Common Uses of Kubernetes
In this post, I will cover common uses of Kubernetes.
Running workloads in Pods
YAML manifest for a pod
Basic YAML manifest for a pod
apiVersion: v1 |
spec.containers.ports.containerPort: Specifies the port number on which an application inside the container is listening.
Add resource limits
... |
Add startupProbe and livenessProbe
... |
Creating, listing, editing, and deleting pods
Creating pods
1. Creating pods from YAML or JSON files
kubectl apply -f pod.<pod_name>.yaml |
2. Creating pods by kubectl run
kubectl run <pod_name> --image=<DOCKER_IMAGE:TAG> |
3. Creating pods by kubectl create deployment
kubectl create deployment <deploy_name> --image=<image_name> |
Listing pods
# listing pods |
Viewing pods
# get basic information about the pod |
Editing pods
1. Edit the YAML manifest file and re-apply it
kubectl apply -f pod.<pod_name>.yaml |
Or delete and apply
kubectl delete -f pod.<pod_name>.yaml |
2. Using kubectl edit
kubectl edit pods <pod_name> |
Delete pods
Delete a pod
# delete by name |
Delete all pods
kubectl delete pods --all |
Interacting with the application and the pod
Sending requests to the application in the pod
Getting the pod’s IP address
kubectl get po -o wide |
1. Connecting to pods via kubectl port forwarding
kubectl port-forward <pod_name> <local_port>:<container_port> |
2. Connecting to the pod from the pods or worker nodes
# SSH into a running pod |
# SSH into a K8S node in Google Kubernetes Engine |
3. Connecting from a one-off client pod
# send requests |
Viewing application logs
Retrieving a pod’s log with kubectl logs
kubectl logs <pod_name> |
Copying files to and from containers
kubectl cp <pod_name>:<file_path> <local_file_path> |
Executing commands in running containers
kubectl exec <pod_name> -- <command> |
For example
kubectl exec <pod_name> -- ps aux |
Running an interactive shell in the container
kubectl exec -it <pod_name> -- bash |
Attaching to a running container
The kubectl attach command is another way to interact with a running container. It attaches itself to the standard input, output and error streams of the main process running in the container. Normally, you only use it to interact with applications that read from the standard input.
kubectl attach -it <pod_name> |
Now, when you send new HTTP requests to the application using curl in another terminal, you’ll see the lines that the application logs to standard output also printed in the terminal where the kubectl attach command is executed.
Persisting data in PersistentVolumes
Persistent volumes and claims
Create a disk on Google cloud
$ gcloud compute disks create <disk_name> --size=10GiB |
Creating a PersistentVolume and PersistentVolumeClaim object
pvc.my-postgres.yaml
# Provision the existing persistent disk as a PersistentVolume. |
Create a secret:
kubectl create secret generic my-postgres-secret --from-literal=password=<YOUR_PASSWORD> |
Using PersistentVolumeClaim in a pod
pod.my-postgres.yaml
apiVersion: v1 |
Connect to PostgreSQL from a one-off client pod
kubectl run --image=alpine/psql -it --restart=Never --rm client-pod -- psql -h <pod_ip> -p <port> -U <user> -d <database> |
Dynamic provisioning of persistent volumes
Dynamic create PersistentVolume objects and disks. No volumeName specified in the manifest file.
pvc.my-postgres.yaml
# Claiming persistent volumes with PersistentVolumeClaim objects |
Configuration via ConfigMaps, Secrets
Setting the command, arguments, and environment variables
Setting the command to override the ENTRYPOINT of the Docker image
apiVersion: v1 |
Add arguments
apiVersion: v1 |
Using a config map to decouple configuration from the pod
An example of manifest file for ConfigMap
cm.my-config.yaml
apiVersion: v1 |
Using a configMap in a Pod with configMapKeyRef
apiVersion: v1 |
Using a configMap in a Pod with configMapRef
apiVersion: v1 |
Using Secrets to pass sensitive data to containers
Create secret
$ kubectl create secret generic my-postgres-secret --from-literal=password=<YOUR_PASSWORD> |
Using secrets in Pod
apiVersion: v1 |
Organizing objects using Namespaces, Labels, Annotations
Organizing objects into Namespaces
Namespaced Kubernetes API Object types
- Pods
- Deployments
- Services
- PersistentVolumeClaims
- ConfigMaps
- Secrets
- Events
Cluster-scoped Kubernetes API Object types
- Nodes
- PersistentVolumes
- StorageClasses
- Namespaces
To see if a resource is namespaced or cluster-scoped, check the NAMESPACED column when running kubectl api-resources.
