{"id":14975804,"url":"https://github.com/omerbsezer/fast-kubernetes","last_synced_at":"2025-04-10T23:28:22.374Z","repository":{"id":38884501,"uuid":"438192718","full_name":"omerbsezer/Fast-Kubernetes","owner":"omerbsezer","description":"This repo covers Kubernetes with LABs: Kubectl, Pod, Deployment, Service, PV, PVC, Rollout, Multicontainer, Daemonset, Taint-Toleration, Job, Ingress, Kubeadm, Helm, etc.","archived":false,"fork":false,"pushed_at":"2025-03-26T01:14:11.000Z","size":549,"stargazers_count":1940,"open_issues_count":0,"forks_count":577,"subscribers_count":30,"default_branch":"main","last_synced_at":"2025-04-03T17:53:12.938Z","etag":null,"topics":["affinity","config-maps","containers","daemonset","docker","helm","jenkins","k8s","kubeadm","kubectl","kubernetes","kubernetes-cluster","kubernetes-deployment","kubernetes-service","microservice","persistent-volume","pod","replica-set","taint","tolerations"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/omerbsezer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-14T09:30:14.000Z","updated_at":"2025-04-03T16:19:53.000Z","dependencies_parsed_at":"2024-01-14T06:53:33.994Z","dependency_job_id":"b9adf54f-2493-432d-b69f-4c389dd55717","html_url":"https://github.com/omerbsezer/Fast-Kubernetes","commit_stats":{"total_commits":403,"total_committers":4,"mean_commits":100.75,"dds":0.00992555831265507,"last_synced_commit":"02d5d238099ea4a6c4704d0e3acb6015acdb7655"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerbsezer%2FFast-Kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerbsezer%2FFast-Kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerbsezer%2FFast-Kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerbsezer%2FFast-Kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/omerbsezer","download_url":"https://codeload.github.com/omerbsezer/Fast-Kubernetes/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248314365,"owners_count":21083037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["affinity","config-maps","containers","daemonset","docker","helm","jenkins","k8s","kubeadm","kubectl","kubernetes","kubernetes-cluster","kubernetes-deployment","kubernetes-service","microservice","persistent-volume","pod","replica-set","taint","tolerations"],"created_at":"2024-09-24T13:52:39.547Z","updated_at":"2025-04-10T23:28:22.349Z","avatar_url":"https://github.com/omerbsezer.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fast-Kubernetes\nThis repo covers Kubernetes objects' and components' details (Kubectl, Pod, Deployment, Service, ConfigMap, Volume, PV, PVC, Daemonset, Secret, Affinity, Taint-Toleration, Helm, etc.), and possible example usage scenarios (HowTo: Hands-on LAB) in a nutshell. \n\n\n## Prerequisite\n- Have a knowledge of Container Technology (Docker). You can learn it from here =\u003e [Fast-Docker](https://github.com/omerbsezer/Fast-Docker)\n\n**Keywords:** Containerization, Kubernetes, Kubectl, Pod, Deployment, Service, ConfigMap, ReplicaSet, Volume, Cheatsheet.\n\n**Note:** K8s objects and objects feature can be updated/changed in time. While creating this repo, the version of K8s was v1.22.3. Some sections are trying to be kept up to date. Especially [Creating K8s Cluster with Kubeadm and Containerd](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Kubeadm-Cluster-Setup.md).\n\n# Quick Look (HowTo): Scenarios - Hands-on LAB\n- [LAB: K8s Creating Pod - Imperative Way](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-CreatingPod-Imperative.md)\n- [LAB: K8s Creating Pod - Declarative Way (With File) - Environment Variable](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8-CreatingPod-Declerative.md) \n- [LAB: K8s Multicontainer - Sidecar - Emptydir Volume - Port-Forwarding](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Multicontainer-Sidecar.md)\n- [LAB: K8s Deployment - Scale Up/Down - Bash Connection - Port Forwarding](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Deployment.md)\n- [LAB: K8s Rollout - Rollback](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Rollout-Rollback.md)\n- [LAB: K8s Service Implementations (ClusterIp, NodePort and LoadBalancer)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Service-App.md)\n- [LAB: K8s Liveness Probe](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Liveness-App.md)\n- [LAB: K8s Secret (Declarative and Imperative Way)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Secret.md)\n- [LAB: K8s Config Map](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Configmap.md)\n- [LAB: K8s Node Affinity](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Node-Affinity.md)\n- [LAB: K8s Taint-Toleration](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Taint-Toleration.md)      \n- [LAB: K8s Daemonset - Creating 3 nodes on Minikube](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Daemon-Sets.md)   \n- [LAB: K8s Persistent Volume and Persistent Volume Claim](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-PersistantVolume.md)\n- [LAB: K8s Stateful Sets - Nginx](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Statefulset.md)  \n- [LAB: K8s Job](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Job.md)\n- [LAB: K8s Cron Job](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-CronJob.md)\n- [LAB: K8s Ingress](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Ingress.md)\n- [LAB: Helm Install \u0026 Usage](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/Helm.md)\n- [LAB: K8s Cluster Setup with Kubeadm and