## K8S

## Kubernetes (K8s) Notes

### **1. Pods**
#### **What is a Pod?**
- A **Pod** is the smallest deployable unit in Kubernetes.
- It represents a single instance of a running process in your cluster.
- A Pod can contain **one or more containers**, which share the same **network namespace and storage volumes**.

#### **How Pods Work**
- Containers inside a Pod communicate **via localhost**.
- Pods are **ephemeral** (short-lived). If a Pod fails, it is replaced by a new Pod.
- Higher-level controllers like **Deployments, StatefulSets, and ReplicaSets** manage Pods and ensure they remain available.

#### **Use Cases**
- Running a single application or a group of tightly coupled containers (e.g., a web server and a sidecar container for logging).

---

### **2. Services**
#### **What is a Service?**
- A **Service** provides a stable network endpoint to expose a set of Pods.
- Since Pods can restart and get new IP addresses, a Service **abstracts their dynamic IPs with a consistent endpoint**.
- It enables communication between different parts of an application or external access.

#### **How Services Work**
- Services use **selectors** to identify which Pods they should expose.
- They create a virtual IP (ClusterIP) that routes traffic to the appropriate Pods.
- Kubernetes automatically performs **load balancing** across the selected Pods.

#### **Types of Services**
1. **ClusterIP (default)** – Exposes the service internally within the cluster.
2. **NodePort** – Exposes the service on each Node’s IP at a static port.
3. **LoadBalancer** – Integrates with cloud providers to create an external Load Balancer.
4. **ExternalName** – Maps a Service to an external DNS name.

#### **Use Cases**
- **ClusterIP**: Communication between microservices.
- **NodePort**: Exposing a service externally when running Kubernetes on bare metal.
- **LoadBalancer**: Exposing applications to the internet in cloud environments.
- **ExternalName**: Redirecting traffic to external services (e.g., connecting to a managed database).

---

### **3. Deployments**
#### **What is a Deployment?**
- A **Deployment** is a higher-level controller that manages Pods.
- It ensures the desired number of Pods are running and updates them when needed.
- Deployments use **ReplicaSets** to maintain Pod availability.

#### **How Deployments Work**
- Define the number of Pod replicas to maintain.
- Kubernetes automatically replaces failed Pods.
- Supports **rolling updates and rollbacks**.

#### **Use Cases**
- Managing stateless applications.
- Updating applications without downtime.
- Scaling applications dynamically.

---

### **4. ConfigMaps & Secrets**
#### **What are ConfigMaps & Secrets?**
- **ConfigMaps** store non-sensitive configuration data (e.g., environment variables, file paths).
- **Secrets** store sensitive data (e.g., API keys, passwords) in a **base64-encoded** format.

#### **Use Cases**
- Separating configuration from application code.
- Storing credentials securely.
- Mounting configurations as environment variables or volumes.

---

### **5. Ingress**
#### **What is an Ingress?**
- **Ingress** is an API object that manages external access to Services, typically via HTTP/HTTPS.
- It allows **host-based and path-based routing**.
- Requires an **Ingress Controller** (e.g., NGINX Ingress Controller, Traefik).

#### **Use Cases**
- Exposing multiple services under a single domain.
- Enforcing SSL/TLS termination.
- Load balancing HTTP traffic.

---

### **6. StatefulSets vs Deployments**
| Feature          | Deployment  | StatefulSet  |
|----------------|-------------|-------------|
| Pod Identity   | No stable identity | Each Pod has a stable identity |
| Use Case      | Stateless apps (e.g., web servers) | Stateful apps (e.g., databases) |
| Storage       | Ephemeral | Uses persistent storage (PVC) |
| Scaling       | Any order | Ordered scaling |

#### **When to Use StatefulSets?**
- Databases (PostgreSQL, MySQL, Cassandra, etc.).
- Applications requiring stable network identities.
- Apps that need ordered pod creation & deletion.

---

### **7. Persistent Volumes (PV) & Persistent Volume Claims (PVC)**
#### **What are PV & PVC?**
- **Persistent Volume (PV)**: A storage resource in Kubernetes that outlives Pods.
- **Persistent Volume Claim (PVC)**: A request for storage by a Pod.

#### **Use Cases**
- Storing application data persistently.
- Mounting storage across multiple Pods.
- Preventing data loss when Pods restart.

---

### **8. Helm**
#### **What is Helm?**
- **Helm** is a package manager for Kubernetes.
- Uses **Helm charts** to define, install, and manage Kubernetes applications.

#### **Use Cases**
- Automating Kubernetes deployments.
- Managing application configurations.
- Deploying complex apps with dependencies (e.g., databases, monitoring tools).

---

### **9. RBAC (Role-Based Access Control)**
#### **What is RBAC?**
- **RBAC** controls **who can do what** in a Kubernetes cluster.
- Uses **Roles & RoleBindings** (for a namespace) and **ClusterRoles & ClusterRoleBindings** (for the whole cluster).

#### **Use Cases**
- Restricting access to critical resources.
- Managing permissions for developers & admins.
- Implementing security best practices.

---



## **Kubernetes Architecture**  

1. A **Cluster** contains **Nodes**.  
2. There are two types of **Nodes**: **Master (Control Plane) Nodes** and **Worker Nodes**.  

