods with label name
  - $kubectl get pods --show-labels
  - $kubectl get rc --show-labels
- To check replication is running on pods
  - $kubectl describe pod podname (you will see controlled by)
- Change pod's Lebel name
  - if you want to keep any pod, change its label $kubectl label pod web-server team- (when you change label name a new pod will be created to maintian desired replicas=3 )
  - give new label $kubectl label pod webserver team=abc

Replica Set:

It manages all pods of nodes of any label, unlike in replication controller it manager only one label name.
No Rolling update (update the verison of image used in pod), it is allowed in replication controller.
The number of replicas defined is 3, if there is any existing pod with same label then replica set will take that pod and create the remaining pods (2).
Replicaset uses elements like replicas, selector, template.
- replicas: This is used to specify the desired count of pods.
- selector (label): it is used for identifying pods based on specific labels and make them part of the current replicaset.
- template: stores information about what is inside of a pod? like container name, image name, ports etc.
- it is a combination of multiple pods with scaling feature.
$kubectl get rs (list of any replica set is running)
$vi rs.yaml

apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx
spec:
replicas: 3
selector:
matchExpressions:
- key: team
operator: In
values:
- dev
- prod
- test
template:
metadata:
name: dev
labels:
team: dev
spec:
containers:
- name: webserver2
image: nginx:1.9.1
ports:
- containerPort: 80

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: frontend
  labels:
    app: guestbook
    tier: frontend
spec:
  # modify replicas according to your case
  replicas: 3
  selector:
    matchLabels:
      tier: frontend
  template:
    metadata:
      labels:
        tier: frontend
    spec:
      containers:
      - name: php-redis
        image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5

$kubectl apply -f rs.yaml (click for yaml details from kubernetes)
- apiVersion: apps/v1 # run $kubectl explain rs, you will get informaiton of apiVersion.
- kind: ReplicaSet #run $kubectl explain rs, you will get informaiton of kind. R and S in capital
- metadata: #
  name: star-RS # Name of replica set
- spec:
  replicas: 4 # modify number of replicas according to your need
  selector: # below defining match expressions to acquire existing pods with the labels teams = dev & prod and make total 4 pods.
  matchExpressions:
  - key: team
  operator: In
  values:
  - dev
  - prod
- template:
  metadata:
  name: dev
  labels:
  team: dev
  spec:
  containers:
  - name: webserver2
  image: nginx:1.9.1
  ports:
  - containerPort: 80
Commands:
Creation of Replica set through yaml file.
- $kubectl apply -f rs.yaml
Remove labels
- $kubectl label pod nginx-7c8sk team- (it remove label team for the pod nginx-7c8sk), it will remove label but will create another pod to keep desired value = 4
- $kubectl label pod dev team=dev (it will label team=dev to pod dev)
Delete Replicaset:
- $kubectl delete -f rs.yaml
- $kubectl delete rs nginx (nginx is rs name)
Do not delete any one pod from replica set
- change the label name to any name and when you delete rs it will not delete that pod because label name is not mentioned in rs.yaml
- $kubectl label pod dev team=abc
- $kubectl delete -f rs.yaml (dev pod with label team=abc will not be deleted and rs will be deleted along with pods whose label names are dev & prod)

Deployment:

It manages all pods of nodes of any label.
Rolling update is possible and there will be no downtime.
Deployment will be created on replica set.
When you run rolling update, a new replica set will be created and a new pod with defined version will be created and old one get deleted. now deployment has two replica set and it will forward traffic to both replica sets.
Once all pods created and old pods get delted,it will keep old replica set which can be use for undo in case of update gives errors.
The number of replicas defined in yaml file (3), if there is any existing pod with same label then replication will take that pod and create the remaining pods (2).
Replicaset uses elements like replicas, selector, template.
- replicas: This is used to specify the desired count of replicas.
- selector: it is used for identifying pods based on specific labels and make them part of the current replicaset.
- template: stores information about what is inside of a pod? like container name, image name, ports etc.
- it is a combination of multiple pods with scaling feature.
$kubectl get deployment (shows list of deployment)
$vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: replication-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80

ReplicaSet with 3 replicas is created, labels team=prod has been used. you an define multiple labels using matchExpressions, if any pod is deleted then it will be created automatically to maintain desired value.

operator = In or NotIn can be used to included or exclude labels. if both define then NotIn will take precedence.

Go to kubernetes/deployment.
Create Deployment
- $kubectl apply -f deployment.yaml
Scaling: scale up/down of pods:
- Go to deployment.yaml file and change replicas = desired number and run $kubectl apply -f deployment.yaml
Rolling Update / roll out (deployment):
- $kubectl describe deployment/replication-deployment (check details of deployment, version of image etc)
- $kubectl rollout status deployment/replication-deployment (it will show the rollout status of deployment where deployment name is deployment in yaml file metadata=deployment)
- $kubectl rollout history deployment/replication-deployment (it will show history of rollout, REVISION 1 & CHANGE-CAUSE <none>)
  - root@master:~# kubectl rollout history deployment/replication-deployment
    deployment.apps/replication-deployment
    REVISION CHANGE-CAUSE
    1 <none>
  - REVISION: it shows the revision number of rollout, it is the first rollout or first time deployment has been configured..
  - CHANGE-CAUSE: it shows message is recorded while deployment.
- set CHANGE-CAUSE:
  - $kubectl apply -f deployment.yaml --record=true (sytem will add command used to deploy in change-cause instead of <none>)
  - $kubectl rollout history deployment/deployment
- Make changes and run deployment again to check version:
  - A new replica set will be created and new pods will be created and old pods get deleted one by one, once all pods get created and attached with new replica set, traffic will sent using the new replica set. deployment will have two replica sets.
  - Method 1: edit the yaml file and change image: nginx:1.25 to nginx:1.26 and run the yaml file
    - $kubectl apply -f deployment.yaml --record=true
    - $kubectl get deployments (it shows no change)
    - $kubectl get rs (there will be two replica set, previous version of rs and new version rs )
    - $kubectl rollout history deployment/deployment
    - $kubectl describe deployment/deployment (check OldReplicaSets and NewReplicaSet details)
  - Method2: define in command
    - $kubectl set image deployment.apps/deployment nginx=nginx:1.26
    - $kubectl get deployment, rs, pod
  - Method3: edit the deployment
    - $kubectl edit deployment.apps/deployment (scroll down, find spec: containers - image and edit image version) save it
- Errors: If you mention wrong image number then it will remain with the last image, it tries with first pod and when got error then it will remain with the current image version and will not change remaining pods.
Rollback to previous version of Deployment:
- when you run history command $kubectl rollout history deployment.apps/deployment, where you can view all previous rolluts version numbers, to go back to previous version run
- $kubectl rollout history deployment.apps/deployment --revision=1 (check details of revision 1, 2, 3 .....), select to which revision go back to
- $kubectl rollout undo deployment.apps/deployment (if you do not mention revision then it goes back to previous number)
- $kubectl rollout undo deployment.apps/deployment --to-revision=1 (it will go back to revision 1)
Pause Rollout Deployment:
- rollout will not execute until it resume
- $kubectl rollout pause deployment.apps/deployment
- $kubectl rollout resume deployment.apps/deployment (once it is resumed it will start rollout)
Delete deployment:
- $kubectl delete deployment/deployment (all pods, rs and deployment get deleted)
Commands:
- $kubectl explain deployment --recursive | less (to get details of deployment)
- $kubectl get deployment : list deployment configured
- $kubectl get deployment,rs,pod : list deployment, replicationset, pods, it will show first deployment, than replica set then list of pods.
- $kubectl apply -f deployment.yaml --record=true
- root@master:~# kubectl get deployment,rs,pod
  NAME READY UP-TO-DATE AVAILABLE AGE # deployment
  deployment.apps/replication-deployment 3/3 3 3 3m30s # deployment name = replication-deployment
  
  NAME DESIRED CURRENT READY AGE # replica set
  replicaset.apps/replication-deployment-d556bf558 3 3 3 3m30s # replica set name= deployment+replicaset number
  
  NAME READY STATUS RESTARTS AGE # list of pods
  pod/replication-deployment-d556bf558-gffs7 1/1 Running 0 3m30s # pod name = deployment+rs+pod name
  pod/replication-deployment-d556bf558-kqwh7 1/1 Running 0 3m30s
  pod/replication-deployment-d556bf558-mx8h8 1/1 Running 0 3m30s
- $kubectl describe deployment/deployment name
- $kubectl rollout history deployment/deployment
- $kubectl rollout history deployment/deployment --revision=2 (check details for a particular revision)

Deployment Strategies: Rolling deployment, recreate, canary/blue&green deployment

Three ways you can define strategy to deploy kubernetes deployment.

Rolling Deployment:

When you perform rolling upate/roll out to a new version then a new replica set get created and once a pod with newer version created than it start deleted the old pod. If the pods are in high number than it will take longer time. You can define strategy that instead of creating one pod at a time creates number of pods. The strategies can be define in rolling updates are:
- Max Surge: value = 2 (preferred), you can enter value or percentage.
- Max Unavaibale: value = nil
- In the above strategy first new 2 pods will be created and than it will delete old 2 pods.
- Max Surge: value =
- Max Unavaibale: value = 2
- In the above strategy first new 2 pods will be deleted and than it creates 2 new pods in new replica set. The pods status will be unavailable. it is prefered to use value in max surge and no value in max unavilable.
As soon as a new pod is started to create then it will start remove from old replica. pod is creating and terminating which leaves number of pods in running status are less. once all pods are created and deleted then old replica set will not be active and not be deleted. It is used by default.
if there number of pods which may take longer time to finish. to minimise time there are two ways can be performed
define strategy in yaml file to make sure the new pod first completely created then start removing old pods.
deployment.yaml

Replication Deployment, nginx 1.14

apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
labels:
app: webserver
spec:
replicas: 4
selector:
matchLabels:
app: webserver
template:
metadata:
labels:
app: webserver
spec:
containers:
- name: nginxpod
image: nginx:1.14
ports:

Rolling update with rolling deployment,nginx 1.22

apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
labels:
app: webserver
spec:
replicas: 4
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 3
type: RollingUpdate
selector:
matchLabels:
app: webserver
template:
metadata:
labels:
app: webserver
spec:
containers:
- name: nginxpod
image: nginx:1.22
ports:

Step 1: Deploy replication with nginx1.14
$kubectl explain deployment --recursive | less (to get details of deployment)
$kubectl apply -f deployment.yaml --record=true
Current deployment with nginx version 1.14 is running in the cluster.
Step 2: Rolling update with rolling deployment and upgrade nginx to 1.22
edit the deployment.yaml file and insert rolling deployment code.
$kubectl apply -f deployment.yaml --record=true
we run rolling deployment where nginx update to 1.22, it will delete 3 pods first and than will create 3 new pods of version 1.22 as max unavailbale:3 is defined and there is no max surge.
$kubectl rollout history deployment/deployment
if we enter maxSuge:1 and maxUnavailable:0 then all pods will be available and a new pod with new version will be created and one old pod get deleted.

Recreate Deployment:

When you execute roll out than no new replica set will be created. It deletes existing pod and create new pod with new version. This method is fast but not reliable and there will be downtime.
$kubectl explain deployment --recursive | less (to get details of deployment)
deployment.yaml

Create deployment with nginx 1.14

apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
labels:
app: webserver
spec:
replicas: 4
strategy:
type: Recreate
selector:
matchLabels:
app: webserver
template:
metadata:
labels:
app: webserver
spec:
containers:
- name: nginxpod
image: nginx:1.14
ports:
- containerPort: 80

Rolling update with recreate deployment to nginx1.22

$kubectl explain deployment --recursive | less (to get details of deployment)
$kubectl apply -f deployment.yaml --record=true
It will deploy 4 pods with nginx 1.14
Perform rolling update with recreate method: enter code for recreate and run
$kubectl apply -f deployment.yaml --record=true
It will remove all pods with older version and create a new replica set with new pods of newer version.

Canary or Blue&Green or Red&Black Deployment:
- In this method you create two deployments, one is used as Blue and another one as green.
- You will attach ingress controller on top of both deployment.
- You will attach a DNS server on top of ingress controller. it will point to internet.
- Ingress controll will communicate with services on both deployment.
- We configure ingress controller that it sends traffic to green deployment, once we perform roll out on blue deployement than we configure ingress controller to send traffic to blue deployment.
- LAB:

Service: ClusterIP, NodePort, Load Balancer(MetalLB)
- To access Pods within a cluster than it can be access with its private IP address assigned from cluster pool. To access from outside cluster either enable port forwarding or assing public IP address using various service.
- If you have pods for web, database which can integrate with private IP address, if a pod get deleted and recreate it with replication configured than manually we need to assign new IP address for integration.
- To overcome with the change of IP address in pods we can use service, which is applied on top of replica set, a separate IP will be assigned to service which can be use for all communiction.
- Service will map the ips of pods.
- Users will use service IP address to access applications on pods.
- A Service in Kubernetes is an abstraction that defines a logical set of pods and a policy by which to access them. It enables network access to a set of pods.
- You cannot have two services at the same time.
- There are three types of kubernetes service:
- ClusterIP (Private IP communication between pods within a cluster):
  - A private IP assigned from the cluster pool, binding between pods will be done through service IP. if pods recreated with new IP will not effect the containers to communicate. all Internal communication takes place with this clusterIP.
  - In cluster IP service all communication takes place between pods with private IP. No communication from outisde the cluster in cluster IP or user nodeport or load balncer.
  - a private IP service clusterIP and communication takes place using service between pods.
  - applications are deployed on pod which can also be access directly using PODS IP but when pod gets deleted a new pod with new IP will be assigned. Manually need to change IP address.
  - In this method user's from outside cannot access application due to private IP which can be accessed with port forwarding.
  - Lab:
  - Create a kubernetes Cluster of Master and worker node, configure 2 deployments for web and DB, Create service clusterIP.
  - db_deployment:
    
    $vim db_deployment.yaml (use nginix image assume as database)
    
    $kubectl apply -f db_deployment.yaml
    
    $kubectl describe deployment/db-server
    
    Get into db-server deployment pod and access to web-server deployment pod
    
    $kubectl exec -it db-server-658899c4cb-vmmv6 -- /bin/bash
    
    curl the web_deployment
    
    $curl 172.16.235.168 (if curl is not installed, install $apt-get update, $apt-get install curl) , html code displayed.
    
    change directory to /usr/share/nginx/html
    
    Create Service ClusterIP:
    
    create service and access the db_deployment with service IP:
    
    Service can be created with command line or yaml
    
    with Command: (with yaml file check in web_deployment service)
    
    $kubectl expose deployment db-server --type=ClusterIP --port 80 --target-port=80 (Pod's front end port 80,backend port 80)
    
    service/db-server exposed, check service is created
    
    $kubectl get all -owide (service has been created and IP assigned 10.107.108.132)
    
    From Web-deployment pod access db-deployment using service IP.
    
    $curl 10.107.108.132 (accessed, html code displayed)
    
    $kubectl describe service db-server
    
    Target pod/db_deployment POD IP = 10.107.108.131
    
    service_clusterIP IP = 10.107.108.132
    
    if you delete the pod then a new pod will be created with a new IP (10.107.108.135) but you can still access db_deployment POD with service IP 10.107.108.132
    
    Edit db_deployment.yaml file and make replica=4 and run the yaml file.
    
    4 pods has been created with 4 IPS with port 80 only, when you access the db_deployment pods you use service IP 10.107.108.132 and it will redirect to any pod of 4.
  - web_deployment:
    
    $vim web_deployment.yaml
    
    $kubectl apply -f web_deployment.yaml
    
    $kubectl describe deployment/web-server
    
    get into web_deployment pod:
    
    $kubectl exec -it web-server-57567b9bb5-tm62n -- /bin/bash
    
    curl the db_deployment
    
    $curl 172.16.235.129 (if curl is not installed, install $apt-get update, $apt-get install curl) , html code displayed.
    
    we access the db_deployment with pod IP, in case pod get deleted then a new pod will be created with a new IP (172.16.235.131). (to test delete the db pod)
    
    Create Service ClusterIP:
    
    create service and access the web_deployment with service IP:
    
    in the above service in db service was created with command line, here it will be created with yaml file. Go to google: kubernetes service create, syntax for creating service with yaml
    
    $vim websvc.yaml (paste the syntax and make necessary change)
    
    $kubectl apply -f websvc.yaml (service is created)
    
    web_deployment pod can be accessed with service IP 10.102.145.37
    
    Edit web_deployment.yaml and make replicas = 4, run web_deployment.yaml and check details.
    
    $kubectl describe service web-service
    
    From master node curl both service IP's of web & db deployment.
  - Delete Service ClusterIP:
    
    $kubectl delete service db-server
    
    $kubectl delete service web-server
  - Default ClusterIP service:
    
    When you create the cluster, there are number of components (api server, etcd, controller manger etc) in master and worker nodes (kube proxy, kubectl etc) which they communicate with each other using this kubernetes ClusterIP.
    
    $kubectl get service
    
    if you delete this ClusterIP service, it will recreate it.
    
    $kubectl describe service kubernetes.
    
    There is only one Endpoint IP, all components run on pods and all their pods same master node IP. Configuration of cluster is done with kubeadm where all pods is created automatically.
    
    It is master node IP. All pods use master node IP.
    
    $kubectl -n kube-system get pods -o wide (all components using same ip)
- Node Port:
  - To access the application from internet, use nodeport where a port & public IP will bind with service (nodeport). In this service clusterIP is also assgined.
  - Port is assigned to cluster IP. To access the application on pods user must add port to cluster IP. To avoid these use load balancer.
  - Lab:
  - web_deployment
    
    $vim web_deloyment (for testing nginix image used)
    
    $kubectl apply -f web_deployment.yaml
  - db_deployment
    
    $vim db_deployment.yaml
    
    $kubectl apply -f db_deployment.yaml
  - Create service nodeport
    
    $kubectl expose deployment web-server --type=NodePort --name=star-nodeport
    
    NodePort service is created with port 30091 (this port will expose to every node), cluster IP = 10.96.0.1 and front end port 80
    
    $kubectl describe service web-server
    
    To test: open browser and enter 192.168.171.50:30091 or 192.168.171.51:30091 (Master_node IP/worker_nod IP: 30091), two pods has been created on worker1 (172.16.235.150, 172.16.235.152) and traffic send to these pods using round robin method. every time need to define port along with IP in nodeport, to avoid this use load balancer.
    
