Kubernetes basics
Instruction
Control plane vs worker nodes
Control Plane:
- The control plane is installed on your master node
- Can be both a control plane node and a worker node
- It houses the API server, scheduler, and controller manager settings
Worker Nodes:
- This is where the kubelet and kube-proxy are installed
- You can use the kubeadm join command to join workers to the master node to form the cluster
Deployment Test
shell-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: shell-demo
spec:
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: nginx
image: nginx
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
hostNetwork: true
dnsPolicy: DefaultDeploy a Pod
kubectl apply -f https://k8s.io/examples/application/shell-demo.yamlVerify that the container is running
kubectl get pod shell-demo
# Get a shell to the running container
kubectl exec -it shell-demo -- /bin/bashCommon commands
kubectl
myapp.yaml:
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
namespace: mem-example
spec:
containers:
- name: memory-demo-ctr
image: polinux/stress
resources:
requests:
memory: "100Mi"
limits:
memory: "200Mi"
command: ["stress"]
args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
#
kubectl version
kubectl config view
kubectl config view --minify --raw
# Create a namespace mem-example
kubectl create namespace mem-example
kubectl get ns
# Create a pod memory-demo
kubectl apply -f myapp.yaml
# Check the nodes
kubectl get nodes
kubectl describe nodes
# Check the pods
kubectl get pods
kubectl get all -A
kubectl get pod memory-demo --namespace=mem-example
kubectl get pod memory-demo --output=yaml --namespace=mem-example
kubectl top pod memory-demo --namespace=mem-example
kubectl describe pod memory-demo --namespace=mem-example
# Delete a pod
kubectl delete pod memory-demo --namespace=mem-example
# Delete a namespace
kubectl delete namespace mem-example
# Check service
kubectl get svc -n <name-space>Monitor the log
kubectl logs -f deployment/<pod-name> -n <name-space>Networking
Inbound Rules for K3s Nodes
| Protocol | Port | Source | Destination | Description |
|---|---|---|---|---|
| TCP | 2379-2380 | Servers | Servers | Required only for HA with embedded etcd |
| TCP | 6443 | Agents | Servers | K3s supervisor and Kubernetes API Server |
| UDP | 8472 | All nodes | All nodes | Required only for Flannel VXLAN |
| TCP | 10250 | All nodes | All nodes | Kubelet metrics |
| UDP | 51820 | All nodes | All nodes | Required only for Flannel Wireguard with IPv4 |
| UDP | 51821 | All nodes | All nodes | Required only for Flannel Wireguard with IPv6 |
| TCP | 5001 | All nodes | All nodes | Required only for embedded distributed registry (Spegel) |
| TCP | 6443 | All nodes | All nodes | Required only for embedded distributed registry (Spegel) |
Typically, all outbound traffic is allowed.
Network access to other pods
- Different Namespace:
http://<service-name>.<namespace>:<port> - Same Namespace:
http://<service-name>:<port>