Containerd](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Kubeadm-Cluster-Setup.md)\n- [LAB: K8s Cluster Setup with Kubeadm and Docker](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Kubeadm-Cluster-Docker.md)\n- [LAB: Helm-Jenkins on running K8s Cluster (2 Node Multipass VM)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Helm-Jenkins.md)\n- [LAB: Enable Dashboard on Real K8s Cluster](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Enable-Dashboard-On-Cluster.md)\n- [LAB: K8s Monitoring - Prometheus and Grafana](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Monitoring-Prometheus-Grafana.md)    \n- [Kubectl Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/KubernetesCommandCheatSheet.md)\n- [Helm Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/HelmCheatsheet.md)\n\n# Table of Contents\n- [Motivation](#motivation)\n    - [What is Containerization? What is Container Orchestration?](#containerization)\n    - [Features](#features)\n- [What is Kubernetes?](#whatIsKubernetes)\n    - [Kubernetes Architecture](#architecture)\n    - [Kubernetes Components](#components)\n    - [Installation](#installation)\n    - [Kubectl Config – Usage](#kubectl)\n    - [Pod: Creating, Yaml, LifeCycle](#pod)\n    - [MultiContainer Pod, Init Container](#multicontainerpod)\n    - [Label and Selector, Annotation, Namespace](#labelselector)\n    - [Deployment](#deployment)\n    - [Replicaset](#replicaset)\n    - [Rollout and Rollback](#rollout-rollback)\n    - [Network, Service](#network-service)\n    - [Liveness and Readiness Probe](#liveness-readiness)\n    - [Resource Limit, Environment Variable](#environmentvariable)\n    - [Volume](#volume)\n    - [Secret](#secret)\n    - [ConfigMap](#configmap)\n    - [Node – Pod Affinity](#node-pod-affinity)\n    - [Taint and Toleration](#taint-tolereation)\n    - [Deamon Set](#daemon-set)\n    - [Persistent Volume and Persistent Volume Claim](#pvc)\n    - [Storage Class](#storageclass)\n    - [Stateful Set](#statefulset)\n    - [Job, CronJob](#job)\n    - [Authentication, Role Based Access Control, Service Account](#authentication)\n    - [Ingress](#ingress)\n    - [Dashboard](#dashboard)\n- [Play With Kubernetes](#playwithkubernetes)\n- [Helm: Kuberbetes Package Manager](#helm)\n- [Kubernetes Commands Cheatsheet](#cheatsheet)\n- [Helm Commands Cheatsheet](#helm_cheatsheet)\n- [Kubernetes Cluster Setup: Kubeadm, Containerd, Multipass](#cluster_setup)\n- [Monitoring Kubernetes Cluster with SSH, Prometheus and Grafana](#prometheus_grafana)\n- [Other Useful Resources Related Kubernetes](#resource)\n- [References](#references)\n\n## Motivation \u003ca name=\"motivation\"\u003e\u003c/a\u003e\nWhy should we use Kubernetes? \"Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.\" (Ref: Kubernetes.io)\n\n### What is Containerization? What is Container Orchestration? \u003ca name=\"containerization\"\u003e\u003c/a\u003e\n- \"Containerization is an operating system-level virtualization or application-level virtualization over multiple network resources so that software applications can run in isolated user spaces called containers in any cloud or non-cloud environment\" (wikipedia)\n- With Docker Environment, we can create containers.\n- Kubernetes and Docker Swarm are the container orchestration and management tools that automate and schedule the deployment, management, scaling, and networking of containers.\n\n![image](https://user-images.githubusercontent.com/10358317/146249579-b4221dc1-bad7-4da5-831a-849a71fa849e.png)\n\n### Features \u003ca name=\"features\"\u003e\u003c/a\u003e\n- **Service discovery and load balancing:** Kubernetes can expose a container using the DNS name or using their own IP address. If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.\n- **Storage orchestration:** Kubernetes allows you to automatically mount a storage system of your choice, such as local storages, public cloud providers, and more.\n- **Automated rollouts and rollbacks:**  You can describe the desired state for your deployed containers using Kubernetes, and it can change the actual state to the desired state at a controlled rate. \n- **Automatic bin packing:** You tell Kubernetes how much CPU and memory (RAM) each container needs. Kubernetes can fit containers onto your nodes to make the best use of your resources.\n- **Self-monitoring:** Kubernetes checks constantly the health of nodes and containers\n- **Self-healing:** Kubernetes restarts containers that fail, replaces containers, kills containers that don't respond to your user-defined health check\n- **Automates various manual processes:** for instance, Kubernetes will control for you which server will host the container, how it will be launched etc.\n- **Interacts with several groups of containers:** Kubernetes is able to manage more cluster at the same time\n- **Provides additional services:** as well as the management of containers, Kubernetes offers security, networking and storage services\n- **Horizontal scaling:** Kubernetes allows you scaling resources not only vertically but also horizontally, easily and quickly\n- **Container balancing:** Kubernetes always knows where to place containers, by calculating the “best location” for them\n- **Run everywhere:** Kubernetes is an open source tool and gives you the freedom to take advantage of on-premises, hybrid, or public cloud infrastructure, letting you move workloads to anywhere you want\n- **Secret and configuration management:** Kubernetes lets you store and manage sensitive information\n\n## What is Kubernetes?  \u003ca name=\"whatIsKubernetes\"\u003e\u003c/a\u003e\n- \"Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.\" (Ref: Kubernetes.io)\n\n![image](https://user-images.githubusercontent.com/10358317/146247396-5bc3bbf9-41fa-47ff-b10d-cac305379e21.png) (Ref: Kubernetes.io)\n\n### Kubernetes Architecture  \u003ca name=\"architecture\"\u003e\u003c/a\u003e\n\n![image](https://user-images.githubusercontent.com/10358317/146250114-18759a06-e6a6-4554-bc7f-b23a13534f77.png)\n\n### Kubernetes Components \u003ca name=\"components\"\u003e\u003c/a\u003e (Ref: Kubernetes.io)\n- **Control Plane:** User enters commands and configuration files from control plane. It controls all cluster.\n    - **API Server:** \"It exposes the Kubernetes API. The API server is the front end for the Kubernetes control plane.\"\n    - **Etcd:** \"Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data (meta data, objects, etc.).\"\n    - **Scheduler:** \"It watches for newly created Pods with no assigned node, and selects a node for them to run on. \n        -  Factors taken into account for scheduling decisions include: \n            -  individual and collective resource requirements, \n            -  hardware/software/policy constraints, \n            -  affinity and anti-affinity specifications, \n            -  data locality, \n            -  inter-workload interference,\n            -  deadlines.\"\n    - **Controller Manager:** \"It runs controller processes.\n        - Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process.\n        - Some types of these controllers are:\n            - Node controller: Responsible for noticing and responding when nodes go down.\n            - Job controller: Watches for Job objects that represent one-off tasks, then creates Pods to run those tasks to completion.\n            - Endpoints controller: Populates the Endpoints object (that is, joins Services \u0026 Pods).\n            - Service Account \u0026 Token controllers: Create default accounts and API access tokens for new namespaces\"\n     - **Cloud Controller Manager:** \"It embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster. The cloud-controller-manager only runs controllers that are specific to your cloud provider\n        -  The following controllers can have cloud provider dependencies:\n            - Node controller: For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding\n            - Route controller: For setting up routes in the underlying cloud infrastructure\n            - Service controller: For creating, updating and deleting cloud provider load balancers.\"\n- **Node:** \"Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment.\"\n    - **Kubelet:** \"An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod. The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy.\"\n    - **Kube-proxy:** \"It is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.\n        - It maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.\n        - It uses the operating system packet filtering layer if there is one and it's available. Otherwise, kube-proxy forwards the traffic itself.\"\n    - **Container Runtime:** \"The container runtime is the software that is responsible for running containers.\n        -  Kubernetes supports several container runtimes: **Docker, containerd, CRI-O,** and any implementation of the Kubernetes CRI (Container Runtime Interface)\"  \n\n![image](https://user-images.githubusercontent.com/10358317/146250916-a9298521-526b-451a-9810-6813e4165db5.png)\n\n### Installation \u003ca name=\"installation\"\u003e\u003c/a\u003e\n\nDownload:\n- **Kubectl:** The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters. \n- **Minikube:** It is a tool that lets you run Kubernetes locally. It runs a single-node Kubernetes cluster on your personal computer (https://minikube.sigs.k8s.io/docs/start/) \n- **KubeAdm:** You can use the kubeadm tool to create and manage Kubernetes clusters. This is for creating cluster with computers (Goto: [LAB: K8s Kubeadm Cluster Setup](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Kubeadm-Cluster-Setup.md)).\n\nfrom here=\u003e https://kubernetes.io/docs/tasks/tools/ \n\nFor learning K8s and running on a computer, **Kubectl and Minikube** are enough to install. \n\n**PS:** Cloud providers (Azure, Google Cloud, AWS) offer managed K8s (control plane is managed by cloud provides). You can easily create your cluster (number of computer and details) and make connection with Kubectl (using CLI get-credentials of cluster on the cloud)\n\n### Kubectl Config – Usage \u003ca name=\"kubectl\"\u003e\u003c/a\u003e\n#### Config File\n- You can communicate with K8s cluster in different ways: REST API, Command Line Tool (CLI-Kubectl), GUI (kube-dashboard, etc.)\n- After installation, you can find the kubernetes config file (C:\\Users\\User\\.kube\\config) that is YAML file.\n- Config file contains 3 main parts: Clusters (cluster certificate data, server, name), Context (cluster and user, namespace), Users (name, config features, certificates, etc.)\n\n#### Usage\n- Kubectl is our main command line tool that connects minikube. There are many combination of commands. So it is not possible to list all commands. \n- When run \"kubectl\" on the terminal, it can be seen some simple commands. Also \"kubectl \u003ccommand\u003e --help\" gives more information.