    To test traffic forwarding to pods follow these.
    
    $kubectl exec -it web-server-57567b9bb5-hl59l -- /bin/bash (Enter into the pod 172.16.235.150)
    
    $cd /usr/share/nginx/html and $vim index.html (pod1) save it ($apt-get update $apt-get install vim)
    
    $kubectl exec -it web-server-57567b9bb5- -- /bin/bash (Enter into the pod 172.16.235.152)
    
    $cd /usr/share/nginx/html and $vim index.html (pod2) save it ($apt-get update $apt-get install vim)
    
    Now access in browser and see on which POD query send to. it uses round robin method to send traffic.
  - Open browser 192.168.171.200:30091 or 192.168.171.201:30091 (from master and worker nodes), every time need to assign port number, to avoid use load balancer.
- Load Balancer (MetalLB):
  - Bind the loadbalancer IP with clusternode IP along with port number. This load balancer was used by client not from kubernetes.
  - Kubernetes has provided loadbalancer (metalLB). service type use load balancer.
  - For every deployment you will need a separate load balancer. If you have large number of deployments then large number of load balancers required, to overcome this ingress controller can be use.
  - Lab:
  - web_deployment
    
    $vim web_deloyment (for testing nginix image used)
    
    $kubectl apply -f web_deployment.yaml
  - db_deployment
    
    $vim db_deployment.yaml
    
    $kubectl apply -f eb_deployment.yaml
  - Create service Load Balancer
    
    $kubectl expose deployment db-server --type=LoadBalancer --name=star-loadbalncerdb
    
    $kubectl describe service db-server
    
    $kubectl expose deployment web-server --type=LoadBalancer --name=star-loadbalancerweb (separate load balancer for every deployment, to overcome use ingress controller service.)
    
    service: LoadBalancer has been created but EXTERNAL_IP is pending because there is no load balancer is configured as VM are used.
    
    MetalLB Configuration:
    
    To setup load balancer from kubernetes (metalLB): If you use cloud kubernetes like gke, aks, etc no need to configure load balancer separately as they provide LB service.
    
    Go to google and search metallb loadbalancere: click here
    
    kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.5/config/manifests/metallb-native.yaml
    
    click on configuration of metallb site and copy code (change ip pool)
    
    apiVersion: metallb.io/v1beta1
    kind: IPAddressPool
    metadata:
    name: first-pool
    namespace: metallb-system
    spec:
    addresses:
    - 192.168.173.100-192.168.173.200
    
    $vim metallb.yaml (paste the above code)
    
    $kubectl apply -f metallb.yaml (now it will assign public IP to Load Balancer
    
    open browser and access with load balancer IP. (192.168.171.100), check within the VM of vmware.
    
    $kubectl -n metallb-system get pod
Ingress Controller:
- Code
Code
- Code
Code
- Code
PODs Limit:
- In any master/worker nodes you can create 110 pods by default which can be scaleup/down.
- $kubectl describe node nodename
- In Allocatable pods : 110
- Increase POD limit:
  - cd /var/lib/kubelet/ and edit file config.yaml (if you do not find maxPods than add entry maxPods: 123)
  - Find where is config.yaml file $systemctl status kubelet (--confi=/var/lib/kubelet/config.yaml)
  - check parameter maxPods: enter desired number (save and exit)
  - $systemctl restart kubelet
Code
- Code
- Code

Containers:
- Intro
  - containers are created within a pod, in kubernetes you cannot deploy app directly in the containers, first it create a pod and within a pod it creates a cotainer.
  - $kubectl get pods (it will list the pods/containers)
  - $kubectl exec -it podname /bin/bash (To get into pod in interactive mode)
  - $kubectl exec -it podname -c container_name /bin/bash (To get into pod in interactive mode with a particular container, if multiple containers)
- 1 tier Container pod:
  - Pod can have min 2 containers and max upto
  - Deploy nginx :
    - $Kubectl run web-server --image=nginx : When you deploy an application in kubernetes first it creates and pod and in thid pod it creates two containers,
    - Pause containers which stores Pod's IP address and a namespace, namespace bind with IP address.
    - second nginx container will be created for application deployment and add it with the namespce.
    - further deployment containers will be created in the same pod and add it will the same namespace of pause container. it means all the containers of pod use the same network/IP address.
  - $kubectl get pod: it will show 1/1 one pod and one container and will not show pause container.
  - $kubectl get pod -o wide: it will display pods with details on which node it is deployed.
  - Login to node and run
    - $ctr -n k8s.io containers list (kubernetes cluster installed containerd not docker)
- 2 tier Container Pod:
  - Deploy wordpress and mysql
  - Create a pod with multiple containers, in first container run wordpress and second container run mysql,
  - Both containers will use same network (pause container) and have same IP address.
  - It is possible than you can deploy both wordpress and mysql in same container but not advisable.
- 3 tier container pod:
  - Deploy web, app and database containers in a pod
- Content container pod:
- 2 containers with same image:
  - it is possible it will deactive one of the containre if it is not active.
- LAB:
- Deploy two containers of same image (nginx)
- $vim multicontainers.yaml
- image_multicontainer1.jpeg
- $kubectl apply -f multicontianers.yaml
- Kubernetes will try to deploy two containers but only one will work and another will get an error.
- $kubectl describe pod star-multicontainer
- image_multicontainer2
- edit multicontainers.yaml and add args: ["sleep", "3600"] on first container.
- apiVersion: v1
  kind: Pod
  metadata:
  name: star-multicontainer
  spec:
  containers:
  - name: firstcontainer
  image: nginx
  args: ["sleep", "3600"]
  - name: secondcontainer
  image: nginx
- $kubectl apply -f multicontainers.yaml
- Now both containers are running with same image.

Components of Kubernetes
- Kubernetes cluster contain Control Plane/Master node and Data plane/worker nodes.
  - A Kubernetes cluster consists of a control plane plus a set of worker machines, called nodes, that run containerized applications. Every cluster needs at least one worker node in order to run Pods.
  - The worker node(s) host the Pods that are the components of the application workload. The control plane manages the worker nodes and the Pods in the cluster. In production environments, the control plane usually runs across multiple computers and a cluster usually runs multiple nodes, providing fault-tolerance and high availability.
- Control plane/Master node components:
  - Kube API Server: It is a core component of cluster. The API server is the front end for the Kubernetes control plane. It will check on which node a pod has to be created then it sends request to scheduler. All communication is performed through API server.
  - ETCD: Cluster information is stored in ETCD as objects or key value pair.
  - Scheduler: It is resposible for scheduling a pod/resources on kuberntes.
  - Controller Manager: Controllers which is resposible for autoscaling, replica set
  - Cloud Controller Manager: Kubernetes can run on cloud platform as a service like EKS, AKS, GKE. If a user want to create a load balancer on cloud kubernetes, than request should understand by cloud kubernetes service, this will done by CCM. If cluster is on -prem than this components does not required.
- Data plane/worker node components
  - Kubelet: Reponsible for creation of pods and making sure pods are in running state.
  - Kube Proxy: It provides networking, generating IP address, Load balancing.
  - Container Runtime: To run containers it required container runtime.
- Service
  - It is a component which is used for communication among pods. an IP is assigned to service.
  - While deploying any application, a pod has been created and kube-proxy will assing ip address.
  - if a pod needs to redeploy or recreate than a new ip address will be assign, which should be updated with other pods and components.
  - Kubernetes services will be assign to every pod and an IP is assigned to services. all communication will takes place through services.
  - service types:
    
    Cluster IP: It is use for internal communication, suppose you have 3 replica pods connected with one service, another 3 replica pods connected with second service, communication between these services are done with cluster IP.
    
    Nodeport: It is use for external to internal communication. Port is open on worker node to access the pods from externally and it is not secured.
    
    Load Balancer:It is use for external to internal communication, request will go to pod instead of service then pod. it is secured.
    
    Ingress: It is user for external to internal communication, request will go to service and then it goes to pod.
  - PODS: It is a logical boundary in which containers are created. Application runs on containers and containers are created within a pod. In kubernetes we cannot create containers directly but it will be created withing a pod.
  - When a request is generated to deploy an application using image, a pod is created.
  - when pod is created a pause container along with application container is created.
  - IP has been assigned to POD, pause container maintian namespace in which all containers information stored.
  - To access an application stored in container, request comes to pod which has an IP address and information of other containers in namespace which will be forwarded accordingly.
  - For any reason any container is deleted/corrupt, a new container will be created.
  - For redundancy multiple containers of an application can be created within a pod.
  - Deployment:
  - For pods redundancy create a deployment. There is a possibility of pod gets corrupt/deleted. deployment will recreate pods if it gets corrupt/deleted.
  - Now the issue of IP will come as new pod has been created and IP has been assigned to POD. To come up of this situation, create a service on top of deployment and choose type of service.
  - Service:
  - There are three types of service
    
    ClusterIP: An ip has been assigned from the cluster pool, binding between pods will be done through service IP. if pods recreated with new IP will not effect the containers to communicate. all Internal communication takes place with this clusterIP.
    
    NodePort:
    
    To access the application from internet, use nodeport where a port is bind with IP address. IP with port will bind with service (nodeport). In this service clusterIP is also assgined.
    
    for every communiation need to assigned port to reach the container. To avoid use load balancer.
    
    LoadBalance:
    
    Bind the loadbalancer IP with worknode IP along with port number. This load balancer was used by client not from kubernetes.
    
    Kubernetes has provided loadbalancer. service type use loadbalancer.
- Secrets
  - In a 3 Tier application deployment where you have front end, back end, database.
  - In order front end to access database which required user credentials. It should be safe and secured.
  - secret componet will store sensitive and security data. To access database front end will get through secret component.
  - code
  - code
- config map
  - It stores the information about database, so front end to access database first it gets information about database and connect through secrets.
  - code
  - code
- Kubernetes Storage: PV (Persistence Volume), PVC (Persistence Volume Claim)
  - A volume is created and attach to database. data is stored in these volumes. If in case of pod is deleted or need to create a new pod so that data will can be retrieved from this vlumes.
  - When a new pod is created then ephemral (temp) storage is created and attach to pod, it store downloads and other data. when pod is deleted than this runtime data is also get deleted.
  - kubernetes offered persistent volume to store the data. persistent volume could be local hard drive, which can be mounted to pods. if the pod get deleted and it will recreated but it could be recreated in different node so storage is in different node.
  - Network volume can be use as persistent volume.
    
    NFS
    
    Create NFS server on ubuntu:
    
    SCSI
    
    AWS S3, AWS EBS
    
    Azure volume
    
    Redhad
  - Create PV: click here
    
    $kubectl get pv (to check any PV exist)
    
    $vim pv.yaml (click here for yaml file)
    
    $kubectl apply -f pv.yaml
    
    $kubectl get pv
    
    $kubectl describe pv sta-volume
  - PVC: Persistence Volume Claim: It is the small volume created in persistent volume.
  - Create PVC (persistent volument claim)
    
    $kubectl get pvc
    
    $vim pvc.yaml (click here for yaml file)
    
    $kubectl get pvc
    
    $kubectl describe pv star-pvc
  - Deploying WordPress and MySQL with Persistent Volumes and inside use pvc which is inside pv and pv is inside nfs volume.
    
    $vi pv_deployment.yaml , click here for yaml file
    
    $kubectl apply -f pv-deployment.yaml
    
    $kubectl get deployment
    
    $kubectl get pod
- Code
  - Code
- Code
  - Code
- Code
How components communicate:
- Deployment of an application:
  - api-server: When a request is generated to deploy an applicaiton, request first comes to api-server and it validates the permission and store the information what kind of pod need to be created.
  - ETCD: Information of pod is stored inside ETCD.
  - Scheduler: it will get a request to create a new pod, it will check/analyse the suitable worker node to create pod. It will update information in ETCD.
  - Kubelet: It will create pod.
  - Kube-Poxy: once the pod is created then kube proxy will enable network rules.
  - Controller Manager: It will be used once the pod is created and application has been deployed, it is use to maintian application state. controller will detect if there is any issue. It will inform to scheduler.
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code
- code
  - code
  - code
  - code

Installation, Setup, Remove

Types of kubernetes installation:
- kubernetes installation can be performed in two ways
  - using kubeadm tool
  - using file method
On-Premises Ubuntu VMs multinode cluster using kubeadm and Cloning VMs. Video.
On-Premises Ubuntu 22.04 LTS VMs multinode cluster using kubeadm tool.
- Create 3 ubuntu VMs (windows not supported) and Perform Step-1 to Step-7 on all VMs.
- Step 1 Prerequisite:
  - Minimal Install Ubuntu 22.04, Create 3 ubuntu VM one master node and 2 worker nodes, Download ubuntu from https://ubuntu.com/download/desktop (20.04 LTS)
  - Minumum 2 GB RAM, 2 CPU, 30 GB Disk.
  - Sudo user with admin rights: $sudo su
  - Internet connectivity
- Step 2: Assing IP and Set Hostname, hosts file
  - Manual IP in Ubuntu 192.168.171.50 (51 & 52), 255.255.255.0, GW:192.168.171.2
  - $sudo hostnamectl set-hostname master, $sudo hostnamectl set-hostname worker1, $sudo hostnamectl set-hostname worker2
  - $exec bash
  - $sudo vi /etc/hosts (add IP & hostname of all nodes, 192.168.171.50 master, 192.168.171.51 worker1, 192.168.171.52 worker2) save and exit.
- Step 3 : Disable Swap and Kernel Parameters
  - Kubernetes does not support swap memory, kubernetes will not store run time data in swap memory, it store in physical memory.
  - $sudo swapoff -a
  - $sudo sed -i '/ swap / s/^$.*$$/#\1/g' /etc/fstab
  - $sudo tee /etc/modules-load.d/containerd.conf <<EOF
    overlay
    br_netfilter
    EOF
  - $sudo modprobe overlay
  - $sudo modprobe br_netfilter
  - run tee command
  - $sudo tee /etc/sysctl.d/kubernetes.conf <<EOT
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    EOT
  - Reload the above changes
  - $sudo sysctl --system
- Step 4: Install Containerd Runtime (Docker)
  - First install dependencies for containerd runtime:
  - $sudo apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates
  - Enable Docker Repository:
  - $sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg
  - $sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  - Run the following apt command to install containerd
  - $sudo apt update
  - sudo apt install -y containerd.io
- Step 5: Configure containerd so that it starts using systemd as cgroup
  - $containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
  - $sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
  - Restart & Enable Containerd
  - $sudo systemctl restart containerd
  - $sudo systemctl enable containerd
- Step 6: Kubernetes package is not available in the default Ubuntu 22.04 package repositories. So we need to add Kubernetes repository. run following command to download public signing key,Step 6: Add APT repository for Kubernetes:
  - $sudo apt-get update
  - $sudo apt-get install -y apt-transport-https ca-certificates curl gpg
  - $curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
  - Run the following command echo command to add kubernetes apt repository.
  - $echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
  - Kub0ern0etes v102.0023201 was02 available, replace this version with new higher version if available.
- Step 7: Install Kubectl, Kubeadm, Kubelet
  - $ sudo apt update
  - $ sudo apt install -y kubelet kubeadm kubectl
  - $ sudo apt-mark hold kubelet kubeadm kubectl
- Perform Step 8 on Master Node only:
- Step 8: Install Kubernetes Cluster
  - $sudo kubeadm init --control-plane=master
  - After the initialization is complete, you will see a message with instructions on how to join worker nodes to the cluster. Make a note of the kubeadm join command for future reference.
    - kubeadm join master:6443 --token sprb01.byn0v48rbmwodr8c \
      --discovery-token-ca-cert-hash sha256:46f3a54131c98e4d934e18aa82629395ea800607834e92d97bca607efaa5fec8
  - So, to start interacting with cluster, run following commands on the master node,
  - $ mkdir -p $HOME/.kube
  - $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  - $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
  - run following kubectl commands to view cluster and node status:
  - $ kubectl cluster-info
  - $ kubectl get nodes
- Step 9: Join worker nodes to the Cluster.
  - Run on each worker node the following command to join cluster.
  - kubeadm join master:6443 --token sprb01.byn0v48rbmwodr8c \
    --discovery-token-ca-cert-hash sha256:46f3a54131c98e4d934e18aa82629395ea800607834e92d97bca607efaa5fec8
  - create kubeadm join command if lost:
    - $kubeadm token create --print-join-command
- Step 10: check cluster nodes on master node
  - $kubectl get nodes (it will show all nodes)
  - nodes status is 'Not Ready', so to make it active. must install CNI (Container Network Interface) or network add-on plugs like Calico, Flannel and Wwave-net.
- Step 11: Install CNI (Container Network Interface) or network add-on plugs like Calico, Flannel and Wwave-net.
  - $ kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/calico.yaml
  - Verify the status of pods in kube-system namespace:
  - $ kubectl get pods -n kube-system
  - $kubectl get nodes
- Step 12: Deploy nginx application and test it.
  - $ kubectl create deployment nginx-app --image=nginx --replicas=2
    - deployment.apps/nginx-app created
  - Check the status of nginx-app deployment
  - $ kubectl get deployment nginx-app
    - NAME READY UP-TO-DATE AVAILABLE AGE
      nginx-app 2/2 2 2 38s
  - Expose the deployment as NodePort,
  - $kubectl expose deployment nginx-app --type=NodePort --port=80
    - service/nginx-app exposed
  - Run following commands to view service status
  - $kubectl get svc nginx-app
  - $kubectl describe svc nginx-app
- Step 13: Access nginx application
  - $ curl http://<woker-node-ip-addres>:31885
  - $ curl http://192.168.171.51:31246:31885
- Lost kubeadm join key: run this to create new token $kubeadm token create --print-join-command
On-Premises Ubuntu multinode cluster using file system.
- code
- code
- code
- code
On Premises Centos multinode cluster using kubeadm
- Step 1: Create 3 VMs of CentOS : windows not supported (one master node, 2 worker nodes with min 2 GB RAM, 2 CPU and 30 GB Disk)
- Step 2: Swap Memory should be off on all nodes: Kubernetes does not support swap memory, process or runtime data should not save in swap memory but should be stored in physical memory.
  - On Ubuntu machine:
  - $swapon -s (Displays the status of swap and location)
  - $swapoff /swapoff (it is temporary)
  - $vi /etc/fstab (remove the line in centos: /dev/mapper/centos-swap). remove the line /swapfile in ubuntu) save it. permanent swapfile off
- Step 3: Ports should be enabled:
  - check firewall status: By default firewall is enabled in centos:
  - On ubuntu:
  - $systemctl status ufw
  - $add the following ports in firwall or disable firewall
  - $systemctl stop ufw
  - Hostname:
  - $hostname (it will display hostname)
  - $hostname set-hostname master(it will set hostname master)
  - $bash
  - Enter DNS address or enter IP adddress in hosts file.
  - $cd /etc/hosts
  - $vi hosts (add ip addresses of all nodes, master & worker nodes)
- Step 4: Install docker on all nodes, start, enable, Kubernetes used docker to create containers. Kubernetes used docker to create containers.
  - on ubuntu: $apt install docker.io
  - On CentOS: sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo and then $sudo yum install docker-ce-docker-ce-cli containerd.io
  - start/enable docker on all nodes: $systemctl enale docker, $systemctl start docker
  - $docker info
- Step 5: On Master node only: Install, start, enable Kubeadm (cluster setup), kubelet (manage cluster components ), kubectl (commands start with kubectl),
  - Go to google and search kubernetes kubeadm install: go to link
  - Step1: Debian based distribution (for ubuntu, debian or hypriotOS),
    - copy and run:
      sudo apt-get update # apt-transport-https may be a dummy package; if so, you can skip that package sudo apt-get install -y apt-transport-https ca-certificates curl gpg
  - Step 2: Download the public signing key:
    - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
  - Sep 3: Add the appropriate Kubernetes apt repository. Please note that this repository have packages only for Kubernetes 1.28; for other Kubernetes minor versions, you need to change the Kubernetes minor version in the URL to match your desired minor version (you should also check that you are reading the documentation for the version of Kubernetes that you plan to install).
    - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
  - Step 4: Update the apt package index, install kubelet, kubeadm and kubectl, and pin their version:
    - sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
- $systemctl enable kubelet
- $systemctl start kubelet
- code

On cloud Ubuntu VMs Cluster Setup with Script (Aditya Jaiswal)

Create 3 ubuntu VM machines on cloud (windows not supported), one as a master node and two as a worker nodes.
Ensure you have root access on both the master and workder nodes.

