# Container Orchestration

## What is Kubernetes
- Kubernetes, also referred to as K8s, is Greek and means helmsman or pilot
- - So it's the captain of the ship with all the dcontainers
- Kubernetes is an extensive open-source platform for managing containerized workloads and services
- It comes from Google Borgn a system that Google has been useing since 2002 to run its applications

## What Else is Kubernetes?
- It's open-source software for automating deployment, scaling, and orchestration of containerized applications
- - Instead of running containers with the **docker** command, you'll use the **kubernetes** command to run them
- It is about running multiple connected containers, organized in Pods, or deployments runnimg on different hosts, where community of service is guaranteed
- It has become the de factor standard for orchestration of containers
- With a new release every 3 months, it is rapidly evolving

<img src='screenshots/Simple-Kubernetes-Architecture.png'>

## Kubernetes Architecture
<img src='screenshots/Kubernetes-Architecture.png'>


## Cloud Native Computing Foundation
- Google donated Kubernetes to the Cloud Native Computing Foundation (CNCF), which is a foundation in Linux Foundation
- CNCF is a governing body that solves issues faced by any cloud native allications (so not just Kubernetes)
- CNCF owns the copyright to Kubernetes
- Kubernetes itself uses an Apache license
- Developers need to sign a Contributor License Agreement with CNCF

# Containers

## What is a Container?
- A container is a solution that bundles an application and all of its dependencies in a box
- - Kernel is not included
- This box can run on virtually any platform, as long as that platform runs a container engine
- Containers are based on an image, from the idmage you can spin multiple containers
- - When the container is crete it runs a process on the host kernel. The host kernel isolates resources belonging to each container
- - For resource isolation, namespaces are used
- - To dedicate resources, cgroups are used

## Container Filesystems
- Container images consist of different layers
- These layers are joined in the union filesystem
- By overlaying these layers, a new virtual filesystem is created
- The layers are joined in images, and by default are read-only
- When a container is started, the ephemeral read-write layer is added

## Why Containers are Successful
- Very fast deployment
- Flexible, as they run anywhere
- Easy to scale up and down
- Very resource-efficient
- Little footprint
- Portable

# Installing Docker
## On Ubuntu
### 1. Prerequisites
The very first step is to remove any default Docker packages from the system before installation Docker on a Linux VPS. Execute commands to remove unnecessary Docker versions

In [None]:
%%bash
sudo apt-get purge docker lxc-docker docker-engine docker.io

Now install some required packages on your system for installing Docker on Ubuntu system. Run the below commands to do this:

In [None]:
%%bash
sudo apt-get install  curl  apt-transport-https ca-certificates software-properties-common

### 2. Setup Docker Repository
Now import dockers official GPG key to verify packages signature before installing them with apt-get. Run the below command on terminal.

In [None]:
%%bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add 

After that add the Docker repository on your Ubuntu system which contains Docker packages including its dependencies. You must have to enable this repository to install Docker on Ubuntu.

In [None]:
%%bash
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

### 3. Install Docker on Ubuntu
Your system is now ready for Docker installation. Run the following commands to upgrade apt index and then install Docker community edition on Ubuntu.

In [None]:
%%bash
sudo apt-get update
sudo apt-get install docker-ce
sudo systemctl status docker

## On Red Hat
### 1. Install yum-utils and epel-release

In [None]:
%%bash
yum install -y yum-utils
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

### 2. Add Docker CE to yum repos

In [None]:
%%bash
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

### 3. Install container-selinux package

In [None]:
%%bash
yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.33-1.git86f33cd.el7.noarch.rpm

### 4. Install Docker CE
The container-selinux package is available from the rhel-7-server-extras-rpms channel. you can enable it using.

In [None]:
%%bash
subscription-manager repos --enable=rhel-7-server-extras-rpms

In [None]:
%%bash
yum install -y docker-ce
docker --version

### 5. Restart docker service and enable it

In [None]:
%%bash
systemctl restart docker
systemctl enable docker

## Mac OS
Download docker desktop from docker hub

https://hub.docker.com/editions/community/docker-ce-desktop-mac


## Container Architecture
Docker enginge
- Docker engine runs containers and consists of the following parts
- - A server implemented by the **dockerd** service
- - A REST API which specifies interfaces that can be used by client commands
- - The **docker** command

<img src='screenshots/Container-Architecture.png'>

### Docker Registry
- Docker registries are used to store Docker images
- Docker hub is publicly available and used as the defualt
- Docker cloud is also publicly available
- Administrators can create private registries
- When using **docker pull** or **docker run** as image is pulled from the registry
- You can upload images using **docker push**

## Docker Objects
- **image**: a read-only template with instructions to crate docker container
- - Images are often based on their images
- - Default images are pulled from Docker registry, you can build yoru own images using Docekrile
- - - Each instruction in Dockerfile creates a layer in the image
- - - When rebuilding an image, only those layers that are changed are rebuilt
- **container**: a runnable instance of an image
- - Containers need persistent storage to keep modifications
- **services**: used in Docker swarm to scale containers accross multiple Docker daemons

## Operational Container Mangement
Working with Containers
- Show Docker version information: **docker version**
- Show current usage information: **docker info**
- Search containers: **docker search wordpress**
- Download an image: **docker pull wordpress**
- Verify: **docker images**
- Remove images: **docker rmi wordpress**
- Run a container in interactive mode: **docker run -dit --name centos --hostname="centos" centos /bin/bash**
- Verify running container: **docker ps -a**
- Connect to a container: **docker attach centos**
- Run a command in a container: **docker run centos /usr/bin/free -m**
- - After running the command, the container stops, but is still available on the system
- Run a command in a container and remove the container after doing so: **docker run --rm centos /usr/bin/df/ -h**
- - After running the command, the container stops, but is still available on the system
- Run a command in a container and remove the container after doing so: **docker run --rm centos /usr/bin/df -h**
- Show information about a running contianer: **docker top centos**
- Show top-like information about a container: **docker stats centos**
- Copy something from the container to localhost: **docker cp centos:/etc/hosts /root/**
- Run a command inside a container: **docker exec centos cat /etc/hostname**
- Kill a container: **docker kill centos**


## When Does Container Stop?
- Typically, when a container is started, a specific command is executed. When this command stops, the container stops as well
- **docker run --name demo1 centos:latest dd if=/dev/zero of=/dev/null**
- - This will start the container, and use the terminal to run the **dd** command
- - Use **docker ps** to see the active container
- - Use **ps aux**, you'll notice the dd process shows in the current process tree
- - Use **docker exec -it demo1 /bin/bash** and type ps aux. You'll see the dd process runnning as PID 1
- Type **docker stop domo-container**
- Now type **docker run --name demo2 centos:latest sleep 30**
- From another terminal, type **docker ps**
- Obsrever that the container will stop after executing its task
- Type **docker ps -a**, this will show a list of all containers that have been activated in the past
- Type **docker rm \< containername \>** to remove these containers
- - User **docker rm \$(docker ps -aq)** to delete all containers

## Run command on stopped container

In [None]:
%%bash
# docker commit <container id>
# docker run -it <newcontainer id> bash

## get IP of running container

In [None]:
%%bash
# docker ps
# docker inspect -f '{{ .NetworkSettings.IPAddress }}' <container name>

## Docker Architecture
<img src='screenshots/Docker-Architecture.png'>

# Docker Networking
<img src='screenshots/Docker-Networking.png'>

Docker Networking
- Default netowrking uses Linux bridges
- - Different containers on othe same host can communicate; communications with containers on theor hosts is not possible
- - As the bridge runs NAT, containers are not directly accessible from the outside
- Overlay networking: using overlay networking technologies allows containers to communicate if they're running on different hosts
- Other technologies do exist, but are irrelevant if you're going to use Kubernetes