#### **1. Worker Nodes**  
Each worker node contains:  
   - **Container Runtime** (e.g., Docker, containerd) → Responsible for running containers.  
   - **Kubelet** → Interacts with both the node and the pods, ensuring they are running as expected. It communicates with the control plane.  
   - **Kube-Proxy** → Manages networking for the node, enabling communication between services.  
   - **Pods** → The smallest deployable unit in Kubernetes, containing one or more containers.  

#### **2. Master (Control Plane) Node**  
Responsible for managing the cluster and making scheduling decisions. It contains:  

   - **API Server** → The entry point for all interactions with Kubernetes. It handles requests from the CLI (`kubectl`) and UI (Dashboard, Lens, etc.).  
   - **Scheduler** → Decides on which worker node a new pod should be scheduled based on available resources. Once scheduled, the **Kubelet** on that node will start the pod.  
   - **Controller Manager** → Detects state changes (e.g., if a pod crashes, it ensures a new one is scheduled). It manages different controllers (Node Controller, Deployment Controller, etc.).  
   - **etcd** → A distributed key-value store that acts as Kubernetes' **single source of truth**. It stores all cluster data, including node resources and pod states.  
     - **Note:** etcd does **not** store application data (e.g., if a SQL database is running in a pod, etcd will not store the database’s data).  



---

### **Pods, ReplicaSets, and Deployments**  

- **Pod**:  
  - The **smallest deployable unit** in Kubernetes.  
  - Contains **one or more containers** that share the same storage and network.  
  - **Pods are ephemeral** (if a pod crashes, it's lost unless managed by a higher-level controller).  

- **ReplicaSet**:  
  - Ensures that a specified number of **replicas** (copies) of a pod are running at all times.  
  - If a pod crashes, the **ReplicaSet** will create a new one automatically.  
  - **However, ReplicaSets are rarely used directly**—they are managed by Deployments.  

- **Deployment**:  
  - The most common way to manage applications in Kubernetes.  
  - Ensures that a **desired number of replicas** of a pod are running and allows updates to be rolled out gradually.  
  - When you update a Deployment (e.g., changing an app version), Kubernetes will **create a new ReplicaSet** and gradually replace the old pods.  
  - Supports **rollback** in case of failures.  




### kubectl CLI

#### get informations 
```sh
kubectl get (nodes|pods|services|replicaset...)
```

#### create a pod 
we cant directly create a pod but instead we should create a `deployment` its basicly an abstraction layer over the pod
e.g :
```sh
kubectl create deployment my-nginx-dep --image=nginx
```
**note :** 
    - deployment -manages-> replicaset -manages-> pods -manages> containers
    - **replicaset** responsable for the replication of the pods

#### edit deployment
```sh
kubectl edit deployment my-nginx-dep
```
    this command should open the config file of the deployment , whene i change something , the old deployment should be terminated and create a new one with the new conf

#### name syntax
```sh
myCostumName-ReplicaID-itsID(POD) 
```
#### debugging
##### describe 
```sh
❯ kubectl describe pod nginx-dep-5879cc9 

Name:             nginx-dep-5879cc9-trvdh
Namespace:        default
Priority:         0
Service Account:  default
Node:             minikube/192.168.49.2
Start Time:       Mon, 27 Jan 2025 00:10:05 +0100
Labels:           app=nginx-dep
                  pod-template-hash=5879cc9
Annotations:      <none>
Status:           Running
IP:               10.244.0.4
IPs:
  IP:           10.244.0.4
Controlled By:  ReplicaSet/nginx-dep-5879cc9
Containers:
  nginx:
    Container ID:   docker://bf1232fd0de077afa5a17a6505f51e71a9ba823e07b7565d8f42dd7c0236df66
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:0a399eb16751829e1af26fea27b20c3ec28d7ab1fb72182879dcae1cca21206a
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 27 Jan 2025 00:11:22 +0100
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nj6ws (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       True 
  ContainersReady             True 
  PodScheduled                True 
Volumes:
  kube-api-access-nj6ws:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  14m   default-scheduler  Successfully assigned default/nginx-dep-5879cc9-trvdh to minikube
  Normal  Pulling    14m   kubelet            Pulling image "nginx"
  Normal  Pulled     13m   kubelet            Successfully pulled image "nginx" in 1m15.205s (1m15.205s including waiting). Image size: 191717838 bytes.
  Normal  Created    13m   kubelet            Created container: nginx
  Normal  Started    13m   kubelet            Started container nginx


```

##### logs
```sh
kubectl logs nginx-dep-5879cc9-trvdh 

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
.....
2025/01/26 23:11:22 [notice] 1#1: using the "epoll" event method
2025/01/26 23:11:22 [notice] 1#1: nginx/1.27.3
2025/01/26 23:11:22 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14) 
2025/01/26 23:11:22 [notice] 1#1: OS: Linux 6.10.14-linuxkit
2025/01/26 23:11:22 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2025/01/26 23:11:22 [notice] 1#1: start worker processes
2025/01/26 23:11:22 [notice] 1#1: start worker process 29
2025/01/26 23:11:22 [notice] 1#1: start worker process 30
2025/01/26 23:11:22 [notice] 1#1: start worker process 31
2025/01/26 23:11:22 [notice] 1#1: start worker process 32

```

##### exec commands
```sh
kubectl exec -it nginx-dep-5879cc9-trvdh -- bin/bash
```