# Container Orchestration

## What is Kubernetes
- Kubernetes, also referred to as K8s, is Greek and means helmsman or pilot
- - So it's the captain of the ship with all the dcontainers
- Kubernetes is an extensive open-source platform for managing containerized workloads and services
- It comes from Google Borgn a system that Google has been useing since 2002 to run its applications

## What Else is Kubernetes?
- It's open-source software for automating deployment, scaling, and orchestration of containerized applications
- - Instead of running containers with the **docker** command, you'll use the **kubernetes** command to run them
- It is about running multiple connected containers, organized in Pods, or deployments runnimg on different hosts, where community of service is guaranteed
- It has become the de factor standard for orchestration of containers
- With a new release every 3 months, it is rapidly evolving

<img src='screenshots/Simple-Kubernetes-Architecture.png'>

## Kubernetes Architecture
<img src='screenshots/Kubernetes-Architecture.png'>


## Cloud Native Computing Foundation
- Google donated Kubernetes to the Cloud Native Computing Foundation (CNCF), which is a foundation in Linux Foundation
- CNCF is a governing body that solves issues faced by any cloud native allications (so not just Kubernetes)
- CNCF owns the copyright to Kubernetes
- Kubernetes itself uses an Apache license
- Developers need to sign a Contributor License Agreement with CNCF

# Containers

## What is a Container?
- A container is a solution that bundles an application and all of its dependencies in a box
- - Kernel is not included
- This box can run on virtually any platform, as long as that platform runs a container engine
- Containers are based on an image, from the idmage you can spin multiple containers
- - When the container is crete it runs a process on the host kernel. The host kernel isolates resources belonging to each container
- - For resource isolation, namespaces are used
- - To dedicate resources, cgroups are used

## Container Filesystems
- Container images consist of different layers
- These layers are joined in the union filesystem
- By overlaying these layers, a new virtual filesystem is created
- The layers are joined in images, and by default are read-only
- When a container is started, the ephemeral read-write layer is added

## Why Containers are Successful
- Very fast deployment
- Flexible, as they run anywhere
- Easy to scale up and down
- Very resource-efficient
- Little footprint
- Portable

# Installing Docker
## On Ubuntu
### 1. Prerequisites
The very first step is to remove any default Docker packages from the system before installation Docker on a Linux VPS. Execute commands to remove unnecessary Docker versions

In [None]:
%%bash
sudo apt-get purge docker lxc-docker docker-engine docker.io

Now install some required packages on your system for installing Docker on Ubuntu system. Run the below commands to do this:

In [None]:
%%bash
sudo apt-get install  curl  apt-transport-https ca-certificates software-properties-common

### 2. Setup Docker Repository
Now import dockers official GPG key to verify packages signature before installing them with apt-get. Run the below command on terminal.

In [None]:
%%bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add 

After that add the Docker repository on your Ubuntu system which contains Docker packages including its dependencies. You must have to enable this repository to install Docker on Ubuntu.

In [None]:
%%bash
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

### 3. Install Docker on Ubuntu
Your system is now ready for Docker installation. Run the following commands to upgrade apt index and then install Docker community edition on Ubuntu.

In [None]:
%%bash
sudo apt-get update
sudo apt-get install docker-ce
sudo systemctl status docker

## On Red Hat
### 1. Install yum-utils and epel-release

In [None]:
%%bash
yum install -y yum-utils
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

### 2. Add Docker CE to yum repos

In [None]:
%%bash
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

### 3. Install container-selinux package

In [None]:
%%bash
yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.33-1.git86f33cd.el7.noarch.rpm

### 4. Install Docker CE
The container-selinux package is available from the rhel-7-server-extras-rpms channel. you can enable it using.

In [None]:
%%bash
subscription-manager repos --enable=rhel-7-server-extras-rpms

In [None]:
%%bash
yum install -y docker-ce
docker --version

### 5. Restart docker service and enable it

In [None]:
%%bash
systemctl restart docker
systemctl enable docker

## Mac OS
Download docker desktop from docker hub

https://hub.docker.com/editions/community/docker-ce-desktop-mac


## Container Architecture
Docker enginge
- Docker engine runs containers and consists of the following parts
- - A server implemented by the **dockerd** service
- - A REST API which specifies interfaces that can be used by client commands
- - The **docker** command

