# Kubernetes in 4 Hours

Kubernetes is a platform for running container-based cloud-native applications

Offers enterprise features like scalability and availability

This solution is based on Borg tech that Google has been using in their datacenters

Kubernetes decouples from the cloud servers it runs its applications on
* Where is the configuration, storage, and how to access the app?
    * Configuration is done in a ConfigMap resource
    * Storage can be done in a persistent volume
    * To access your app you use Services (Ingress)
* Can be scaled to run on many cloud nodes at the same time

Kubernetes runs an app in a pod and under a deployment. These are the resources(objects) that have the configuration needed to run the app.



# What are Containers

A container image includes all dependencies required to run an application

Containers are running instances of container images

To run a container, a container engine is required. Container engines run on top of a host operating system.

Docker and Podman are common solutions for running containers on stand-alone computers. Kubernetes adds cluster fueatures to containers by managing them in pod resources.

Kubernetes is what you use to manage your containers on a cloud as Docker/Podman are used on a standalone environment.

The container runtime is used on both standalone and the cloud to fetch and run the image.

## Container Need in Datacenter and Cloud

Storage that is not bound to any specific physical environment

A cluster of hosts to run the containers

Monitoring and self-healing of containers. If container or server is not responding should be restarted.

A solutions for performing updates without downtime.

# Kubernetes General Info

## Kubernetes Host Platform

Kubernetes can be offered through different host platforms
* As a hosted service in public cloud like AWS or Azure
* On top a physical cluster (on premise). With one or more nodes.
* As an all-in-one solution, running on Minikube

## Kubernetes Distros

Kubernetes is the open-source standard for orchestrating containers, competing products include:
* Amazon ECS
* Docker Swarm
* Apache Nomad
* Amazon Fargate

Common Kubernetes distributions include:
* Rancher
* Red Hat OpenShift
* Google Anthos
* Public cloud distributions like EKS, AKS, GKS

## Kubernetes Test Cluster

Installing a Kubernetes Test Cluster

Kubernetes Install Options
* Minikube
* Cloud based -- Like Google Cloud
* Docker Desktop -- Windows
    * Can install minikube on WSL
    * Has a run minikube option



# Kubernetes Commands

`kubectl get all`
* Shows default kubernetes service to see if working

Minikube offers a complete test environment that runs on Linux, MacOS or Windows

`minikube dashboard`
* Bring up a web browser to inspect environment
* Able to specify the container image and name you would like to pull and run in minikube

Managing Kubernetes
* The **kubectl** command in the main utility to run administration tasks on the cluster
* Direct API access from scripts to address the cluster
* The Kubernetes Console offers a web based interface

`kubectl create deployment my-dep --image=nginx --replicas=3` or `kubectl create deploy ...`
* How to run an application
* Create deployment of 3 containers using nginx image

`kubectl scale deployment my-dep --replicas 2`
* Scale down deployment from 3 containers to 2

`kubectl get all`
* How to get information about running applications
* Shows a deployment, replica-set and pod group that was created

`kubectl get all --show-labels`
* Show the labels used to reference resources

`kubectl get all --selector app=mynginx`
* Restrict resources shown to the label mynginx

`kubectl get pods`
* Just show the pods

`kubectl describe pod [POD-ID]`
* Get information about relevant resource properties for pod specified

Containers are wrapped in a pod which gives properties needed to run in a cloud cluster environment. One pod is a single instance of the application.

A **deployment** adds scalability and an update strategy across the multiple pods. Able to scale up or down in the use of the pods. It allows for high availability so that if one pod goes down it will be brought up again.

A **replica set** is a helper resource that manages the pod cluster. 

A **service** resource allows for access to the application as a load balancer. Sends request to one of the pods that will handle the work.

A **ConfigMap** is used to manage configuration of your application.

Storage to volumes will be used to write data from one or more of your pods

`kubectl -h`
* Show different commands to be used with kubectl

`kubectl completion -h`
* Shows instructions for tab completion

`source <(kubectl completion bash)`
* Enables for kubectl tab completion. `kubectl [space] [TAB TAB]`

### Standalone vs Deployment when deleting a pod

`kubectl delete deployments.apps testapp`
* Delete the deployment testapp which deletes the replica set which deletes the pods

`kubectl delete pod cliapp-7655`
* Deletes a particular pod but another pod will takes its place as configured in the deployment to be available if managed by one

`kubectl run nginx --image=nginx`
* Create a pod without a deployment
    * If this command is followed by a delete of the pod, the pod would be removed and does not come back.