\n- Pattern: kubectl [get|delete|edit|apply] [pods|deployment|services] [podName|serviceName|deploymentName]\n- Example: \"kubectl get pods podName\", \"kubectl delete pods test_pod\", \"kubectl describe pods firstpod\", etc.\n- All necessary/most usable commands are listed in the \"[Kubernetes Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/KubernetesCommandCheatSheet.md)\". Please have a look to get more information and usage.\n\n### Pod: Creating, Yaml, LifeCycle \u003ca name=\"pod\"\u003e\u003c/a\u003e\n- Pod is the smallest unit that is created and managed in K8s.\n- Pods may contain more than 1 container, but mostly pods contain only 1 container.\n- Each pod has unique id (uid).\n- Each pod has unique IP address.\n- Containers in the same Pod run on the same Node (computer), and these containers can communicate with each other on the localhost. \n- Creation of the first pod, IMPERATIVE WAY (with command):\n- Please have a look Scenario (**Creating Pod - Imperative way**, below link) to learn more information about the pod's kubectl commands.\n    - how to create basic K8s pod using imperative commands,\n    - how to get more information about pod (to solve troubleshooting),\n    - how to run commands in pod,\n    - how to delete pod. \n\n**Goto the Scenario:** [LAB: K8s Creating Pod - Imperative Way](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-CreatingPod-Imperative.md) \n\n#### Pod: YAML File\n- Imperative way could be difficult to store and manage process. Every time we have to enter commands. To prevent this, we can use YAML file to define pods and pods' feature. This way is called \"Declarative Way\".\n- Declarative way (with file), Imperative way (with command)\n- Sample Yaml File:\n\n![image](https://user-images.githubusercontent.com/10358317/153674712-426a262d-d13e-489d-9c86-63ac22114d75.png)\n\n- Please have a look Scenario (**Creating Pod - Declarative way**, below link) to learn more information.\n\n**Goto the Scenario:** [LAB: K8s Creating Pod - Declarative Way (With File) - Environment Variable](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8-CreatingPod-Declerative.md) \n\n#### Pod: Life Cycle\n- **Pending:** API-\u003eetcd, pod created, pod id created, but not running on the node.\n- **Creating:** Scheduler take pod from etcd, assing on node. Kubelet on the Node pull images from docker registry or repository.\n- **ImagePullBackOff:** Kubelet can not pull image from registry. E.g. Image name is fault (typo error), Authorization Failure, Username/Pass error.\n- **Running:** \n    - Container closes in 3 ways:\n        1. App completes the mission and closes automatically without giving error,\n        2. Use or System sends close signal and closes automatically without giving error,\n        3. Giving error, collapsed and closes with giving error code. \n    - Restart Policies (it can defined in the pod definition): \n        1. Always: Default value, kubelet starts always when closing with or without error, \n        2. On-failure: It starts again when it gets only error, \n        3. Never: It never restarts in any case.\n - **Successed (completed)**: If the container closes successfully without error and restart policy is configured as on-failure/never, it converts to succeed.\n - **Failed**\n - **CrashLoopBackOff:** \n    - If restart policy is configured as always and container closes again and again, container restarts again and again (Restart waiting duration before restarting again: 10 sec -\u003e 20 sec -\u003e 40 sec -\u003e .. -\u003e 5mins), It runs every 5 mins if the pod is crashed.\n    - If container runs more than 10 mins, status converted from 'CrashLoopBackOff' to 'Running'.\n\n### MultiContainer Pod, Init Container \u003ca name=\"multicontainerpod\"\u003e\u003c/a\u003e\n- Best Practice: 1 Container runs in 1 Pod normally, because the smallest element in K8s is Pod (Pod can be scaled up/down).\n- Multicontainers run in the same Pod when containers are dependent of each other. \n- Multicontainers in one Pod have following features:\n  - Multi containers that run on the same Pod run on the same Node.\n  - Containers in the same Pod run/pause/deleted at the same time.\n  - Containers in the same Pod communicate with each other on localhost, there is not any network isolation.\n  - Containers in the same Pod use one volume commonly and they can reach same files in the volume.   \n\n#### Init Containers\n- Init containers are used for configuration of apps before running app container. \n- Init containers handle what it should run, then it closes successfully, after init containers close, app containers start. \n- Example below shows how to define init containers in one Pod. There are 2 containers: appcontainer and initcontainer. Initcontainer is polling the service (myservice). When it finds, it closes and app container starts.  \n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: initcontainerpod\nspec:\n  containers:\n  - name: appcontainer            # after initcontainer closed successfully, appcontainer starts.\n    image: busybox\n    command: ['sh', '-c', 'echo The app is running! \u0026\u0026 sleep 3600']\n  initContainers:\n  - name: initcontainer\n    image: busybox                # init container starts firstly and look up myservice is up or not in every 2 seconds, if there is myservice available, initcontainer closes. \n    command: ['sh', '-c', \"until nslookup myservice; do echo waiting for myservice; sleep 2; done\"]\n```\n   \n- Please have a look Scenario (below link) to learn more information.