<img src='screenshots/Container-Architecture.png'>

### Docker Registry
- Docker registries are used to store Docker images
- Docker hub is publicly available and used as the defualt
- Docker cloud is also publicly available
- Administrators can create private registries
- When using **docker pull** or **docker run** as image is pulled from the registry
- You can upload images using **docker push**

## Docker Objects
- **image**: a read-only template with instructions to crate docker container
- - Images are often based on their images
- - Default images are pulled from Docker registry, you can build yoru own images using Docekrile
- - - Each instruction in Dockerfile creates a layer in the image
- - - When rebuilding an image, only those layers that are changed are rebuilt
- **container**: a runnable instance of an image
- - Containers need persistent storage to keep modifications
- **services**: used in Docker swarm to scale containers accross multiple Docker daemons

## Operational Container Mangement
Working with Containers
- Show Docker version information: **docker version**
- Show current usage information: **docker info**
- Search containers: **docker search wordpress**
- Download an image: **docker pull wordpress**
- Verify: **docker images**
- Remove images: **docker rmi wordpress**
- Run a container in interactive mode: **docker run -dit --name centos --hostname="centos" centos /bin/bash**
- Verify running container: **docker ps -a**
- Connect to a container: **docker attach centos**
- Run a command in a container: **docker run centos /usr/bin/free -m**
- - After running the command, the container stops, but is still available on the system
- Run a command in a container and remove the container after doing so: **docker run --rm centos /usr/bin/df/ -h**
- - After running the command, the container stops, but is still available on the system
- Run a command in a container and remove the container after doing so: **docker run --rm centos /usr/bin/df -h**
- Show information about a running contianer: **docker top centos**
- Show top-like information about a container: **docker stats centos**
- Copy something from the container to localhost: **docker cp centos:/etc/hosts /root/**
- Run a command inside a container: **docker exec centos cat /etc/hostname**
- Kill a container: **docker kill centos**


## When Does Container Stop?
- Typically, when a container is started, a specific command is executed. When this command stops, the container stops as well
- **docker run --name demo1 centos:latest dd if=/dev/zero of=/dev/null**
- - This will start the container, and use the terminal to run the **dd** command
- - Use **docker ps** to see the active container
- - Use **ps aux**, you'll notice the dd process shows in the current process tree
- - Use **docker exec -it demo1 /bin/bash** and type ps aux. You'll see the dd process runnning as PID 1
- Type **docker stop domo-container**
- Now type **docker run --name demo2 centos:latest sleep 30**
- From another terminal, type **docker ps**
- Obsrever that the container will stop after executing its task
- Type **docker ps -a**, this will show a list of all containers that have been activated in the past
- Type **docker rm \< containername \>** to remove these containers
- - User **docker rm \$(docker ps -aq)** to delete all containers

## Run command on stopped container

In [None]:
%%bash
# docker commit <container id>
# docker run -it <newcontainer id> bash

## get IP of running container

In [None]:
%%bash
# docker ps
# docker inspect -f '{{ .NetworkSettings.IPAddress }}' <container name>

## Docker Architecture
<img src='screenshots/Docker-Architecture.png'>

# Docker Networking
<img src='screenshots/Docker-Networking.png'>

Docker Networking
- Default netowrking uses Linux bridges
- - Different containers on othe same host can communicate; communications with containers on theor hosts is not possible
- - As the bridge runs NAT, containers are not directly accessible from the outside
- Overlay networking: using overlay networking technologies allows containers to communicate if they're running on different hosts
- Other technologies do exist, but are irrelevant if you're going to use Kubernetes

## Exposing Container Ports
- By default, container ports are not accessible from the outside
- Use port mapping to make them accessible
- - **docker run -d --name httpd -p 8080:80 httpd**
- - **curl http://localhost:8080**
- Alternatively, you can specify an IP address for the port forward
- - **docker run -d --name httpd2 192.168.1.150:8090:80 httpd**

# Docker Storage
## Default Storage
- Containers are based on different filesystem layers
- You can modify contents of a running container, but storage by default is ephemeral: it's gone after a restart
- All modifications in running containers are written to a read/write filesystem layer that by default is removed when the container is stopped
- Notice taht this R/W filesystem layer should not be used for persistent storage, as it doesn't perform well
- Also notice that Docker keeps the ephemeral storage around for some time after the container is stopped, making it easier to troubleshoot based on information in logs