# Understanding Kubernetes Resource Types

*Pods* The basic unit of Kubernetes that represents one or more containers that share common resources. Typically only one container per pod.

*Deployments* The application itself, should be the standard way of using Kubernetes.

*Services* How to make deployments accessible from the outside by providing a single IP/port combination.

*Persistent Volumes* Persistent (networked) storage

*ConfigMaps* Allows for storing configuration and other specific parameters in a cloud environment.

`kubectl api-resources`
* Show the supported API resources

## Understanding the Pod

Kubernetes manages Pods and not containers

The pod is a Kubernetes resource used to provide features required for managing containers in a a clustered environment.

`kubectl explain pod.spec | less`
* Show properties in pod specification

Containers can be put together in a pod, together with pod-specific storage, but a typical pod runs one container only.

## Understanding the Deployment

A deployment adds scalability and zero-downtime upgrades to Pods

It is not suggested to run pods as standalone as you lose a lot of functionality.

`kubectl explain deploy.spec`
* Shows properties of the deployment specification

# Using Kubectl in a Declarative manner

Kubernetes in a DevOps manner concerns defining the desired configuration in a YAML mainifest file.

This declarative methodology is giving you much more control than the imperative methodology where you create all from the CLI
* Standardizes how application is created through the use of yaml files

`kubectl get deployments nginx -o yaml`
* Get the current state of an object in yaml syntax

Yaml files should be generated and not created from scratch

`kubectl create deploy myningx --image=nginx --dry-run=client -o yaml > mynginx.yaml`
* Tests that everything is working
* Generates as yaml output
* Shows properties under spec. Can see more available properties using explain of deploy.spec

Useful Links
* **kubernetes.io/docs** - Kubernetes Docuementation for setting useful properties

`kubectl create -f mynginx.yaml`
* Create a deployment based on a yaml file
* Not recommended as will always create new
* If create again will say already existing

`kubectl apply -f mynginx.yaml`
* Will create if not existing or update current configuration based on yaml file

`kubectl diff -f mynginx.yaml`
* Show the differences between current deployment and specified yaml file

# Understanding Namespaces

Namespaces create isolated environments for running applications

Use namespaces to create virtual datacenters
* Build kubernetes cluster where you grant privileges to users to run applications in an environment
* Similar to directory where restrict user access

Kubernetes core servicess run in the kube-system namespace

Role Based Access Control (RBAC) can be used to delegate administration/user privileges to a namespace

Quota can be used to restrict resources in a namespace

`kubectl get ns`
* Shows kubernetes namespaces

`kubectl get pods -n kube-system`
* Shows pods running in the kube-system namespace

`kubectl create ns secret`
* Create the *secret* namespace

`kubectl run secretpod --image=nginx -n secret`
* Create standalone pod under secret namespace

`kubectl get pods -n secret`
* Shows the created pod under secret namespace

# Troubleshooting Application

`kubectl create deploy mydb --image=mariadb --replicas=3`
* Create the kubernetes cluster

`kubectl describe pod [POD-ID]`
* Show information about particular pod

`kubectl logs [POD-ID]`
* Show logs for that pod

`kubectl set env deploy/mydb MARIADB_ROOT_PASSWORD=secret`
* Needing to set the root password

# Accessing Application from Outside

Cloud nodes are connected to an external network

Nodes also have access to a *cluster network* which is a software defined network and not reachable by external users.

Pods on those nodes will run on the *pod network* that runs behind the `cluster network` and as such are not directly accessible
* Pods will have their own ip address

Services run on the cluster network and are what users should access as an entrypoint to access a deployment of pods (an application) on the pod network
* The service will have its own ip address

Service of type ClusterIP is not accessible to the outside and is internal

Service of type NodePort does port forwarding to the cluster nodes so that available externally

Ingress, is a reverse proxy, that provides http/s access to the Service and can be outside of the cloud nodes
* In order to work needs an external proxy which is an Ingress controller. This is an external application to be installed on your cluster.

Pods are connected to the pod network. The pod network is behind the firewall and can not be directly accessed.

A load balancer is needing to connect incoming user requests to your pod deployment

The Service resource provides this API-based load balancing functionality. The service provides a single IP address that should be addressed to access your deployment application.

