-
-
Save g2g/b36912e278e1c448ea3befc0fa92164c to your computer and use it in GitHub Desktop.
Revisions
-
tuannvm renamed this gist
Dec 16, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 13, 2020 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -77,6 +77,10 @@ spec: ## Workflow Credit: https://www.reddit.com/user/__brennerm/  - (kube-scheduler, controller-manager, etcd) --443--> API Server - API Server --10055--> kubelet -
Dec 13, 2020 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,7 @@ - [General Usage](#general-usage) - [Template](#template) - [Hooks](#hooks) - [Chart Repository](#chart-repository) - [Signing](#signing) - [Test](#test) - [Flow Control](#flow-control) @@ -272,7 +272,7 @@ metadata: "helm.sh/hook-weight": "-5" ``` ## Chart Repository Read [more](https://github.com/kubernetes/helm/blob/master/docs/chart_repository.md#the-index-file) -
Dec 13, 2020 . 1 changed file with 4 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,7 @@ # Helm CheatSheet - [Helm CheatSheet](#helm-cheatsheet) - [Get Started](#get-started) - [Struture](#struture) - [General Usage](#general-usage) - [Template](#template) @@ -21,9 +19,7 @@ - [Glob-patterns & encoding](#glob-patterns--encoding) - [YAML reference](#yaml-reference) ## Get Started - https://deis.com/blog/2016/getting-started-authoring-helm-charts/ - https://docs.bitnami.com/kubernetes/how-to/ -
Dec 13, 2020 . 1 changed file with 46 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,51 @@ # Kubernetes cheatsheet - [Kubernetes cheatsheet](#kubernetes-cheatsheet) - [Getting Started](#getting-started) - [Sample yaml](#sample-yaml) - [Workflow](#workflow) - [Physical components](#physical-components) - [Master](#master) - [Node](#node) - [Everything is an object - persistent entities](#everything-is-an-object---persistent-entities) - [Namespaces](#namespaces) - [Labels](#labels) - [ClusterIP](#clusterip) - [Controller manager](#controller-manager) - [Kube-scheduler](#kube-scheduler) - [Pod](#pod) - [Status](#status) - [Probe](#probe) - [Pod priorities](#pod-priorities) - [Multi-Container Pods](#multi-container-pods) - [Init containers](#init-containers) - [Lifecycle hooks](#lifecycle-hooks) - [Quality of Service (QoS)](#quality-of-service-qos) - [PodPreset](#podpreset) - [ReplicaSet](#replicaset) - [Deployments](#deployments) - [ReplicationController](#replicationcontroller) - [DaemonSet](#daemonset) - [StatefulSet](#statefulset) - [Job (batch/v1)](#job-batchv1) - [Cronjob](#cronjob) - [Horizontal pod autoscaler](#horizontal-pod-autoscaler) - [Services](#services) - [Volumes](#volumes) - [Persistent volumes](#persistent-volumes) - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac) - [Custom Resource Definitions](#custom-resource-definitions) - [Notes](#notes) - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) - [Resource limit](#resource-limit) - [CPU](#cpu) - [Memory](#memory) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) - [Downward API](#downward-api) - [Labs](#labs) - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods) - [Set command or arguments via env](#set-command-or-arguments-via-env) ## Getting Started -
Dec 6, 2020 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -445,6 +445,10 @@ Could specify externalIP to service ### Volumes Credit: https://www.reddit.com/user/__brennerm/  Lifetime longer than any containers inside a pod. 4 types: -
Dec 6, 2020 . 1 changed file with 7 additions and 49 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,54 +1,6 @@ # Kubernetes cheatsheet <!-- TOC -->autoauto- [Kubernetes cheatsheet](#kubernetes-cheatsheet)auto - [Getting Started](#getting-started)auto - [Sample yaml](#sample-yaml)auto - [Workflow](#workflow)auto - [Physical components](#physical-components)auto - [Master](#master)auto - [Node](#node)auto - [Everything is an object - persistent entities](#everything-is-an-object---persistent-entities)auto - [Namespaces](#namespaces)auto - [Labels](#labels)auto - [ClusterIP](#clusterip)auto - [Controller manager](#controller-manager)auto - [Kube-scheduler](#kube-scheduler)auto - [Pod](#pod)auto - [Status](#status)auto - [Probe](#probe)auto - [Pod priorities](#pod-priorities)auto - [Multi-Container Pods](#multi-container-pods)auto - [Init containers](#init-containers)auto - [Lifecycle hooks](#lifecycle-hooks)auto - [Quality of Service (QoS)](#quality-of-service-qos)auto - [PodPreset](#podpreset)auto - [ReplicaSet](#replicaset)auto - [Deployments](#deployments)auto - [ReplicationController](#replicationcontroller)auto - [DaemonSet](#daemonset)auto - [StatefulSet](#statefulset)auto - [Job (batch/v1)](#job-batchv1)auto - [Cronjob](#cronjob)auto - [Horizontal pod autoscaler](#horizontal-pod-autoscaler)auto - [Services](#services)auto - [Volumes](#volumes)auto - [Persistent volumes](#persistent-volumes)auto - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac)auto - [Custom Resource Definitions](#custom-resource-definitions)auto - [Notes](#notes)auto - [Basic commands](#basic-commands)auto - [jsonpath](#jsonpath)auto - [Resource limit](#resource-limit)auto - [CPU](#cpu)auto - [Memory](#memory)auto - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes)auto - [Downward API](#downward-api)auto - [Labs](#labs)auto - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods)auto - [Set command or arguments via env](#set-command-or-arguments-via-env)autoauto<!-- /TOC --> ## Getting Started @@ -439,6 +391,10 @@ Flow ### Services Credit: https://www.reddit.com/user/__brennerm/  - Logical set of backend pods + frontend - Frontend: static IP + port + dns name - Backend: set of backend pods (via selector) @@ -511,6 +467,8 @@ Lifetime longer than any containers inside a pod. ### Role-Based Access Control (RBAC) Credit: https://www.reddit.com/user/__brennerm/  - Role -
Dec 6, 2020 . 1 changed file with 25 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -135,17 +135,17 @@ Other components talk to API server, no direct communication ```text Node Capacity --------------------------- | kube-reserved | |---------------------------| | system-reserved | | ------------------------- | | eviction-threshold | | ------------------------- | | | | allocatable | | (available for pods) | | | | | --------------------------- ``` @@ -511,6 +511,8 @@ Lifetime longer than any containers inside a pod. ### Role-Based Access Control (RBAC)  - Role - Apply on namespace resources - ClusterRole @@ -658,18 +660,18 @@ From [link](https://github.com/kubernetes/website/blob/master/content/en/docs/re } ``` | Function | Description | Example | Result | |-------------------|---------------------------|---------------------------------------------------------------|-------------------------------------------------| | text | the plain text | kind is {.kind} | kind is List | | @ | the current object | {@} | the same as input | | . or [] | child operator | {.kind} or {['kind']} | List | | .. | recursive descent | {..name} | 127.0.0.1 127.0.0.2 myself e2e | | \* | wildcard. Get all objects | {.items[*].metadata.name} | [127.0.0.1 127.0.0.2] | | [start:end :step] | subscript operator | {.users[0].name} | myself | | [,] | union operator | {.items[*]['metadata.name', 'status.capacity']} | 127.0.0.1 127.0.0.2 map[cpu:4] map[cpu:8] | | ?() | filter | {.users[?(@.name=="e2e")].user.password} | secret | | range, end | iterate list | {range .items[*]}[{.metadata.name}, {.status.capacity}] {end} | [127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]] | | '' | quote interpreted string | {range .items[*]}{.metadata.name}{'\t'}{end} | 127.0.0.1 127.0.0.2 | Below are some examples using jsonpath: -
Dec 15, 2019 . 1 changed file with 8 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,10 @@ ## Helm - helm chart unit test https://github.com/xchapter7x/hcunit?utm_sq=g92df5t58c ## Container - container test: https://github.com/GoogleContainerTools/container-structure-test ## AWS - SSO login: https://github.com/wnkz/aws-sso/blob/master/README.md -
Dec 15, 2019 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,3 @@ ## Helm - helm chart unit test https://github.com/xchapter7x/hcunit?utm_sq=g92df5t58c -
Dec 15, 2019 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ c -
May 22, 2018 . 1 changed file with 57 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -518,6 +518,63 @@ Lifetime longer than any containers inside a pod. - non-resources endpoint (/healthz) - namespace resources across all namespaces ### Custom Resource Definitions CustomResourceDefinitions themselves are non-namespaced and are available to all namespaces. ```yaml apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: <plural>.<group> name: crontabs.stable.example.com spec: # group name to use for REST API: /apis/<group>/<version> group: stable.example.com # version name to use for REST API: /apis/<group>/<version> version: v1 # either Namespaced or Cluster scope: Namespaced names: # plural name to be used in the URL: /apis/<group>/<version>/<plural> plural: crontabs # singular name to be used as an alias on the CLI and for display singular: crontab # kind is normally the CamelCased singular type. Your resource manifests use this. kind: CronTab # shortNames allow shorter string to match your resource on the CLI shortNames: - ct # categories is a list of grouped resources the custom resource belongs to. categories: - all validation: # openAPIV3Schema is the schema for validating custom objects. openAPIV3Schema: properties: spec: properties: cronSpec: type: string pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' replicas: type: integer minimum: 1 maximum: 10 # subresources describes the subresources for custom resources. subresources: # status enables the status subresource. status: {} # scale enables the scale subresource. scale: # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. specReplicasPath: .spec.replicas # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. statusReplicasPath: .status.replicas # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector. labelSelectorPath: .status.labelSelector ``` ## Notes ### Basic commands -
May 19, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,6 +23,7 @@ - [Init containers](#init-containers) - [Lifecycle hooks](#lifecycle-hooks) - [Quality of Service (QoS)](#quality-of-service-qos) - [PodPreset](#podpreset) - [ReplicaSet](#replicaset) - [Deployments](#deployments) - [ReplicationController](#replicationcontroller) @@ -318,7 +319,6 @@ When Kubernetes creates a Pod it assigns one of these QoS classes to the Pod: - Burstable (at least 1 has limits or requests) - BestEffort (no limits or requests) #### PodPreset You can use a podpreset object to inject information like secrets, volume mounts, and environment variables etc into pods at creation time. This task shows some examples on using the PodPreset resource -
May 19, 2018 . 1 changed file with 24 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -319,6 +319,30 @@ When Kubernetes creates a Pod it assigns one of these QoS classes to the Pod: - BestEffort (no limits or requests) #### PodPreset You can use a podpreset object to inject information like secrets, volume mounts, and environment variables etc into pods at creation time. This task shows some examples on using the PodPreset resource ```yaml apiVersion: settings.k8s.io/v1alpha1 kind: PodPreset metadata: name: allow-database spec: selector: matchLabels: role: frontend env: - name: DB_PORT value: "6379" volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {} ``` ### ReplicaSet Features: -
May 19, 2018 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,6 +42,7 @@ - [CPU](#cpu) - [Memory](#memory) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) - [Downward API](#downward-api) - [Labs](#labs) - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods) - [Set command or arguments via env](#set-command-or-arguments-via-env) @@ -669,10 +670,11 @@ Information available via fieldRef: - A Container’s CPU request - A Container’s memory limit - A Container’s memory request In addition, the following information is available through downwardAPI volume fieldRef: - metadata.labels - all of the pod’s labels, formatted as label-key="escaped-label-value" with one label per line - metadata.annotations - all of the pod’s annotations, formatted as annotation-key="escaped-annotation-value" with one annotation per line ## Labs -
May 19, 2018 . 1 changed file with 25 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -649,6 +649,31 @@ subsets: - port: 3306 ``` #### Downward API The following information is available to containers through environment variables and downwardAPI volumes: Information available via fieldRef: - spec.nodeName - the node’s name - status.hostIP - the node’s IP - metadata.name - the pod’s name - metadata.namespace - the pod’s namespace - status.podIP - the pod’s IP address - spec.serviceAccountName - the pod’s service account name - metadata.uid - the pod’s UID - metadata.labels['<KEY>'] - the value of the pod’s label <KEY> (for example, metadata.labels['mylabel']); available in Kubernetes 1.9+ - metadata.annotations['<KEY>'] - the value of the pod’s annotation <KEY> (for example, metadata.annotations['myannotation']); available in Kubernetes 1.9+ - Information available via resourceFieldRef: - A Container’s CPU limit - A Container’s CPU request - A Container’s memory limit - A Container’s memory request In addition, the following information is available through downwardAPI volume fieldRef: metadata.labels - all of the pod’s labels, formatted as label-key="escaped-label-value" with one label per line metadata.annotations - all of the pod’s annotations, formatted as annotation-key="escaped-annotation-value" with one annotation per line ## Labs ### Guaranteed Scheduling For Critical Add-On Pods -
May 19, 2018 . 1 changed file with 11 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,6 +44,7 @@ - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) - [Labs](#labs) - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods) - [Set command or arguments via env](#set-command-or-arguments-via-env) <!-- /TOC --> @@ -665,3 +666,13 @@ See [link](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-schedu - Run in the `kube-system` namespace (configurable via flag) - Have the priorityClass set as `system-cluster-critical` or `system-node-critical`, the latter being the highest for entire cluster - `scheduler.alpha.kubernetes.io/critical-pod` annotation set to empty string(This will be deprecated too). ### Set command or arguments via env ```yaml env: - name: MESSAGE value: "hello world" command: ["/bin/echo"] args: ["$(MESSAGE)"] ``` -
May 19, 2018 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,3 @@ # Kubernetes cheatsheet <!-- TOC --> -
May 19, 2018 . 1 changed file with 35 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ # Kubernetes cheatsheet <!-- TOC --> @@ -22,6 +24,7 @@ - [Multi-Container Pods](#multi-container-pods) - [Init containers](#init-containers) - [Lifecycle hooks](#lifecycle-hooks) - [Quality of Service (QoS)](#quality-of-service-qos) - [ReplicaSet](#replicaset) - [Deployments](#deployments) - [ReplicationController](#replicationcontroller) @@ -37,6 +40,9 @@ - [Notes](#notes) - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) - [Resource limit](#resource-limit) - [CPU](#cpu) - [Memory](#memory) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) - [Labs](#labs) - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods) @@ -301,6 +307,18 @@ spec: Could invoke multiple times #### Quality of Service (QoS) When Kubernetes creates a Pod it assigns one of these QoS classes to the Pod: - Guaranteed (all containers have limits == requests) >If a Container specifies its own memory limit, but does not specify a memory request, Kubernetes automatically assigns a memory request that matches the limit. Similarly, if a Container specifies its own cpu limit, but does not specify a cpu request, Kubernetes automatically assigns a cpu request that matches the limit. - Burstable (at least 1 has limits or requests) - BestEffort (no limits or requests) ### ReplicaSet Features: @@ -582,6 +600,23 @@ $ kubectl get pods -o=jsonpath='{.items[0].metadata.name}' $ kubectl get pods -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.startTime}{"\n"}{end}' ``` ### Resource limit #### CPU The CPU resource is measured in cpu units. One cpu, in Kubernetes, is equivalent to: - 1 AWS vCPU - 1 GCP Core - 1 Azure vCore - 1 Hyperthread on a bare-metal Intel processor with Hyperthreading #### Memory The memory resource is measured in bytes. You can express memory as a plain integer or a fixed-point integer with one of these suffixes: E, P, T, G, M, K, Ei, Pi, Ti, Gi, Mi, Ki. For example, the following represent approximately the same value: 128974848, 129e6, 129M , 123Mi ### Chapter 13. Integrating storage solutions and Kubernetes - External service without selector (access with `external-database.svc.default.cluster` endpoint) -
May 17, 2018 . 1 changed file with 21 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,6 +38,8 @@ - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) - [Labs](#labs) - [Guaranteed Scheduling For Critical Add-On Pods](#guaranteed-scheduling-for-critical-add-on-pods) <!-- /TOC --> @@ -123,6 +125,23 @@ Other components talk to API server, no direct communication - Current object configuration file - Last-applied object configuration file ```text Node Capacity --------------------------- | kube-reserved | |-------------------------| | system-reserved | |-------------------------| | eviction-threshold | |-------------------------| | | | allocatable | | (available for pods) | | | | | --------------------------- ``` ### Namespaces - Three pre-defined @@ -600,6 +619,8 @@ subsets: ### Guaranteed Scheduling For Critical Add-On Pods See [link](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) - Marking pod as critical when using Rescheduler. To be considered critical, the pod has to: - Run in the `kube-system` namespace (configurable via flag) - Have the `scheduler.alpha.kubernetes.io/critical-pod` annotation set to empty string -
May 16, 2018 . 1 changed file with 16 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -595,3 +595,19 @@ subsets: ports: - port: 3306 ``` ## Labs ### Guaranteed Scheduling For Critical Add-On Pods - Marking pod as critical when using Rescheduler. To be considered critical, the pod has to: - Run in the `kube-system` namespace (configurable via flag) - Have the `scheduler.alpha.kubernetes.io/critical-pod` annotation set to empty string - Have the PodSpec’s tolerations field set to `[{"key":"CriticalAddonsOnly", "operator":"Exists"}]`. > The first one marks a pod a critical. The second one is required by Rescheduler algorithm. - Marking pod as critical when priorites are enabled. To be considered critical, the pod has to: - Run in the `kube-system` namespace (configurable via flag) - Have the priorityClass set as `system-cluster-critical` or `system-node-critical`, the latter being the highest for entire cluster - `scheduler.alpha.kubernetes.io/critical-pod` annotation set to empty string(This will be deprecated too). -
May 13, 2018 . 1 changed file with 13 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,6 +37,7 @@ - [Notes](#notes) - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) <!-- /TOC --> @@ -539,18 +540,18 @@ From [link](https://github.com/kubernetes/website/blob/master/content/en/docs/re } ``` Function | Description | Example | Result ---------|--------------------|--------------------|------------------ text | the plain text | kind is {.kind} | kind is List @ | the current object | {@} | the same as input . or [] | child operator | {.kind} or {['kind']}| List .. | recursive descent | {..name} | 127.0.0.1 127.0.0.2 myself e2e \* | wildcard. Get all objects| {.items[*].metadata.name} | [127.0.0.1 127.0.0.2] [start:end :step] | subscript operator | {.users[0].name}| myself [,] | union operator | {.items[*]['metadata.name', 'status.capacity']} | 127.0.0.1 127.0.0.2 map[cpu:4] map[cpu:8] ?() | filter | {.users[?(@.name=="e2e")].user.password} | secret range, end | iterate list | {range .items[*]}[{.metadata.name}, {.status.capacity}] {end} | [127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]] '' | quote interpreted string | {range .items[*]}{.metadata.name}{'\t'}{end} | 127.0.0.1 127.0.0.2 Below are some examples using jsonpath: -
May 13, 2018 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -551,7 +551,6 @@ text | the plain text | kind is {.kind} ?() | filter | {.users[?(@.name=="e2e")].user.password} | secret range, end | iterate list | {range .items[*]}[{.metadata.name}, {.status.capacity}] {end} | [127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]] '' | quote interpreted string | {range .items[*]}{.metadata.name}{'\t'}{end} | 127.0.0.1 127.0.0.2 Below are some examples using jsonpath: -
May 13, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,7 +37,6 @@ - [Notes](#notes) - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) <!-- /TOC --> @@ -552,6 +551,7 @@ text | the plain text | kind is {.kind} ?() | filter | {.users[?(@.name=="e2e")].user.password} | secret range, end | iterate list | {range .items[*]}[{.metadata.name}, {.status.capacity}] {end} | [127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]] '' | quote interpreted string | {range .items[*]}{.metadata.name}{'\t'}{end} | 127.0.0.1 127.0.0.2 ``` Below are some examples using jsonpath: -
May 13, 2018 . 1 changed file with 65 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -36,6 +36,7 @@ - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac) - [Notes](#notes) - [Basic commands](#basic-commands) - [jsonpath](#jsonpath) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) <!-- /TOC --> @@ -498,6 +499,70 @@ kubectl -n kube-system port-forward $(kubectl get pods -n kube-system -o wide | kubectl -n kube-system port-forward (kubectl get pods -n kube-system -o wide | grep dashboard | awk '{print $1}') 9090 ``` ### jsonpath From [link](https://github.com/kubernetes/website/blob/master/content/en/docs/reference/kubectl/jsonpath.md) ```json { "kind": "List", "items":[ { "kind":"None", "metadata":{"name":"127.0.0.1"}, "status":{ "capacity":{"cpu":"4"}, "addresses":[{"type": "LegacyHostIP", "address":"127.0.0.1"}] } }, { "kind":"None", "metadata":{"name":"127.0.0.2"}, "status":{ "capacity":{"cpu":"8"}, "addresses":[ {"type": "LegacyHostIP", "address":"127.0.0.2"}, {"type": "another", "address":"127.0.0.3"} ] } } ], "users":[ { "name": "myself", "user": {} }, { "name": "e2e", "user": {"username": "admin", "password": "secret"} } ] } ``` Function | Description | Example | Result ----------------- | ------------------------- | ------------------------------------------------------------- | ----------------------------------------------- text | the plain text | kind is {.kind} | kind is List @ | the current object | {@} | the same as input . or [] | child operator | {.kind} or {['kind']} | List .. | recursive descent | {..name} | 127.0.0.1 127.0.0.2 myself e2e \* | wildcard. Get all objects | {.items[*].metadata.name} | [127.0.0.1 127.0.0.2] [start:end :step] | subscript operator | {.users[0].name} | myself [,] | union operator | {.items[*]['metadata.name', 'status.capacity']} | 127.0.0.1 127.0.0.2 map[cpu:4] map[cpu:8] ?() | filter | {.users[?(@.name=="e2e")].user.password} | secret range, end | iterate list | {range .items[*]}[{.metadata.name}, {.status.capacity}] {end} | [127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]] '' | quote interpreted string | {range .items[*]}{.metadata.name}{'\t'}{end} | 127.0.0.1 127.0.0.2 Below are some examples using jsonpath: ```shell $ kubectl get pods -o json $ kubectl get pods -o=jsonpath='{@}' $ kubectl get pods -o=jsonpath='{.items[0]}' $ kubectl get pods -o=jsonpath='{.items[0].metadata.name}' $ kubectl get pods -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.startTime}{"\n"}{end}' ``` ### Chapter 13. Integrating storage solutions and Kubernetes - External service without selector (access with `external-database.svc.default.cluster` endpoint) -
May 13, 2018 . 1 changed file with 7 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,8 +34,9 @@ - [Volumes](#volumes) - [Persistent volumes](#persistent-volumes) - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac) - [Notes](#notes) - [Basic commands](#basic-commands) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) <!-- /TOC --> @@ -455,7 +456,9 @@ Lifetime longer than any containers inside a pod. - non-resources endpoint (/healthz) - namespace resources across all namespaces ## Notes ### Basic commands ```bash # show current context @@ -495,7 +498,7 @@ kubectl -n kube-system port-forward $(kubectl get pods -n kube-system -o wide | kubectl -n kube-system port-forward (kubectl get pods -n kube-system -o wide | grep dashboard | awk '{print $1}') 9090 ``` ### Chapter 13. Integrating storage solutions and Kubernetes - External service without selector (access with `external-database.svc.default.cluster` endpoint) -
May 13, 2018 . 1 changed file with 447 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,11 +3,458 @@ <!-- TOC --> - [Kubernetes cheatsheet](#kubernetes-cheatsheet) - [Getting Started](#getting-started) - [Sample yaml](#sample-yaml) - [Workflow](#workflow) - [Physical components](#physical-components) - [Master](#master) - [Node](#node) - [Everything is an object - persistent entities](#everything-is-an-object---persistent-entities) - [Namespaces](#namespaces) - [Labels](#labels) - [ClusterIP](#clusterip) - [Controller manager](#controller-manager) - [Kube-scheduler](#kube-scheduler) - [Pod](#pod) - [Status](#status) - [Probe](#probe) - [Pod priorities](#pod-priorities) - [Multi-Container Pods](#multi-container-pods) - [Init containers](#init-containers) - [Lifecycle hooks](#lifecycle-hooks) - [ReplicaSet](#replicaset) - [Deployments](#deployments) - [ReplicationController](#replicationcontroller) - [DaemonSet](#daemonset) - [StatefulSet](#statefulset) - [Job (batch/v1)](#job-batchv1) - [Cronjob](#cronjob) - [Horizontal pod autoscaler](#horizontal-pod-autoscaler) - [Services](#services) - [Volumes](#volumes) - [Persistent volumes](#persistent-volumes) - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac) - [Basic commands](#basic-commands) - [Chapter 13. Integrating storage solutions and Kubernetes](#chapter-13-integrating-storage-solutions-and-kubernetes) <!-- /TOC --> ## Getting Started - Fault tolerance - Rollback - Auto-healing - Auto-scaling - Load-balancing - Isolation (sandbox) ## Sample yaml ```yaml apiVersion: <> kind: <> metadata: name: <> labels: ... annotations: ... spec: containers: ... initContainers: ... priorityClassName: <> ``` ## Workflow - (kube-scheduler, controller-manager, etcd) --443--> API Server - API Server --10055--> kubelet - non-verified certificate - MITM - Solution: - set kubelet-certificate-authority - ssh tunneling - API server --> (nodes, pods, services) - Plain HTTP (unsafe) ## Physical components ### Master - API Server (443) - kube-scheduler - controller-manager - cloud-controller-manager - kube-controller-manager - etcd Other components talk to API server, no direct communication ### Node - Kubelet - Container Engine - CRI - The protocol which used to connect between Kubelet & container engine - Kube-proxy ## Everything is an object - persistent entities - maintained in etcd, identified using - names: client-given - UIDs: system-generated - Both need to be unique - three management methods - Imperative commands (kubectl) - Imperative object configuration (kubectl + yaml) - repeatable - observable - auditable - Declarative object configuration (yaml + config files) - Live object configuration - Current object configuration file - Last-applied object configuration file ### Namespaces - Three pre-defined - default - kube-system - kube-public: auto-readable by all users - Objects without namespaces - Nodes - PersistentVolumes - Namespaces ### Labels - key / value - loose coupling via selectors - need not be unique #### ClusterIP - Independent of lifespan of any backend pod - Service object has a static port assigned to it ### Controller manager - ReplicaSet, deployment, daemonset, statefulSet - Actual state <-> desired state - reconciliation loop ### Kube-scheduler - nodeSelector - Affinity & Anti-Affinity - Node - Steer pod to node - Pod - Steer pod towards or away from pods - Taints & tolerations (anti-affinity between node and pod!) - Base on predefined configuration (env=dev:NoSchedule) ```yaml ... tolerations: - key: "dev" operator: "equal" value: "env" effect: NoSchedule ... ``` - Base on node condition (alpha in v1.8) - taints added by node controller ### Pod ```bash kubectl run name --image=<image> ``` What's available inside the container? - File system - Image - Associated Volumes - ordinary - persistent - Container - Hostname - Pod - Pod name - User-defined envs - Services - List of all services Access with: - Symlink (important): - /etc/podinfo/labels - /etc/podinfo/annotations - Or: ```yaml volumes: - name: podinfo downwardAPI: items: - path: "labels" fieldRef: fieldPath: metadata.labels - path: "annotations" fieldRef: fieldPath: metadata.annotations ``` #### Status - Pending - Running - Succeeded - Failed - Unknown #### Probe - Liveness - Failed? Restart policy applied - Readiness - Failed? Removed from service #### Pod priorities - available since 1.8 - PriorityClass object - Affect scheduling order - High priority pods could jump the queue - Preemption - Low priority pods could be pre-empted to make way for higher one (if no node is available for high priority) - These preempted pods would have a graceful termination period #### Multi-Container Pods - Share access to memory space - Connect to each other using localhost - Share access to the same volume - entire pod is host on the same node - all in or nothing - no auto healing or scaling #### Init containers - run before app containers - always run to completion - run serially #### Lifecycle hooks - PostStart - PreStop (blocking) Handlers: - Exec - HTTP ```yaml ... spec: containers: lifecycle: postStart: exec: command: <> preStop: http: ... ``` Could invoke multiple times ### ReplicaSet Features: - Scaling and healing - Pod template - number of replicas Components: - Pod template - Pod selector (could use matchExpressions) - Label of replicaSet - Number of replica - Could delete replicaSet without its pods using `--cascade =false` - Isolating pods from replicaSet by changing its labels ### Deployments - versioning and rollback - Contains spec of replicaSet within it - advanced deployment - blue-green - canary - Update containers --> new replicaSet & new pods created --> old RS still exists --> reduced to zero - Every change is tracked - Append `--record` in kubectl to keep history - Update strategy - Recreate - Old pods would be killed before new pods come up - RollingUpdate - progressDeadlineSeconds - minReadySeconds - rollbackTo - revisionHistoryLimit - paused - spec.Paused - `kubectl rollout undo deployment/<> --to-revision=<>` - `kubectl rollout statua deployment/<>` - `kubectl set image deployment/<> <>=<>:<>` - `kubectl rollout resume/pause <>` ### ReplicationController - RC = ( RS + deployment ) before - Obsolete ### DaemonSet - Ensure all nodes run a copy of pod - Cluster storage, log collection, node monitor ... ### StatefulSet - Maintains a sticky identity - Not interchangeable - Identifier maintains across any rescheduling Limitation - volumes must be pre-provisioned - Deleting / Scaling will not delete associated volumes Flow - Deployed 0 --> (n-1) - Deleted (n-1) --> 0 (successor must be completely shutdown before proceed) - Must be all ready and running before scaling happens ### Job (batch/v1) - Non-parallel jobs - Parallel jobs - Fixed completion count - job completes when number of completions reaches target - With work queue - requires coordination - Use spec.activeDeadlineSeconds to prevent infinite loop ### Cronjob - Job should be idempotent ### Horizontal pod autoscaler - Targets: replicaControllers, deployments, replicaSets - CPU or custom metrics - Won't work with non-scaling objects: daemonSets - Prevent thrashing (upscale/downscale-delay) ### Services - Logical set of backend pods + frontend - Frontend: static IP + port + dns name - Backend: set of backend pods (via selector) - Static IP and networking. - Kube-proxy route traffic to VIP. - Automatically create endpoint based on selector. - CluterIP - NodePort - external --> NodeIP + NodePort --> kube-proxy --> ClusterIP - LoadBalancer - Need to have cloud-controller-manager - Node controller - Route controller - Service controller - Volume controller - external --> LB --> NodeIP + NodePort --> kube-proxy --> ClusterIP - ExternalName - Can only resolve with kube-dns - No selector `Service discovery` - SRV record for named port - port-name.port-protocol.service-name.namespace.svc.cluster.local - Pod domain - pod-ip-address.namespace.pod.cluster.local - hostname is `metadata.name` `spec.dnsPolicy` - default - inherit node's name resolution - ClusterFirst - Any DNS query that does not match the configured cluster domain suffix, such as “www.kubernetes.io”, is forwarded to the upstream nameserver inherited from the node - ClusterFirstWithHostNet - if host network = true - None (since k8s 1.9) - Allow custom dns server usage Headless service - with selector? --> associate with pods in cluster - without selector? --> forward to externalName Could specify externalIP to service ### Volumes Lifetime longer than any containers inside a pod. 4 types: - configMap - emptyDir - share space / state across containers in same pod - containers can mount at different times - pod crash --> data lost - container crash --> ok - gitRepo - secret - store on RAM - hostPath #### Persistent volumes ### Role-Based Access Control (RBAC) - Role - Apply on namespace resources - ClusterRole - cluster-scoped resources (nodes,...) - non-resources endpoint (/healthz) - namespace resources across all namespaces ## Basic commands ```bash -
May 13, 2018 . 1 changed file with 0 additions and 65 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,65 +0,0 @@ -
Mar 18, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,8 +4,8 @@ - [Helm summit](#helm-summit) - [Automate Testing / Linting](#automate-testing--linting) - [Talk 3 - Managing Environments as a Chart](#talk-3---managing-environments-as-a-chart) - [Talk 6 - Testing and Releasing Charts using Helm and ChartMuseum](#talk-6---testing-and-releasing-charts-using-helm-and-chartmuseum) - [Talk 10 - lesson learned from community chart](#talk-10---lesson-learned-from-community-chart) - [Security](#security) - [Talk 8 - Helm security](#talk-8---helm-security) -
Mar 18, 2018 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ - [Helm summit](#helm-summit) - [Automate Testing / Linting](#automate-testing--linting) - [Talk 3](#talk-3) - [Talk 6](#talk-6) - [Talk 10 - lesson learned from community chart](#talk-10---lesson-learned-from-community-chart) - [Security](#security) @@ -14,13 +14,13 @@ ## Automate Testing / Linting ### Talk 3 - Managing Environments as a Chart - Linting CI/CD  ### Talk 6 - Testing and Releasing Charts using Helm and ChartMuseum - helm test
NewerOlder