## Exposing Container Ports
- By default, container ports are not accessible from the outside
- Use port mapping to make them accessible
- - **docker run -d --name httpd -p 8080:80 httpd**
- - **curl http://localhost:8080**
- Alternatively, you can specify an IP address for the port forward
- - **docker run -d --name httpd2 192.168.1.150:8090:80 httpd**

# Docker Storage
## Default Storage
- Containers are based on different filesystem layers
- You can modify contents of a running container, but storage by default is ephemeral: it's gone after a restart
- All modifications in running containers are written to a read/write filesystem layer that by default is removed when the container is stopped
- Notice taht this R/W filesystem layer should not be used for persistent storage, as it doesn't perform well
- Also notice that Docker keeps the ephemeral storage around for some time after the container is stopped, making it easier to troubleshoot based on information in logs

## Host Directory Storage
- Persistent storage can be offered by using a host directory
- The container will bind-mount to this host directory to write and access persistent data
- - Notice aht RHEL, this host directory should have the svirt_sandbox_file_t context label
- On the host directory, use **chown** to set the appropriate UID and GID as owner
- - Note that this refers to the UID and GID of a user in the container, which may not exist on othe host. For instance, on a mariadb container, the users that mariadb is using are UID 27 and GID 27. Apply these using **chown -R 27:27 /var/local/mysql**

code to configure persistent storage using mariadb

In [None]:
%%bash
mkdir -p /var/local/mysql
apt install selinux-utils
setenforce 0
chown -R 27:27 /var/local/mysql
docker pull mariadb
docker run --name mariadb -d -v /var/local/mysql:/var/lib/mysql -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=addresses -e MYSQL_ROOT_PASSWORD=password mariadb


## Lab: Operating Docker Containers
1. Start a container that runs the latest version of nginx
2. Verify that the container is available
3. Open a shell on the container and look which process currently are running
4. Expose your containers webserver port on the Docker host port 8088

In [None]:
%%bash
docker pull nginx
docker run -dit --name mynginx -p 8088:80 nginx bash
docker ps
docker attach mynginx

# kubectl
- **kubectl** is the generic Kubernetes management command
- It uses the ~/.kube/config file to find information on what to connect to
- It is available for all platforms to allow you to manage Kubernetes
- **kubectl** is the management command that needs to be available on the managemnet workstation
- You'll use it to interface the Kubernetes cluster, no matter where it will be running
- There are differetn ways to install it
- - From a cloud client
- - Run from a cloud shell
- - Compile form source
- - Run from the release binaries
- We'll install it from the release binaries on linux, and show how to use it on MacOS

## Installing kubectl on Linux from Release Binaries

1. Download the latest release with the command

In [None]:
%%bash
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl

2. Make the kubectl binary executable

In [None]:
%%bash
chmod -x kubectl

3. Move kubectl to /usr/local/bin so that it can be executable from command line

In [None]:
%%bash
mv kubectl /usr/local/bin

Check kubectl version, you might see a warning regarding server port forwarding, or localhost:port is not set. This is because we haven't set up minikube yet

In [None]:
%%bash
kubectl version

Setting up port forwarding

In [2]:
%%bash
firewall-cmd --list-all
# to get the firewall, mine is public, so I set my zone to be public
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --permenant --zone=public --add-forward-port=port=8433:proto=tcp:toport=8433:toaddress=192.168.99.100

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp2s0
  sources: 
  services: ssh dhcpv6-client
  ports: 
  protocols: 
  masquerade: yes
  forward-ports: port=8433:proto=tcp:toport=8433:toaddr=192.168.99.100
  source-ports: 
  icmp-blocks: 
  rich rules: 
	


## Installing kubectl on MacOS from Release Binaries

In [None]:
%%bash
# install homebrew
/usr/bin/rube -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew install kubectl
kubectl version

# Minikube
- Minikube is a single-VM demo environment that runs on top of VirtualBox
- The **minikube start** command will run a VirtualBox VM with a single-node Kubernetes deployment as well as a Docker engine
- It's not for production, but it's excellent for learning Kubernetes!

## Minikube Requirements
- Physical machine
- 2 GB of RAM (4GB recommended)
- Hardware assested virtualization
- No other virtualization stack

the ~/.kube file will give you the information about certificate in which you can configure your other machines to connect to your minikube environment


## Installing Minikube

In [None]:
%%bash
# to check if virtualization is supported
grep -E --color 'vmx|svm' /proc/cpuinfo

Install virtualbox

In [None]:
%%bash
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
  && chmod +x minikube

In [None]:
%%bash
sudo install minikube /usr/local/bin

In [None]:
%%bash
minikube start

One reason for failure if that happens is when minikube don't like your network. Try your home network.

Sometimes it can remedied with minikube stop, minikube delete and minikube start

In [4]:
%%bash
kubectl cluster-info

[0;32mKubernetes master[0m is running at [0;33mhttps://192.168.99.103:8443[0m
[0;32mKubeDNS[0m is running at [0;33mhttps://192.168.99.103:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy[0m

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.


In [5]:
%%bash
kubectl get nodes

NAME       STATUS   ROLES    AGE   VERSION
minikube   Ready    master   24h   v1.15.2


# Working with Kubectl
## Connecting to a Cluster
- Kubernetes uses a **config** file in ~/.kube to specify details about the cluster you want to connect to
- When setting up a cluster, this config file is automatically created, you may modify it manually
- Use **kubectl config view** to show current configurations

In [8]:
%%bash
cd ~/.kube
cat config

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/yi/.minikube/ca.crt
    server: https://192.168.99.103:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /home/yi/.minikube/client.crt
    client-key: /home/yi/.minikube/client.key


The ~/.kube/config file gives us the server, the certificate authority. The client certificate and client key.

You will copy over the client certificate and client key in which you copy to other machines that you want to connect to

In [9]:
%%bash
kubectl cluster-info
kubectl get nodes

[0;32mKubernetes master[0m is running at [0;33mhttps://192.168.99.103:8443[0m
[0;32mKubeDNS[0m is running at [0;33mhttps://192.168.99.103:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy[0m

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
NAME       STATUS   ROLES    AGE   VERSION
minikube   Ready    master   24h   v1.15.2


To ssh into minikube

In [None]:
%%bash
minikube ssh

Show ip of minikube

In [None]:
%%bash
minikube ip

Minikube dashboard

In [None]:
%%bash
minikube dashboard

minikube log information

In [None]:
%%bash
minikube logs

### kubectl run

In [3]:
%%bash
kubectl run --help | head -20

Create and run a particular image, possibly replicated.

 Creates a deployment or job to manage the created container(s).

Examples:
  # Start a single instance of nginx.
  kubectl run nginx --image=nginx
  
  # Start a single instance of hazelcast and let the container expose port 5701 .
  kubectl run hazelcast --image=hazelcast --port=5701
  
  # Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.
  kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
  
  # Start a single instance of hazelcast and set labels "app=hazelcast" and "env=prod" in the container.
  kubectl run hazelcast --image=hazelcast --labels="app=hazelcast,env=prod"
  
  # Start a replicated instance of nginx.
  kubectl run nginx --image=nginx --replicas=5
  


In [None]:
%%bash
kubectl run nginx -- image=nginx

### kubectl get

In [None]:
%%bash
kubectl get --help | head -15

In [6]:
%%bash
kubectl get pods
kubectl get endpoints

NAME                       READY   STATUS    RESTARTS   AGE
mynginx-8567cfb87c-892xw   1/1     Running   0          19h
mynginx-8567cfb87c-8mxhw   1/1     Running   0          19h
nginx-7bb7cd8db5-glkr6     1/1     Running   0          20h
NAME         ENDPOINTS             AGE
kubernetes   192.168.99.103:8443   25h


## Understanding the Kubernetes config file
- Config file is used to define 3 different elements:
- - cluster: the kubernetes cluster
- - user: the authorized user
- - context the part of the cluster the user wants to access, typically a namespace
- Multiple clusters, users and contexts can be referred to from one config file