## Host Directory Storage
- Persistent storage can be offered by using a host directory
- The container will bind-mount to this host directory to write and access persistent data
- - Notice aht RHEL, this host directory should have the svirt_sandbox_file_t context label
- On the host directory, use **chown** to set the appropriate UID and GID as owner
- - Note that this refers to the UID and GID of a user in the container, which may not exist on othe host. For instance, on a mariadb container, the users that mariadb is using are UID 27 and GID 27. Apply these using **chown -R 27:27 /var/local/mysql**

code to configure persistent storage using mariadb

In [None]:
%%bash
mkdir -p /var/local/mysql
apt install selinux-utils
setenforce 0
chown -R 27:27 /var/local/mysql
docker pull mariadb
docker run --name mariadb -d -v /var/local/mysql:/var/lib/mysql -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=addresses -e MYSQL_ROOT_PASSWORD=password mariadb


## Lab: Operating Docker Containers
1. Start a container that runs the latest version of nginx
2. Verify that the container is available
3. Open a shell on the container and look which process currently are running
4. Expose your containers webserver port on the Docker host port 8088

In [None]:
%%bash
docker pull nginx
docker run -dit --name mynginx -p 8088:80 nginx bash
docker ps
docker attach mynginx

# kubectl
- **kubectl** is the generic Kubernetes management command
- It uses the ~/.kube/config file to find information on what to connect to
- It is available for all platforms to allow you to manage Kubernetes
- **kubectl** is the management command that needs to be available on the managemnet workstation
- You'll use it to interface the Kubernetes cluster, no matter where it will be running
- There are differetn ways to install it
- - From a cloud client
- - Run from a cloud shell
- - Compile form source
- - Run from the release binaries
- We'll install it from the release binaries on linux, and show how to use it on MacOS

## Installing kubectl on Linux from Release Binaries

1. Download the latest release with the command

In [None]:
%%bash
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl

2. Make the kubectl binary executable

In [None]:
%%bash
chmod -x kubectl

3. Move kubectl to /usr/local/bin so that it can be executable from command line

In [None]:
%%bash
mv kubectl /usr/local/bin

Check kubectl version, you might see a warning regarding server port forwarding, or localhost:port is not set. This is because we haven't set up minikube yet

In [1]:
%%bash
kubectl version

Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:15:22Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}


# Minikube
- Minikube is a single-VM demo environment that runs on top of VirtualBox
- The **minikube start** command will run a VirtualBox VM with a single-node Kubernetes deployment as well as a Docker engine
- It's not for porduction, but it's excellent for learning Kubernetes!

## Minikube Requirements
- Physical machine
- 2 GB of RAM (4GB recommended)
- Hardware assested virtualization
- No other virtualization stack

the ~/.kube file will give you the information about certificate in which you can configure your other machines to connect to your minikube environment


# Working with Kubectl
## Connecting to a Cluster
- Kubernetes uses a **config** file in ~/.kube to specify details about the cluster you want to connect to
- When setting up a cluster, this config file is automatically created, you may modify it manually
- Use **kubectl config view** to show current configurations

## Understanding the Kubernetes config file
- Config file is used to define 3 different elements:
- - cluster: the kubernetes cluster
- - user: the authorized user
- - context the part of the cluster the user wants to access, typically a namespace
- Multiple clusters, users and contexts can be referred to from one config file

## Connecting to a Remote Cluster
- When setting up a cluster, the config file is created automatically
- To connect to a remote cluster, you'll need to set up appropriate credentials, consisting of a client certificate and a client key
- User **kubectl config set-cluster mycluster --server=http://ip:port --api-version=-v1** to connect to the cluster
- Next, use **kubectl use-context mycluster** to start fusing it
- When working with multiple configuration files, set the KUBECONFIG variable with as the argument a list of config files where each file is separated by a ":"

link to kubernetes document to config multiple clusters
https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/

# Importing Images into Kubernetes
## Workflow Overview
- Use Docker images to create pods
- Kubernetes uses Pods as the smallest managed items
- Easily create basic Pods using the dashboard
- Or use YAML files for increased scalability
- To start using Kubernetes, you'll need to pull container images into the pods
- To use custom images, create your own Docker images and push them to the registry
- Alternatively, pull images from public containers
- - Use Docker Hub or any private container registry
- - Using Docker Hub images makes sense in a small private deployment
- Use the Kubernetes Dashboard for an easy way to get started
- - Start through **minkube dahboard**
- - Or by addressing port 30000 on the Kubernetes Master node