# Getting started

#### Instruction

##### Control plane vs worker nodes

**Control Plane:**

- The control plane is installed on your master node
- Can be both a control plane node and a worker node
- It houses the API server, scheduler, and controller manager settings

**Worker Nodes:**

- This is where the kubelet and kube-proxy are installed
- You can use the kubeadm join command to join workers to the master node to form the cluster

#### First Test

##### New Pod

shell-demo.yaml

```yaml
apiVersion: v1
kind: Pod
metadata:
  name: shell-demo
spec:
  volumes:
  - name: shared-data
    emptyDir: {}
  containers:
  - name: nginx
    image: nginx
    volumeMounts:
    - name: shared-data
      mountPath: /usr/share/nginx/html
  hostNetwork: true
  dnsPolicy: Default
```

Create a Pod

```bash
kubectl apply -f https://k8s.io/examples/application/shell-demo.yaml
```

Verify that the container is running

```bash
kubectl get pod shell-demo

# Get a shell to the running container
kubectl exec -it shell-demo -- /bin/bash
```

##### New Deployment

nginx-deployment.yaml:

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
```

Create a Deployment

```bash
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml

# Without a yaml file
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
EOF
```

Verify

```bash
kubectl get deployments
kubectl get pods --show-labels
```

#### Networking

##### Inbound Rules for K3s Nodes

<table id="bkmrk-protocol-port-source"><thead><tr><th>Protocol</th><th>Port</th><th>Source</th><th>Destination</th><th>Description</th></tr></thead><tbody><tr><td>TCP</td><td>2379-2380</td><td>Servers</td><td>Servers</td><td>Required only for HA with embedded etcd</td></tr><tr><td>TCP</td><td>6443</td><td>Agents</td><td>Servers</td><td>K3s supervisor and Kubernetes API Server</td></tr><tr><td>UDP</td><td>8472</td><td>All nodes</td><td>All nodes</td><td>Required only for Flannel VXLAN</td></tr><tr><td>TCP</td><td>10250</td><td>All nodes</td><td>All nodes</td><td>Kubelet metrics</td></tr><tr><td>UDP</td><td>51820</td><td>All nodes</td><td>All nodes</td><td>Required only for Flannel Wireguard with IPv4</td></tr><tr><td>UDP</td><td>51821</td><td>All nodes</td><td>All nodes</td><td>Required only for Flannel Wireguard with IPv6</td></tr><tr><td>TCP</td><td>5001</td><td>All nodes</td><td>All nodes</td><td>Required only for embedded distributed registry (Spegel)</td></tr><tr><td>TCP</td><td>6443</td><td>All nodes</td><td>All nodes</td><td>Required only for embedded distributed registry (Spegel)</td></tr></tbody></table>

Typically, all outbound traffic is allowed.

##### Network access to other pods

- Different Namespace: `http://<service-name>.<namespace>:<port>`
- Same Namespace: `http://<service-name>:<port>`

##### Network access within the same pod

- http://localhost:&lt;port&gt;
- 每個 container 有不一樣的 port