Day 07: Pod Creation Declarative way

Two way to create pods in Kubernetes cluster

• Imperative Way:
• Run every command manually with kubectl utility.
• kubectl run ngnx --image=nginx:latest
   
• Declarative Way:
• Define state/config of pod in YAML/JSON file.
• Use that file to create pod with kubectl utility
• Same file can be transferred and used to create same pod at any Kubernetes cluster.
• File: day7/nginx.yaml

• 

• Create pod with redis image:
• File: day7/redis.yaml
• 
  
• Create pod
  
• 
  
• 
  

Day06 | Kubernetes Multinode Cluster Setup | Kind

It is very important to practice on multi-node Kubernetes cluster for CKA exam. and practicing on cloud service like as EKS, AKS or GKS is not give more details as its managed by cloud. Also this involves cost, there are some free credits but I didnt found those sufficient.

There are various other tolls which help to setup cluster locally on workstation. Tools are minikube , Kind etc. I found Kind is best tool to practice. So below steps refer to Kind.

Kind uses container as node.

Kind need go installed on machine. 

• My Machine details:  

Linux rvkmr 6.8.0-50-generic #51-Ubuntu SMP PREEMPT_DYNAMIC Sat Nov  9 17:58:29 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

• Install go:

sudo apt install golang 

• Install kind:

Referred doc : https://kind.sigs.k8s.io/docs/user/quick-start/

[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-amd64

chmod +x kind 

sudo mv ./kind /usr/local/bin/kind

• Single Node Cluster Setup With Kind:

kind create cluster --image=kindest/node:v1.31.4@sha256:2cb39f7295fe7eafee0842b1052a599a4fb0f8bcf3f83d96c7f4864c357c6c30 --name kind-cka-cluster

• Check Cluster info:

kubectl cluster-info --context kind-cka-cluster

•  Multi-Node Cluster Setup With Kind:

create config.yaml file as below

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker

run command to setup multi-node cluster

kind create cluster --image=kindest/node:v1.31.4@sha256:2cb39f7295fe7eafee0842b1052a599a4fb0f8bcf3f83d96c7f4864c357c6c30 --name cka-cluster2 --config ./config.yaml

• Check nodes in cluster:

ravikumar@rvkmr:~/k8s/k8schallange/day6$ kubectl get nodes
NAME                         STATUS     ROLES           AGE     VERSION
cka-cluster2-control-plane   NotReady   control-plane   2m30s   v1.31.4
cka-cluster2-worker          NotReady   <none>          72s     v1.31.4
cka-cluster2-worker2         NotReady   <none>          72s     v1.31.4
ravikumar@rvkmr:~/k8s/k8schallange/day6$ kubectl get nodes
NAME                         STATUS     ROLES           AGE     VERSION
cka-cluster2-control-plane   Ready      control-plane   2m49s   v1.31.4
cka-cluster2-worker          NotReady   <none>          91s     v1.31.4
cka-cluster2-worker2         NotReady   <none>          91s     v1.31.4
ravikumar@rvkmr:~/k8s/k8schallange/day6$ kubectl get nodes
NAME                         STATUS   ROLES           AGE     VERSION
cka-cluster2-control-plane   Ready    control-plane   4m37s   v1.31.4
cka-cluster2-worker          Ready    <none>          3m19s   v1.31.4
cka-cluster2-worker2         Ready    <none>          3m19s   v1.31.4

• List cluster:

ravikumar@rvkmr:~/k8s/k8schallange/day6$ kind get clusters
cka-cluster2
kind-cka-cluster

• Set Context to connect different cluster

ravikumar@rvkmr:~/k8s/k8schallange/day6$ kubectl config use-context kind-cka-cluster2
Switched to context "kind-cka-cluster2".

• Delete cluster

ravikumar@rvkmr:~/k8s/k8schallange/day6$ kind delete cluster --name kind-cka-cluster
Deleting cluster "kind-cka-cluster" ...
Deleted nodes: ["kind-cka-cluster-control-plane"]
 

 

 

 

 

Day04-05: Container Orchestration | Kubernet bascis | Kubernet Architecture

•  Container Orchestration: 
• Orchestration in term of container is term refers managing lifecycle of container or cluster(ex k8s, swarm). 
• When we expect our container always runs even-though after failure of container. The term container orchestration refers to same to maintain count of containers(pods in k8s) in cluster.
• Kubernetes Docker Swarm are tools which help us t manage container orchestration.

• When to use Kubernetes / Docker Swarm:
• It is completely depends on criticality of application to business or user.
• For example when you have an application just to show static page for few number of users and its not critical for business, then using orchestration tool for such case will not add more value to business. 
• Because adopting new technologies, tools, or platforms introduce additional complexity or operational overhead and associated costs.
• So if you have application / service which is critical t run always for business then we can think of using such orchestration tools.
   
•  Kubernetes:
• Kubernetes is open-source container orchestration tool to manage auto deployment of applications, scaling, management of application in docker container.

