secret and configmap demo

https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/ 

nfs for k8

https://www.youtube.com/watch?v=zmzH3xpJCGs

root@ip-172-31-44-144:~# echo -n 'username'|base64

dXNlcm5hbWU=

root@ip-172-31-44-144:~# echo -n 'password'|base64

cGFzc3dvcmQ=

file: mongo-secret.yml

======

apiVersion: v1

kind: Secret

metadata:

  name: mongodb-seret

type: Opaque

data:

   mongo-root-username: dXNlcm5hbWU=

   mongo-root-password: cGFzc3dvcmQ=

  

  note: here we added encrypted  values

  

 

file: mongo.yml

======

apiVersion: apps/v1

kind: Deployment

metadata:

  name: mongodb-deployment

  labels:

    app: mongodb

spec:

  replicas: 1

  selector:

    matchLabels:

       app: mongodb

  template:

    metadata:

       labels:

         app: mongodb

    spec:

      containers:

         - name: mongodb

           image: mongo

   ports: 

     - containerPort: 27017

   env:

    - name: MONGO_INITDB_ROOT_USERNAME

  valueFrom:

      secretKeyRef:

    name: mongodb-secret

key: mongo-root-username

- name: MONGO_INITDB_ROOT_PASSWORD

  valueFrom:

                    secretKeyRef:

       name: mongodb-secret

   key: mongo-root-password

=============

   

mongodb-service:

apiVersion: v1

kind: Service

metadata:

   name: mongodb-service

spec:

   selector:

     app: mongodb

   ports:

      - protocol: TCP

    port: 27017

targetPort: 27017

----------------

mongoexpress-deployment.yml

apiVersion: app/v1

kind: Deployment

metadata:

  name: mongo-express

  labels:

    app: mongo-express

spec:

   replicas: 1

   selector: 

    matchLabels:

    app: mongo-express

template:

   metadata:

    labels:

  app: mongo-express

   spec:

      containers:

     - name: mongo-express

   image: mongo-express

   ports:

    - containerPort: 8081

   env:

    - name: ME_CONFIG_MONGODB_ADMINUSERNAME 

      valueFrom:

         secretKeyRef:

       name: mongodb-secret

   key: mongo-root-username

    - name: ME_CONFIG_MONGODB_ADMINPASSWORD  

      valueFrom:

         secretKeyRef:

       name: mongodb-secret

   key: mongo-root-password

    - name: ME_CONFIG_MONGODB_SERVER

      valueFrom:

         configMapKeyRef:

       name: mongodb-configmap

   key: database_url    

   

   

  

  

==========

mongo-configmap.yml

apiVersion: v1

kind: ConfigMap

metatdat: 

  name: mongodb-configmap

data:

  database_url:  mongodb-service

======

  

mongo-express-service.yml

apiVersion: v1

kind: Service

metatadata:

   name: mongo-express-service

spec:

  selector:

     app: mongo-express

  type: LoadBalancer  

  ports:

    - protocol: TCP

  port: 80881

  targetPort: 8081

  nodePort: 30000

Resource Quota - K8

  Resource Quota:

Object Base:

Number of pods per namespace

Compute  Base:

cpu 

memory

root@ip-172-31-3-126:~# kubectl create ns devns

namespace/devns created

root@ip-172-31-3-126:~# kubectl describe ns devns

Name:         devns

Labels:       kubernetes.io/metadata.name=devns

Annotations:  <none>

Status:       Active

No resource quota.

No LimitRange resource.

root@ip-172-31-3-126:~#

root@ip-172-31-3-126:~# kubectl explain resourcequota

KIND:     ResourceQuota

VERSION:  v1

DESCRIPTION:

     ResourceQuota sets aggregate quota restrictions enforced per namespace

FIELDS:

   apiVersion   <string>

     APIVersion defines the versioned schema of this representation of an

     object. Servers should convert recognized schemas to the latest internal

     value, and may reject unrecognized values. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

   kind <string>

     Kind is a string value representing the REST resource this object

     represents. Servers may infer this from the endpoint the client submits

     requests to. Cannot be updated. In CamelCase. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

   metadata     <Object>

     Standard object's metadata. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   spec <Object>

     Spec defines the desired quota.

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

   status       <Object>

     Status defines the actual enforced quota and its current usage.

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

===============

root@ip-172-31-3-126:~# cat myquota.yml

apiVersion: v1

kind: ResourceQuota

metadata:

   name: myquota

spec:

   hard:

     pods: 2

===========

root@ip-172-31-3-126:~#

root@ip-172-31-3-126:~# kubectl apply -f myquota.yml -n devns

resourcequota/myquota created

root@ip-172-31-3-126:~# kubectl describe ns devns

Name:         devns

Labels:       kubernetes.io/metadata.name=devns

Annotations:  <none>

Status:       Active

Resource Quotas

  Name:     myquota

  Resource  Used  Hard

  --------  ---   ---

  pods      0     2

No LimitRange resource.

root@ip-172-31-3-126:~#

================

pod yml:

apiVersion: v1

kind: Pod

metadata:

     name: mypod1

     labels:

         type: devpod

spec:

   containers:

           - name: my-container

             image: nginx

          

=========================

Create two Pods

root@ip-172-31-3-126:~# kubectl get pods -n devns

NAME     READY   STATUS    RESTARTS   AGE

mypod1   1/1     Running   0          3m8s

mypod2   1/1     Running   0          2m33s

root@ip-172-31-3-126:~#

root@ip-172-31-3-126:~# kubectl describe ns devns

Name:         devns

Labels:       kubernetes.io/metadata.name=devns

Annotations:  <none>

Status:       Active

Resource Quotas

  Name:     myquota

  Resource  Used  Hard

  --------  ---   ---

  pods      2     2

No LimitRange resource.

root@ip-172-31-3-126:~#

Now our  resource quota is fulll..

On trying to create new pod we will get below error.

root@ip-172-31-3-126:~# kubectl run webserver --image=nginx -n devns

Error from server (Forbidden): pods "webserver" is forbidden: exceeded quota: myquota, requested: pods=1, used: pods=2, limited: pods=2

root@ip-172-31-3-126:~#

Compute Base Quota:

creta yml with below details:

------------

apiVersion: v1

kind: ResourceQuota

metadata:

   name: myquota

spec:

   hard:

       requests.cpu: 0.5

       requests.memory: 500Mi

       limits.cpu: 1

       limits.memory: 1Gi

=-------------

root@ip-172-31-3-126:~# kubectl apply -f myquota.yml -n testns

resourcequota/myrsourcequota created

root@ip-172-31-3-126:~# kubectl describe ns testns

Name:         testns

Labels:       kubernetes.io/metadata.name=testns

Annotations:  <none>

Status:       Active

Resource Quotas

  Name:            myrsourcequota

  Resource         Used  Hard

  --------         ---   ---

  limits.cpu       0     1

  limits.memory    0     1Gi

  requests.cpu     0     500m

  requests.memory  0     500Mi

No LimitRange resource.

root@ip-172-31-3-126:~#

root@ip-172-31-3-126:~# kubectl get resourcequota -n testns

NAME             AGE     REQUEST                                          LIMIT

myrsourcequota   2m36s   requests.cpu: 0/500m, requests.memory: 0/500Mi   limits.cpu: 0/1, limits.memory: 0/1Gi

root@ip-172-31-3-126:~#

root@ip-172-31-3-126:~# kubectl run webserver --image=nginx -n testns

Error from server (Forbidden): pods "webserver" is forbidden: failed quota: myrsourcequota: must specify limits.cpu,limits.memory,requests.cpu,requests.memory

root@ip-172-31-3-126:~#

We cant run pod without resource details..

Create beow yml file with resource details:

apiVersion: v1

kind: Pod

metadata:

     name: mypod1

     labels:

         type: devpod

spec:

   containers:

           - name: my-container

             image: nginx

             resources:

                   requests:

                       memory: 250Mi

                       cpu: 0.1

                   limits:

                       cpu: 0.5

                       memory: 500Mi

===

root@ip-172-31-3-126:~# kubectl apply -f mypod.yml -n testns

pod/mypod1 created

root@ip-172-31-3-126:~# kubectl describe ns testns

Name:         testns

Labels:       kubernetes.io/metadata.name=testns

Annotations:  <none>

Status:       Active

Resource Quotas

  Name:            myrsourcequota

  Resource         Used   Hard

  --------         ---    ---

  limits.cpu       500m   1

  limits.memory    500Mi  1Gi

  requests.cpu     100m   500m

  requests.memory  250Mi  500Mi

No LimitRange resource.

root@ip-172-31-3-126:~# kubectl apply -f mypod.yml -n testns

pod/mypod2 created

root@ip-172-31-3-126:~# kubectl describe ns testns

Name:         testns

Labels:       kubernetes.io/metadata.name=testns

Annotations:  <none>

Status:       Active

Resource Quotas

  Name:            myrsourcequota

  Resource         Used    Hard

  --------         ---     ---

  limits.cpu       1       1

  limits.memory    1000Mi  1Gi

  requests.cpu     200m    500m

  requests.memory  500Mi   500Mi

No LimitRange resource.

root@ip-172-31-3-126:~#

Now our resource limit reached to hard limit..

We cant create pod

root@ip-172-31-3-126:~# kubectl apply -f mypod.yml -n testns

Error from server (Forbidden): error when creating "mypod.yml": pods "mypod3" is forbidden: exceeded quota: myrsourcequota, requested: limits.cpu=500m,limits.memory=500Mi,requests.memory=250Mi, used: limits.cpu=1,limits.memory=1000Mi,requests.memory=500Mi, limited: limits.cpu=1,limits.memory=1Gi,requests.memory=500Mi

root@ip-172-31-3-126:~#

=======

ReplicaSet

A ReplicaSet is one of the K8 controllers that makes sure we have a specified number of pod replicas running.

 Its advance version of ReplicationController.

ReplicaSets allow us to use “set-based” label selector (e.g environment in (production, qa) or tier notin (frontend, backend)) as opposed to “equality-based”(e.g environment = production or tier != frontend) which is what you use with replication controller.

 

Replica Set ensures how many replica of pod should be running. It can be considered as a replacement of replication controller. The key difference between the replica set and the replication controller is, the replication controller only supports equality-based selector whereas the replica set supports set-based selector.

ReplicaSets are the successors to ReplicationControllers. The two serve the same purpose, and behave similarly, except that a ReplicationController does not support set-based selector requirements as described in the labels user guide. As such, ReplicaSets are preferred over ReplicationController

hhttps://kubernetes.io/docs/concepts/workloads/controllers/replicase

https://www.kubermatic.com/blog/introduction-to-kubernetes-replicasets/

https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/

t/

ReplicationController

What is ReplicationController in Kubernetes?

Replication Controller ensure that number of specified replicas run at a time.

ReplicationControllr control POD  make sure desired number of PODs always be ready for service request.

If there are too many pods, the ReplicationController terminates the extra pods.

If there are too few, the ReplicationController starts more pods. 

Unlike manually created pods, the pods maintained by a ReplicationController are automatically replaced if they fail, are deleted, or are terminated.

Behavior:

Keeps POD running

Gives Direct Control of PODs.

Benefits:

Restart PODs , Desired State.

Fine grained control for scaling..

In above diagram we can see replication controller with pod count 2 and selector v1 keeps 2 PODs up.

and in second diagram we can see RC keep one POD always up.

When a node fails, only pods backed by a replication controller are recreated.

In above diagram we can see POD1 dies with node-1. POD2 created new replica on node2

Create Replication Controller:

Execute below command:

kubectl apply -f https://k8s.io/examples/controllers/replication.yaml

The output is similar to this:

replicationcontroller/nginx created

Replication Controller Yaml File:

root@ip-172-31-31-126:~# kubectl describe replicationcontrollers/nginx

Delete Replication Controller:

root@ip-172-31-31-126:~# kubectl get rc ==> Display available ReplicationController

NAME    DESIRED   CURRENT   READY   AGE

nginx   3         3         3       33m

root@ip-172-31-31-126:~# kubectl delete rc nginx  ==> It will delete RC nginx.

replicationcontroller "nginx" deleted

Scale Up:

root@ip-172-31-31-126:~# kubectl scale rc --replicas=7 nginx

replicationcontroller/nginx scaled

root@ip-172-31-31-126:~# kubectl get pods

NAME          READY   STATUS    RESTARTS   AGE

nginx-7pbtj   1/1     Running   0          10s

nginx-f247s   1/1     Running   0          10s

nginx-lj2ln   1/1     Running   0          2m31s

nginx-ptv2j   1/1     Running   0          2m31s

nginx-pzjq8   1/1     Running   0          10s

nginx-skltf   1/1     Running   0          10s

nginx-xm262   1/1     Running   0          2m31s

root@ip-172-31-31-126:~# kubectl get rc

NAME    DESIRED   CURRENT   READY   AGE

nginx   7         7         7       2m37s

root@ip-172-31-31-126:~#

 Scale Down:

root@ip-172-31-31-126:~# kubectl scale rc --replicas=3 nginx

replicationcontroller/nginx scaled

root@ip-172-31-31-126:~# kubectl get rc

NAME    DESIRED   CURRENT   READY   AGE

nginx   3         3         3       3m33s

root@ip-172-31-31-126:~# kubectl get pods

NAME          READY   STATUS    RESTARTS   AGE

nginx-lj2ln   1/1     Running   0          3m39s

nginx-ptv2j   1/1     Running   0          3m39s

nginx-xm262   1/1     Running   0          3m39s

Another option we can change yml file 

Minikube

What is MINIKUBE?

Minikube is single node kubernestes cluster.

Minikube installation on Ubuntu Server..

1)Create EC2 instance with minimum 2CPU and 2GB RAM.

2)Install docker using below command

apt-get install docker.io

3)Download minikube and kubectl

curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64

 

4)Execute below commands:

#mv minikube-linux-amd64  /usr/local/bin/minikube

#chmod 755 /usr/local/bin/minikube

#mv kubectl /usr/local/bin/kubectl

#chmod 755 /usr/local/bin/kubectl

#root@ip-172-31-31-126:~#  minikube version

minikube version: v1.25.1

commit: 3e64b11ed75e56e4898ea85f96b2e4af0301f43d

 

root@ip-172-31-31-126:~# kubectl version

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.3", GitCommit:"816c97ab8cff8a1c72eccca1026f7820e93e0d25", GitTreeState:"clean", BuildDate:"2022-01-25T21:25:17Z", GoVersion:"go1.17.6", Compiler:"gc", Platform:"linux/amd64"}

Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:34:54Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}

root@ip-172-31-31-126:~#

 

5)Start Minikube using below command

#minikube start --driver=none

 

6)Check Minikube Status:

 

root@ip-172-31-31-126:~# minikube status

minikube

type: Control Plane

host: Running

kubelet: Running

apiserver: Running

kubeconfig: Configured

 

7)Execute below command to check cluster info.

root@ip-172-31-31-126:~# kubectl cluster-info

Kubernetes control plane is running at https://172.31.31.126:8443

CoreDNS is running at https://172.31.31.126:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

root@ip-172-31-31-126:~# kubectl get nodes

NAME               STATUS   ROLES                  AGE     VERSION

ip-172-31-31-126   Ready    control-plane,master   5m48s   v1.23.1

 

init container

 Init Container:

Init Containers are the containers that should run and complete before the startup of the main container in the pod.

It provides a separate lifecycle for the initialization so that it enables separation of concerns in the applications.

For example if you need to install any software before main application start. Using init container you can do the software installation task.

root@ip-172-31-44-144:~# kubectl create -f init-demo.yml

pod/init-cont-demo created

root@ip-172-31-44-144:~#

root@ip-172-31-44-144:~# kubectl get pods

NAME             READY   STATUS    RESTARTS   AGE

init-cont-demo   1/1     Running   0          4s

root@ip-172-31-44-144:~# kubectl exec -it init-cont-demo -- /bin/sh

Defaulted container "nginx" out of: nginx, busybox (init)

# apt-get update && apt-get install -y curl

Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]

Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]

Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]

Get:4 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [122 kB]

Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [8183 kB]

Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2596 B]

Fetched 8507 kB in 1s (5699 kB/s)

Reading package lists... Done

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

curl is already the newest version (7.74.0-1.3+deb11u1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

# curl localhost

<html><h1>This is data from Init Container</h1><html>

#

DevOps Tools Info

Popular DevOps Tools:

Operating Systems/Deployment Platform : Linux, Unix, Windows

 Source Code Management Tools: Git, SVN, TFS

Continuous Integration:Jenkins, Teamcity, Bamboo, GitLab  CI, Hudson

Build Tools: Ant,Maven, Gradle

Code Review Tools: Sonarqube, Checkstyle

Artifactory: Jfrog, Nexus

Configuration Management Tools:  Ansible, Chef, Puppet, Udeploy

Monitoring Tools: Nagios, Appdynamics, ELK

Cloud Service Provider: AWS, GCP, Azure, Digital Ocean

Application Server: Tomcat, Jboss, Weblogic, Webshpere

Load Balancer: Nginx, HA proxy

Test Automation Tools: Selenium, Junit

Container Platform: Docker

Container Orchestration: Kubernestes, Docker Swarm

Scripting: Python, Bash Shell

What is DevOps?

 

DevOps is an emerging model of product delivery and full lifecycle management that emphasises a holistic, end-to-end process. We view it as the “engine room of change” that allows new ideas to be delivered quickly. 

DevOps not only seeks to remove the silos between Development and Operations, but all of the key stakeholders in the application lifecycle.

It involves small teams from software and operational disciplines working collaboratively with each other and the business community to deliver deployable applications that will run and scale reliably, maximising payback. DevOps also involves introducing software automation tools to improve the speed, quality and reliability of the software deployment process.

Traditional models of application development and service delivery, which have multiple handovers between silos, face challenges when trying to achieve higher rates of change. Some of these existing models of delivery such as PRINCE2 and ITIL are over 20 years old, and pre-date many of the recent innovations in IT such as the Cloud, Infrastructure as Code, software defined networking, improved version control and collaboration tools.

Benefits Of DevOps:

Early detection of failure

Better Resource Utilization

Faster time to Market

Transparency in execution

Single click dployment

Promoted Builds

Governance with approval bassed releases.

Automated approach.

Quality releases

Enhanced recovery time.

Productivity gains

Decision support

7 Cs of DevOps

1)Communication

2)Collaboration

3)Controlled process

4)Continuous Integration

5)Continuous Deployment & Delivery

6)Continuous Testing

7)Continuous Monitoring

What is CI?

Continuous integration is a development practice that requires developer to integrate code into a shared repository several times a day.

Each check in is the verified by an automated build, allowing teams to detect problem early.

By Integrating regularly, you can detect errors quickly, and locate them more easily.

What is Continuous Delivery ?

Continuous delivery is a DevOps Software development practice where code changes are automatically  built,tested, and prepared for a release to production with manual approval process.

What is Continuous Deployment?

If the approval process becomes automated then after staging, the code change is done directly to production system this is called continuous deployment

Tools and Technology: