CKAD : 2. K8s Architecture

Key take away points
  • All the configuration is defined in YAML and stored in JSON format
  • Container creation tools: Buildah, Podman, cri-o, containerd, frakti, 
  • Mesos has multi level scheduler for data center cluster
  • Evolution: Brog-> Mesos, Cloud Foundry, K8s, Omega
  • Replication Controller is now
  • - Deployment controller
  • - Replicaset
  • ReplicaSet has Selector, 
  • ReplicationController does not have Selector
  • If we edit rs, then it is applicable only for new pods
  • To get details about container image "k describe pod | rs" is better command
  • rs has metaData - > name So if we rs is part of deploy. If we delete rs, then new rs is created with same name. If rs is not part of deploy then first we need to store it by "k get rs 'rs name' - o yaml > 'file name' " then create it again with command "k create -f 'file name'"
  • If pod is part of rs OR if pod is part of deploy (so it is part of rs too). If we delete pod, then it will create with new name, because pod has metaData -> generateName
  • Deployment ensures that resources are available such as (1) IP Address and (2) Storage. Then deploys ReplicaSet
  • So if we delete ReplicaSet then deployment recreate it. 
  • If we delete deployment, then ReplicSet also get deleted. But service and pod remains
  • If we delete service then pod does not get deleted.
  • Annotation is not for k8s. it is for 3rd party tools
  • 'Cloud controller manager' is optional at master node. If it is present, the kublet shall be started with option --cloud-provider-external
  • Pause container is used to get IP address
  • We can edit only few fields of pod (1) image (2) activeDeadlineSeconds (3) tolerations. However if we edit deploy, we edit any param and pod will be automatically restarted. 
Tent and Tolerations
  • Node has taints to discourage pod assignment, unless pod has toleration taint is expressed as key=value:effect There are 3 effects. (1) No Schedule (2) Prefer No Schedule (3) No Execute means existing pod will be evacuated. 
  • Master node will have taint : No Schedule 
  • To create taint the command is : k taint nodes 'node name' key=value:effect
  • To remove the taint the commands are: k taint nodes 'node name' key=value:effect- , k taint nodes 'node name' key- & k taint nodes 'node name' key:effect-
  • Pod has tolerations = "key", operator ("Equal"), "value", "effect" (same as above)
  • We can edit pod's tolerations with k edit command.
  • If tolerations operator = Exists then only key + effect shall match. 
  • If tolerations operator = Equal (default value is Equal) then only key + value + effect shall match. 
  • Taints and tolerations is not about which pod will get schedule on which node. It only tells node that given pod can be accepted or not. 
Node Affinity
  • To schedule a pod on specific node we have node affinity. 
Dockerfile and pod relation
  • With Docker command whatever additional parameter we pass, that will be replaced CMD and append to ENTRYPOINT of Dockerfile
  • Docker command can replace ENTRYPOINT also with --entrypoint option. 
  • Dockerfile ## Docker Command ## Pod YAML
  • ENTRYPOINT ## --entrypoint ## command:
  • CMD ##  ## args:

Useful commands

To use any command in different namespace
(1) kubectl (2) verb (3) -n 'namespace name' (4) then rest of the part of command. 
We cannot add 
-n 'namespace name'
at the end of command

A. To run pod, without YAML file 

k run newpod --image=nginx --generator=run-pod/v1

k run newpod --image=nginx --dry-run --restart=Never -o yaml

Here the pod name and container name will be identical

We can specify label with "-l key=value"

B. To create deployment without YAML file 

k run firstpod --image=nginx

k run firstpod --image=nginx --dry-run -o yaml

k create deployment firstpod --image=nginx
k create deployment firstpod --image=nginx --dry-run -o yaml

We shall mention container port in deployment


        - containerPort: 3306

C. To create service. if pod has label app=svcname. We cannot pass label name to svc

kubectl expose pod pod_name --port=6379 --name svcname --dry-run -o yaml

kubectl create service clusterip svcname --tcp=6379:6379 --dry-run -o yaml

kubectl create service nodeport svcname --tcp=6379:6379 --node-port=32080 --dry-run -o yaml

If we do not have any pod with label app=svcname then also service will be created. However when we list ep, we found there is no pod in that svc

2. To know all taints k describe nodes | grep -i taint

3.1 To know about all resources k api-resources

Here are list of shortcuts

ConfigMap ---- cm
EndPoints ----- ep
Namespace --- ns
Node --------    no
PersistentVolumeClaim --- pvc
PersistentVolume --- pv
Pod -- po
ReplicationController -- rc
ServiceAccount --- sa
Service --- svc
CustomResourceDefinition --- crd
DaemonSet --- ds
Deployment --- deploy
ReplicaSet --- rs
StatefulSet --- sts
HorizontalPodAutoscaler --- hpa
CronJob --- cj
CertificateSigningRequest --- csr
Ingress --- ing
NetworkPolicy --- netpol
PodSecurityPolicy --- psp
StorageClass --- sc

3.2 We can list associated verbs with command k api-resources -o wide

3.3 We can list multiple resources as comma separated list
kubectl get deploy,rs,po,svc,ep

4. Under container we write:
- containerPort: 80

5. Under Service we write:
 - protocol: TCP
   port: 80

6. Useful commands tips

Create context
k config set-context "any context name"  --namespace='name space name'

context is (1) cluster (2) namespace and (3) user

List context
k config get-contexts

Use specific context
k config use-context 'context name'

k explain 

Please refer for imperative commands :

We should use grep command with "-C number" option. 
C for number of line before and after both
B for before
A for after


Post a Comment