Ingress is an additional resource that provides external access to HTTP and HTTPS based services
* Defines a virtual service name to provide easy access to services
* Different Ingress solutions are provided by Kubernetes

## Understanding Service Types

ClusterIP is a service type that is accessible from within the cluster only

NodePort exposes and external port on the cluster nodes, thus providing a primitive way for offering access to the services.

Ingress is what should be used to provide user-friendly access to services but only provides HTTP and HTTPS access.

`kubectl create deploy nginxsvc --image=nginx`

`kubectl scale deploy nginxsvc --replicas=3`

`kubectl get all --selector app=nginxsvc -o wide`
* Gives additional details like the IP address used by the pods

`kubectl expose deploy nginxsvc --port=80`
* This creates a service to be able to access the application

`kubectl describe svc nginxsvc`
* Get information about service(svc) nginxsvc
* Shows the endpoints which are the ip addresses of the pods you are working with.

`kubectl get endpoints`
* Show the current services and their corresponding endpoints

`minikube ssh`
* log into minikube with ssh
* curl http://[Service Cluster IP]
    * Will get back response since inside minikube node
    
`exit`    
* Exit out of minikube

`kubectl edit svc nginxgxsvc`
* Opens up an editor to edit properties of a resource as a yaml file
* Change the type from ClusterIP to NodePort

`kubectl get svc`
* Show the service resources with changed Type and port forwarding

`curl $(minikube ip):[Forwarded Port #]`
* Should address the host with exposed forwarded port
* May need `minikube service myapp-service --url` runnining in its own terminal and using url provided

# Working with Storage

In a pod you define your container as well as volumes. A volume is a way to signify external storage. By default container storage is part of the container itself and is not guaranteed to remain after the life of the container.

You need to mount the volume inside your container to gain access to writing to your external storage.

A persistent volume is a resource that defines the storage you are working with.

A pod can be implemented with a Persistent Volume Claim (PVC) that specifies certain requirements for storage. The PVC finds a relevant Persistent Volume that exists in that environment. Would use Staging Data on Staging and Prod Data on Production.

`kubectl explain pod.spec.volumes`
* See which volume types are supported



# Understanding ConfigMaps

In a cloud-native environment, a solution must be provided to store site-specific data

Storing configuration files, variables and startup parameters inside the pod specification would make it less portable.

ConfigMaps allow for storing site-specific information in dedicated API resources

By storing site-specific information in ConfigMaps you can keep the Pod and Deployment specification generic to easily port to different environments.

ConfigMaps are commonly used for storing variables and Configuration Files

Secrets are base64 encoded ConfigMaps

Different sources can be used for ConfigMaps

`kubectl create cm myconf --from-file=my.conf`
* Put the contents of a config file into the configmap

`kubectl create cm variables --from-env-file=variables`
* To define environment property file source. Key=value environment properties.

`kubectl create cm special --from-literal=VAR3=cow --from-literal=VAR4=goat`
* To define variables in the command line

## Create ConfigMap from Variables

`kubectl create deploy mynewdb --image-mysql --replicas=3`
* Failed deployment of mysql due to not setting up environment variable

`kubectl create cm mynewdbvars --from-literal=MYSQL_ROOT_PASSWORD=password`
* Create the configMap from literal

`kubectl describe cm mynewdbvars`
* Check contents of the ConfigMap

`kubectl set env --from=configmap/mynewdbvars deploy/mynewdb`
* Apply the configMap to the failed deployment

`kubectl get pods [POD-ID] -o yaml`
* After getting the state of a pod above in yaml syntax can see the pod is referring to a configMap in its environment settings

# Working with Ingress

`minikube addons list`
* Show list of availabe addons including ingress which is disabled by default

`minikube addons enable ingress`
* Enable for ingress addon

`kubectl get ns`
* Show available nampespaces including *ingress-nginx*

`kubectl get all -n ingress-nginx`
* Show resources for ingress namespace

`kubectl get all --selector app=nginxsvc`
* Show previous deployment with service setup *service/nginxsvc*

`kubectl create ingress nginxsvc-ingress --rules="/=nginxsvc:80"`
* Create your ingress rules
* Anything will go to the service on port 80

`kubectl describe ing nginxsvc-ingress`
* Describe the ingress, showing rules created

Normally would have DNS forward to ingress but can setup etc/hosts to point to your ingress controller that was enabled with addon

The ingress controller is located on minikube host so add minikube ip to a DNS name like 'nginxsvc.info' on etc/hosts file

`curl nginxsvc.info`
* Go to minikube host with ingress controller and use setup rule to be forwarded to the appropriate service