Step 1: On master and worker nodes, run the script on both master and workder nodes.

#!/bin/bash

# Update package lists
sudo apt-get update

# Install Docker
sudo apt install docker.io -y
sudo chmod 666 /var/run/docker.sock

# Install dependencies for Kubernetes
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
sudo mkdir -p -m 755 /etc/apt/keyrings

# Add Kubernetes apt repository and key
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

# Update package lists again
sudo apt update

# Install Kubernetes components
sudo apt install -y kubeadm=1.28.1-1.1 kubelet=1.28.1-1.1 kubectl=1.28.1-1.1

$vi 1.sh (paste script)
$sudo chmod +x 1.sh
$./1.sh

Step 2: Setting up Master node:

#!/bin/bash

# Initialize Kubernetes master
sudo kubeadm init --pod-network-cidr=192.168.0.0/16

# Configure kubectl for current user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Deploy Calico network plugin
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

# Deploy NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/baremetal/deploy.yaml

run the script on master node only.
$vi 2.sh (paste script)
$sudo chmod +x 2.sh
$./2.sh

Step 3: Swapoff (error will through that swap file is enabled)
- Temporarily swapoff in ubuntu: $swapon -s (it will show the location of swapfile) $swapoff /swapfile
- Temporarily swapoff in Centos: $swapon -s (/dev/dm-1) $swapoff /dev/dm-1
code
code

On Cloud AWS Ubuntu VMs Cluster Setup with KOPS
- Click for Installation steps from Valaxy Tech:
- Click for Installation Steps from Abhishek.
- Dependencies Required:
  - python 3
  - AWS CLI: it is required python.
  - Kubectl
- Step 1: Create a VM /use laptop:
  - Step 1.1: Using AWS VM, login to AWS console and enter credentials.
  - Click EC2/Instances/Launch Instances/k8s-management\Take Amazon linux (CLI is installed by default). create a VPC/subnet/security group/internet gateway etc.. launch Instance
  - To connect, open ssh tool(mobaXterm), enter Public IP in remote host, specify name = ec2-user, click advanced SSG setting/user private key and define location of keypair and ok.
  - Run aws configure (requested to enter AWS access key and secret key), we will define IAM role and assign to user.
  - Create a IAM role with the following roles.
    - Go to IAM/roles/create role/choose service EC2/ search following roles and assign
    - IAM Full Access
    - S3 Full Access
    - Route 53 Full Access
    - EC2 Full Access
    - Amazon VPC Full Access
    - Enter role name:kops-iam-role and create role.
    - Assign role to user: Go to EC2 Instance/select instance/click actions/security/modify IAM role, select kops-iam-role and update iam role.
  - Run aws configure:
    - access key: just enter
    - secret key: just enter
    - Region = eu-west-2
    - Output format = table
  - Step 1.2 : Using local VM or Laptop:
    - Install AWS CLI on your local computer. This machine should be linux O/S.
  - Step 1.3: DNS Configuration (Private / Public)
    - Go to Route 53/create hosted zones/
    - Enter domain name: stardistributors.co.uk or stardistributors.local
    - if using private hosted zone, select Zone and vpcID to which it will redirect traffic, create
- Step 2: Install AWSCLI
  - AWSCLI is installed by default in Amazon Linux image. for other VMs run the following
  - #curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip
    apt install unzip python
    unzip awscli-bundle.zip
    #sudo apt-get install unzip - if you dont have unzip in your system
    ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
- Step 3: Install kubectl
  - #curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
    #chmod +x ./kubectl
    #sudo mv ./kubectl /usr/local/bin/kubectl
  - #kubectl Error: if you still get command not found then move file to /bin folder sudo mv /usr/local/bin/kubectl /bin/
  - #kubectl version
- Step 4: Create an IAM user/role with Route53, EC2, IAM and S3 full access: done in step 1.1
- Step 5: Attach IAM role to ubuntu server : Done in step 1
- Step 6: Install kops
  - Install kops on ubuntu instance: It will create VMs (one master and 2 worker nodes) and it creates all pods for kubernetes components.
  - #curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
    #chmod +x kops-linux-amd64
    #sudo mv kops-linux-amd64 /usr/local/bin/kops
  - #kops version, Error: if you still get command not found then move file to /bin folder sudo mv /usr/local/bin/kopsl /bin/
  - #kops version
- Step 7: Create a Route53 private hosted zone (you can create Public hosted zone if you have a domain): done in step 1.3
- Step 8: Create S3 bucket
  - #aws s3 mb s3://dev.k8s.stardistributors.local
  - #aws s3 ls
- Step 9: Expose environment variable:
  - #export KOPS_STATE_STORE=s3://dev.k8s.stardistributors.local
- Step 10: Create sshkeys before creating cluster: to ssh master node in the cluster
  - #ssh-keygen
- Step 11: Create kubernetes cluster definitions on S3 bucket: store information in the S3 bucket.
  - #kops create cluster --cloud=aws --zones=eu-west-2a --name=dev.k8s.stardistributors.local --dns-zone=stardistributors.local --dns private
  - or
  - #kops create cluster --name=dev.k8s.stardistributors.local --state=s3://dev.k8s.stardistributors.local --zones=eu-west-2a --node-count=1 --node-size=t2.micro --master-size=t2.micro --master-volume-size=8 --node-volume-size=8
- Step 12: Create kubernetes cluser
  - #kops update cluster dev.k8s.stardtributors.local --yes
- Step 13: Validate your cluster
  - #kops validate cluster
- Step 14: To list nodes
  - #kubectl get nodes
- Step 15: Deploying Nginx Container
  - kubectl run sample-nginx --image=nginx --replicas=2 --port=80
  - kubectl get pods
  - kubectl get deployments
- Step 16: Expose the deployment as service. This will create an ELB in front of those 2 containers and allow us to publicly access them:
  - kubectl expose deployment sample-nginx --port=80 --type=LoadBalancer
  - kubectl get services -o wide
- Step 17: Delete cluster
  - kops delete cluster dev.k8s.valaxy.in --yes
Platform as a Service - GKE, EKS, AKS
- Azure, Google, AWS provides platform as a service where these companiese maitain infrastructure. You will configure kubernetes on their platform.
- Google GKE - Google Kubernetes Engine
  - login to google cloud. Activate it by providing bank card details, activate free trial, https://console.cloud.google.com/
  - open google cloud console paralelly.
  - click navigation menu> kubernetes engine> create cluster > create
  - GKE standard > configure
    
    Cluster name: cluster-1
    
    location type: zonal
    
    control plane version: Released channel
    
    create
    
    observe: Cluster size is 3, one master and 2 nodes. Cluster is created
- AWS EKS - Elastic Kubernetes Service Cluster Setup
  - It is a managed control plane in AWS. AWS provides High Available kubernetes cluster.
  - Step 1: Create a user in AWS IAM, create a custom policy and default policies attach to user.
    
    Create a user:
    
    Log in to the AWS Management Console.
    
    Navigate to the IAM dashboard.
    
    Click on "Users" in the left sidebar.
    
    Click on the "Add user" button. IAM users are created in global Region.
    
    Enter a username of your choice.
    
    Provide user access to the AWS Management Console: select
    
    select iam user, set a password for the user.
    
    select assign polices directly to user:
    
    search the following policies and attach it to user.
    
    Search the default policies
    
    AmazonEC2FullAccess
    
    AmazonEKS_CNI_Policy
    
    AmazonEKSClusterPolicy
    
    AmazonEKSWorkerNodePolicy
    
    AWSCloudFormationFullAccess
    
    IAMFullAccess
    
    star-eks-policy (custom policy to allow visual editor)
    
    Create a custom policy:
    
    click on create policy: select json and enter the following code
    
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": "eks:*",
    "Resource": "*"
    }
    ]
    }
    
    save the policy: star-eks-policy (select this policy as well)
    
    next and create user: https://533267324249.signin.aws.amazon.com/console
    
    Create Access keys:
    
    Go to user created (eks-user)/security credentials/ access keys/ create access keys/command line interface and download both the keys .csv file.
  - Step 2: Create a VM and run the script to automate the installation of AWSCLI, kubectl, and eksctl;
    
    create ubuntu, 20.04, t2medium, 20GB disk
    
    access vm through mobaexterm.
    
    $sudo apt update
    
    create a script and paste the commands
    
    $vi install_tools.sh
    
    #!/bin/bash # Install AWSCLI curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" sudo apt install -y unzip unzip awscliv2.zip sudo ./aws/install # Install kubectl curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin kubectl version --short --client # Install eksctl curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin eksctl version
    
    $sudo chmod +x install_tools.sh
    
    $./install_tools.sh
  - Step 3: Connect to AWS using CLI with user eks-user
    
    open mobaexterm and conenct to VM with user ubuntu
    
    $aws configure
    
    AWS access key Id = paste it from downloaded key of user (eks-user)
    
    AWS secret key = paste it
    
    Default region name = eu-west-2 (region where VM is created)
    
    Default output format =
    
    connected to AWS VM
  - Step 4: Create EKS cluster with eksctl : copy and paste the below command , cloudformation will create cluster.
    
    Either you can create with portal by choosing eks cluster or using eksctl command line utility and copy and paste the below command (will take 10 minutes), cloudformation will create cluster.
    
    eksctl create cluster --name=star-eks --region=eu-west-2 --zones=eu-west-2b,eu-west-2c --without-nodegroupEKS (cluster "star-eks" in "eu-west-2" region is created without nodegroup/worker node. it will be created separately, see below).(will take 5 to 10 minutes)
    
    eksctl create cluster --name=star-eks --region=eu-west-2 --zones=eu-west-2b,eu-west-2c --fargate (cluster "star-eks" in "eu-west-2" region is created with nodegroup/worker node)
    
    eksctl utils associate-iam-oidc-provider (open Id connect provider) paste the following
    
    eksctl utils associate-iam-oidc-provider \
    --region eu-west-2 \
    --cluster star-eks \
    --approve
    
    Create nodegroup (workdernodes)
    
    eksctl create nodegroup --cluster=star-eks \
    --region=eu-west-2 \
    --name=node2 \
    --node-type=t3.medium \
    --nodes=3 \
    --nodes-min=2 \
    --nodes-max=4 \
    --node-volume-size=20 \
    --ssh-access \
    --ssh-public-key=key-london \
    --managed \
    --asg-access \
    --external-dns-access \
    --full-ecr-access \
    --appmesh-access \
    --alb-ingress-access
    
    in the above node name = node2 of t3.medium will be created, 3 nodes will be created and at any time min 2 nodes will be available and if required it goes to 4 by autoscaling.
    
    ssh-public-key = key-london (key used to create vm)
    
    cloudformation will create nodegroup (worker nodes).
  - Step 5: check number of nodes
    
    $kubectl get nodes (there will be 3 worker nodes)
  - Step 6: Open Inbound traffic
    
    Go to AWS services/eks/star-eks/Networking/cluster security group/select communication between the control plane and worker nodes /edit inbound rules and define all traffic. save it
  - Step 7: create service account, role, bind role with service account, generate token
    
    Create service account
    
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: jenkins
    namespace: webapps
    
    Create role
    
    apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: app-role namespace: webapps rules: - apiGroups: - "" - apps - autoscaling - batch - extensions - policy - rbac.authorization.k8s.io resources: - pods - secrets - componentstatuses - configmaps - daemonsets - deployments - events - endpoints - horizontalpodautoscalers - ingress - jobs - limitranges - namespaces - nodes - pods - persistentvolumes - persistentvolumeclaims - resourcequotas - replicasets - replicationcontrollers - serviceaccounts - services verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
    
    Bind Role with service account
    
    apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: app-rolebinding namespace: webapps roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: app-role subjects: - namespace: webapps kind: ServiceAccount name: jenkins
    
    Generate token using service account in the namespace
    
    create a namespace
    
    $kubectl create namespace webapps
    
    apiVersion: v1
    kind: Secret
    type: kubernetes.io/service-account-token
    metadata:
    name: mysecretname
    annotations:
    kubernetes.io/service-account.name: myserviceaccount
    
    To view secret run
    $kubectl -n webapps describe secret mysecretname
  - Delete cluster
    
    eksctl delete cluster --name star-eks --region eu-west-2
    
    Delete VM as well
- Azure AKS- Azure Kubernetes Service
  - login to Azure portal: https://portal.azure.com
- code
- code
Minikube Single Node Cluster
- Mainly it is use for Testing and Training purpose, it can be installed on your laptop/desktop (Windows, Linux, Mac OS).
- All components will install in a single node. Hardware must support virtualization and enabled.
- Windows:
  - Hypervisor should be installed.
  - Install Minikube
  - Install Kubectl.
  - Support Hyper-v or Virtualbox
  - run minikube start
  - a VM is created in hypervisor in which cluster configured.
  - LAB:
    
    Details of configuration.
    
    2 CPUs or more
    
    2GB of free memory
    
    20GB of free disk space
    
    Internet connection
    
    Container or virtual machine manager, such as: Docker, QEMU, Hyperkit, Hyper-V, KVM, Parallels, Podman, VirtualBox, or VMware Fusion/Workstation
    
    run systeminfo on command prompt to check hypervisor is supported.
    
    Step 1: Download package
    
    Download and run the installer minikube-installer.exe click latest release.
    
    Add the minikube.exe binary to your path: open powershell command as administrator and run:
    
    $oldPath = [Environment]::GetEnvironmentVariable('Path', [EnvironmentVariableTarget]::Machine)
    if ($oldPath.Split(';') -inotcontains 'C:\minikube'){
    [Environment]::SetEnvironmentVariable('Path', $('{0};C:\minikube' -f $oldPath), [EnvironmentVariableTarget]::Machine)
    }
    
    Step 2: start your cluster
    
    PS:\minikube start or PS:\minikube start --memory=4096 --driver=hyperkit
    
    It will create Hyper-v VM.
    
    It will prepare kubernetes on docker.
    
    Step 3: Interact with your cluster
    
    If kubectl is not installed than install kubectl.
    