Listing namespaces
kubectl get namespaces |
Listing objects in a specific namespace
kubectl get pods --namespace kube-system |
Listing objects across all namespaces
kubectl get cm --all-namespaces |
Creating a namespace
kubectl create namespace my-namespace |
Creating a namespace from a manifest file
apiVersion: v1 |
Creating objects in a specific namespace
kubectl apply -f <filename>.yaml -n my-namespace |
Specifying the namespace in the object manifest
apiVersion: v1 |
Making kubectl default to a different namespace
kubectl config set-context --current --namespace my-namespace |
Deleting namespaces
kubectl delete ns my-namespace |
Organizing pods with labels
Defining labels in object manifests
metadata: |
Show pods’ labels
kubectl get pods --show-labels |
Show specific labels with the –label-columns option
kubectl get pods -L <label_name_1>,<label_name_2> |
Adding or changing labels to an existing object
$ kubectl label pod <pod_name> <label_name1>=<value1> <label_name2>=<value2> |
Labelling all objects of a kind
kubectl label pod --all <label_name>=<value1> |
Removing a label from an object
kubectl label pod <pod_name> <label_name>- |
Standard label keys
Filtering objects with label selectors
Label selectors allow you to select a subset of pods or other objects that contain a particular label and perform an operation on those objects. A label selector is a criterion that filters objects based on whether they contain a particular label key with a particular value.
There are two types of label selectors:
- equality-based selectors:
label_name=value1label_name!=value1
- set-based selectors:
label_name in (value1, value2)label_name notin (value1, value2)label_name(present)!label_name(not present)
Filtering the list of objects using label selectors
kubectl get pods --selector <label_name>=<value1> |
- The
--selectorargument (or the short equivalent -l)
Deleting objects using a label selector
kubectl delete pods -l <label_name>=<value1> |
Annotating objects
You can’t just store anything you want in the label value. For example, the maximum length of a label value is only 63 characters, and the value can’t contain whitespace at all. For this reason, Kubernetes provides a feature similar to labels–object annotations.
Like labels, annotations are also key-value pairs, but they don’t store identifying information and can’t be used to filter objects. Unlike labels, an annotation value can be much longer (up to 256 KB at the time of this writing) and can contain any character.
Adding your own annotations
As with labels, you can add your own annotations to objects. A great use of annotations is to add a description to each pod or other object so that all users of the cluster can quickly see information about an object without having to look it up elsewhere.
For example, storing the name of the person who created the object and their contact information in the object’s annotations can greatly facilitate collaboration between cluster users.
Add or update an annotation to an existing object
# add |
Specifying annotations in the object manifest
apiVersion: v1 |
Remove annotations
kubectl annotate pod <pod_name> <annotation_name>- |
Exposing Pods with Services
ClusterIP
Exposes the Service internally within the Kubernetes cluster.
An example of manifest file
svc.crud-web-application-clusterip.yaml
apiVersion: v1 |
Accessing ClusterIP services
# Accessing the ClusterIP service from another pod in the cluster |
NodePort
Exposes the Service externally on each Node’s IP at a specific port (the NodePort).
An example of manifest file
svc.crud-web-application-node-port.yaml
apiVersion: v1 |
Accessing NodePort services
# In Anywhere |
LoadBalancer
An example of manifest file
svc.crud-web-application-load-balancer.yaml
apiVersion: v1 |
Accessing LoadBalancer services
# In Anywhere |
Exposing Services with Ingress
Ingress
ing.crud-web-application.yaml
apiVersion: networking.k8s.io/v1 |
Ingress with TLS
1. Create a self-signed TLS certificate
openssl req -x509 -newkey rsa:2048 -keyout crud-web.key -out crud-web.crt \ |
2. Create a secret for TLS certificate files
kubectl create secret tls tls-crud-web-tagnja-com \ |
3. The manifest file
ing.crud-web-application-ing-tls.yaml
apiVersion: networking.k8s.io/v1 |
4. Access the application
# https |
Managing Pods with Deployments
An example of manifest file for Deployments
deploy.a-simple-web-application.yaml
apiVersion: apps/v1 |
spec.replicas: Number of desired pods. Defaults to 1.
More articles about Kubernetes
- Introduction to Kubernetes
- Getting Started with Kubernetes: Running Your First Application on Kubernetes
- Common Uses of Kubernetes
References
[1] Kubernetes in Action, 2nd Edition