Kubernetes basics
Instruction
Control plane vs worker nodes
Control Plane:
- The control plane is installed on your master node
- Can be both a control plane node and a worker node
- It houses the API server, scheduler, and controller manager settings
Worker Nodes:
- This is where the kubelet and kube-proxy are installed
- You can use the kubeadm join command to join workers to the master node to form the cluster
First Test
New Pod
shell-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: shell-demo
spec:
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: nginx
image: nginx
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
hostNetwork: true
dnsPolicy: DefaultCreate a Pod
kubectl apply -f https://k8s.io/examples/application/shell-demo.yamlVerify that the container is running
kubectl get pod shell-demo
# Get a shell to the running container
kubectl exec -it shell-demo -- /bin/bashNew Deployment
nginx-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80Create a Deployment
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yamlVerify
kubectl get deployments
kubectl get pods --show-labelsCommon commands
Apply a yaml file
myapp.yaml:
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
namespace: mem-example
spec:
containers:
- name: memory-demo-ctr
image: polinux/stress
resources:
requests:
memory: "100Mi"
limits:
memory: "200Mi"
command: ["stress"]
args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
# Create a pod memory-demo
kubectl apply -f myapp.yamlKube Environment
kubectl version
kubectl config view
kubectl config view --minify --rawNamespace & Node
- Namespace 命名規則:
名稱會用內部的subdomain,名稱會用於內部的 subdomain,開頭與結尾必須字母數字,不可超過 253 個字元,只能包含小寫字母數字及 hyphen, dot 符號。
# Create a namespace mem-example
kubectl create namespace mem-example
kubectl get ns
# Check the nodes
kubectl get nodes
kubectl describe nodePod
# Create a pod memory-demo
kubectl apply -f myapp.yaml
# Check the pods
kubectl get pods
kubectl get all -A
kubectl get pod memory-demo --namespace=mem-example
kubectl get pod memory-demo --output=yaml --namespace=mem-example
kubectl top pod memory-demo --namespace=mem-example
kubectl describe pod memory-demo --namespace=mem-example
# Delete a pod
kubectl delete pod memory-demo --namespace=mem-exampleDeployment
kubectl get deployments
kubectl rollout status deployment/nginx-deployment
kubectl describe deployment <deployment-name>
# Update a new image
kubectl set image deployment/nginx-deployment nginx=nginx:sometag
# Scale a deployment
kubectl scale deployment deployment --replicas=XService
# Check service
kubectl get svc -n <name-space>Monitor the log
kubectl logs -f deployment/<pod-name> -n <name-space>Networking
Inbound Rules for K3s Nodes
| Protocol | Port | Source | Destination | Description |
|---|---|---|---|---|
| TCP | 2379-2380 | Servers | Servers | Required only for HA with embedded etcd |
| TCP | 6443 | Agents | Servers | K3s supervisor and Kubernetes API Server |
| UDP | 8472 | All nodes | All nodes | Required only for Flannel VXLAN |
| TCP | 10250 | All nodes | All nodes | Kubelet metrics |
| UDP | 51820 | All nodes | All nodes | Required only for Flannel Wireguard with IPv4 |
| UDP | 51821 | All nodes | All nodes | Required only for Flannel Wireguard with IPv6 |
| TCP | 5001 | All nodes | All nodes | Required only for embedded distributed registry (Spegel) |
| TCP | 6443 | All nodes | All nodes | Required only for embedded distributed registry (Spegel) |
Typically, all outbound traffic is allowed.
Network access to other pods
- Different Namespace:
http://<service-name>.<namespace>:<port> - Same Namespace:
http://<service-name>:<port>