    PS:\minikube status
    
    PS:\kubectl get cs or
    
    PS:\minikube ip
    
    PS:\kubectl get nodes
    
    PS:\kubectl get po -A
    
    PS:\minikube kubectl -- get po -A
    
    PS:\kubectl get nodes
    
    PS:\kubectl get nodes -o wide
    
    Step 4: Deploy hello-minukube
    
    PS:\kubectl create deployment hello-minikube --image=kicbase/echo-server:1.0
    
    PS:\kubectl expose deployment hello-minikube --type=NodePort --port=8080
    
    default port on pods 8080
    
    PS:\kubectl port-forward service/hello-minikube 7080:8080
    
    http://localhost:7080/
    
    Deploy nginx
    
    PS:\kubectl run web-server --image=nginx
    
    PS:\kubectl get pods
    
    PS:\kubectl get pods -o wide
    
    localhost:8080
    
    PS:\minikube stop
    
    Deploy Pod with yaml
    
    Go to https://kubernetes.io/docs/concepts/workloads/pods/
    
    create a yaml file pod1.yaml and paste the follwing:
    
    apiVersion: v1
    kind: Pod
    metadata:
    name: nginx
    spec:
    containers:
    - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80
    
    C:\kubectl create -f pod1.yaml
    
    C:\kubectl get pods
    
    C:\minikube ssh (login to cluster)
    
    To debug the errors:
    
    C:\kubectl describe pod nginx
    
    C:\kubectl logs nginx
    
    C:\kubectl delete pod nginx
    
    Deploy xxx
- Linux:
  - Hypervisor should be installed.
  - Minikube and kubectl should be installed.
  - KVM or virtualbox should be installed.
  - run minikube start
  - a VM is created in hypervisor in which cluster configured.
- Mac OS:
  - Hypervisor should be installed.
  - Minikube and kubectl should be installed.
  - support HyperKit, virtualbox, VMWare Fusion
  - run minikube start
  - a VM is created in hypervisor in which cluster configured.
- If Hypervisor is not installed, than install docker and run minikube start --driver=none, it creates a container and use minkube image to configure cluster. It works only with Linux and Mac OS only. Both support kernel.
- code
Free kubernetes service:
- kubeless kubernetes: You will get readymade cluster. It can be use for Testing or Training purpose
  - Access: https://labs.play-with-k8s.com/ login and create a cluster.
  - login with github or docker account, it is valid for 3 hours only and after that all will be deleted.
- https://killercoda.com/login
On-Prem Configure kubernetes Cluster on Docker (KinD).
- KinD: Kubernetes in Docker, running kubernetes cluster on docker cotnainer. For multinode cluster like 1 master/control plane and 2 worker nodes/data plane than docker will create 3 containers.
- Difference between EKS,AKS,GKE vs KinD: EKS,AKS,GKE are cloud based kubernetes cluster which is managed by AWS, Azure, Google and it uses VM while KinD is container based and managed by client. Kind is light weight.
- Pre-requisite:
  - Docker desktop up and running
  - KinD documentation for instruction. Quick Guide/Installation.
- On Linux:
  - KinD Installation:
    - # For AMD64 / x86_64
      [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-linux-amd64
      # For ARM64
      [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-linux-arm64
      chmod +x ./kind
      sudo mv ./kind /usr/local/bin/kind
    - run the above command in ubuntu VM where docker is installed already.
    - ubuntu@sonarqube:~$ kind version
    - kind v0.29.0 go1.24.2 linux/amd64
  - Create single node Kubernetes cluster:
    - ubuntu@sonarqube:~$ kind create cluster --name=star-single-node
    - cluster info:
      
      ubuntu@sonarqube:~$kubectl cluster-info --context kind-star-single-node
      
      ubuntu@sonarqube:~$kind get clusters or
      
      ubuntu@sonarqube:~$kubectl config current-context
    - Deploy Nginx:
      
      ubuntu@sonarqube:~$kubectl create deployment webserver --image nginx
      
      ubuntu@sonarqube:~$kubectl get pods -o wide
  - Create Multi node kubernetes cluster: 1 control-plane and 3 worker nodes
    - Go to Kind Documentation/configuration and copy configuration:
      
      kind: Cluster
      apiVersion: kind.x-k8s.io/v1alpha4
      # One control plane node and three "workers".
      #
      # While these will not add more real compute capacity and
      # have limited isolation, this can be useful for testing
      # rolling updates etc.
      #
      # The API-server and other control plane components will be
      # on the control-plane node.
      #
      # You probably don't need this unless you are testing Kubernetes itself.
      nodes:
      - role: control-plane
      - role: worker
      - role: worker
      - role: worker
    - Create a yaml file and paste the configuration: vim multi-node-cluster.yaml
    - save and exit
    - ubuntu@sonarqube:~$ kind create cluster --name star-multi-node --config=multi-node-cluster.yaml
    - Error:
    - Solution: run the following commands and than run the command to create cluster:
      
      echo fs.inotify.max_user_watches=655360 | sudo tee -a /etc/sysctl.conf echo fs.inotify.max_user_instances=1280 | sudo tee -a /etc/sysctl.conf sudo sysctl -p
    - ubuntu@sonarqube:~$ kind create cluster --name star-multi-node --config=multi-node-cluster.yaml
    - ubuntu@sonarqube:~$kubectl get nodes
    - Deploy nginx:
      
      kubectl create deployment nginx --image=nginx
    - Port Mapping:
      
      kubectl port-forward pod/POD_NAME 8888:80 (nginx port is 80 and forwarding to 8888)
    - Access Nginx:
      
      open browser: http://localhost:8888
  - Create Multi node kubernetes cluster: 3 control-plane and 6 worker nodes
    - Go to Kind Documentation/configuration and copy configuration:
      
      kind: Cluster
      apiVersion: kind.x-k8s.io/v1alpha4
      # One control plane node and three "workers".
      #
      # While these will not add more real compute capacity and
      # have limited isolation, this can be useful for testing
      # rolling updates etc.
      #
      # The API-server and other control plane components will be
      # on the control-plane node.
      #
      # You probably don't need this unless you are testing Kubernetes itself.
      nodes:
      - role: control-plane
      - role: control-plane
      - role: control-plane
      - role: worker
      - role: worker
      - role: worker
      - role: worker
      - role: worker
      - role: worker
    - Create a yaml file and paste the configuration: vim multi-node-cluster.yaml
    - save and exit
    - ubuntu@sonarqube:~$ kind create cluster --name star-3multi-6node --config=multi-node-cluster.yaml
- On Windows:
- On Mac:
Access & Manage Cluster Remotely
- Windows
  - To manage and control cluster, get remote connection.
  - After cluster configuration there will be a admin.conf file is created at /etc/kubernetes/admin.conf
  - copy the file and paste it in local computer by creating a folder .kube in user folder and rename the file to config
  - Install kubectl for windows/linux/mac OS: click here
    
    Create a folder local C:\users\username\kubernetes and paste kubectl here
    
    set environment variable: system/advanced system settings/Environment Variable/user variable/ new/Variable name: PATH, Variable Value: paste path
  - Create a folder .kube in local system in C:\users\username
  - Paste the admin.conf file and change name to config. use winscp to copy file.
  - Go to kubernetes master node: /etc/kubernetes/ copy admin.conf (it can bring with winscp), use sftp, hostname - ip of master node, user name and password
  - Paste it in C:\users\username\.kube\admin.conf (rename it to config)
- Linux
  - Code
Kubectl:
- It is a command line tool for kubernetes to execute commands on kubernetes cluster.
- for installation https://kubernetes.io/docs/tasks/tools/
After kubernetes VM restart, start following services
- Code
Remove node from cluster and rejoin
- List nodes:
  - $kubectl get nodes
- First Drain the node
  - $kubectl drain <node-name>
  - Error: unable to drain node "worker1" due to error: cannot delete DaemonSet-managed Pods (use --ignore-daemonsets to ignore): kube-system/calico-node-7nqpz, kube-system/kube-proxy-xdn4v, continuing command...
    There are pending nodes to be drained:
    worker1 cannot delete DaemonSet-managed Pods (use --ignore-daemonsets to ignore): kube-system/calico-node-7nqpz, kube-system/kube-proxy-xdn4v
  - You might have to ignore daemonsets and local-data in the machine: try following
  - $kubectl drain <node-name> --ignore-daemonsets --delete-local-data or
  - $kubectl drain <node-name> --ignore-daemonsets
- Delete the node:
  - $kubectl delete node <node-name>
- Reset the cluster:
  - $kubeadm reset (If you are using kubeadm and would like to reset the machine to a state which was there before running kubeadm join then run)
- Join the cluster:
  - $kubeadm token create --print-join-command
  - copy the command and run on worker node to join.
Removing Kubernetes completely
- $kubeadm reset
- sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube*
code
- Code
code
- Code

Configuration of other kubernetes services

Kubernetes Storage
- A volume is created and attach to database. data is stored in these volumes. If in case of pod is deleted or need to create a new pod so that data can be retrieved from this volumes.
- When a new pod is created then ephemral (temp) storage is created and attach to pod, it store downloads and other data. when pod is deleted than this runtime data is also get deleted.
- kubernetes offered persistent volume to store the data. persistent volume could be local hard drive, which can be mounted to pods. if the pod get deleted and it will recreated but it could be recreated in different node so storage is in different node.
- Types of storage can be use a persistent volume.
  - NFS
    - Create NFS server on ubuntu:
  - SCSI:
  - AWS S3: AWS EBS
  - Azure volume:
  - Redhat: Gluster
  - other supported volumes
- Create PV: click here
  - $kubectl get pv (to check any PV exist)
  - $vim pv.yaml (click here for yaml file)
  - $kubectl apply -f pv.yaml
  - $kubectl get pv
  - $kubectl describe pv sta-volume
- PVC: Persistence Volume Claim: It is the small volume created in persistent volume.
  - Create PVC (persistent volument claim)
  - $kubectl get pvc
  - $vim pvc.yaml (click here for yaml file)
  - $kubectl get pvc
  - $kubectl describe pv star-pvc
- Deploying WordPress and MySQL with Persistent Volumes and inside use pvc which is inside pv and pv is inside nfs volume.
  - $vi pv_deployment.yaml , click here for yaml file
  - $kubectl apply -f pv-deployment.yaml
  - $kubectl get deployment
  - $kubectl get pod
- code
Taint
- It is pod control, by default taint is enabled on master node so that pods will not be scheduled on master nodes.
- Check taint status:
  - $kubectl describe node master:
    - Taints: node-role.kubernetes.io/control-plane:NoSchedule (taint is applied)
    - Taints: <none> (Taint is removed)
  - $kubectl describe node master | grep -i taint (it will display only taint status)
- Remove taint on master node:
  - $kubectl taint nodes --all node-role.kubernetes.io/master- or
  - $kubectl taint nodes master key:NoSchedule-
  - $kubectl taint nodes worker1 key:NoExecute-
- Test pods are creating on master node.
  - Create pod with deployment replicas = 4
  - $kubectl create deployment web-server --image=nginx --replicas 4
  - $kubectl get pods -o wide:
    - pods are created on both master and worker node.
- Apply taint on master/worker node: you can use NoSchedule or NoExecute
  - $kubectl taint nodes master key=value1:NoSchedule or
  - $kubectl taint nodes master key=value1:NoExecute
    - node/master tainted
  - $kubectl taint nodes worker1 key=value1:NoExecute or
  - $kubectl taint nodes worker1 key=value1:NoSchedule
    - node/worker1 tainted
    - Create pod with deployment replicas = 4
    - $kubectl create deployment web-server --image=nginx --replicas 4
    - $kubectl get pods -o wide:
      
      pods are created on worker node only.
- If taint is applied on all nodes and when you create pods it shows pending, check with $kubectl describe pod podname and it will show FailedScheduling (remove taint on node and it will deploy pods)
- code
Labels
- When you create deployment than pods will be created on worker nodes & master node if taint is disabled. It will be distributed and created in all nodes.
- If you want all pods to be created on a particular node than it can be achieved with label.
- Set label on each node and define label when creating deployment.
- We create namespace for logical isolation in a cluster.
- Number of pods will be created on all nodes but under the same namespace, when you search pods with namespace than it wlll list all pods with the same namespace.
- you can bind number of nodes with a namespace so that number of pods will be created with the same namespace in those defined nodes.
- Set Label:
  - $kubectl label node master node=star1
  - $kubectl label node worker1 node=star2
  - $kubectl describe node master
- Deploy all nodes on worker1 node using label node=star1
  - $vim label1.yaml
  - apiVersion: v1
    kind: Pod
    metadata:
    name: prod-server
    spec:
    containers:
    - image: nginx
    name: prod-server
    nodeSelector:
    node: "star1
  - $kubectl apply -f label1.yaml
  - pods are deployed on master node only.
- Deploy all nodes on master node using label node=star2
  - $vim label1.yaml
  - apiVersion: v1
    kind: Pod
    metadata:
    name: prod-server
    spec:
    containers:
    - image: nginx
    name: prod-server
    nodeSelector:
    node: "star2"
  - $kubectl apply -f label2.yaml
  - pods are deployed on worker1 node only.
- Bind Labels with namespace.
  - When you deploy, all pods will be created on nodes which are bind with labels
  - Create a name space:
    - $kubectl create namespace dev-team &
    - $kubectl create namespace prod-team
    - $kubectl get namespace
    - $kubectl delete namespace dev-team
    - $kubectl delete namespace prod-team
  - Deployment
    - $kubectl create deployment -n dev-team web-server --image=nginx --replicas=3
    - $kubectl create deployment -n prod-team db-server --image=nginx --replicas=3
  - list pods from namespace dev-team and prod-team:
    - $kubectl get pods -n dev-team
    - $kubectl get pods -n prod-team
    - Pods are creating in master and worker node,
    - Delete:
    - $kubectl delete deployment web-server -n dev-team
    - $kubectl delete deployment db-server -n prod-team
  - Pods should be created in one node only.
    - Perform the following steps in api server
    - $cd /etc/kubernetes /manifests
    - $etc/kuberntes/manifests vim kube-apiserver.yaml
    - add parameter at line - --enable-admission-plugins=NodeRestriction,PodNodeSelector
    - save and exit (there will be short downtime)
  - Now bind nodes in namespace (dev-team and prod-team)
    - Will bind master node with dev-team and worker1 node with prod-team
    - $kubectl edit namespace dev-team
    - after line name: dev-team
    - annotations:
    - scheduler.alpha.kubernetes.io/node-selector: "node=star1" save and exit
    - $kubectl edit namespace prod-team
    - after line name: prod-team
    - annotations:
    - scheduler.alpha.kubernetes.io/node-selector: "node=star2" save and exit
  - Create Deployment
    - $kubectl create deployment dev-server -n dev-team --image=nginx --replicas=3
      
      all pods will be created in master node
    - $kubectl create deployment prod-server -n prod-team --image=nginx --replicas=3
      
      All pods will be created in worker1 node
  - Remove labels:
    - $kubectl label node master node-
    - $kubectl label node worker1 node-
  - Remove namespace selector
    - $kubectl edit namespace dev-team (remove both lines annotations & scheduler.alpha.kubernetes.io/node-selector: node=star1
    - $kubectl edit namespace dev-team (remove both lines annotations & scheduler.alpha.kubernetes.io/node-selector: node=star2
  - Remove binding
    - $cd /etc/kubernetes/manifests
    - $etc/kubernetes/manifests vim kube-apiserver.yaml and remove PodNodeSelector
    - There will be downtime for few minutes.
- code
Namespace
- We create namespace for logical isolation of pods in a cluster.
- $kubectl create namespace dev-team &
- $kubectl create namespace prod-team
- Deployment:
  - $kubectl create deployment -n dev-team web-server --image=nginx --replicas=3
  - $kubectl create deployment -n prod-team db-server --image=nginx --replicas=3
  - $kubectl get pods -o wide -n dev-team
  - $kubectl get pods -o wide -n prod-team
- $kubectl get namespace
- $kubectl get pods --all-namespaces (list all pods across all namespaces)
- $kubectl delete namespace dev-team
- $kubectl delete namespace prod-team
- code

Resource Quota (namespace):

It applies on namespace. You can set the quota on cluster resources on the basis of namespace.
You can allocate the resources for entire namespace, you cannot limit on pods/containers which can be done by limit range.
Namespace is created to isolate the pods for different departments or projects. you can allocate the resources to each namespace/project.
Suppose you have cluster capacity 500 GB memory, 500 TB Disk, 500 CPU, 3 projects running on cluster which is isolated with namespace (namespace1,2,3 namely).
You can set the resourcdes quota for these projects like memory 100GB, pods 100, cpu 50, secret 10, configmap 20, all components should be created withing this quota.

Apply namespace:

$kubectl get namespace (list of namespaces)

NAME STATUS AGE
default Active 11d
kube-node-lease Active 11d
kube-public Active 11d
kube-system Active 11d
metallb-system Active 3d22h

The above is default namespace list.
$kubectl create namespace namespace1 (create for namespace2 & namespace3)

Check quota :
- $kubectl -n namespace1 get quota (no resources found for the namespace)

Apply quota: https://kubernetes.io/docs/concepts/policy/resource-quotas/

$vim namespace1_quota.yaml & create for namespace2 & namespace3

apiVersion: v1
kind: ResourceQuota
metadata:
name: project3-quota # Set a name here, for example "my-quota"
namespace: namespace3 # Specify the namespace
spec:
hard:
pods: 5
configmaps: 10
secrets: 10
services: 10
requests.cpu: 2
requests.memory: 8Gi

$kubectl -n namespace1 apply -f namespace1.yaml
$kubectl -n namespace1 get quota
$kubectl -n namespace1 describe quota
$kubectl run -n namespace1 web-server1 --image=nginx (one pod is created and one more capacity is remaining)
$kubectl -n namespace1 describe quota
when you create a pod and its limit has been used then it will create the services which has not been mentioned in quota yaml file.
increase quota limit by editing yaml file.
define memory and cpu limit.

apiVersion: v1

kind: ResourceQuota

metadata:

namespace: namespace1

spec:

hard:

pods: "2"

configmaps: "10"

secrets: "10"

services : "10"

persistentvolumeclaims: "50"

limits.memory: "800Mi"

limits.cpu: "10"

When you define memory and cpu limit in quota, while creating a pod you need to define memory and cpu as well.

code
code
code

Limit Range (Container, POD, Volume):

By default, containers run with unbounded compute resources on a Kubernetes cluster. Using Kubernetes resource quotas, administrators (also termed cluster operators) can restrict consumption and creation of cluster resources (such as CPU time, memory, and persistent storage) within a specified namespace. Within a namespace, a Pod can consume as much CPU and memory as is allowed by the ResourceQuotas that apply to that namespace. As a cluster operator, or as a namespace-level administrator, you might also be concerned about making sure that a single object cannot monopolize all available resources within a namespace.
You can define min / max size limit range on pods / containers / volumes so that available resources can be distribute easily.
For more details visit
In the Resource Quota we have applied overall limit of 5GB RAM, 50GB HDD, 50 CPU to namespace, pods are created within a namespace.
When you deploy in this namespace than limit of pods can be applied through limit range so that pods should not exceed limit.
We can define min and max limit of each pod while creating.

If you do not define namespace while creating limit range than it will applied to default namespace.

Apply limit range on containers:

$kubectl get limitrange (To get list of limitrange configured)
Example of cpu only:

For Kubernetes documentation
Cluster details
- $kubectl get nodes (Master and Worker1)Apply limit range on containers.
Create a namespace
- $kubectl create namespace limitrange-demo
Set Context
- we do not need to define namespace everytime, as it has been set to limitrange-demo namespace instead of default namespace.
- $kubectl config set-context --current --namespace=limitrange-demo
- $kubectl config get-contexts
- $kubectl config delete-context kubernetes-admin@kubernetes

Limit min/max cpu for containers:

$vim limitrange_cpu_1.yaml
- apiVersion: v1
  kind: LimitRange
  metadata:
  name: cpu-resource-constraint
  spec:
  limits:
  - max: # max and min define the limit range
  cpu: "500m"
  min:
  cpu: 100m
  type: Container
$kubectl apply -f limitrange_cpu_1.yaml
$kubectl describe limitrange
$kubectl delete 0f limitrange_cpu_1.yaml
Default request and default limit has been not defined but it took max. you can set default request and default limit.