In [7]:
%%bash
cat ~/.kube/config

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/yi/.minikube/ca.crt
    server: https://192.168.99.103:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /home/yi/.minikube/client.crt
    client-key: /home/yi/.minikube/client.key


## Connecting to a Remote Cluster
- When setting up a cluster, the config file is created automatically
- To connect to a remote cluster, you'll need to set up appropriate credentials, consisting of a client certificate and a client key
- User **kubectl config set-cluster mycluster --server=http://ip:port --api-version=-v1** to connect to the cluster
- Next, use **kubectl use-context mycluster** to start fusing it
- When working with multiple configuration files, set the KUBECONFIG variable with as the argument a list of config files where each file is separated by a ":"

link to kubernetes document to config multiple clusters
https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/

# Importing Images into Kubernetes
## Workflow Overview
- Use Docker images to create pods
- Kubernetes uses Pods as the smallest managed items
- - Kubernetes doesn't manage containers, it manages pods
- Easily create basic Pods using the dashboard
- Or use YAML files for increased scalability
- To start using Kubernetes, you'll need to pull container images into the pods
- To use custom images, create your own Docker images and push them to the registry
- Alternatively, pull images from public containers
- - Use Docker Hub or any private container registry
- - Using Docker Hub images makes sense in a small private deployment
- Use the Kubernetes Dashboard for an easy way to get started
- - Start through **minkube dahboard**
- - Or by addressing port 30000 on the Kubernetes Master node

# Creating Pods with YAML Files
- use **kubectl** with a YAML file to make creating pods easy
- **kubectl create -f /< name />.yaml --validate=false**
- **kubectl get pods** will show the new pod
- **kubectl describe pods** shows all details about pods, including the information about its containers
- - **kubectl describe pods busybox**
- - **kubectl describe pods busybox -o yaml**
- - **kubectl describe pods busybox -o json**

The following is the script for busybox.yaml

To create pods using busybox.yaml

In [4]:
%%bash
cd yaml-files
kubectl create -f busybox.yaml --validate=false

pod/busybox created


In [8]:
%%bash
kubectl get pods
kubectl describe pods busybox | head -20

NAME                       READY   STATUS    RESTARTS   AGE
busybox                    1/1     Running   0          63s
mynginx-8567cfb87c-892xw   1/1     Running   2          3d8h
mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d8h
nginx-7bb7cd8db5-glkr6     1/1     Running   2          3d9h
Name:         busybox
Namespace:    default
Priority:     0
Node:         minikube/10.0.2.15
Start Time:   Wed, 18 Sep 2019 20:46:13 -0700
Labels:       <none>
Annotations:  <none>
Status:       Running
IP:           172.17.0.8
Containers:
  busybox:
    Container ID:  docker://22d8b9de343d961e8c9f2bbc17597392bd25fd07472b9f2e1b2471fc21e9d1b5
    Image:         busybox
    Image ID:      docker-pullable://busybox@sha256:fe301db49df08c384001ed752dff6d52b4305a73a7f608f21528048e8a08b51e
    Port:          <none>
    Host Port:     <none>
    Command:
      sleep
      3600
    State:          Running


## Lab: Running a Kubernetes Application
Instructions
- Lookup the images that are available to deploy an Apache web server as kubernetes application
- Write a YAML file that runs the Apache web server
- Verify its operations

In [None]:
%%bash
docker search apache

In [12]:
%%bash
cd yaml-files
kubectl create -f apache.yaml

pod/apache created


In [13]:
%%bash
kubectl get pods

NAME                       READY   STATUS              RESTARTS   AGE
apache                     0/1     ContainerCreating   0          13s
busybox                    1/1     Running             0          17m
mynginx-8567cfb87c-892xw   1/1     Running             2          3d8h
mynginx-8567cfb87c-8mxhw   1/1     Running             2          3d8h
nginx-7bb7cd8db5-glkr6     1/1     Running             2          3d10h


# Kubernetes Components
## Kubernetes Resource
<img src='screenshots/Kubernetes-Resource.png'>


namespace: restrict isolation between resources

<img src='screenshots/Namespace.png'>

## Pod
- A group of one or more containers, share storage and networking, and a specification of how to run these containers
- All containers in the pod are always co-located and co-scheduled
- Everything within a pod runs within a shared context
- You can see a pod as an application or logical host
- Pods are considered to be ephemeral, if a pod is stopped it to go away
- If the node running a pod crashes, the pod will be schedule to go somewhere else
- Pods implement the application you want to offer to end users
- Everything within a pod needs to work together, so you don't want to work at a container level
- Containers in the pod have the following requirements which make sense running them in he same pod
- - deployment: it all belong together
- - co-location
- - shared fate, as containers depends on one another
- - resource sharing
- - dependency management

## Pod Networking
- Applications in a pod all use the same network namespace
- - One IP address for the pod
- - One range of ports that needs to be shared by all containers in the pod
- Therefore, containers in a pod must coordinate their usage of ports
- Each pod has one IP address
- The hostname to that IP address is set to the pods name

## Starting Pods
- Individual Pods can be started using **kubectl create -f /< name />.yaml**
- Alternatively, use the Dashboard running on port 30000
- After starting a pod, use **kubectl get pods** to get an overview of all running pods
- **kubectl describe pods** showsd all details about a pod
- Use **kubectl delete pod podname** to delete it

# Namespaces
- A namespace is a strict isolation that occurs on Linux kernel level
- - It is like building datacenters in a kubernetes environment
- - One namespace is not visible from another namespace
- Every **kubectl** request uses namespaces to ensure that resources are strictly separated and names don't have to be unique
- Namespaces can be added when creating a pod, thus ensuring that a pod is available in a specific namespace only
- Before adding a pod to a namespace, ensure that the namespace exists
- Use namespaces in cluster environments with many users that are spread across multiple teams and projects

## Default Namespaces
- By default, Kubernetes has 3 namespaces
- - default
- - kube-public
- - kube-system

## Working with namespace
- **kubectl get ns** will list all the namespaces

In [14]:
%%bash
kubectl get ns

NAME              STATUS   AGE
default           Active   3d23h
kube-node-lease   Active   3d23h
kube-public       Active   3d23h
kube-system       Active   3d23h


specifying namespace of a pod in a yaml file

You must first create the namespace before creating a pod that belongs to that namespace.

To create a namespace us
- **kubectl create ns /< name of namespace />

In [16]:
%%bash
kubectl create ns secret

namespace/secret created


In [18]:
%%bash
cd yaml-files
kubectl create -f busybox-ns.yaml

pod/busybox2 created


In [20]:
%%bash
kubectl get ns secret -o yaml
kubectl get ns secret -o json

apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: "2019-09-19T13:29:16Z"
  name: secret
  resourceVersion: "165156"
  selfLink: /api/v1/namespaces/secret
  uid: 7d49d16a-33d0-4d1f-b818-a866f79f69d9
spec:
  finalizers:
  - kubernetes
status:
  phase: Active
{
    "apiVersion": "v1",
    "kind": "Namespace",
    "metadata": {
        "creationTimestamp": "2019-09-19T13:29:16Z",
        "name": "secret",
        "resourceVersion": "165156",
        "selfLink": "/api/v1/namespaces/secret",
        "uid": "7d49d16a-33d0-4d1f-b818-a866f79f69d9"
    },
    "spec": {
        "finalizers": [
            "kubernetes"
        ]
    },
    "status": {
        "phase": "Active"
    }
}


# Replica Sets
- The pod is the most basic entity in Kubernetes
- Replica sets come next and are used to determine the number of instances that are needed of a pod
- Replica sets replace replication controllers  that were used in previous versions of Kubernetes
- - Replication controller-based commands like **kubectl get rc** won't work anymore
- Replication sets can be created directly, buit shouldn't use deployments instead
- Applications that are launched through a deployment automatically create replica sets

In [23]:
%%bash
kubectl run nginx-1 --image=nginx

deployment.apps/nginx-1 created


kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.