\n\n**Goto the Scenario:** [LAB: K8s Multicontainer - Sidecar - Emptydir Volume - Port-Forwarding](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Multicontainer-Sidecar.md) \n\n### Label and Selector, Annotation, Namespace \u003ca name=\"labelselector\"\u003e\u003c/a\u003e\n#### Label\n- Label is important to reach the K8s objects with key:value pairs.\n- key:value is used for labels. E.g. tier:frontend, stage:test, name:app1, team:development\n- prefix may also be used for optional with key:value. E.g. example.com/tier:front-end, kubernetes.io/ , k8s.io/\n- In the file (declerative way), labels are added under metadata. It is possible to add multiple labels. \n\n![image](https://user-images.githubusercontent.com/10358317/153675164-62265978-60c3-4167-ad0c-4bfbbf1f704b.png)\n\n- In the command (imperative way), we can also add label to the pods.\n```shell\nkubectl label pods pod1 team=development  #adding label team=development on pod1\nkubectl get pods --show-labels\nkubectl label pods pod1 team-  #remove team (key:value) from pod1\nkubectl label --overwrite pods pod1 team=test #overwrite/change label on pod1\nkubectl label pods --all foo=bar  # add label foo=bar for all pods\n```\n#### Selector\n- We can select/filter pods with kubectl. \n```shell\nkubectl get pods -l \"app=firstapp\" --show-labels\nkubectl get pods -l \"app=firstapp,tier=frontend\" --show-labels\nkubectl get pods -l \"app=firstapp,tier!=frontend\" --show-labels\nkubectl get pods -l \"app,tier=frontend\" --show-labels #equality-based selector\nkubectl get pods -l \"app in (firstapp)\" --show-labels  #set-based selector\nkubectl get pods -l \"app not in (firstapp)\" --show-labels  #set-based selector\nkubectl get pods -l \"app=firstapp,app=secondapp\" --show-labels # comma means and =\u003e firstapp and secondapp\nkubectl get pods -l \"app in (firstapp,secondapp)\" --show-labels # it means or =\u003e firstapp or secondapp\n```\n#### Node Selector\n- With Node Selector, we can specify which pod run on which Node. \n \n ![image](https://user-images.githubusercontent.com/10358317/153676102-03b2137b-ecc8-4802-9a9f-41694e1ce6fa.png)\n\n- It is also possible to label nodes with imperative way. \n```shell\nkubectl apply -f podnode.yaml\nkubectl get pods -w #always watch\nkubectl label nodes minikube hddtype=ssd #after labelling node, pod11 configuration can run, because node is labelled with hddtype:ssd \n```\n#### Annotation\n- It is similar to label, but it is used for the detailed information (e.g. owner, notification-email, releasedate, etc.) that are not used for linking objects. \n\n![image](https://user-images.githubusercontent.com/10358317/153675516-4b71b55a-f7ec-40a4-9e32-0b794208e6ae.png)\n\n```shell\nkubectl apply -f podannotation.yaml\nkubectl describe pod annotationpod\nkubectl annotate pods annotationpod foo=bar #imperative way\nkubectl delete -f podannotation.yaml\n```\n\n#### Namespaces\n- Namespaces provides a mechanism for isolating groups of resources within a single cluster. They provide a scope for names. \n- Namespaces cannot be nested inside one another and each Kubernetes resource can only be in one namespace.\n- Kubectl commands run in default namespaces if it is not determined in the command.\n\n![image](https://user-images.githubusercontent.com/10358317/148784384-96681287-e4c4-46e8-b63f-5953270a5b28.png)\n\n```shell\nkubectl get pods --namespaces kube-system  # get all pods in the kube-system namespaces\nkubectl get pods --all-namespaces  # get pods from all namespaces\nkubectl create namespace development  # create new development namespace in imperative way\nkubectl get pods -n development  # get pods from the development namespace\n```\n- In declerative way, it is possible to create namespaces and run pod on the related namespace.\n\n![image](https://user-images.githubusercontent.com/10358317/153675331-ee6ccfb6-b186-4e29-8e85-55adee465a53.png)\n\n```shell\nkubectl apply -f namespace.yaml\nkubectl get pods -n development  #get pods in the development namespace\nkubectl exec -it namespacedpod -n development -- /bin/sh  #run namespacepod in development namespace\n```\n\n- We can avoid to use -n \u003cnamespacename\u003e for all command with changing of default namespace  (because, if we don't use -n namespace, kubectl commands run on the default namespace).    \n    \n```shell\nkubectl config set-context --current  --namespace=development  #now default namespace is development\nkubectl get pods     #returns pods in the development namespace  \nkubectl config set-context --current  --namespace=default  #now namespace is default \nkubectl delete namespaces development  #delete development namespace\n```\n### Deployment \u003ca name=\"deployment\"\u003e\u003c/a\u003e\n- A Deployment provides declarative updates for Pods and ReplicaSets.\n- We define states in the deployment, deployment controller compares desired state and take necessary actions to keep desire state. \n- Deployment object is the higher level K8s object that controls and keeps state of single or multiple pods automatically.\n- Imperative way:\n\n```shell\nkubectl create deployment firstdeployment --image=nginx:latest --replicas=2 \nkubectl get deployments\nkubectl get pods -w    #on another terminal\nkubectl delete pods \u003coneofthepodname\u003e #we can see another terminal, new pod will be created (to keep 2 replicas)  \nkubectl scale deployments firstdeployment --replicas=5\nkubectl delete deployments firstdeployment\n```\n- Please have a look Scenario (below link) to learn more about the deployment and declarative way of creating deployment.