$vim limitrange_cpu_2.yaml

apiVersion: v1
kind: LimitRange
metadata:
name: cpu-resource-constraint
spec:
limits:
- default: # If you do not define max cpu while creating container, it will take default as max
cpu: "700m"
defaultRequest: # If you do not define min cpu while creating container, it will take defaultRequest as min
cpu: "110m"
max: # max milicore cpu a container can get
cpu: "800m"
min:
cpu: "100m" #min milicore cpu a container can get
type: Container

$kubectl apply -f limitrange_cpu_2.yaml
$kubectl describe limitrange

Test: Deploy nginx container

$vim limitrange_pod1.yaml

apiVersion: v1
kind: Pod
metadata:
name: busybox1
spec:
containers:
- name: busybox-cnt01
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
resources:
requests:
cpu: "100m"
limits:
cpu: "500m"

It is creating a pod with the name busybox1, container name busybox-cnt01, image busybox, describe command to run , define min 100Mi and max 200Mi cpu.
pod will be created as defined pod range is within the limit of limitrange defined in limitrange_cpu_2.yaml (min 110m max 700m)
$kubectl apply -f limitrange_pod1.yaml
pod has been created as limit within defined range.
$kubectl delete -f limitrange_pod1.yaml
Exceed limit range: edit the file and define max cpu limit 900M(limitrange defined min 100M and max 800M

apiVersion: v1
kind: Pod
metadata:
name: busybox1
spec:
containers:
- name: busybox-cnt01
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
resources:
requests:
cpu: "100m"
limits:
cpu: "900m"

$kubectl apply -f limitrange_pod1.yaml
Error: maximum cpu usage per Container is 800m, but limit is 900m
Remove min and max values and run, it will apply default values defined in limitrange. (110m and 700m)

apiVersion: v1
kind: Pod
metadata:
name: busybox1
spec:
containers:
- name: busybox-cnt01
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]

$kubectl apply -f limitrange_pod1.yaml
$kubectl delete -f limitrange_pod1.yaml

Total 4 containers are creating in this example, if you add all four containers cpu which will be more than defined max cpu vlaue, so it will give error that max cpu limit is exceeded.

$vim limitrange_pod1.yaml

apiVersion: v1
kind: Pod
metadata:
name: busybox1
spec:
containers:
- name: busybox-cnt01 #first container
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
resources:
requests:
cpu: "100m"
limits:
cpu: "900m"
- name: busybox-cnt02 #second container
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"]
resources:
requests:
cpu: "100m"
- name: busybox-cnt03 #third container
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"]
resources:
limits:
cpu: "500m"
- name: busybox-cnt04 #fourth container
image: busybox:1.28
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"]

$kubectl apply -f limitrange_pod1.yaml
Error from server (Forbidden): error when creating "limitrange_pod1.yaml": pods "busybox1" is forbidden: maximum cpu usage per Container is 800m, but limit is 900m
first container max cpu is defined 900m, change it to 500m and run.
$kubectl apply-f limitrange_pod1.yaml
$kubectl describe pod (check all four container cpu details)

Example of cpu and memory:
- $ vim limit-mem-cpu-per-container.yaml (create a yaml file) download yaml file.
- $kubectl create namespace limitrange-demo (create namespace)
- $kubectl config set-context --current --namespace=limitrange-demo (set context, it will set default namespace, you will not required to enter -n namespace while deployment)
- In the above min,max, default memory and cpu has been defined.
- default values is the max value when no values has been defined while creation. defaultRequest is the min values if no values has been defined.
- limit is applying on container
- $kubectl apply -f limit-mem-cpu-per-container.yaml
- $kubectl get limitrange
- $kubectl describe limitrange
- Deploy a container to check the defined min/max cpu & memory setup.
- $vim limit-range-pod-2.yaml
- $kubectl apply -f limit-range-pod-2.yaml
- $kubectl describe pods podname (check the memory and cpu allocation)
- edit yaml file and check with exceeding max limit of cpu/memory or below limit of cpu/memory. (cpu max limit changed to 900)
- Error from server (Forbidden): error when creating "limit-range-pod-2.yaml": pods "busybox1" is forbidden: maximum cpu usage per Container is 800m, but limit is 900m
- Deploy a container to check teh defined min/max cpu & memory limit on multiple pods.
- $vim limit-range-pod-1.yaml
- $kubectl apply -f limit-range-pod-1.yaml
- $kubectl describe pods podname (check details)

Apply limit range on pods:

$kubectl get limitrange
Cluster details
- $kubectl get nodes (Master and Worker1)Apply limit range on containers.
Create a namespace
- $kubectl create namespace limitrange-demo
Set Context
- we do not need to define namespace everytime, as it has been set to limitrange-demo namespace instead of default namespace.
- $kubectl config set-context --current --namespace=limitrange-demo

Limit min/max cpu for pods: https://k8s.io/examples/admin/resource/limit-mem-cpu-pod.yaml

$vim limit_mem_cpu_per_pod.yaml
Note: You can define max and min values in pod limit range but you cannot define default (max) & defaultRequest(min) values in pod as it can be define in container limit range.
if default values specified than you get following error:
- Error: default: Forbidden: may not be specified when 'type' is 'Pod'
- Error: defaultRequest: Forbidden: may not be specified when 'type' is 'Pod'
If you define max value in limitrange yaml file than while deploying you must define max value.

apiVersion: v1

kind: LimitRange

metadata:

spec:

limits:

- max:

cpu: "2"

memory: "2Gi"

min:

cpu: "1"

memory: "1Gi"

type: Pod

$kubectl apply -f limit_mem_cpu_per_pod.yaml
$kubectl get limitrange
$kubectl describe limitrange

Deploy a pod:

$vim limitrange_pod2.yaml

apiVersion: v1

kind: Pod

metadata:

spec:

containers:

- name: busybox-cnt01

image: busybox:1.28

command: ["/bin/sh"]

args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]

resources:

requests:

memory: "100Mi"

cpu: "100m"

limits:

memory: "200Mi"

cpu: "500m"

$kubectl apply -f limitrange_pod2.yaml
pod limit defined memory min 100Mi and max 200Mi, cpu min 100m and max 500m
$kubectl describe pods
limit we have defined in limit range cpu 500m & memory 200Mi, requested to create pod with memory 100Mi and cpu 100 m, pod is created successfully.
$kubectle delete -f limitrange_pod2.yaml
Make changes in the limitrange yaml file and test it.
- if you define only min values than it will assing min values to pod.
- if you define only max values than it will assign max values to pod.
- if you define both min and max values than it will assing min values to pod.
- If no min & max values define in yaml file will get an error:
  - Error from server (Forbidden): error when creating "limitrange_pod2.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2. No limit is specified, maximum memory usage per Pod is 2Gi. No limit is specified]
- if you define multiple pods in yaml file and it will calculate all pods limit and will not create if values exceeded max.

Apply limit range on storage/volumes:
- In Pods/container we do not assign storage directly, first we create a persistent volume (storage), and in PV we create persistent volume claim (a portion in PV) and attach to pod/volumes.
- We set limit range on PVC.
- Cluster details
  - $kubectl get nodes (Master and Worker1)Apply limit range on volumes (PVC).
- Check limitrange created
  - $kubectl get limitrange
- Create a namespace
  - $kubectl create namespace starnamespace
- Limit min/max storage resources: https://k8s.io/examples/admin/resource/storagelimits.yaml
  - $vim storagelimits.yaml
    - apiVersion: v1
      
      kind: LimitRange
      
      metadata:
      
      name: storagelimits
      
      spec:
      
      limits:
      
      - type: PersistentVolumeClaim
      
      max:
      
      storage: 2Gi
      
      min:
      
      storage: 1Gi
  - $kubectl apply -f storagelimits.yaml -n starnamespace (defining namespace as context has not been set)
  - $kubectl describe limitrange -n starnamespace
- Create a persistent volume claim:
  - $vim pvc.yaml : https://k8s.io/examples/admin/resource/pvc-limit-lower.yaml
  - apiVersion: v1
    
    kind: PersistentVolumeClaim
    
    metadata:
    
    name: pvc-limit-lower
    
    spec:
    
    accessModes:
    
    - ReadWriteOnce
    
    resources:
    
    requests:
    
    storage: 1Gi
  - $kubectl apply -f pvc.yaml -n starnamespace
  - $kubectl get pvc -n starnamespace
  - Status is pending as there is no Persistent Volume configured.
  - $kubectl describe pvc -n starnamespace:
  - Error: No persistent volume is available.
- Create persistent volume in Ubuntu:
  - $sudo apt-get install nfs* -y

Context (set namespace)
- When you set context it will set default namespace, when you deploy it will applied to set namespace and do not need to enter -n namespace,
- $kubectl config set-context --current --namespace=namespace1
- Now when you depoloy it will be deployed on namespace1.
- code
Secrets
- A Secret in Kubernetes is an object that allows you to store sensitive information, such as passwords, OAuth tokens, and ssh keys. They are stored in a base64 encoded format.
- code
Config map
- A ConfigMap in Kubernetes is a way to store configuration data separate from application code. It allows you to decouple configuration from your pods
  - sample configmap yaml file.
- code
- code
Kubernetes Storage: PV (Persistence Volume), PVC (Persistence Volume Claim)
- code
- code
- code
code
- code
- code
- code
code
- code
- code
- code
code
- code
- code
- code

Kubernetes Commands & Troubleshooting: click for cheat sheet of kubernetes commands.

$kubectl command argument: kubectl is a program which is responsible for executing kubernestes commands,

apply		It applies changes to Kubernetes resources defined in YAML or JSON files
	kubectl apply -f deployment.yaml	This command applies the code specified in the deployment.yaml file to the cluster.
	kubectl apply -f deployment.yaml --record	This command applies the changes specified in the deployment.yaml file to the deployment and records the changes in the revision history.
	kubectl apply -f pod.yaml --namespace=my-namespace	This command applies the configuration specified in pod.yaml to the namespace my-namespace.
	kubectl apply -f deployment.yaml --namespace=my-namespace --record	This command applies the changes specified in deployment.yaml to the deployment in the namespace my-namespace and records the changes.
	kubectl apply -f ./my-resources/ --recursive	This command applies all YAML files located in the my-resources directory and its subdirectories
	kubectl apply -f pod.yaml --validate=true	This command validates the pod.yaml file before applying changes to the cluster.
	kubectl apply -f pod.yaml --dry-run=client	This command checks if the configuration in pod.yaml can be applied without actually applying it.

annotate		This command adds or updates annotations on Kubernetes resources.
	kubectl annotate pod my-pod description="This is my pod"	This command adds the annotation description="This is my pod" to the pod named my-pod
alias	alias k=kubectl	it sets k as alias for kubectl, you can run k get nodes instead of kubectl get nodes.
api-resources		This command lists all available API resources.
ai-versions
attach
auth
	kubectl api-resources	This command lists all the API resources supported by the Kubernetes API server.
config
completion
cp
create		This command is used to create Kubernetes resources from files or stdin.
	kubectl create -f pod.yaml	This command creates a pod using the configuration specified in the pod.yaml file
	kubectl create namespace my-namespace	This command creates a new namespace named my-namespace
	kubectl create -f ./my-resources/	This command creates Kubernetes resources defined in all .yaml files located in the my-resources directory.
	kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=passw0rd	This command creates a secret named my-secret with two key-value pairs: username=admin and password=passw0rd.
	kubectl create deployment my-deployment --image=my-image:tag	This command creates a deployment named my-deployment using the image my-image:tag.
	kubectl create secret generic my-secret --from-file=./my-secret-file	This command creates a generic secret named my-secret from the contents of the file my-secret-file.
	kubectl create service nodeport my-service --tcp=80:8080	This command creates a NodePort service named my-service to expose a deployment on port 8080.
	kubectl create -f pod.yaml --dry-run=client	This command validates the configuration in pod.yaml without actually creating the pod.
	kubectl create role my-role --verb=get --resource=pods	This command creates a role named my-role with permissions to get pods within the namespace.
	kubectl create serviceaccount my-service-account	This command creates a service account named my-service-account within the current namespace.
	kubectl create configmap my-config --from-literal=key1=value1 --from-literal=key2=value2	This command creates a config map named my-config with two key-value pairs: key1=value1 and key2=value2.
cluster-info		It displays cluster info such as server URL and Kubernetes version.
cluster-info	kubectl cluster-info	This command displays information about the Kubernetes cluster.
delete


debug	kubectl describe pod podname kubectl logs podname
describe

edit
exec
explain
expose

kubectl get: It is used to retrieve Kubernetes resources. For instance:
kubectl get pods (This command retrieves all pods in the current namespace).

kubectl describe: This command provides detailed information about a Kubernetes resource. For example:
kubectl describe pod my-pod
This command describes the pod named my-pod, displaying detailed information including its status, containers, and events.

kubectl delete: It is used to delete Kubernetes resources. For instance:
kubectl delete pod my-pod
This command deletes the pod named my-pod.

kubectl exec: This command executes commands inside a running container in a pod. For example:
kubectl exec -it my-pod -- /bin/bash
This command starts an interactive shell (/bin/bash) inside the pod named my-pod.

kubectl logs: It retrieves the logs of a pod. For instance:
kubectl logs my-pod
This command displays the logs of the pod named my-pod.

kubectl port-forward: This command forwards one or more local ports to a pod. For example:
kubectl port-forward my-pod 8080:80
This command forwards local port 8080 to port 80 on the pod named my-pod.

kubectl scale: It scales the number of replicas of a resource. For instance:
kubectl scale --replicas=3 deployment/my-deployment
This command scales the number of replicas of the deployment named my-deployment to 3.

kubectl edit: This command edits the resource definition in a text editor. For example:
kubectl edit pod my-pod
This command opens the resource definition of the pod named my-pod in a text editor, allowing you to make changes.

kubectl rollout: This command manages rollouts of updates to Kubernetes resources. For example:
kubectl rollout status deployment/my-deployment
This command checks the status of the rollout for the deployment named my-deployment.

kubectl label: It adds or updates labels on Kubernetes resources. For instance:
kubectl label pod my-pod app=backend
This command adds the label app=backend to the pod named my-pod.

kubectl rollout history: This command views rollout history of a deployment. For instance:
kubectl rollout history deployment/my-deployment
This command displays the rollout history of the deployment named my-deployment.

kubectl rollout undo: It rolls back a deployment to a previous revision. For example:
kubectl rollout undo deployment/my-deployment
This command rolls back the deployment named my-deployment to the previous revision.

kubectl apply --dry-run: It simulates the apply of configuration without actually executing it. For example:
kubectl apply -f pod.yaml --dry-run=client
This command checks if the configuration in pod.yaml can be applied without actually applying it.

kubectl get pods -o wide: It retrieves pods with additional details including node name and IP address. For instance:
kubectl get pods -o wide
This command displays pods along with additional details such as the node they are running on and their IP addresses.

kubectl describe node: This command provides detailed information about a Kubernetes node. For example:
kubectl describe node my-node
This command describes the node named my-node, displaying detailed information including its capacity, allocatable resources, and conditions.

kubectl rollout pause: It pauses a rollout of a deployment. For instance:
kubectl rollout pause deployment/my-deployment
This command pauses the rollout of the deployment named my-deployment.

kubectl rollout resume: This command resumes a paused rollout of a deployment. For example:
kubectl rollout resume deployment/my-deployment
This command resumes the paused rollout of the deployment named my-deployment.

kubectl delete namespace: It deletes a Kubernetes namespace and all resources within it. For instance:
kubectl delete namespace my-namespace
This command deletes the namespace named my-namespace along with all resources within it.

kubectl get events: This command retrieves events from the cluster. For example:
kubectl get events
This command retrieves all events from the cluster, displaying information such as type, reason, and message.

kubectl get pods --show-labels: It displays additional labels associated with pods. For instance:
kubectl get pods --show-labels
This command displays pods along with all labels associated with them.

kubectl exec -it my-pod -- ls /app: This command executes a command (ls /app) inside a running container in a pod interactively. For example:
kubectl exec -it my-pod -- ls /app
This command lists the contents of the /app directory inside the pod named my-pod.

kubectl edit deployment: This command opens the deployment configuration in a text editor, allowing you to make changes. For example:
kubectl edit deployment/my-deployment
This command opens the configuration of the deployment named my-deployment in a text editor.

kubectl rollout restart: It restarts a rollout of a deployment by reapplying the current configuration. For instance:
kubectl rollout restart deployment/my-deployment
This command restarts the rollout of the deployment named my-deployment.

kubectl rollout status: This command checks the status of a rollout for a deployment. For example:
kubectl rollout status deployment/my-deployment
This command checks the status of the rollout for the deployment named my-deployment.

kubectl exec -it my-pod -- sh -c 'echo $ENV_VAR': This command executes a shell command (echo $ENV_VAR) inside a running container in a pod. For instance:
kubectl exec -it my-pod -- sh -c 'echo $ENV_VAR'
This command prints the value of the environment variable ENV_VAR inside the pod named my-pod.

kubectl get pods --field-selector=status.phase=Running: This command retrieves pods with a specific status phase, such as Running. For instance:
kubectl get pods --field-selector=status.phase=Running
This command retrieves all pods in the current namespace that are in the Running phase.

kubectl delete pod --grace-period=0 --force my-pod: It forcefully deletes a pod without waiting for the grace period. For example:
kubectl delete pod --grace-period=0 --force my-pod
This command forcefully deletes the pod named my-pod without waiting for the grace period to elapse.

kubectl describe service: This command provides detailed information about a Kubernetes service. For instance:
kubectl describe service my-service
This command describes the service named my-service, displaying detailed information including its endpoints and selectors.

kubectl get deployment -o yaml: This command retrieves deployments and outputs the result in YAML format. For instance:
kubectl get deployment -o yaml
This command retrieves all deployments in the current namespace and outputs the result in YAML format.

kubectl scale deployment: This command scales the number of replicas of a deployment. For example:
kubectl scale deployment/my-deployment --replicas=3
This command scales the deployment named my-deployment to have 3 replicas.

kubectl rollout history deployment: It displays the revision history of a deployment. For instance:
kubectl rollout history deployment/my-deployment
This command shows the revision history of the deployment named my-deployment.

kubectl rollout undo deployment --to-revision=: This command rolls back a deployment to a specific revision. For example:
kubectl rollout undo deployment/my-deployment --to-revision=3
This command rolls back the deployment named my-deployment to the third revision.

kubectl logs -f my-pod: This command streams the logs of a pod continuously. For instance:
kubectl logs -f my-pod
This command continuously streams the logs of the pod named my-pod to the terminal.

kubectl get svc: It retrieves information about services in the cluster. For example:
kubectl get svc
This command retrieves information about all services in the current namespace.

kubectl get pods -n : This command retrieves pods from a specific namespace. For instance:
kubectl get pods -n my-namespace
This command retrieves all pods from the namespace my-namespace.

kubectl delete -f pod.yaml: It deletes resources specified in a YAML file. For example:
kubectl delete -f pod.yaml
This command deletes the resources specified in the pod.yaml file.

kubectl rollout status deployment/my-deployment: This command checks the status of a deployment rollout. For instance:
kubectl rollout status deployment/my-deployment
This command checks the status of the rollout for the deployment named my-deployment.

kubectl exec -it my-pod -- /bin/bash: This command starts an interactive shell inside a pod. For example:
kubectl exec -it my-pod -- /bin/bash
This command opens an interactive shell (/bin/bash) inside the pod named my-pod, allowing you to execute commands within it.

kubectl rollout history deployment/my-deployment --revision=3: It displays details of a specific revision in the rollout history of a deployment. For instance:
kubectl rollout history deployment/my-deployment --revision=3
This command shows details of the third revision in the rollout history of the deployment named my-deployment.

kubectl rollout undo deployment/my-deployment --to-revision=2: This command rolls back a deployment to a specific revision. For example:
kubectl rollout undo deployment/my-deployment --to-revision=2
This command rolls back the deployment named my-deployment to the second revision.

kubectl logs my-pod --tail=100: This command retrieves the last 100 lines of logs from a pod. For example:
kubectl logs my-pod --tail=100
This command retrieves the last 100 lines of logs from the pod named my-pod.

kubectl get services -o wide: It retrieves services with additional details including node port and cluster IP. For instance:
kubectl get services -o wide
This command retrieves services along with additional details such as node port and cluster IP.

kubectl get pods --field-selector=status.phase!=Running: This command retrieves pods with a status phase other than Running. For example:
kubectl get pods --field-selector=status.phase!=Running
This command retrieves all pods in the current namespace that are not in the Running phase.

kubectl delete pod my-pod --force --grace-period=0: It forcefully deletes a pod without waiting for the grace period. For example:
kubectl delete pod my-pod --force --grace-period=0
This command forcefully deletes the pod named my-pod without waiting for the grace period to elapse.

kubectl describe service my-service: This command provides detailed information about a Kubernetes service. For instance:
kubectl describe service my-service
This command describes the service named my-service, displaying detailed information including its endpoints and selectors.

kubectl expose deployment my-deployment --type=LoadBalancer --port=80 --target-port=8080: It exposes a deployment as a service with a specified type, port, and target port. For example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 --target-port=8080
This command exposes the deployment named my-deployment as a LoadBalancer service on port 80, targeting port 8080 on the pods.

kubectl get deployments -l app=my-app: This command retrieves deployments labeled with app=my-app. For example:
kubectl get deployments -l app=my-app
This command retrieves all deployments labeled with app=my-app.

kubectl rollout pause deployment/my-deployment: It pauses the rollout of a deployment. For instance:
kubectl rollout pause deployment/my-deployment
This command pauses the rollout of the deployment named my-deployment.

kubectl rollout resume deployment/my-deployment: This command resumes the rollout of a deployment. For example:
kubectl rollout resume deployment/my-deployment
This command resumes the paused rollout of the deployment named my-deployment.

kubectl logs my-pod --container=nginx: It retrieves logs from a specific container within a pod. For instance:
kubectl logs my-pod --container=nginx
This command retrieves logs from the container named nginx within the pod my-pod.

kubectl get pods --sort-by=.metadata.creationTimestamp: It retrieves pods sorted by creation timestamp. For instance:
kubectl get pods --sort-by=.metadata.creationTimestamp
This command retrieves all pods in the current namespace sorted by their creation timestamp in ascending order.

kubectl describe persistentvolumeclaim my-pvc: This command provides detailed information about a persistent volume claim. For example:
kubectl describe persistentvolumeclaim my-pvc
This command describes the persistent volume claim named my-pvc, displaying detailed information including its status and storage class.

kubectl rollout status deployment/my-deployment --watch: It continuously monitors the status of a deployment rollout. For instance:
kubectl rollout status deployment/my-deployment --watch
This command continuously monitors the status of the rollout for the deployment named my-deployment.

kubectl get pods --field-selector=status.phase=Pending: This command retrieves pods with a status phase of Pending. For example:
kubectl get pods --field-selector=status.phase=Pending
This command retrieves all pods in the current namespace that are in the Pending phase.

kubectl rollout restart deployment/my-deployment: This command restarts a rollout of a deployment by reapplying the current configuration. For example:
kubectl rollout restart deployment/my-deployment
This command restarts the rollout of the deployment named my-deployment.

kubectl label namespace my-namespace env=dev: It adds a label to a namespace. For instance:
kubectl label namespace my-namespace env=dev
This command adds the label env=dev to the namespace named my-namespace.

kubectl delete deployment my-deployment: This command deletes a deployment. For example:
kubectl delete deployment my-deployment
This command deletes the deployment named my-deployment.

kubectl get pods --namespace=my-namespace: It retrieves pods from a specific namespace. For instance:
kubectl get pods --namespace=my-namespace
This command retrieves all pods from the namespace my-namespace.

kubectl describe secret my-secret: This command provides detailed information about a secret. For example:
kubectl describe secret my-secret
This command describes the secret named my-secret, displaying detailed information including its type and data.

kubectl delete service my-service: It deletes a service. For instance:
kubectl delete service my-service
This command deletes the service named my-service.

kubectl get nodes: This command retrieves information about nodes in the cluster. For example:
kubectl get nodes
This command retrieves information about all nodes in the cluster.

kubectl rollout history deployment/my-deployment --revision=3: This command displays details of a specific revision in the rollout history of a deployment. For example:
kubectl rollout history deployment/my-deployment --revision=3
This command shows details of the third revision in the rollout history of the deployment named my-deployment.

kubectl top pods: It displays resource usage (CPU and memory) of pods in the cluster. For instance:
kubectl top pods
This command displays resource usage of all pods in the cluster.

kubectl explain pod: This command provides documentation about the Pod resource, including all its fields and their descriptions. For example:
kubectl explain pod
This command displays detailed documentation about the Pod resource.

kubectl delete namespace my-namespace: It deletes a namespace and all resources within it. For instance:
kubectl delete namespace my-namespace
This command deletes the namespace named my-namespace along with all resources within it.

kubectl get pv: This command retrieves information about persistent volumes in the cluster. For example:
kubectl get pv
This command retrieves information about all persistent volumes in the cluster.

kubectl rollout status deployment/my-deployment --timeout=2m: It checks the status of a rollout and waits for a specific timeout before exiting. For instance:
kubectl rollout status deployment/my-deployment --timeout=2m
This command checks the status of the rollout for the deployment named my-deployment and waits for a maximum of 2 minutes.

kubectl get secrets: It retrieves information about secrets in the cluster. For instance:
kubectl get secrets
This command retrieves information about all secrets in the current namespace.

kubectl rollout undo deployment/my-deployment --to-revision=2 --dry-run: It simulates rolling back a deployment to a specific revision without actually performing the rollback. For example:
kubectl rollout undo deployment/my-deployment --to-revision=2 --dry-run
This command simulates rolling back the deployment named my-deployment to the second revision without actually performing the rollback.

kubectl exec -it my-pod --container=my-container -- /bin/bash: This command starts an interactive shell inside a specific container within a pod. For example:
kubectl exec -it my-pod --container=my-container -- /bin/bash
This command opens an interactive shell (/bin/bash) inside the container named my-container within the pod named my-pod.

kubectl describe persistentvolume my-pv: This command provides detailed information about a persistent volume. For example:
kubectl describe persistentvolume my-pv
This command describes the persistent volume named my-pv, displaying detailed information including its capacity and access modes.

kubectl get events --sort-by=.metadata.creationTimestamp: This command retrieves events sorted by creation timestamp. For example:
kubectl get events --sort-by=.metadata.creationTimestamp
This command retrieves all events in the current namespace sorted by their creation timestamp in ascending order.

kubectl describe ingresses.extensions: It provides detailed information about an Ingress resource. For instance:
kubectl describe ingresses.extensions
This command describes all Ingress resources in the current namespace, displaying detailed information about each Ingress.

kubectl rollout undo deployment/my-deployment --dry-run=client: It simulates rolling back a deployment to the previous revision without actually performing the rollback. For example:
kubectl rollout undo deployment/my-deployment --dry-run=client
This command simulates rolling back the deployment named my-deployment to the previous revision without actually performing the rollback.

kubectl scale deployment/my-deployment --replicas=5 --record: This command scales the number of replicas of a deployment to 5 and records the change. For example:
kubectl scale deployment/my-deployment --replicas=5 --record
This command scales the deployment named my-deployment to have 5 replicas and records the change.

kubectl delete secret my-secret: It deletes a secret. For instance:
kubectl delete secret my-secret
This command deletes the secret named my-secret.

kubectl get ingress: This command retrieves information about Ingress resources in the cluster. For example:
kubectl get ingress
This command retrieves information about all Ingress resources in the current namespace.
code

Pods crashing and restarting with CrashLoopBackOff
- code
code
- code
- code
- code
code
- code
- code
- code
code
- code
- code
- code
code
- code
- code
- code
code
- code
- code
- code

Manifest/Definition/yaml file to create kubernetes components

- PODS can be created with commands or manifest/definition file which is yaml/jason format. These files used to create different types of kubernetes objects, these files contain 4 top level field
- $kubectl explain pod: To get more information how to create definition file.
  - apiVersion: can be considered as a code library. every kubernetes object depends on this code library for handling different activities related to that object.
  - kind: This is used to specify what kubernetes objects has to be created. Each of this kubernetes onjects depend on a specific api version.
  - metadata: Data about the data is called metadata. Here we store user defined information about kubernetes objects. ex. Name, author, supporting platforms etc..
  - spec: This is location where information about the container is stored. name of container, port mapping, env variabal etc..
  - Status:
apiVersion: Depending on kubernetes objects that is creating, corresponding code library can use.

kind apiVersion

Pod v1

Service v1

Namespace v1

Replica Controller v1

ReplicaSet apps/v1

Deployment apps/v1

Comparision of tope level elements of yaml file in docker compose, ansible and kubernetes.

Docker Compose Ansible Kubernetes

version:
services: - Name:
hosts:
tasks: apiversion:
kind:
metadata:
specs:

Create a pod, define labels and assign memory limit

$vim 1.yaml (two servers are deploying webserver1 & webserver2 in a pod web-server1)
$vim 2.yml (//server deployed in a pod with memory limit) (https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/)

//1.yaml

apiVersion: v1
kind: Pod
metadata:
name: web-server1
spec:
containers:
- name: webserver1
image: tomcat
- name: webserver2
image: nginx

//2.yaml

apiVersion: v1
kind: Pod
metadata:
name: memory-demo

spec:
containers:
- name: webserver1
image: nginx
resources:
requests:
memory: "100Mi"
limits:
memory: "200Mi"

it is key value paire, where keys are predefined but under labels you can define your own keys and values.
$kubectl create -f web-server1.yml or $kubectl apply -f web-server1.yml
$kubectl get pods
$kubectl describe pod web-server1
$kubectl delete -f web-server1.yml

check memory limit:
- $kubectl top pod memory-demo --namespace=default
Error: Metrics API not available
- Solution: If you use one master node, run this command to create the metrics-server:
- $kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
- If you have high availability then run
- $kubectl apply -f https://raw.githubusercontent.com/pythianarora/total-practice/master/sample-kubernetes-code/metrics-server.yaml

Create 2 PODs for nginx & tomcat, label:.

$sudo vi dual-pod.yml

apiVersion: v1
kind: Pod
metadata:
name: memory-demo
labels:
author: aziz
spec:
containers:
- name: webserver1
image: nginx
resources:
requests:
memory: "100Mi"
limits:
memory: "100Mi"
- name: webserver2
image: tomcat
resources:
requests:
memory: "100Mi"
limits:
memory: "200Mi"

$kubectl create -f dual-pod.yml
$kubectl get pods
$kubectl get pods dual-pod --show-labels (it will show label of pods as well)

apiVersion,kind, metadata & spec in same line.
In metadata: name & labels in same line while author with one space
In spec: -name, image,resources in same position, requests & limites in same position and memory in same position.
code

Definition File Example3: Create a pod definition file which creates a pod from postgress docker image and container name should be mydb, this container should be created in a pod name postgress-pod. Give the labels as author: aziz type: database.
- - $sudo vim pod-definition2.yml
  ---
  apiVersion: v1
  kind: Pod
  metadata:
  name: postgress-pod
  labels:
     author: aziz
     type: database
  spec:
  containers:
     - name: mydb
  image: postgres
  ...
  - $kubectl create -f pod-definition2.yml
- code
- code

Definition File example4: create pod definition file which will start a pod in which can have mysql container, the name of pod should be sql-pod and also pass necessary environment variables.

$sudo vim pod-definition4.yml

---
apiVersion: v1
kind: Pod
metadata:
name: sql-pod
labels:
   author: aziz
   type: database
spec:
containers:
   - name: mysql
     image: mysql:5
     env:
      - name: MYSQL_ROOT_PASSWORD
        value: India123
...

$kubectl create -f pod-definition4.yml
$kubectl delete -f pod-definition4.yml

code
code

Definition File example5: Create a pod definition file which will start a pod in which can have jenkins and port mapping 8080.

$sudo vim pod-definition5.yml

---
apiVersion: v1

kind: Pod
metadata:
name: jenkins-pod
labels:
author: aziz
spec:
containers:
   - name: myjenkins
   image: jenkins/jenkins
   ports:
      - containerPort: 8080
        hostPort: 8080
...

In docker container we define port in run command -p 8080:5050 where 8080 is default container port mapped to 5050,

here container port is 8080 which is mapped to 8080 so you can access from your laptop with 8080 port.

$kubectl create -f pod-definition5.yml
To access the jenkins.
- $kubectl get pods -o wide (get the node on which pod is running).
- $kubectl get nodes -o wide (take the public IP of node on which pod is running.
- browser: publicIP:8080
- open port 8080
  - $gcloud compute firewall-rules create jenkinsrule --allow tcp:8080

kompose Install: Implementing docker compose in kuberntes is called kompose, we can create multi container architecture as defined in the docker compose file. Deployed that in kubernetes cluster.
- search in google kompose install, choose from digitalocean site https://www.digitalocean.com/community/tutorials/how-to-migrate-a-docker-compose-workflow-to-kubernetes
code

Definition File Example6: Create a docker compose file for linking 3 replicas of wordpress with one replica of mysql.

$sudo vi docker-compose.yml

---
version: '3'
services:
mydb:
   image: mysql:5
    environment:
     MYSQL_ROOT_PASSWORD: India123
mywordpress:
   image: wordpress
   ports:
     - 9090:80
   deploy:
    replicas: 3
...

To start all the services from the above compose file
- $kompose up
To delete all the services
- $kompose down

code
code

Definition File example9: Create RelicaSet file whch will create 4 replicas of httpd pods and these replicas should be selected based on type = webserver

$sudo vim definition_example9.yml

---
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: httpd-rs
labels:
author: aziz
type: webserver
spec:
replicas: 4
selector:
matchLabels:
type: webserver
template:
metadata:
name: httpd-pod
labels:
type: webserver
spec:
containers:
- name: myhttpd:
image: httpd
ports:
-containerPort: 80
hostPort: 8888
...

$kubectl create -f rs-definition-example9.yml
$kubectl get pods -o wide

Scaling: You can add / remove number of replicas from ReplicasSet
- In the above example make replicaset = 6. edit the definition_ecample9.yml and change replicas: 6
- $kubectl replace -f rs-definition-example9.yml
- You can scale number from command without editing definition file.
- $kubectl scale --replicas=3 -f rs-definition-example9.yml

Projects

Configuration of kubernetes cluster, jenkins, sonarqueb, nexus, deployed

Phase 1: create infrastructure: Ubuntu 22.04 LTS, min 4GB, 2 CPU, 30 GB Disk.

Create 3 VMS for Kubernetes Cluster (1 Master & 2 Nodes), Scan for Vulnerabilities and Issues.

allow the following ports:
- SMTP 25
- Custom TCP 3000-10000
- HTTP 80
- HTTPS 443
- SSH 22
- Custom TCP 6443
- SMTPS 465 (Email notification to be send to Gmail Account)
- Custom TCP 30000 - 32767 (This range is used for deployment of application in kubernetes)
Ensure you have root access on both the master and workder nodes.
Ensure Swapoff

Step 1: run the script on both master and workder nodes. or You can run each command one by one.

#!/bin/bash

# Update package lists
sudo apt-get update

# Install Docker
sudo apt install docker.io -y
sudo chmod 666 /var/run/docker.sock

# Install dependencies for Kubernetes
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
sudo mkdir -p -m 755 /etc/apt/keyrings

# Update package lists again
sudo apt update

# Install Kubernetes components
sudo apt install -y kubeadm=1.28.1-1.1 kubelet=1.28.1-1.1 kubectl=1.28.1-1.1

$vi 1.sh (paste script)
$sudo chmod +x 1.sh
$./1.sh

Step 2: Setting up Master node: Run the script on master node only

#!/bin/bash

# Initialize Kubernetes master
sudo kubeadm init --pod-network-cidr=192.168.0.0/16

# Configure kubectl for current user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Deploy Calico network plugin
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

# Deploy NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/baremetal/deploy.yaml

$vi 2.sh (paste script)
$sudo chmod +x 2.sh
$./2.sh

Step3: run kubeadm join command on worker nodes to join the master node.
- kubeadm join 172.31.9.190:6443 --token ls529u.ykksgopsic7kuh9h \
  --discovery-token-ca-cert-hash sha256:fe1d1adc7057d4c48dd6ff8eb41498b18d12e7ab3b5d7f25a346bcb504a567c1
on master node run $kubectl get nodes
Step 4: Scanning Kubernetes Cluster:
- Kubeaudit and Trivy can be use for scanning kubernetes.
- Go to https://github.com/Shopify/kubeaudit/releases
- copy link address of version: kubeaudit_0.22.1_linux_amd64.tar.gz
- $wget https://github.com/Shopify/kubeaudit/releases/download/v0.22.1/kubeaudit_0.22.1_linux_amd64.tar.gz
- $tar -xvzf kubeaudit_0.22.1_linux_amd64.tar.gz
- $sudo mv kubeaudit /usr/local/bin/
- $kubeaudit all (it will scan the whole cluster and give errors, there might be some errors because RBAC is not setup and service account is not created etc..)