In [24]:
%%bash
kubectl get deployments

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
mynginx   2/2     2            2           3d19h
nginx     1/1     1            1           74s
nginx-1   1/1     1            1           35s


In [25]:
%%bash
kubectl get rs

NAME                 DESIRED   CURRENT   READY   AGE
mynginx-8567cfb87c   2         2         2       3d19h
nginx-1-75ff6fd8c7   1         1         1       45s
nginx-7bb7cd8db5     1         1         1       84s


Scaling up replica set using scale

In [26]:
%%bash
kubectl scale --help | head -20 

Set a new size for a Deployment, ReplicaSet, Replication Controller, or StatefulSet.

 Scale also allows users to specify one or more preconditions for the scale action.

 If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.

Examples:
  # Scale a replicaset named 'foo' to 3.
  kubectl scale --replicas=3 rs/foo
  
  # Scale a resource identified by type and name specified in "foo.yaml" to 3.
  kubectl scale --replicas=3 -f foo.yaml
  
  # If the deployment named mysql's current size is 2, scale mysql to 3.
  kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
  
  # Scale multiple replication controllers.
  kubectl scale --replicas=5 rc/foo rc/bar rc/baz
  
  # Scale statefulset named 'web' to 3.


In [29]:
%%bash
kubectl scale rs nginx-1-75ff6fd8c7 --replicas=3

replicaset.extensions/nginx-1-75ff6fd8c7 scaled


In [32]:
%%bash
kubectl get rs

NAME                 DESIRED   CURRENT   READY   AGE
mynginx-8567cfb87c   2         2         2       3d19h
nginx-1-75ff6fd8c7   1         1         1       4m44s
nginx-7bb7cd8db5     1         1         1       5m23s


This doens't work because scaling occurs at deployment level not replica level

In [33]:
%%bash
kubectl scale --replicas=3 deployment nginx-1

deployment.extensions/nginx-1 scaled


In [34]:
%%bash
kubectl get rs

NAME                 DESIRED   CURRENT   READY   AGE
mynginx-8567cfb87c   2         2         2       3d19h
nginx-1-75ff6fd8c7   3         3         3       6m42s
nginx-7bb7cd8db5     1         1         1       7m21s


# Deployments
- Deployments are used to create and automate replica sets
- Deployments instruct the cluster how to create and scale applications
- Deployment controller will monitor instances of an application
- Deployments allow for the creation of multiple replica sets for rolling updates or rollbacks

In [35]:
%%bash
kubectl get all

NAME                           READY   STATUS    RESTARTS   AGE
pod/apache                     1/1     Running   10         10h
pod/busybox                    1/1     Running   10         11h
pod/mynginx-8567cfb87c-892xw   1/1     Running   2          3d19h
pod/mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d19h
pod/nginx-1-75ff6fd8c7-2zf4f   1/1     Running   0          19m
pod/nginx-1-75ff6fd8c7-4p6ch   1/1     Running   0          19m
pod/nginx-1-75ff6fd8c7-6cdvb   1/1     Running   0          25m
pod/nginx-7bb7cd8db5-s59kh     1/1     Running   0          26m
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   4d1h
NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/mynginx   2/2     2            2           3d19h
deployment.apps/nginx     1/1     1            1           26m
deployment.apps/nginx-1   3/3     3            3           25m
NAME             












In [36]:
%%bash
kubectl get deployments

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
mynginx   2/2     2            2           3d19h
nginx     1/1     1            1           27m
nginx-1   3/3     3            3           26m


In [55]:
%%bash
kubectl get pods | grep nginx-1

nginx-1-75ff6fd8c7-2zf4f   1/1     Running   0          26m
nginx-1-75ff6fd8c7-4p6ch   1/1     Running   0          26m
nginx-1-75ff6fd8c7-6cdvb   1/1     Running   0          33m


In [57]:
%%bash
kubectl delete deployments nginx-1

deployment.extensions "nginx-1" deleted


## Lab: Running a Deployment
- Start a deployment that runs any application you like
- Use the appropriate commands to verify the availability of the deployment, replica sets as well as pods
- Analyze the YAML code that was used to generate the deployment
- Open the web dashboard and see which objects have been created
- Use kubectl logs to show all logs from the deployment you've created in the last hour

In [68]:
%%bash
cd yaml-files
kubectl apply -f apache-deployment.yaml

deployment.apps/apache created


In [69]:
%%bash
kubectl get deployments
kubectl get pods

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
apache    3/3     3            3           22s
mynginx   2/2     2            2           3d20h
nginx     1/1     1            1           66m
NAME                       READY   STATUS    RESTARTS   AGE
apache                     1/1     Running   11         11h
apache-74484f7fc4-659bt    1/1     Running   0          22s
apache-74484f7fc4-69l4r    1/1     Running   0          22s
apache-74484f7fc4-xqqx5    1/1     Running   0          22s
busybox                    1/1     Running   11         11h
mynginx-8567cfb87c-892xw   1/1     Running   2          3d20h
mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d20h
nginx-7bb7cd8db5-s59kh     1/1     Running   0          66m


In [81]:
%%bash
kubectl logs -lapp=apache --all-containers=true

# Object Properties
- When creating a pod or deployment, different properties are set
- Use **kubectl describe pods /< name />** to see properties of a specific pod
- Use **kubectl get {deployments|rs|pods} -o yaml** for an overview of all properties

## Object Properties Section
- The object properites are shown in different sections, which are listed under the items:
- **apiVersion**: the most recetn version of the API that allows us to use this type
- **kind**: the type of object
- **metadata**: current object metadata, may include items not shown here such as **podAffinity** and **nodeAffinity**
- **spec**: run-time parameters used by this object
- **status**: current status information

## Common Object Properties
- **apiVersion**: the current version of the API
- **list**: declaration of the list of items
- **annotations**: additional information about the object
- **creationTimestamp**: indicates when the object was created
- **generation**: how many times this object has been edited
- **labels**: strings that can bes used for further identification
- **name**: anme of this object, set from the command line
- **resourceVersion**: version of this object as maintained in the etcd database
- **selfLink**: link to the location of this information in the API
- **uid**: unique UID
- **replicas**: number of replicas that is expected
- **selector**: a collection of values that is used for determining availability of replicas
- **matchLabels**: label that is used internally to determine where the resource should be scheduled
- **strategy**: contains values about how to update pods
- **maxSurge**: maximum additional number of pods that can be created. Can be higher than the desired number of pods to guarantee continued access before deleting old pods
- **maxUnavailable**: the maximum number of pods that may be in an unavailable dstate
- **type**: type of resource
- ### **template**: data for the replicaset to determine how to deploy the object
- ### **containers**: specifications for the econtainers that should be used
- **resources**: may be used to set resource restrictions, such as limit on the number of CPUs or memory
- **terminationMessagePath**: where to send log messages to
- **terminationMessagePolicy**: how to deal with termination messages, defaults to "file"
- **dnsPolicy**: determines how to deal with DNS messages. By default these will dbe handled by Kubernetes DNS and not local resolver
- **restartPolicy**: what happens if the container gets killed
- **schedulerName**: allows Kubernetes to use something else than the default Kubernetes schedduler
- **securityContext**: allows for specification of security properties, such as SELinux context, suer or UID that the containers should use
- **terminationGracePeriodSeconds**: how long it takes for a SIGKILL to kick in if the container is not terminated properly

**(status parameters)**
- **availableReplicas**: default number of replicas that has been specified
- **observedGeneration**: shows how often the object has been updated

In [83]:
%%bash
kubectl get deployments nginx -o yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2019-09-19T14:29:57Z"
  generation: 1
  labels:
    run: nginx
  name: nginx
  namespace: default
  resourceVersion: "168069"
  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/nginx
  uid: c1806755-8f98-45c6-a22d-884a03d31edd
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      run: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        run: nginx
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-sc

# Labels
- A label is an arbitrary string that administrators can use to select or exclude objects
- It is a convenient filtering tool
- They can be used to group objects which do not have an obvious relation by themselves
- Example labels:
- - release: stable, release: beta
- - environment: dev, environment: production
- Labels can be used from the command line, or from YAML files to use nodeSelectors

## nodeSelectors
- **nodeSelector** can be used to identify nodes where a Pod is allowed to run
- To use them, set labels to nodes, using **kubectl label node mynode disktype=hdd**
- Verify using **kubectl get nodes --show-labels**
- Add **nodeSelector** to your Pod specification

Since the nodeSelector is nvidia-p100, the node will one run on hardware with nvidia-p100

## Setting Labels
- **kubectl label pods \< name \> foo=bar**
- **kubectl get pods --show-labels**
- Set the label in the metadata section when creating an object

to get all the pods along with their labels **kubectl get pods -Lrun**

In [84]:
%%bash
kubectl get pods -Lrun

NAME                       READY   STATUS    RESTARTS   AGE     RUN
apache                     1/1     Running   13         14h     
apache-74484f7fc4-659bt    1/1     Running   2          176m    
apache-74484f7fc4-69l4r    1/1     Running   2          176m    
apache-74484f7fc4-xqqx5    1/1     Running   2          176m    
busybox                    1/1     Running   13         14h     
mynginx-8567cfb87c-892xw   1/1     Running   2          3d23h   
mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d23h   
nginx-7bb7cd8db5-s59kh     1/1     Running   0          4h3m    nginx


In [85]:
%%bash
kubectl get pods -l run=nginx

NAME                     READY   STATUS    RESTARTS   AGE
nginx-7bb7cd8db5-s59kh   1/1     Running   0          4h3m


In [88]:
%%bash
kubectl get pods -l run=nginx -o yaml | head -20

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: "2019-09-19T14:29:57Z"
    generateName: nginx-7bb7cd8db5-
    labels:
      pod-template-hash: 7bb7cd8db5
      run: nginx
    name: nginx-7bb7cd8db5-s59kh
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: nginx-7bb7cd8db5
      uid: 060d00cb-c69d-44e8-9130-31a5e97f862a
    resourceVersion: "168067"


# Scaling Deployments
- **kubectl scale deployment nginx --replicas=3**
- - Notice that scaling deployments may fail because of limited availability of resources
- **kubectl get deployment nginx -o json**
- - Notice that different output formats are available, use **-o yaml** if you prefer seeing it in yaml, or **-o json** for json
- - In the output, look for the labels; a run label is automatically added
- **kubectl get pods -Lrun** filters on pods with the label running
- - The run label is used to determine if sufficient replicas are available
- - Remove one "run" label and you'll notice that a new pod will be created immediately
- - User **kubectl label pods /< name /> run-** to remove the label run

In [89]:
%%bash
kubectl scale deployment nginx --replicas=3

deployment.extensions/nginx scaled


In [90]:
%%bash
kubectl get pods -l run=nginx

NAME                     READY   STATUS    RESTARTS   AGE
nginx-7bb7cd8db5-6vlgd   1/1     Running   0          24s
nginx-7bb7cd8db5-kqmqq   1/1     Running   0          24s
nginx-7bb7cd8db5-s59kh   1/1     Running   0          4h19m


In [91]:
%%bash
kubectl label pods nginx-7bb7cd8db5-s59kh run-

pod/nginx-7bb7cd8db5-s59kh labeled


In [93]:
%%bash
kubectl get pods -Lrun

NAME                       READY   STATUS    RESTARTS   AGE     RUN
apache                     1/1     Running   13         14h     
apache-74484f7fc4-659bt    1/1     Running   2          3h14m   
apache-74484f7fc4-69l4r    1/1     Running   2          3h14m   
apache-74484f7fc4-xqqx5    1/1     Running   2          3h14m   
busybox                    1/1     Running   14         15h     
mynginx-8567cfb87c-892xw   1/1     Running   2          3d23h   
mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d23h   
nginx-7bb7cd8db5-6vlgd     1/1     Running   0          102s    nginx
nginx-7bb7cd8db5-ct2d2     1/1     Running   0          33s     nginx
nginx-7bb7cd8db5-kqmqq     1/1     Running   0          102s    nginx
nginx-7bb7cd8db5-s59kh     1/1     Running   0          4h20m   


In [95]:
%%bash
kubectl label pods nginx-7bb7cd8db5-kqmqq run-; kubectl get pods -Lrun

pod/nginx-7bb7cd8db5-kqmqq labeled
NAME                       READY   STATUS    RESTARTS   AGE     RUN
apache                     1/1     Running   13         14h     
apache-74484f7fc4-659bt    1/1     Running   2          3h16m   
apache-74484f7fc4-69l4r    1/1     Running   2          3h16m   
apache-74484f7fc4-xqqx5    1/1     Running   2          3h16m   
busybox                    1/1     Running   14         15h     
mynginx-8567cfb87c-892xw   1/1     Running   2          3d23h   
mynginx-8567cfb87c-8mxhw   1/1     Running   2          3d23h   
nginx-7bb7cd8db5-6vlgd     1/1     Running   0          3m17s   nginx
nginx-7bb7cd8db5-9m92s     0/1     Pending   0          0s      nginx
nginx-7bb7cd8db5-ct2d2     1/1     Running   0          2m8s    nginx
nginx-7bb7cd8db5-kqmqq     1/1     Running   0          3m17s   
nginx-7bb7cd8db5-s59kh     1/1     Running   0          4h22m   


# Rolling Upgrades
- A rolling update is a change of properties in a deployment that needs to be pushed to the pods
- - Current number of replicas
- - Any other property, like version of the image to use
- Updates are rolling by nature, they will be applied pod after pos so the continuity of service can be guaranteed
- Rolling Upgrades can be triggered by editing an object and changing a value

# DaemonSet
- DaemonSet is a controller that ensures that a single pod exists on each node in the cluster
- - If a new ndoe is added, the DaemonSet controller will add a pod automatically
- Rolling out a daemonset works like starting a deployment, just set **kind: DaemonSet** in the application YAML file

# Rollback
- Actions are stored in the object, so it's possible to perform rollbacks if that is required
- Use **kubectl rollout history** for an overview of past activity
- Failback using **kubectl rollout undo**
- How rollback is applied, depends on the update strategy
- - if set to OnDelete, it will be applied on deletion
- - if set to RollingUpdate, it will be applied imediately

In [102]:
%%bash
kubectl rollout history deployment nginx

deployment.extensions/nginx 
REVISION  CHANGE-CAUSE
1         <none>



In [106]:
%%bash
kubectl get deployments nginx -o yaml | grep -i -A 4 strategy

  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate


### performming rollout
Change the image of our 'nginx' deployment to nginx:1.8.1-alpine

In [108]:
%%bash
kubectl set image deployment nginx nginx=nginx:1.8.1-alpine

deployment.extensions/nginx image updated


In [109]:
%%bash
kubectl describe pods nginx | grep -i image

    Image:          nginx:1.8.1-alpine
    Image ID:       docker-pullable://nginx@sha256:c2a5ac30408999baabdc9b8e1d1aa2c404b6f441fab99b70d7aa1091144a2846
  Normal  Pulling    2m33s  kubelet, minikube  Pulling image "nginx:1.8.1-alpine"
  Normal  Pulled     2m32s  kubelet, minikube  Successfully pulled image "nginx:1.8.1-alpine"
    Image:          nginx:1.8.1-alpine
    Image ID:       docker-pullable://nginx@sha256:c2a5ac30408999baabdc9b8e1d1aa2c404b6f441fab99b70d7aa1091144a2846
  Normal  Pulling    2m39s  kubelet, minikube  Pulling image "nginx:1.8.1-alpine"
  Normal  Pulled     2m38s  kubelet, minikube  Successfully pulled image "nginx:1.8.1-alpine"
    Image:          nginx:1.8.1-alpine
    Image ID:       docker-pullable://nginx@sha256:c2a5ac30408999baabdc9b8e1d1aa2c404b6f441fab99b70d7aa1091144a2846
  Normal  Pulling    2m48s  kubelet, minikube  Pulling image "nginx:1.8.1-alpine"
  Normal  Pulled     2m42s  kubelet, minikube  Successfully pulled image "nginx:1.8.1-alpine"
    Ima

### Monitoring rollout history

In [110]:
%%bash
kubectl rollout history deployment nginx

deployment.extensions/nginx 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>



In [111]:
%%bash
kubectl rollout history deployment nginx --revision=1

deployment.extensions/nginx with revision #1
Pod Template:
  Labels:	pod-template-hash=7bb7cd8db5
	run=nginx
  Containers:
   nginx:
    Image:	nginx
    Port:	<none>
    Host Port:	<none>
    Environment:	<none>
    Mounts:	<none>
  Volumes:	<none>



### Performing Rollback

In [112]:
%%bash
kubectl rollout undo deployment nginx --to-revision=1

deployment.extensions/nginx rolled back


In [113]:
%%bash
kubectl describe pods nginx | grep -i image

    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:9688d0dae8812dd2437947b756393eb0779487e361aa2ffbc3a529dca61f102c
  Normal  Pulling    22s   kubelet, minikube  Pulling image "nginx"
  Normal  Pulled     21s   kubelet, minikube  Successfully pulled image "nginx"
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:9688d0dae8812dd2437947b756393eb0779487e361aa2ffbc3a529dca61f102c
  Normal  Pulling    26s   kubelet, minikube  Pulling image "nginx"
  Normal  Pulled     25s   kubelet, minikube  Successfully pulled image "nginx"
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:9688d0dae8812dd2437947b756393eb0779487e361aa2ffbc3a529dca61f102c
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:9688d0dae8812dd2437947b756393eb0779487e361aa2ffbc3a529dca61f102c
  Normal  Pulling    30s   kubelet, minikube  Pulling image "nginx"
  Normal  Pulled     28s   kubelet, minikube  Successfully pulled im

# Kubernetes Networking
- Networking between containers within a Pod
- Networking between pods
- External exposure of services

## Kubernetes Networking Needs
- Connecting pods to other pods across nodes (East-west traffic)
- Service discovery and load balancing
- Exposing services for external clients (North-south traffic)
- Segmenting networks to increase pod security

## Intra-pod Communication Requirements
- Communication between pods happen without NAT
- All nodes running pods can communicate to all other nodes running pods without NAT
- No IP masking: the IP that the pod sees is the same as how other pods see it

<img src='screenshots/Intra-Pod-Networking.png'>

## Networking Inside a Pod
- Within the Pod, containers communicate directly to one another
- This is internal communication, handled by Docker as Kubernetes uses the Pod as the lowest level entity
- Docker offers host private networking, where a virtual bridge docker0 is created
- For each container that Docker creates, a Virtual Ethernet Device is created and this is attached to the bridge
- The eth0 within the container uses an IP address from docker0 bridge address range
- As a result, Docker containers can communicate wo one another only if they're on the same host
- This is also sconfigured on purpose, using network isolation through namespaces

### Other Communication Options
- As containers within a pod really are processes running on the same host, they can find each other via localhost
- Other standard POSIX inter-process communication methods do apply as well
- - System V semaphores
- - POSIX shared memory


Lets show the networking by the virtual bridge

In [None]:
%%bash
minikube ssh
brctl show

### To Show the IP addresses of the Pods

In [1]:
%%bash
kubectl get pods -o wide

NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE   READINESS GATES
apache                     1/1     Running   30         32h     172.17.0.9    minikube   <none>           <none>
apache-74484f7fc4-659bt    1/1     Running   19         21h     172.17.0.11   minikube   <none>           <none>
apache-74484f7fc4-69l4r    1/1     Running   19         21h     172.17.0.13   minikube   <none>           <none>
apache-74484f7fc4-xqqx5    1/1     Running   19         21h     172.17.0.12   minikube   <none>           <none>
busybox                    1/1     Running   31         33h     172.17.0.8    minikube   <none>           <none>
mynginx-8567cfb87c-892xw   1/1     Running   2          4d17h   172.17.0.3    minikube   <none>           <none>
mynginx-8567cfb87c-8mxhw   1/1     Running   2          4d17h   172.17.0.4    minikube   <none>           <none>
nginx-7bb7cd8db5-6w5qw     1/1     Running   0          35m     172.17.0.17   minikube 

## Pod to Pod Networking

### Understanding the CNI (Container Network Interface)
- Kubernetes uses CNI plugins to implement Pod-to-Pod networking
- CNI plugins provide 3 types of networking
- - layer 2 (switching)
- - layer 3 (routing)
- - overlay networking

### CNI Layer 2 Configuration
- Pods and nodes see subnets used for pod IP addresses as a singler layer 2 domain
- Pod-to-pod communication happens through ARP (Address Resolution Protocol)
- In layer 2 you need a bridge plugin
- Bridge plugin example:

### CNI Layer 3 Configuration
- A layer 2 configuration is not scalable. For scalability, use routing, not switching
- To do so, different plugins are available
- - The Flanner plugin is one of the most common, but others exists
- - Consult documentation at kubernetes.io for more details

### CNI Overlay Configurations
- Overlay solutions can be used to define the network completely in software, and use encapsulation - which looks a lot like VPN - to send packets from one pod to another pod
- To use encapsulation, a tunnel interface is needed
- Common encapsulation mechanisms such as VXLAN, GRE and more can be used to do so

<img src='screenshots/Container-Network-Interface.png'>

## Exposing Services
- To expose functionality externally, services can be used
- A service refers to a set of pods which is based on labels
- Services work with publicly accessible IP addresses

## Lab: Exploring Network Configuration
Explore Kubernetes networking all the way down the stack, and make sure to answer the following questions
- - Which network devices does Kubernetes create on the nodes?
- - Which network devices does Docker create on the nodes?
- - Which IP addresses are used by your pods?
- - Whcih IP addresses are used by the containers in your pods?

In [None]:
%%bash
// answer
minikube ssh
su -
brctl
brctl show
docker ps
docker ps | wc
docker inspect <container id>
for i in $(docker ps | awk '{ print $1 }'); 
do docker inspect -f '{{ .NetworkSettings.IPAddress }}' $i; 
done

exit
exit

kubectl get pods -o wide

# Accessing Pods

## Using Kubernetes Proxy
- Kubernetes Proxy can be used to access a Kubernetes service locally without exposing it
- After starting kubectl proxy, the service is accessible on the host where **kubectl proxy** was started
- - Start as a background process, or it will occupy the current shell
- To access a service usingthe proxy, use the API URL
- - **curl http://localhost:8001/api/v1/namespaces/default/services/ghost: \< ghost-port \>**

In [None]:
%%bash
kubectl proxy &
echo ""

In [None]:
%%bash
curl http://localhost:8001/version

In [9]:
%%bash
curl http://localhost:8001/api/v1 | head -20 

{
  "kind": "APIResourceList",
  "groupVersion": "v1",
  "resources": [
    {
      "name": "bindings",
      "singularName": "",
      "namespaced": true,
      "kind": "Binding",
      "verbs": [
        "create"
      ]
    },
    {
      "name": "componentstatuses",
      "singularName": "",
      "namespaced": false,
      "kind": "ComponentStatus",
      "verbs": [
        "get",


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 10098    0 10098    0     0   896k      0 --:--:-- --:--:-- --:--:--  986k


In [14]:
%%bash
curl http://localhost:8001/api/v1/namespaces/default/services | head -30

{
  "kind": "ServiceList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/namespaces/default/services",
    "resourceVersion": "272988"
  },
  "items": [
    {
      "metadata": {
        "name": "kubernetes",
        "namespace": "default",
        "selfLink": "/api/v1/namespaces/default/services/kubernetes",
        "uid": "695bf662-0df3-41ee-8b12-58d9290a3655",
        "resourceVersion": "154",
        "creationTimestamp": "2019-09-15T13:15:46Z",
        "labels": {
          "component": "apiserver",
          "provider": "kubernetes"
        }
      },
      "spec": {
        "ports": [
          {
            "name": "https",
            "protocol": "TCP",
            "port": 443,
            "targetPort": 8443
          }
        ],


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   956  100   956    0     0  79666      0 --:--:-- --:--:-- --:--:-- 79666


## User Port Forwarding
- Port forwarding provides an easy way to connect to services running in the pod
- The exposed port will be available on the Kubernetes management workstation
- **kubectl port-forward http 8000:80 &** forwards port 80 on the pod httpd to port 8000 on localhost

In [22]:
%%bash
kubectl run http --image=httpd

deployment.apps/http created


kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.


In [24]:
%%bash
kubectl get deployments
kubectl get pods

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
apache    3/3     3            3           25h
http      1/1     1            1           2m58s
mynginx   2/2     2            2           4d21h
nginx     3/3     3            3           26h
NAME                       READY   STATUS    RESTARTS   AGE
apache                     1/1     Running   34         37h
apache-74484f7fc4-659bt    1/1     Running   22         25h
apache-74484f7fc4-69l4r    1/1     Running   22         25h
apache-74484f7fc4-xqqx5    1/1     Running   22         25h
busybox                    1/1     Running   34         37h
http-7b99698fc5-shwgm      1/1     Running   0          2m58s
mynginx-8567cfb87c-892xw   1/1     Running   2          4d21h
mynginx-8567cfb87c-8mxhw   1/1     Running   2          4d21h
nginx-7bb7cd8db5-6w5qw     1/1     Running   0          4h52m
nginx-7bb7cd8db5-khvt6     1/1     Running   0          4h52m
nginx-7bb7cd8db5-kqmqq     1/1     Running   0          22h
nginx-7bb7cd8db5-pdl5v     1/1 

In [None]:
%%bash
kubectl port-forward http-7b99698fc5-shwgm 8000:80 &
echo ""

In [3]:
%%bash
curl localhost:8000

<html><body><h1>It works!</h1></body></html>


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    45  100    45    0     0   1451      0 --:--:-- --:--:-- --:--:--  1451


## Using Services
- Anything running in a pod is for internal use only. To expose containers in a pod to the outside world, you'll need services
- Also, services provide a higher level of flexibility in making sure that containers are available
- A default service is created for Kubernetes, custom services can be created using **kubectl expose**
- Label selectors can be used to determine which pods are added to a service
- - Labels make working with services more flexible and intuitive, it's not mandatory to use them

### Creating Services
- Before you can put a pod in a service, it's a good idea to set a label
- - Use **kubectl describe pod http** and look for the label section, it contains key-value pairs that can be used
- - Set the label using **kubectl label pod httpd dept=sales**
- Expose pods to services, using **kubectl expose pod httpd --type="NodePort" --port=80**
- - Pods, deployments, replication sets and replication controllers can be exposed
- - It's also possible to expose a service through a second service
- Use **kubectl get services** to verify that a pod has been exposed
- **kubectl delete services \< name \>** will un-expose it
- Deleting a service does not delete the pod, it just un-expose it

In [4]:
%%bash
kubectl get deployments

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
apache    3/3     3            3           26h
http      1/1     1            1           44m
mynginx   2/2     2            2           4d22h
nginx     3/3     3            3           27h


In [5]:
%%bash
kubectl get services

NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   5d4h


In [7]:
%%bash
kubectl expose deployment http --port=80 --type=NodePort

service/http exposed


In [8]:
%%bash
kubectl get services

NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
http         NodePort    10.100.161.38   <none>        80:32195/TCP   31s
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        5d4h


In [12]:
%%bash
kubectl get services http -o yaml

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2019-09-20T18:15:14Z"
  labels:
    run: http
  name: http
  namespace: default
  resourceVersion: "278880"
  selfLink: /api/v1/namespaces/default/services/http
  uid: 4250db4b-e592-46a7-84bd-c5b6107a187e
spec:
  clusterIP: 10.100.161.38
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32195
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: http
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}


In [None]:
%%bash
# library to handle json
sudo apt-get install jq

In [63]:
%%bash
mip=`minikube ip`
nodeport=`kubectl get services http -o json | jq -r '.spec.ports[0].nodePort'`
curl ${mip}:${nodeport}

<html><body><h1>It works!</h1></body></html>


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    45  100    45    0     0  45000      0 --:--:-- --:--:-- --:--:-- 45000


In [67]:
%%bash
kubectl delete service http

service "http" deleted


## DNS in Kubernetes Services
- With services exposing themselves on dynamic ports, resolving service names is challenging
- As a solution, DNS is included by default in the Kubernetes platforms
- As a result, DNS name lookup from within a pod to an exposed service happens automatically

In [68]:
%%bash
kubectl expose deployment http --port=80 --type=NodePort

service/http exposed


since latest busybox have trouble with nslookup at this point we revert busybox back to 1.28 version, it is done on the yaml file

In [None]:
%%bash
kubectl delete pod busybox
kubectl create -f busybox.yaml

In [69]:
%%bash
kubectl exec -it busybox -- nslookup http

Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      http
Address 1: 10.107.67.207 http.default.svc.cluster.local


Unable to use a TTY - input is not a terminal or the right kind of file


### Understanding DNS Implementation
- Kubernetes provides a kube-dns pod that had 3 containers implement the DNS service
- The DNS server and the DNS domain that the cluster is using are provided as startup options of the kubelet process
- - Optionally, add --resov-conf to the Kubelet to use alternative DNS servers

In [None]:
%%bash
minikube ssh
docker ps -a | grep dns
ps aux | grep dns
exit

In [70]:
%%bash
kubectl exec busybox cat /etc/resolv.conf

nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5


## Service Types
service types determine how srevices are accessed
- **ClusterIP**: default, provides internal access only by exposing the service on a cluster-internal IP
- **NodePort**: exposes a port on Kubernetes hosts
- - When using NodePort, each node will proxy that port into the Service
- **LoadBalancer**: available in public cloud solutions. Can be used in private cloud if Kubenetes provides a plugin for that cloud type

## Ingress
- ### Ingress can be used to give services externally reachable URLs
- An Ingress controller is required for offering Ingress services
- Any service that can be used as reversed proxy can be used as Ingress controller
- - Currently, best support is available for the Nginx controller
- To enable Ingress on Minikube use **minikube addons enable ingress**
- Notice that Ingress is currently beta and further development is expected
- - Check https://kubernetes.io/docs/concepts/services-networking/ingress/ for up to date information

### Using Ingress
- Verify service availability
- Create an Ingress YAML file
- Add teh Ingress object to the API
- Access the service usign the Ingress rule

To check if ingress is enabled

In [1]:
%%bash
minikube addons list

- addon-manager: enabled
- dashboard: enabled
- default-storageclass: enabled
- efk: disabled
- freshpod: disabled
- gvisor: disabled
- heapster: disabled
- ingress: disabled
- logviewer: disabled
- metrics-server: disabled
- nvidia-driver-installer: disabled
- nvidia-gpu-device-plugin: disabled
- registry: disabled
- registry-creds: disabled
- storage-provisioner: enabled
- storage-provisioner-gluster: disabled


Since it is disabled, we will enable it

In [2]:
%%bash
minikube addons enable ingress

* ingress was successfully enabled


In [3]:
%%bash
minikube addons list

- addon-manager: enabled
- dashboard: enabled
- default-storageclass: enabled
- efk: disabled
- freshpod: disabled
- gvisor: disabled
- heapster: disabled
- ingress: enabled
- logviewer: disabled
- metrics-server: disabled
- nvidia-driver-installer: disabled
- nvidia-gpu-device-plugin: disabled
- registry: disabled
- registry-creds: disabled
- storage-provisioner: enabled
- storage-provisioner-gluster: disabled


In [5]:
%%bash
kubectl get services
kubectl get pods

NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
http         NodePort    10.107.67.207   <none>        80:31002/TCP   2d6h
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        7d12h
NAME                       READY   STATUS             RESTARTS   AGE
apache                     1/1     Running            49         3d22h
apache-74484f7fc4-659bt    1/1     Running            38         3d10h
apache-74484f7fc4-69l4r    1/1     Running            38         3d10h
apache-74484f7fc4-xqqx5    1/1     Running            38         3d10h
busybox                    1/1     Running            13         2d4h
busybox-f8b8d9598-jm7st    0/1     CrashLoopBackOff   166        2d6h
http-7b99698fc5-shwgm      1/1     Running            1          2d8h
mynginx-8567cfb87c-892xw   1/1     Running            3          7d6h
mynginx-8567cfb87c-8mxhw   1/1     Running            3          7d6h
nginx-7bb7cd8db5-6w5qw     1/1     Running            1          2d13h
n

We need nginx service

In [6]:
%%bash
kubectl expose deployment nginx --port=80 --type=NodePort

service/nginx exposed


In [7]:
%%bash
kubectl get services

NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
http         NodePort    10.107.67.207    <none>        80:31002/TCP   2d6h
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        7d12h
nginx        NodePort    10.109.205.171   <none>        80:31518/TCP   17s


In [8]:
%%bash
kubectl get deployments

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
apache    3/3     3            3           3d10h
busybox   0/1     1            0           2d6h
http      1/1     1            1           2d8h
mynginx   2/2     2            2           7d6h
nginx     3/3     3            3           3d11h


yaml file to create ingress

In [None]:
// nginx-in.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host:
    http:
      paths:
      - path: /nginx
        backend:
          serviceName: nginx
          servicePort: 80

In [25]:
%%bash
cd yaml-files
kubectl create -f nginx-in.yaml

ingress.extensions/nginx-ingress created


In [29]:
%%bash
kubectl get ingress

NAME            HOSTS   ADDRESS     PORTS   AGE
nginx-ingress   *       10.0.2.15   80      12s


In [28]:
%%bash
kubectl get ingress nginx-ingress -o yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/rewrite-target: /
  creationTimestamp: "2019-09-23T03:00:04Z"
  generation: 1
  name: nginx-ingress
  namespace: default
  resourceVersion: "348888"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/nginx-ingress
  uid: f5b2812a-a660-45a3-bee2-95982b72e765
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: 80
        path: /nginx
status:
  loadBalancer:
    ingress:
    - ip: 10.0.2.15


In [None]:
%%bash
curl https://10.0.2.15/nginx

# Volumes

## Kubernetes Storage
- Container storage by nature is ephemeral
- Pod starage exist for the pod lifetime
- - After termination of a container, the storage remains available
- Persistent volumnes go beyond the lifetime of a pod
- Many types of storage can be provided
- Alternative storage is provided in 2 different ways to the pod
- - The ConfigMap API object is used for regular data
- - The Secret API object can be used for encoded data

## Volume Access
- Volumes are defined at the pod level
- Volumes are mounted into the container
- Multiple pods may access the same volume
- Outside locking is required to provent data corruption
- When accessing volumes, the pod can request a specific access mode
- - RWO (ReadWriteOnce) allows read-write access by one node
- - ROX (ReadOnlyMany) allows read-only by multiple nodes
- - RWX (ReadWriteMany) allows read-write access by many nodes

<img src='screenshots/Volume-Types.png'>

## Managing Volumes
- Creating the Volume
- - **kubectl create -f volumes.yaml --validate=false**
- - **kubectl get pods**
- After creation, test that you can use it
- - **kubectl exec -it vol -c centos -- touch /test/myfile
- - **kubectl exec -it vol -c centos -- ls -l /test
- - Note: try this command without --


In [5]:
%%bash
cd yaml-files
kubectl create -f morevolumes.yaml

pod/morevol created


In [None]:
%%bash
kubectl get pods

In [None]:
%%bash
kubectl exec -it morevol -c centos -- touch /centos/test

In [None]:
%%bash
kubectl exec -it morevol -c centos2 -- ls -l /centos2

## Persistent Volumes
- A PersistentVolume (PV) is an independent Kubernetes resouce
- The PV is not dependent from any pod and therefor survives a pod
- The PersistentVolumeClaim (PVC) is a request to use a PV. In a PVC, specific storage properties can be requested

### Volume Lifecycle
- Provisioning: PVs can be provisioned statically or dynamically
- Binding: the user requests access to a PV using a PVC
- Using: pods use claims as volumes
- Reclaiming: this is what happens after the user is done with the volume and the PVC is removed. Volumes can be in different states
- - Retain: keeps data intact
- - Delete: deletes the API object as well as the storage
- - Recycle: removed contents of the storage mountpoint (will be deprected soon)

### Configuring PersistentVolume Usage
High level overview
- The cluster administrator creates a PersistentVolume
- The cluster user creates a PersistentVolumeClaim
- The user creates a Pod that uses the PersistentVolumeClaim as storage
The Persistent volume claim is the glue between the persistent volume object and the pod that uses the persistent volume object as storage

### PV Demo 1
Prepare the hostPath persistent Volume
- **minikube ssh**
- **mkdir /mnt/data*
- **echo "Kubernetes Storage" > /mnt/data/index.html**

Create a PersistentVolume
- Create pv.yaml (see example)
- **kubectl create -f pv.yaml**
- **kubectl get pv pv.yaml**; notice that the status  us set to available which means it is not currently used by a PVC

### PV Demo 2
Create a PVC
- Create pvc.yaml (see example)
- **kubectl create -f pvc.yaml**
- **kubectl get pv pv-volume**
- **kubectl get pvc pv-claim**
Create a Pod
- Create pv-pod.yaml (see example)
- **kubectl create -f pv-pod.yaml**
- **kubectl get pod pv-pod**
- **kubectl exec -it pv-pod -- /bin/bash**
- **apt-get update; apt-get unstall curl**
- **curl localhost**

Prepare the hostpath persistent volume

In [None]:
%%bash
minikube ssh
sudo -i
mkdir /mnt/data
echo "my hostpath storage" > /mnt/data/index.html
exit
exit

Creating a persistent volume

In [7]:
%%bash
cd yaml-files
kubectl create -f pv.yaml

persistentvolume/pv-volume created


In [9]:
%%bash
kubectl get persistentvolumes

NAME        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
pv-volume   2Gi        RWO            Retain           Available           manual                  27s


Create a Persistent Volume Claim

In [15]:
%%bash
cd yaml-files
kubectl create -f pvc.yaml

persistentvolumeclaim/pv-claim created


In [17]:
%%bash
kubectl get persistentvolumes

NAME        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM              STORAGECLASS   REASON   AGE
pv-volume   2Gi        RWO            Retain           Bound    default/pv-claim   manual                  13m


You can see that the Claim column is not empty.

In [20]:
%%bash
kubectl get persistentvolumeclaims

NAME       STATUS   VOLUME      CAPACITY   ACCESS MODES   STORAGECLASS   AGE
pv-claim   Bound    pv-volume   2Gi        RWO            manual         2m43s


In [22]:
%%bash
cd yaml-files
kubectl create -f pv-pod.yaml

pod/pv-pod created


In [26]:
%%bash
kubectl get pods pv-pod

NAME     READY   STATUS    RESTARTS   AGE
pv-pod   1/1     Running   0          47s


In [None]:
%%bash
kubectl exec -it pv-pod -- bash
apt-get update
apt-get install curl -y
curl localhost