• Kubernetes Components & Architecture:
• Basic component can be divided in 2 category 
• Worker Node
• Control Plane Node / Master node
•  A Kubernetes Cluster can be of single master / multi-master node and multi-worker nodes (can have single also doesn't add value). 
• All these nodes have their own components we will discuss most important of them.
  
• Control Plane Nodes:
• API Server
• API Server intercepts Restful call from users, Admin, developer, operators or worker node then validate and process them.
• During process of requests, API server reads state of cluster from etcd(key-value store) then process request and write new state back to etcd. 
• Scheduler
• Scheduler is responsible to manage workload, apply scheduling policies.
• Scheduler reads cluster state from etcd via API server process request and write new state to etcd via API server.
  
• Controller Manager
• Controller manger runs continues process to reads cluster state from etcd via API server and take corrective actions to meet the desired state of cluster.
  
• ETCD
• etcd is key-value store used to store Kubernetes cluster state.
• Only API server is allowed to connect with etcd.

•  Worker Node:
• Worker node provides running environment for client apps.
• Kubelet
• Kubelete is agent running on each node in cluster. communicates with control plane nodes. 
• It receives Pod definition from API server and interacts with container runtime(docker) to run containers associated with pod.
• Kube-Proxy 
• kube-proxy is the agent runs on every node in cluster.
• kuber-proxy is responsible for managing all networking in nodes.
• Basically it manages iptables in node to define how pods should communicate.
•  Pods
• A pod is smallest scheduling work unit in Kubernetes.
• Pod is collection of 1 or more containers scheduled together.
• Pods can be stopped, started or rescheduled as single unit.
• Kubernetes Component Placement:
• 

•  Request Flow in Kubernetes Cluster:

day03 : Exceptional case | run docker command with non-root user

In this blog I am going explain the challenge I faced to use docker. 

Challenge: For non-root user its very difficult to run docker command because we have to use sudo every-time when we run command. 

Here I am trying to explain how I solved that problem.

Check user groups configured and try running docker command:

ravikumar@rvkmr:~$ id                                                  
uid=1001(ravikumar) gid=1001(ravikumar) groups=1001(ravikumar),27(sudo)
ravikumar@rvkmr:~$ docker ps                                           
permission denied while trying to connect to the Docker daemon socket   at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/containers/json": dial unix /var/run/docker.sock: connect:        permission denied                                                      

Check if docker group exist or not:

ravikumar@rvkmr:~$ cat /etc/group | grep docker                        

Add user to docker group:

ravikumar@rvkmr:~$ sudo usermod -aG docker $USER                       
ravikumar@rvkmr:~$ id                                                  
uid=1001(ravikumar) gid=1001(ravikumar) groups=1001(ravikumar),27(sudo)

Login to docker group and run docker command:

ravikumar@rvkmr:~$ newgrp docker                                       
ravikumar@rvkmr:~$ docker ps                                           
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES 

Day03 : Container multistage build | Image cleanup | docker inspect | container logs | run container as non root user

 Task today to explore:

1. Docker container multistage build
   
2. Docker image cleanup
3. Docker container configuration
4. Docker container logs
5. Run docker container as non-root user

Hmm, list is bit longer, but that's OK some day we had to cover and now this is the day 03.

• Docker Container Multistage Build:
• Multistage build allow us to optimize image. Optimize in term of  reduce size of disk, improvement in build performance and caching.
  
• Multistage build allow us to share our artifacts in stage one with other.
• Example: create Dockerfile to write "hello world" in go.
• In this example if we use traditional Dockerfile we have to use FROM to use base image, define workdir, copy code to container, run build and then copy artifacts to container again.
• But with multistage build we can have FROM, WORKDIR, COPY, RUN in one stage and then new stage with COPY artifacts to container.
• Also lets say we wish to deploy same artifacts with t different env. do we have to run from start or all stages? no . Multistage builds only targeted stage and dependency stage.
• Below is traditional dockerfile 
• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go
  CMD ["/bin/hello"]
  
  
  
• Below is multistage docker file
• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go
  CMD ["/bin/hello"]
• Now when we build traditional docker file please check time to build and image size in below screenshot
• 
  
  
  
  
• Time to build is approx 48 seconds
• Now when we build multistage docker file.
• 
  
  
  
  
• Time to build is more than 1 min. 
• Now we target "pre-prod" and "prod" env separately from dockerfile
• 
  
  
  
  
• Time to build for pre-prod is approx 2sec and for prod 3sec. too less compared to traditional way.
• In the same way size of image decreases.

• Docker cleanup
  

• For Docker image command is docker rmi <image id | image name>
• For Docker container command is docker rm <container id | container name>
•  
• Docker container configuration:
  
• To check container configuration command is docker inspect <container id | container name>

• Container logs:
• Command to check container logs(std-out of container) docker logs <container id | container name>

• Run container as non-root user:
  

• This is very important to know, if we do not add USER directive in Docker file or not mark user to at time to start container, it will use root user
  
• We can use USER directive in Dockerfile as 

• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go

  USER RAVI
  CMD ["/bin/hello"]
  
• CMD will run as RAVI user not root
  
• Start container with specific user
• docker run -it --user ravi nginx:latest