Create a VM for Jenkins Tools:
- Update apt respository and install JDK.
  - $sudo apt-get update
  - $sudo apt install openjdk-17-jre-headless (install java if it is not installed)
- Download: In google search jenkis download and click jenkins download and deployment(https://www.jenkins.io/download/), click Ubuntu/Debian and copy the url. (Jenkins Debian Packages)
  - #wget -O /usr/share/keyrings/jenkins-keyring.asc \https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
  - #
```
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
    /etc/apt/sources.list.d/jenkins.list > /dev/null
```
  - $apt-get install jenkins
  - $sudo systemctl start jenkins
  - $ sudo systemctl enable jenkins
  - $sudo systemctl status jenkins
Create a VM for SonarQube Server
- $sudo apt update
- $sudo apt install openjdk-17-jre-headless
- Install Docker (it can be installed with sudo apt install docker.io but it did not install all plugins, ce-certificate etc.) it is recommended to install by
- Go to google and search install docker on ubuntu (https://docs.docker.com/engine/install/ubuntu/)
- copy the apt's repository, open a file $vi docker.sh (paste it), $sudo chmod +x docker.sh $./docker.sh
- # Add Docker's official GPG key:
  sudo apt-get update
  sudo apt-get install ca-certificates curl
  sudo install -m 0755 -d /etc/apt/keyrings
  sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
  sudo chmod a+r /etc/apt/keyrings/docker.asc
  
  # Add the repository to Apt sources:
  echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  sudo apt-get update
- Install docker
- $sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- Check docker running
- $sudo docker run hello-world
- Assign permission to other users
- $sudo chmod 666 /var/run/docker.sock
- Install sonarqube:
- $docker run -d --name sona -p 9000:9000 sonarqube:lts-community
- Access:
- http://ip:9000:9000
Create a VM for Nexus Server with min 4GB RAM, 2CPU, 20GB Disk.
- $sudo apt update
- $sudo apt install openjdk-17-jre-headless
- Install Docker (it can be installed with sudo apt install docker.io but it did not install all plugins, ce-certificate etc.) it is recommended to install by
- Go to google and search install docker on ubuntu (https://docs.docker.com/engine/install/ubuntu/)
- copy the apt's repository, open a file $vi docker.sh (paste it), $sudo chmod +x docker.sh $./docker.sh
- # Add Docker's official GPG key:
  sudo apt-get update
  sudo apt-get install ca-certificates curl
  sudo install -m 0755 -d /etc/apt/keyrings
  sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
  sudo chmod a+r /etc/apt/keyrings/docker.asc
  
  # Add the repository to Apt sources:
  echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  sudo apt-get update
- Install docker
- $sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- Check docker running
- $sudo docker run hello-world
- Assign permission to other users
- $sudo chmod 666 /var/run/docker.sock
- Install Nexus
- $docker run -it --name nexus3 -p 8081:8081 sonatype/nexus3 (if no tag given it will install latest, it will run in interactive mode so can view progress)
- Access:
- http://ip:8081
Create a VM for Monitoring

Phase 2: Git Repository:
- Login to Github
- new repository: name=Boardgame, private, create repository.
- Install gitbash in local computer: visit https://git-scm.com/downloads
- copy url : https://github.com/stardistributors/Boardgame.git
- Go to local computer where you have source code of Boardgame: right click and open gitbash (access needed)
- c:/git clone https://github.com/stardistributors/Boardgame.git
- select sign in: select option token
  - generate token in github, click on profile/settings/developer settings/personal access token/token(classic), select required repo and generate.
- push source code
Phase 3: Setup CICD
- CICD - Jenkins:
- Install the following plugins
  - eclipse temurin installer
    config file provider
    Pipeline maven integration
    sonarQube Scanner
    Docker
    Docker pipeline
  - Docker Build Step
    kubernetes
    kubernetes CLI
    kubernetes credentials
    Kubernetes client API
  - maven integration
- Configure plugins: go to tools
  - jdk: Name=jdk17, automatically, from adoptium.net , version=jdk-17.09+9
  - SonarQube Scanner= Name=sonar, version=5.0.1.3006,
  - Maven Installtion= Name=maven3, Install Automatically=install from apache, version=3.6.1
  - Docker Installation = Name=docker, install automatically=download from docker, version = latest
- Create CICD Pipeline
  - new item, name = Boardgame, pipeline
- Best Practice
  - Discard old builds (max number of old builds=2)
  - select hello-world script and make necessary changes.
  - click here for complete script.
    - trivy install
    - File System Scan: scan for vulnarability and find out any critical data in code, Trivy plugin is not availble so it need to be installed, install it in jenkins server.
    - run this command in jenkins server. $sudo vi trivy.sh $sudo chmod +x trivy.sh $./trivy.sh
    - sudo apt-get install wget apt-transport-https gnupg lsb-release
      wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
      echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
      sudo apt-get update
      sudo apt-get install trivy -y
    - or run this only(if above script gives an error)
    - wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
      sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
  - Sonarqube webhook script for Quality Gate:
    - script { waitForQualityGate abortPipeline: false, credentialsId: '----' }
  - Publish Artifact to nexus
    - Add repository URL in pom.xml file
    - go to pom.xml file and add
      
      <distributionManagement>
      
      <repository>
      
      <id>maven-releases</id>
      
      <url>http://ip:8081/repository/maven-releases/</url>
      
      </repository>
      
      <snapshotRepository>
      
      <id>maven-snapshots</id>
      
      <url>http://ip:8081/repository/maven-snapshots/</url>
      
      </snapshotRepository>
      
      </distributionManagement>
      
      commit changes and save
    - now add the credentials:
      
      go to jenkins/manage jenkins/managed files: add new config,
      
      select global maven settings.xml
      
      Id=global settings
      
      search server and remove --> and paste in earlier lines and add server details
      
      <server>
      <id>maven-releases</id>
      <username>admin</username>
      <password>Trustu786</password>
      </server>
      
      <server>
      <id>maven-snapshots</id>
      <username>admin</username>
      <password>Trustu786</password>
      </server>
      
      open pipeline syntax and select withmaven:provide maven environment
      
      maven=maven3
      
      jdk=jdk17
      
      globalmavensettings Config = myglobalSettings
      
      Generate script.
      
      open pipeline syntax and select with docker registry: Sets up Docker registry endpoint
      
      Docker Registry URL =
      
      Registry credentials= +add: name=aziz27uk, password = Yezdani6! (docker hub credentials)
      
      Docker installation = docker
      
      generate script
    - Create service account for docker deployment.(RBAC)
      
      go to https://github.com/jaiswaladi246/EKS-Complete/blob/main/Steps-eks.md
      
      copy creating service account.
      
      Go to master node and create vi svc.yaml
      
      paste the content.
- Security Measures
- Deployment of Application
- Mail notification of pipeline status
Phase 4: Monitoring
- System Level Monitoring
- Application Level Monitoring

Full Stack BoardGame
- click for details
- code
- code
Microservice using multi branch pipeline
- The entire project is divided into 11 micro services parts, modification of any part will be easy, it can independently be deployed and cannot effect to other service.
- Github repository: There are 13 different branches and each branch represents one service. https://github.com/stardistributors/Microservice.git
  - main: it contain deployment-service.yml file which is use to deploy the application on EKS cluster.
  - infra-steps: branch is responsible to setup EKS setup on AWS.
  - adservice:
  - cartservice:
  - checkoutservice:
  - currencyservice:
  - emailservice:
  - frontend:
  - loadgenerator:
  - paymentservice:
  - productcatalogservice:
  - recommendationservice:
  - shippingservice:
- Step1: Infrastructure creation on AWS:
  - Create ubuntu 20.04 LTS, t2.large, 25 GB Disk
  - ports open
    - 25 - SMTP
    - 3000 - 10000 (application services runs on these ports)
    - 80 - HTTP
    - 443 -HTTPS
    - 22 - SSH
    - 6443 - Custom
    - 465 - SMTPS (google)
    - 27017 - Custom
    - 30000-32767 Custom
  - To access EKS cluster, define the following user in IAM.
    - create eks user and attach the following policies:
    - AmazonEC2FullAcess
    - AmazonEFSCSIDriverPolicy
    - AmazonEKS_CNI_Policy
    - AmzonEKSClusterPolicy
    - AmazonEKSWorkerNodePolicy
    - AWSCloudFormationFullAccess
    - eks-req
    - IAMFullAccess
  - Configure EKS cluster
- code
- code
EKS cluster setup & Deployment of 10 Tier Microservice Application
- Step 1: Create a user in AWS IAM, create a custom policy and default policies attach to user.
  - Create a user:
    - Log in to the AWS Management Console.
    - Navigate to the IAM dashboard.
    - Click on "Users" in the left sidebar.
    - Click on the "Add user" button. IAM users are created in global Region.
    - Enter a username of your choice.
    - Provide user access to the AWS Management Console: select
    - select iam user, set a password for the user.
    - select assign polices directly to user:
    - search the following policies and attach it to user.
  - Search the default policies
    - AmazonEC2FullAccess
    - AmazonEKS_CNI_Policy
    - AmazonEKSClusterPolicy
    - AmazonEKSWorkerNodePolicy
    - AWSCloudFormationFullAccess
    - IAMFullAccess
    - star-eks-policy (custom policy to allow visual editor)
  - Create a custom policy:
    - click on create policy: select json and enter the following code
      
      {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": "eks:*",
      "Resource": "*"
      }
      ]
      }
      
      save the policy: star-eks-policy (select this policy as well)
  - next and create user: https://533267324249.signin.aws.amazon.com/console
  - Create Access keys:
    - Go to user created (eks-user)/security credentials/ access keys/ create access keys/command line interface and download both the keys .csv file.
- Step 2: Create a VM and run the script to communicate with EKS cluster, Install AWSCLI, kubectl, and eksctl
  - create ubuntu, 20.04, t2Large, 20GB disk
  - access vm through mobaexterm.
  - $sudo apt update
  - create a script and paste the commands
  - $vi install_tools.sh
  - ```
  #!/bin/bash
  
  # Install AWSCLI
  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
  sudo apt install -y unzip
  unzip awscliv2.zip
  sudo ./aws/install
  
  # Install kubectl
  curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
  chmod +x ./kubectl
  sudo mv ./kubectl /usr/local/bin
  kubectl version --short --client
  
  # Install eksctl
  curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
  sudo mv /tmp/eksctl /usr/local/bin
  eksctl version
```
- $sudo chmod +x install_tools.sh
- $./install_tools.sh
- Step 3: Connect to AWS using CLI with user eks-user
  - open mobaexterm and conenct to VM with user ubuntu
  - $aws configure
  - AWS access key Id = paste it from downloaded key of user (eks-user)
  - AWS secret key = paste it
  - Default region name = eu-west-2 (region where VM is created)
  - Default output format =
  - connected to AWS VM
- Step 4: Create EKS cluster: There are many wasy to create EKS cluster, go to aws console and create or create a user or root account and assign roles and copy and paste the below command (will take 10 minutes), cloudformation will create cluster.
  - eksctl create cluster --name=star-eks \
    --region=eu-west-2 \
    --zones=eu-west-2b,eu-west-2c \
    --without-nodegroup
  - EKS cluster "star-eks" in "eu-west-2" region is ready, created without nodegroup which is workernode. only master node is created, it will be created separately.
  - eksctl utils associate-iam-oidc-provider (open Id connect provider) paste the following
    - eksctl utils associate-iam-oidc-provider \
      --region eu-west-2 \
      --cluster star-eks \
      --approve
  - Create nodegroup (workdernodes)
    - eksctl create nodegroup --cluster=star-eks \
      --region=eu-west-2 \
      --name=node2 \
      --node-type=t3.medium \
      --nodes=3 \
      --nodes-min=2 \
      --nodes-max=4 \
      --node-volume-size=20 \
      --ssh-access \
      --ssh-public-key=key-london \
      --managed \
      --asg-access \
      --external-dns-access \
      --full-ecr-access \
      --appmesh-access \
      --alb-ingress-access
    - in the above node name = node2 of t3.medium will be created, 3 nodes will be created and at any time min 2 nodes will be available and if required it goes to 4 by autoscaling.
    - ssh-public-key = key-london (key used to create vm)
    - cloudformation will create nodegroup (worker nodes).
- Step 5: check number of nodes
  - $kubectl get nodes (there will be 3 worker nodes)
- Step 6: Open Inbound traffic
  - Go to AWS services/eks/star-eks/Networking/cluster security group/select communication between the control plane and worker nodes /edit inbound rules and define all traffic. save it
- Step 7: Setup jenkins to deploy application to kubernetes cluster
  - $sudo apt update
  - $sudo apt install openjdk-17-jre-headless
  - $sudo vi jenkins.sh
  - sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
    https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
    echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
    /etc/apt/sources.list.d/jenkins.list > /dev/null
    sudo apt-get update
    sudo apt-get install jenkins
  - $sudo chmod +x jenkins.sh
  - $./jenkins.sh
  - Access on browser: http://publicIP:8080
  - Install the following plugins:
    - Eclipse Temurin installer
    - kubernetes
    - kubernetes CLI
    - Docker
    - maven integration
    - the following are dependent plugins which is also installed
    - kubernetes client API
    - Authentication token API
    - kubernetes credentials
    - metrics
    - cloud statistics
    - docker commons
    - Apache HttpComponents Client 5xAPI
    - Docker API
    - Loading Plugin Extenstions
- Step 8: create service account, role, bind role with service account, generate token
  - Create namespace
    - $kubectl create namespace devops
  - Validate the yaml code on https://www.yamllint.com/
  - Create service account
    - $vi service_account.yml (paste the following code)
    - apiVersion: v1
      kind: ServiceAccount
      metadata:
      name: jenkins
      namespace: devops
    - $kubectl apply -f service_account.yml
  - Create Role:
    - apiVersion: rbac.authorization.k8s.io/v1
      kind: Role
      metadata:
      name: app-role
      namespace: devops
      rules:
      - apiGroups:
      - ""
      - apps
      - autoscaling
      - batch
      - extensions
      - policy
      - rbac.authorization.k8s.io
      resources:
      - pods
      - secrets
      - componentstatuses
      - configmaps
      - daemonsets
      - deployments
      - events
      - endpoints
      - horizontalpodautoscalers
      - ingress
      - jobs
      - limitranges
      - namespaces
      - nodes
      - pods
      - persistentvolumes
      - persistentvolumeclaims
      - resourcequotas
      - replicasets
      - replicationcontrollers
      - serviceaccounts
      - services
      verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - Bind Role with Service Account
    - apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
      name: app-rolebinding
      namespace: webapps
      roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: app-role
      subjects:
      - namespace: webapps
      kind: ServiceAccount
      name: jenkins
  - Generate Token using service account in the namespace
    - apiVersion: v1
      kind: Secret
      type: kubernetes.io/service-account-token
      metadata:
      name: mysecretname
      annotations:
      kubernetes.io/service-account.name: jenkins
    - $
  - To view secret file run
    - $kubectl -n devops describe secret mysecretnam
    - copy the token which will be use for authentication.
- Step 9: Install docker
  - $sudo apt install docker.io
  - $sudo chmod 666 /var/run/docker.sock or $sudo usermod -aG docker jenkins & $sudo newgrp docker
  - $systemctl restart docker
  - $systemctl enable docker
- Step 10: create a pipeline
  - jenkins/new item/ name = 10-Tier, pipeline
  - Groovy script: click pipeline syntax to open snippet generator
    - connection between jenkins and kubernetes: select withKubeConfig: Configure Kubernetes CLI (kubectl)
    - Credentials: click add, secret text and paste the token which ws copied from secret file.
- Step 11: run the following command to create config file
  - $aws eks update-kubeconfig --region eu-west-2 --name star-eks
secretsanta-generator
- code
- code
- code
Python Webapp
- code
- code
- code
Shopping Cart
- Phase 1: create infrastructure: Ubuntu 22.04 LTS, min 16GB, 2 CPU, 100 GB Disk.
  - Create 2 VMS (ubuntu) for Kubernetes Cluster on premises (1 Master & 1 Node)
  - First VM for kubernetes master node- 2CPU, 16 GB RAM, 50GB Disk.
  - Second VM for kubernetes Worker1 node - 1CPU, 8GB RAM, 30GB Disk.
  - Third VM for Jenkins, Sonar, Nexus, OWASP Dependency check, Trivy - 4CPU, 32GB RAM, 100 GB Disk.
    
    allow the following ports:
    
    SMTP 25
    
    Custom TCP 3000-10000
    
    HTTP 80
    
    HTTPS 443
    
    SSH 22
    
    Custom TCP 6443
    
    SMTPS 465 (Email notification to be send to Gmail Account)
    
    Custom TCP 30000 - 32767 (This range is used for deployment of application in kubernetes)
    
    Perform Step-1 to Step-7 on all nodes.
    
    Step 1 Prerequisite:
    
    Minimal Install Ubuntu 22.04, Create 2 ubuntu VM one master node and 1 worker node, Download ubuntu from https://ubuntu.com/download/desktop (20.04 LTS)
    
    Sudo user with admin rights: $sudo su
    
    Internet connectivity
    
    Step 2: Assing IP and Set Hostname, hosts file
    
    Manual IP in Ubuntu 192.168.171.50 (51), 255.255.255.0, GW:192.168.171.2
    
    $sudo hostnamectl set-hostname master, $sudo hostnamectl set-hostname worker1.
    
    $exec bash
    
    $sudo vi /etc/hosts (add IP & hostname of all nodes, 192.168.171.50 master, 192.168.171.51 worker1) save and exit.
    
    Step 3 : Disable Swap and Kernel Parameters
    
    $sudo swapoff -a
    
    $sudo sed -i '/ swap / s/^$.*$$/#\1/g' /etc/fstab
    
    $sudo tee /etc/modules-load.d/containerd.conf <<EOF
    overlay
    br_netfilter
    EOF
    
    $sudo modprobe overlay
    
    $sudo modprobe br_netfilter
    
    run tee command
    
    $sudo tee /etc/sysctl.d/kubernetes.conf <<EOT
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    EOT
    
    Reload the above changes
    
    $sudo sysctl --system
    
    Step 4: Install Containerd Runtime (Docker)
    
    First install dependencies for containerd runtime:
    
    $sudo apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates
    
    Enable Docker Repository:
    
    $sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg
    
    $sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    
    Run the following apt command to install containerd
    
    $sudo apt update
    
    sudo apt install -y containerd.io
    
    Step 5: Configure containerd so that it starts using systemd as cgroup
    
    $containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
    
    $sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
    
    Restart & Enable Containerd
    
    $sudo systemctl restart containerd
    
    $sudo systemctl enable containerd
    
    Step 6: Kubernetes package is not available in the default Ubuntu 22.04 package repositories. So we need to add Kubernetes repository. run following command to download public signing key,Step 6: Add APT repository for Kubernetes:
    
    $curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
    
    Run the following command echo command to add kubernetes apt repository.
    
    $echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
    
    Kubernetes v1.28 was available, replace this version with new higher version if available.
    
    Step 7: Install Kubectl, Kubeadm, Kubelet
    
    $ sudo apt update
    
    $ sudo apt install -y kubelet kubeadm kubectl
    
    $ sudo apt-mark hold kubelet kubeadm kubectl
    
    Perform Step 8 on Master node only
    
    Step 8: Install Kubernetes Cluster
    
    $sudo kubeadm init --control-plane=master
    
    After the initialization is complete, you will see a message with instructions on how to join worker nodes to the cluster. Make a note of the kubeadm join command for future reference.
    
    kubeadm join master:6443 --token sprb01.byn0v48rbmwodr8c \
    --discovery-token-ca-cert-hash sha256:46f3a54131c98e4d934e18aa82629395ea800607834e92d97bca607efaa5fec8
    
    So, to start interacting with cluster, run following commands on the master node,
    
    $ mkdir -p $HOME/.kube
    
    $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    
    $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
    
    run following kubectl commands to view cluster and node status:
    
    $ kubectl cluster-info
    
    $ kubectl get nodes
    
    Step 9: Join worker nodes to the Cluster.
    
    Run on each worker node the following command to join cluster.
    
    kubeadm join master:6443 --token sprb01.byn0v48rbmwodr8c \
    --discovery-token-ca-cert-hash sha256:46f3a54131c98e4d934e18aa82629395ea800607834e92d97bca607efaa5fec8
    
    Step 10: check cluster nodes on master node
    
    $kubectl get nodes (it will show all nodes)
    
    nodes status is 'Not Ready', so to make it active. must install CNI (Container Network Interface) or network add-on plugs like Calico, Flannel and Wwave-net.
    
    Step 11: Install CNI (Container Network Interface) or network add-on plugs like Calico, Flannel and Wwave-net.
    
    $ kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/calico.yaml
    
    Verify the status of pods in kube-system namespace:
    
    $ kubectl get pods -n kube-system
    
    $kubectl get nodes
    
    Create a VM for Jenkins Tools (install sonrqube+trivy+nexus on same vm or separately):
    
    Update apt respository and install JDK.
    
    $sudo apt-get update
    
    $sudo apt install openjdk-17-jre-headless (install java if it is not installed)
    
    Download: In google search jenkis download and click jenkins download and deployment(https://www.jenkins.io/download/), click Ubuntu/Debian and copy the url. (Jenkins Debian Packages)
    
    #wget -O /usr/share/keyrings/jenkins-keyring.asc \https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
    
    #
    echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null
    
    $apt-get install jenkins
    
    $sudo systemctl start jenkins
    
    $ sudo systemctl enable jenkins
    
    $sudo systemctl status jenkins
  - Create a VM for SonarQube Server
    
    $sudo apt update
    
    $sudo apt install openjdk-17-jre-headless
    
    Install Docker (it can be installed with sudo apt install docker.io but it did not install all plugins, ce-certificate etc.) it is recommended to install by
    
    Go to google and search install docker on ubuntu (https://docs.docker.com/engine/install/ubuntu/)
    
    copy the apt's repository, open a file $vi docker.sh (paste it), $sudo chmod +x docker.sh $./docker.sh
    
    # Add Docker's official GPG key:
    sudo apt-get update
    sudo apt-get install ca-certificates curl
    sudo install -m 0755 -d /etc/apt/keyrings
    sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
    sudo chmod a+r /etc/apt/keyrings/docker.asc
    
    # Add the repository to Apt sources:
    echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt-get update
    
    Install docker
    
    $sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    
    Check docker running
    
    $sudo docker run hello-world
    
    Assign permission to other users
    
    $sudo chmod 666 /var/run/docker.sock
    
    Install sonarqube:
    
    $docker run -d --name sona -p 9000:9000 sonarqube:lts-community
    
    Access:
    
    http://ip:9000:9000
  - Create a VM for Nexus Server with min 4GB RAM, 2CPU, 20GB Disk.
    
    $sudo apt update
    
    $sudo apt install openjdk-17-jre-headless
    
    Install Docker (it can be installed with sudo apt install docker.io but it did not install all plugins, ce-certificate etc.) it is recommended to install by
    
    Go to google and search install docker on ubuntu (https://docs.docker.com/engine/install/ubuntu/)
    
    copy the apt's repository, open a file $vi docker.sh (paste it), $sudo chmod +x docker.sh $./docker.sh
    
    # Add Docker's official GPG key:
    sudo apt-get update
    sudo apt-get install ca-certificates curl
    sudo install -m 0755 -d /etc/apt/keyrings
    sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
    sudo chmod a+r /etc/apt/keyrings/docker.asc
    
    # Add the repository to Apt sources:
    echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt-get update
    
    Install docker
    
    $sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    
    Check docker running
    
    $sudo docker run hello-world
    
    Assign permission to other users
    
    $sudo chmod 666 /var/run/docker.sock
    
    Install Nexus
    
    $docker run -it --name nexus3 -p 8081:8081 sonatype/nexus3 (if no tag given it will install latest, it will run in interactive mode so can view progress)
    
    Access:
    
    http://ip:8081
  - Create a VM for Monitoring
- Phase 2: Git Repository:
  - Login to Github
  - repository: name=shopping-cart. (https://github.com/stardistributors/shopping-cart.git)
- Phase 3: Setup CICD
  - CICD - Jenkins:
  - Install the following plugins
    
    eclipse temurin installer
    config file provider
    maven integration
    pipeline maven integration
    sonarQube Scanner
    Docker
    Docker pipeline
    Docker Build Step
    kubernetes
    kubernetes CLI
    kubernetes credentials
    Kubernetes client API
  - Configure plugins: go to tools
    
    jdk: Name=jdk17, automatically, from adoptium.net , version=jdk-17.09+9
    
    SonarQube Scanner= Name=sonar-scanner, version=5.0.1.3006,
    
    Maven Installtion= Name=maven3, Install Automatically=install from apache, version=3.6.1
    
    Docker Installation = Name=docker, install automatically=download from docker, version = latest
  - Create CICD Pipeline
    
    new item, name = shopping-cart, pipeline
    
    Explanation of groovy script stages:
  - Best Practice
    
    Discard old builds (max number of old builds=2)
    
    click here for complete script.
    
    trivy install
    
    File System Scan: scan for vulnarability and find out any critical data in code, Trivy plugin is not availble so it need to be installed, install it in jenkins server.
    
    run this command in jenkins server. $sudo vi trivy.sh $sudo chmod +x trivy.sh $./trivy.sh
    
    sudo apt-get install wget apt-transport-https gnupg lsb-release
    wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
    echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
    sudo apt-get update
    sudo apt-get install trivy -y
    
    or run this only(if above script gives an error)
    
    wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
    sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
    
    Publish Artifact to nexus
    
    Add repository URL in pom.xml file
    
    go to pom.xml file and add
    
    <distributionManagement>
    <repository>
    <id>maven-releases</id>
    <url>http://192.168.171.52:8081/repository/maven-releases/</url>
    </repository>
    <snapshotRepository>
    <id>maven-snapshots</id>
    <url>http://192.168.171.50:8081/repository/maven-snapshots/</url>
    </snapshotRepository>
    </distributionManagement>
    
    commit changes and save
    
    now add the credentials:
    
    go to jenkins/manage jenkins/managed files: add new config,
    
    select global maven settings.xml
    
    Id=global settings
    
    search server and remove --> and paste in earlier lines and add server details
    
    <server>
    <id>maven-releases</id>
    <username>admin</username>
    <password>Trustu786</password>
    </server>
    <server>
    <id>maven-snapshots</id>
    <username>admin</username>
    <password>Trustu786</password>
    </server>
    
    open pipeline syntax and select withmaven:provide maven environment
    
    maven=maven3
    
    jdk=jdk17
    
    globalmavensettings Config = myglobalSettings
    
    Generate script.
    
    open pipeline syntax and select with docker registry: Sets up Docker registry endpoint
    
    Docker Registry URL = (keep blank if docker hub registry is public)
    
    Registry credentials= +add: name=aziz27uk, password = Yezdani6! (docker hub credentials)
    
    Docker installation = docker
    
    generate script
    
    Create service account for docker deployment.(RBAC)
    
    go to https://github.com/stardistributors/shopping-cart/blob/main/Steps-eks.md
    
    copy creating service account.
    
    Go to master node and create $vi svc-account.yaml (paste the code)
    
    apiVersion: v1 kind: ServiceAccount metadata: name: jenkins namespace: webapps
    
    $kubectl apply -f svc-account.yml
    
    copy create role
    
    $vi role.yml (paste the code)
    
    $kubectl apply -f role.yml
    
    copy bind the role to service account
    
    $vi bind.yml (paste the code)
    
    $kubectl apply -f bind.yml
    
    Generate token using service account in the namespace, copy code
    
    apiVersion: v1
    kind: Secret
    type: kubernetes.io/service-account-token
    metadata:
    name: mysecretname
    annotations:
    kubernetes.io/service-account.name: jenkins
    
    $vi secret.yml (paste the above code)
    
    First create a namespace: $kubectl create namespace webapps
    
    $kubectl apply -f secret.yml -n webapps (in the code namespace has not been define so define it in command)
    
    Get the details of secret
    
    $kubectl -n webapps describe secret mysecretname (copy token which is used for authentication to deploy application to kubernetes)
    
    jenkins/global credentials/secret text, paste the token, name=k8-auth
    
    generate code using withKubeConfig:Cofigure Kubernetes CLI (kubectl), find url from $cd root, $cd .kube, $cat config (get server url, name) use these information in generating code
  - run Build now
  - Mail notification of pipeline status
- Phase 4: Monitoring
- Access: open browser http://192.168.171.50:30813 (check console output for port number) deployment stuck in deploying as there is not enough resources on worker1 node.
- Taint disabled: worker1 has not suffecient space to deploy application, so taint need to disable on master node so pod can be deployed on master node.
  - Check taint status: $kubectl describe node master
  - $kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Deploying a MongoDB and a web-based MongoDB management tool called "mongo-express"

apiVersion: v1
kind: ConfigMap
metadata:
  name: mongodb-configmap
data:
  db_host: mongodb-service

apiVersion: v1
kind: Secret
metadata:
  name: mongodb-secret
type: Opaque
data:
  username: dXNlcm5hbWU=
  password: cGFzc3dvcmQ=

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodb
  labels:
    app: mongodb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mongodb
  template:
    metadata:
      labels:
        app: mongodb
    spec:
      containers:
      - name: mongodb
        image: mongo
        ports:
        - containerPort: 27017
        env:
        - name: MONGO_INITDB_ROOT_USERNAME
          valueFrom:
            secretKeyRef:
              name: mongodb-secret
              key: username
        - name: MONGO_INITDB_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mongodb-secret
              key: password

apiVersion: v1
kind: Service
metadata:
  name: mongodb-service
spec:
  selector:
    app: mongodb
  ports:
    - protocol: TCP
      port: 27017
      targetPort: 27017

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongo-express
  labels:
    app: mongo-express
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mongo-express
  template:
    metadata:
      labels:
        app: mongo-express
    spec:
      containers:
      - name: mongo-express
        image: mongo-express
        ports:
        - containerPort: 8081
        env:
        - name: ME_CONFIG_MONGODB_ADMINUSERNAME
          valueFrom:
            secretKeyRef:
              name: mongodb-secret
              key: username
        - name: ME_CONFIG_MONGODB_ADMINPASSWORD
          valueFrom:
            secretKeyRef:
              name: mongodb-secret
              key: password
        - name: ME_CONFIG_MONGODB_SERVER 
          valueFrom: 
            configMapKeyRef:
              name: mongodb-configmap
              key: db_host

apiVersion: v1
kind: Service
metadata:
  name: mongo-express-service
spec:
  selector:
    app: mongo-express
  type: LoadBalancer  
  ports:
    - protocol: TCP
      port: 8081
      targetPort: 8081
      nodePort: 30000

These YAML configuration are Kubernetes manifest file that defines various resources for deploying a MongoDB database and a web-based MongoDB management tool called "mongo-express." Let's break down the different sections and resources defined in this configuration:

ConfigMap (mongodb-configmap):
- apiVersion: v1: Specifies the Kubernetes API version for this resource.
- kind: ConfigMap: Defines a ConfigMap resource, which is used to store configuration data.
- metadata: Metadata for the ConfigMap, including its name.
- data: This section contains key-value pairs of configuration data. In this case, it defines a key db_host with the value mongodb-service. This configuration data can be used by other components in the Kubernetes cluster.
Secret (mongodb-secret):
- apiVersion: v1: Specifies the Kubernetes API version for this resource.
- kind: Secret: Defines a Secret resource, which is used to store sensitive data, typically in base64-encoded form.
- metadata: Metadata for the Secret, including its name.
- type: Opaque: Specifies that this Secret is a generic, opaque secret (not specific to TLS certificates).
- data: This section contains key-value pairs of sensitive data. It includes a username and password, both base64-encoded. These credentials are likely used for authenticating to the MongoDB database.
Deployment (mongodb):
- apiVersion: apps/v1: Specifies the Kubernetes API version for this resource.
- kind: Deployment: Defines a Deployment resource, which manages the desired state of a set of pods.
- metadata: Metadata for the Deployment, including its name and labels.
- spec: Defines the desired state and configuration of the Deployment. It specifies that one replica of the MongoDB pod should be running.
- containers: Specifies the containers running in the pod. In this case, there is a container named "mongodb" based on the "mongo" image. It also sets environment variables for the MongoDB root username and password using values from the "mongodb-secret."
Service (mongodb-service):
- apiVersion: v1: Specifies the Kubernetes API version for this resource.
- kind: Service: Defines a Service resource, which provides network access to pods.
- metadata: Metadata for the Service, including its name.
- spec: Defines the selector to match pods (based on labels) and the port mapping. This service exposes port 27017 and is likely used to access the MongoDB database.
Deployment (mongo-express):
- Similar to the "mongodb" Deployment, this defines a Deployment for "mongo-express," a web-based MongoDB management tool.
- It specifies one replica of the "mongo-express" pod, sets environment variables for the MongoDB admin username and password (using values from "mongodb-secret"), and specifies the "mongo-express" image.
Service (mongo-express-service):
- Defines a Service resource for "mongo-express" with a LoadBalancer type, meaning it can be accessed externally.
- It exposes port 8081, which is likely the port used for accessing the "mongo-express" web interface. The nodePort is set to 30000, indicating that it will be exposed on this port on the cluster nodes.

In summary, this YAML configuration sets up a Kubernetes cluster with a MongoDB database and a web-based MongoDB management tool (mongo-express). It uses ConfigMaps and Secrets to manage configuration and sensitive data and defines Services to allow external access to the MongoDB and mongo-express components.

code
code

Deploying 2048 Game App on AWS EKS Cluster, Configure Ingress Controller| ALB |
Code
- code
Code
- code
Code
- code
Code
- code
Code
- code
Code
- code
Code
- code
Code
- code
Code
- code

Videos:
Example2: Create an nginx pod with the name webserver2. created in definition file/yaml click here.
- $kubectl run --image nginx webserver2 or $kubectl create deployment webserver2 --image=nginx
- pod webserver2 is created with container using image nginx
- $kubectl get pods.
- $kubectl get pods -o wide or $kubectl describe pods webserver2
- To delete the pod
  - $kubectl delete pods webserver2
- To delete the pod permanently
  - $kubectl delete deployment webserver2
Example3: Create an mysql pod with the name dbserver1. created in definition file/yaml click here.
- $kubectl run --image mysql:5 dbserver --env MYSQL_ROOT_PASSWORD=India123
Example4: Load Balancing: Create an tomcat pods 5 replicas with the name appserver1.
- $kubectl run --image tomcat appserver --replicas 5 (error=Error: unknown flag: --replicas), So, you need the minimum version 1.19 to able to use the replicas and port flags as part of the kubectl create deployment command.
Kubernetes object Replica Controller: It is a high level kubernetes object. it is a combination of multiple pods.

definition_example7:

definition_example8:

kubernetes object ReplicaSet:
- It is a high level kubernetes object which is used for managing pods.
- Replicaset uses elements like selector, replicas, remplate for creating replicaset objects.
  - selector: it is used for identifying pods based on specific labels and make them part of the current replicaset.
  - replicas: This is used to specify the desired count of replicas.
  - template: stores information about what should be stored in a pod? like container name, image name, ports etc.
- it is a combination of multiple pods with scaling feature.

kind	apiVersion
Pod	v1
Service	v1
Namespace	v1
Replica Controller	v1
ReplicaSet	apps/v1
Deployment	apps/v1

Docker Compose	Ansible	Kubernetes
version: services:	- Name: hosts: tasks:	apiversion: kind: metadata: specs: