kubectl create deploy D EPOLY_NAME –image=IMAGE_NAME kubectl run pod POD_NAME –image=MY_IMAGE –dry-run=client -o yaml >> file.yaml kubectl create namespace NAMESPACE_NAME kubectl port-forward fwnginx 8080 :80 kubectl exec -it POD_NAME – CMD1 CMD2
kubectl explain pod.spec.securityContext
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext: # Pod security Context
runAsUser: 1000 <---
runAsGroup: 3000 <---
fsGroup: 2000 <---
containers:
securityContext: #Container Security context
allowPrivilegeEscalation: false <---
kubectl create job mynewjob --image=busybox --dry-run=client -o yaml -- sleep 5 > mynewJob.yaml
kind: Job
spec:
parallelism: 1
completions: 3
apiVersion: batch/v1
kind: Job
metadata:
creationTimestamp: null
name: mynewjob
spec:
ttlSecondsAfterFinished: 60 <---
completions: 3 <---
template:
metadata:
creationTimestamp: null <---
spec:
containers:
- command:
- sleep
- "5"
image: busybox
name: mynewjob
resources: {}
restartPolicy: Never
status: {}
kubect create cronjobs runmeat --image=busybox --schedsule="*/1 * * * *" -- echo greetings drom the cluster
apiVersio: v1
kind: Pod
metadata:
name: RessourceManager
spec:
containers:
- name: db
image: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: password"
ressources: <---
requests: <---
memory: "64Mi" <---
cpu: "250m" <---
limits: <---
memory: "128Mi" <---
cpu: "500m" <---
- name: wp
image: wordpress
ressources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
kubectl delete all --all
Pour montré toute les ressources d'une app
kubectl get all --selector app=my-deployement-name
Pour update un paramètre tesl que l'image
kubectl set image deploy my-deployement-name nginx=nginx:1.17
Create deployment and affect label
kubectl create deploy bluelabel --image=nginx
kubectl create label deployment bluelabel state=demo
Voir les labels
kubectl get all --show-labels
Filtrer par label
kubectl get all --selector state=demo
Remove label 'key-'
kubectl label deployment bluelabel state-
Recreate : delet all and recreate (cannot run differente versions of an application like DB) RollingUpdate : One by one
kubectl rollout history #Pour voir l'historique d'update
kubectl rollout histroy deployment rolling-nginx --revision=1
kubectl rollout undo #pour rollback
#For exemple :
kubectl rollout histroy deployment rolling-nginx
deployment.apps/rolling-nginx
REVISION CHANGE-CAUSE
1 <none>
2 <none>
- maxUnavaible
- maxSurge
One pod on each node
apiVersion: apps/v1
kind: DaemonSet
...
kubectl expose deploy nginx --port=80 # => create an service (svc)
kubectl get endpoints
kubectl get svc
kubectl edit svc nginx # Modify svc type as Nodeport for example
Create ingress
#refer to the port in the docker ?
kubectl create ingress rolling-nginx --rule="/=rolling-nginx:80" --rule="/hello=newdep:8080"
kubectl describe ingress rolling-nginx
example ici
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: access-nginx
spec:
podSelector:
matchLabels:
app: nginx #--> La policy sapplique sur l'app nginx
ingress:
- from:
- podSelector:
matchLabels:
access: "true" #--> le pod qui veux target devra avoir le lable access: "true"
TOUJOURS créer :
- PVC
- PV
volume type:
- EmptyDir
- hostpath
apiVersion: v1
kind: Pod
metadata:
name: morevol2
spec:
containers:
- name: centos1
image: centos:7
command:
- sleep
- "3600"
volumeMounts:
- mountPath: /centos1
name: test
- name: centos2
image: centos:7
command:
- sleep
- "3600"
volumeMounts:
- mountPath: /centos2
name: test
volumes:
- name: test
emptyDir: {}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
---
kind: Pod
apiVersion: v1
metadata:
name: nginx-pvc-pod
spec:
volumes:
- name: site-storage
persistentVolumeClaim:
claimName: nginx-pvc
containers:
- name: pv-container
image: nginx
ports:
- containerPort: 80
name: webserver
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: site-storage
For :
- En var
- conf file (on peux mettre un directory dedans)
- command line
From:
- --from-env-file
- --frome-literal
- kubectl set env -- from=configmap/mycm deply/myapp
kubectl create cm mydbvars--from-en-file=myvarfile
kubectl create deploy mydb --image=mariadb --replicas=3
kubectl set env deploy mydb --from=configmap/mydbvars
- docker-registry
- TLS
- generic
kubectl create secret SECRET_TYPE #(docker-registry, TLS, generic)
kubectl create secret tls my-tls-keys --cert=tls/my.crt --key=tls.key
kubectl create secret generic my-generic-pwd --from-litteral=password=verysecret
kubectl create secret generic my-ssh-key --from-file=ssh-private-key=.ssh/id_rsa
kubectl create secret generic my-secret-file --from-file=/my/file
After set env as you do it with env variable
kubectl set env --from=configmap/myconfigmap --prefix=MYSQL_ deployment/myapp
kubectl create secret docker-registry my-docker-credentials --docker-username=unclebob --docker-password=secretpwd [email protected] --docker-server=myregistry:5000
kubectl proxy --port=8001&
curl -XDELETE http://localhost/api/v1/pods/nginx # on ressource will delete pods fe
kubectl config view #describe account logged and different information
kubectl create sa mysa
kubect set sa deploy nginxapp mysa
Delete and replace exposure with ";" to execute simultany and have minimum down time
Test update on one pod to test. if error => go back if ok : deploy on all
exemple :
=> old | replicas = go down to 0 | type=canary
SVC
Type = canary
=> new | replicas = go up to | type=canary
| old replias number |
kubectl scale deploy new-nginx --replicas=3 #to change replicas number
kubectl scale deploy old-nginx --replicas=0 #to change replicas number
exemple of backup permite to create a perssonal ressources doesnt exist in k8s
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: backups.stable.example.com
spec:
group: stable.example.com
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
backupType:
type: string
image:
type: string
replicas:
type: integer
scope: Namespaced
names:
plural: backups
singular: backup
shortNames:
- bks
kind: BackUp
kubectl get netpol -A # to check network policy existence```
Thceck les label selector dans un svc NodePort ** /!\ Si cest un svc clusterIP on dois se connecter au node minikube ssh **
kubectl get events #when lost and dont know what to search
kubectl config view # pour voir la config de connexion au node
kubectl auth can-i create pods # pour check les droits
minikube ssh
sudo -i # go to root
cp /etc/kubernetes/admin.conf /tmp
scp -i $(minikube ssh-key) docker@$(minikube ip):/tmp/admin.conf ~/.kube/config
-
readinessProbe
-
livenessProbe
-
startupProbe
-
exec
-
httpGet
-
tcpSocket