\n\n**Goto the Scenario:** [LAB: K8s Deployment - Scale Up/Down - Bash Connection - Port Forwarding](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Deployment.md) \n    \n### Replicaset \u003ca name=\"replicaset\"\u003e\u003c/a\u003e\n- Deployment object create Replicaset object. Deployment provides the transition of the different replicaset automatically. \n- Replicaset is responsible for the management of replica creation and remove. But, when the pods are updated (e.g. image changed), it can not update replicaset pods. However, deployment can update for all change. So, best practice is to use deployment, not to use replicaset directly.\n- **Important:** It can be possible to create replicaset directly, but we could not use rollout/rollback, undo features with replicaset. Deployment provide to use rollout/rollback, undo features.\n    \n![image](https://user-images.githubusercontent.com/10358317/148804992-8ad27155-1c1e-436f-949e-4aec9a1a9d05.png)\n\n\n### Rollout and Rollback \u003ca name=\"rollout-rollback\"\u003e\u003c/a\u003e\n- Rollout and Rollback enable to update and return back containers that run under the deployment.\n- 2 strategy for rollout:\n    - **Recreate Strategy:** Delete all pods first and create Pods from scratch. If two different versions of SW affect each other negatively, this strategy could be used.     \n    - **RollingUpdate Strategy (default)**: It updates pods step by step. Pods are updated step by step, all pods are not deleted at the same time.\n        - **maxUnavailable:** At the update duration, it shows the max number of deleted containers (total:10 containers; if maxUn:2, min:8 containers run in that time period)\n        - **maxSurge:** At the update duration, it shows that the max number of containers run on the cluster (total:10 containers; if maxSurge:2, max:12 containers run in a time)\n    \n```shell\nkubectl set image deployment rolldeployment nginx=httpd:alpine --record     # change image of deployment\nkubectl rollout history deployment rolldeployment                           #shows record/history revisions \nkubectl rollout history deployment rolldeployment --revision=2              #select the details of the one of the revisions\nkubectl rollout undo deployment rolldeployment                              #returns back to previous deployment revision\nkubectl rollout undo deployment rolldeployment --to-revision=1              #returns back to the selected revision=1\nkubectl rollout status deployment rolldeployment -w                         #show live status of the rollout deployment\nkubectl rollout pause deployment rolldeployment                             #pause the rollout while updating pods \nkubectl rollout resume deployment rolldeployment                            #resume the rollout if rollout paused\n```\n  \n**Goto the Scenario:** [LAB: K8s Rollout - Rollback](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Rollout-Rollback.md)\n    \n### Network, Service \u003ca name=\"network-service\"\u003e\u003c/a\u003e\n#### K8s Networking Requirements\n- Each pod has unique and own IP address (Containers within a pod share network namespaces).\n- All PODs can communicate with all other pods without NAT (Network Address Translation)\n- All NODEs can communicate with all pods without NAT.\n- The IP of the POD is same throughout the cluster.\n\n#### CNI (Container Network Interface)\n- Networking of containers and nodes with different vendors and devices is difficult to handle. So K8s give this responsibility to CNI plugins to handle networking requirements. \n- \"CNI (Container Network Interface), a Cloud Native Computing Foundation project, consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins.\" =\u003e https://github.com/containernetworking/cni \n- K8s has CNI plugins that are selected by the users. Some of the CNI methods are: Flannel, calico, weave, and canal. \n- Calico (https://github.com/projectcalico/calico) is the one of the popular and open source CNI method/plugin in K8s.\n    - Network Management in the cluster: \n        - IP assignments to Pods\n        - IP Table Management\n        - Overlay definition between Nodes without using NAT (e.g. --pod-network-cidr management) \n        - Vxlan Interface implementation and etc. \n    \n#### Service\n- \"An abstract way to expose an application running on a set of Pods as a network service.\n- Kubernetes ServiceTypes allow you to specify what kind of Service you want. The default is ClusterIP.\n- Type values and their behaviors are:\n    - **ClusterIP:** Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.\n    - **NodePort:** Exposes the Service on each Node's IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting \u003cNodeIP\u003e:\u003cNodePort\u003e.\n    - **LoadBalancer:** Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.\n    - **ExternalName:** Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.\" (Ref: Kubernetes.io)\n- Example of Service Object Definition:  (Selector binds service to the related pods, get traffic from port 80 to port 9376) \n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: my-service\nspec:\n  selector:\n    app: MyApp\n  ports:\n    - protocol: TCP\n      port: 80\n      targetPort: 9376\n```    \n**Goto the Scenario:** [LAB: K8s Service Implementations (ClusterIp, NodePort and LoadBalancer)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Service-App.md)\n    \n### Liveness and Readiness Probe \u003ca name=\"liveness-readiness\"\u003e\u003c/a\u003e\n#### Liveness Probe\n- \"The kubelet uses liveness probes to know when to restart a container. For example, liveness probes could catch a deadlock, where an application is running, but unable to make progress.\" (Ref: Kubernetes.io)\n- There are different ways of controlling Pods:\n    - httpGet,\n    - exec command,\n    - tcpSocket,\n    - grpc, etc.\n- initialDelaySeconds: waiting some period of time after starting. e.g. 5sec, after 5 sec start to run command\n- periodSeconds: in a period of time, run command. \n    \n**Goto the Scenario:** [LAB: K8s Liveness Probe](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Liveness-App.md)   \n    \n#### Readiness Probe\n- \"Sometimes, applications are temporarily unable to serve traffic. For example, an application might need to load large data or configuration files during startup, or depend on external services after startup. In such cases, you don't want to kill the application, but you don't want to send it requests either. Kubernetes provides readiness probes to detect and mitigate these situations. A pod with containers reporting that they are not ready does not receive traffic through Kubernetes Services.\" (Ref: Kubernetes.io)\n- Readiness probe is similar to liveness pod. Only difference is to define \"readinessProbe\" instead of \"livenessProbe\".\n\n    \n### Resource Limit, Environment Variable \u003ca name=\"environmentvariable\"\u003e\u003c/a\u003e\n    \n#### Resource Limit \n- Pods can consume resources (cpu, memory) up to physical resource limits, if there was not any limitation. \n- Pods' used resources can be limited.\n    - use 1 cpu core =\u003e cpu = \"1\" = \"1000\" = \"1000m\"    \n    - use 10% of 1 cpu core =\u003e cpu = \"0.1\" = \"100\" = \"100m\"    \n    - use 64 MB =\u003e memory: \"64M\"\n- CPU resources are exactly limited when it defines. \n- When pod requests memory resource more than limitation, pod changes its status to \"OOMKilled\" and restarts itself to limit memory usage.\n- Example (below), pod requests 64MB memory and 0.25 CPU core, uses maximum 256MB memory and 0.5 CPU core.\n\n![image](https://user-images.githubusercontent.com/10358317/153676383-eb783491-79da-4886-9728-55977b6bbd88.png)\n\n#### Environment Variable\n- Environment Variables can be defined for each pods in the YAML file.\n    \n![image](https://user-images.githubusercontent.com/10358317/153676628-d103de1d-e223-451b-8337-cdfe1cebee66.png)\n    \n**Goto the Scenario:** [LAB: K8s Creating Pod - Declarative Way - Environment Variable](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8-CreatingPod-Declerative.md) \n    \n### Volume \u003ca name=\"volume\"\u003e\u003c/a\u003e\n- Ephemeral volume (Temporary volume): Multiple containers reach ephemeral volume in the pod. When the pod is deleted/killed, volume is also deleted. But when container is restarted, volume is still available because pod still runs.\n- There are 2 types of ephemeral volumes:\n    - Emptydir \n    - Hostpath\n        - Directory\n        - DirectoryOrCreate\n        - FileOrCreate\n\n#### Emptydir Volume\n- Emptydir (empty directory on the node) is created on which node the pod is created on and it is mounted on the container using \"volumeMounts\". Multiple containers in the pod can reach this volume (read/write).   \n- Emptydir volume is dependent of Pod Lifecycle. If the pod is deleted, emptydir is also deleted.    \n```yaml\nspec: \n  containers:\n  - name: sidecar\n    image: busybox\n    command: [\"/bin/sh\"]\n    args: [\"-c\", \"sleep 3600\"]\n    volumeMounts:                # volume is mounted under \"volumeMounts\" \n    - name: cache-vol            # \"name\" of the volume type\n      mountPath: /tmp/log        # \"mountPath\" is the path in the container.\n  volumes:\n  - name: cache-vol              \n    emptyDir: {}                 # \"volume\" type \"emptydir\"\n```  \n    \n**Goto the Scenario:** [LAB: K8s Multicontainer - Sidecar - Emptydir Volume - Port-Forwarding](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Multicontainer-Sidecar.md)  \n    \n#### Hostpath Volume\n- It is similar to emtpydir, hostpath is also created on which node the pod is created on. In addition, the hostpath is specifically defined path on the node.\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: hostpath\nspec:\n  containers:\n  - name: hostpathcontainer\n    image: ImageName                  # e.g. nginx\n    volumeMounts:\n    - name: directory-vol             # container connects \"volume\" name    \n      mountPath: /dir1                # on the container which path this volume is mounted\n    - name: dircreate-vol\n      mountPath: /cache               # on the container which path this volume is mounted\n    - name: file-vol\n      mountPath: /cache/config.json   # on the container which file this volume is mounted     \n  volumes:\n  - name: directory-vol               # \"volume\" name\n    hostPath:                         # \"volume\" type \"hostpath\"\n      path: /tmp                      # \"path\" on the node, \"/tmp\" is defined volume\n      type: Directory                 # \"hostpath\" type \"Directory\", existed directory\n  - name: dircreate-vol\n    hostPath:                         # \"volume\" type \"hostpath\"\n      path: /cache                    # \"path\" on the node\n      type: DirectoryOrCreate         # \"hostpath\" type \"DirectoryOrCreate\", if it is not existed, create directory\n  - name: file-vol\n    hostPath:                         # \"volume\" type \"hostpath\"\n      path: /cache/config.json        # \"path\" on the node\n      type: FileOrCreate              # \"hostpath\" type \"FileOrCreate\",  if it is not existed, create file\n```   \n\n![image](https://user-images.githubusercontent.com/10358317/154715083-f5972de0-d95e-47f2-bc6d-92cf7b8a182a.png)\n\n### Secret \u003ca name=\"secret\"\u003e\u003c/a\u003e\n- Secret objects store the sensitive and secure information like username, password, ssh-tokens, certificates.     \n- Secrets (that you defined) and pods (that you defined) should be in the same namespace (e.g. if defined secret is in the \"default\" namespace, pod should be also in the \"default\" namepace). \n- There are 8 different secret types (basic-auth, tls, ssh-auth, token, service-account-token, dockercfg, dockerconfigjson, opaque). Opaque type is the default one and mostly used.\n- Secrets are called by the pod in 2 different ways: volume and environment variable   \n- Imperative way, run on the terminal (geneneric in the command = opaque): \n\n```shell\nkubectl create secret generic mysecret2 --from-literal=db_server=db.example.com --from-literal=db_username=admin --from-literal=db_password=P@ssw0rd!\n```     \n      \n- Imperative way with file to hide pass in the command history\n    \n```shell\nkubectl create secret generic mysecret3 --from-file=db_server=server.txt --from-file=db_username=username.txt --from-file=db_password=password.txt\n``` \n\n- Imperative way with json file to hide pass in the command history\n\n```shell\nkubectl create secret generic mysecret4 --from-file=config.json\n``` \n    \n**Goto the Scenario:** [LAB: K8s Secret (Declarative and Imperative Way)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Secret.md)     \n    \n### ConfigMap \u003ca name=\"configmap\"\u003e\u003c/a\u003e\n- It is same as \"secrets\". The difference is that configmap does not save sensitive information. It stores config variables.\n- Configmap stores data with key-value pairs.\n- Configmaps are called by the pod in 2 different ways: volume and environment variable    \n- Scenario shows the usage of configmaps.\n    \n**Goto the Scenario:** [LAB: K8s Config Map](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Configmap.md)\n    \n### Node – Pod Affinity \u003ca name=\"node-pod-affinity\"\u003e\u003c/a\u003e\n- Affinity means closeness, proximity, familarity.\n    \n#### Node Affinity\n- With node affinity, specific pods can enable to run on the desired node (Node selector also supports that feature, but node affinity is more flexible).\n- If node is labelled with key-value, we can run some of the pods on that specific node.\n- **Terms for Node Affinity:**\n    - **requiredDuringSchedulingIgnoredDuringExecution:**  Find a node during scheduling according to \"matchExpression\" and run pod on that node. If it is not found, do not run this pod until finding specific node \"matchExpression\". \n    - **IgnoredDuringExecution:** After scheduling, if the node label is removed/deleted from node, ignore it while executing.\n    - **preferredDuringSchedulingIgnoredDuringExecution:** Find a node during scheduling according to \"matchExpression\" and run pod on that node. If it is not found, run this pod wherever it finds. \n        - **weight:** Preference weight. If weight is more than other weights, this weight is higher priority than others. \n\n- For a better understanding, please have a look [LAB: K8s Node Affinity](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Node-Affinity.md)    \n    \n**Go to the Scenario:** [LAB: K8s Node Affinity](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Node-Affinity.md)    \n    \n#### Pod Affinity \n- Some of the pods should run with other pods on same node or same availability zone (e.g. frontend pods run with cache pod on the same availability zone) \n- If pod affinity is defined for one pod, that pod runs with the related pod on same node or same availability zone.     \n- Each node in the cluster is labelled with default labels.\n    - \"kubernetes.io/hostname\": e.g \"kubernetes.io/hostname=minikube\"\n    - \"kubernetes.io/arch\": e.g \"kubernetes.io/arch=amd64\"\n    - \"kubernetes.io/os\": e.g \"kubernetes.io/os=linux\"\n- Each node in the cluster that runs on the Cloud is labelled with following labels.\n    - \"topology.kubernetes.io/region\": e.g. \"topology.kubernetes.io/region=northeurope\"\n    - \"topology.kubernetes.io/zone\": e.g. \"topology.kubernetes.io/zone=northeurope-1\"\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: frontendpod\n  labels:\n    app: frontend                                     # defined labels\n    deployment: test                      \nspec:\n  containers:\n  - name: nginx\n    image: nginx:latest\n    ports:\n    - containerPort: 80\n---\napiVersion: v1\nkind: Pod\nmetadata:\n  name: cachepod\nspec:\n  affinity:\n    podAffinity:\n      requiredDuringSchedulingIgnoredDuringExecution:    # required: if not found, not run this pod on any node\n      - labelSelector:\n          matchExpressions:\n          - key: app\n            operator: In\n            values:\n            - frontend\n        topologyKey: kubernetes.io/hostname               # run this pod with the POD which includes \"app=frontend\" on the same worker NODE  \n      preferredDuringSchedulingIgnoredDuringExecution:    # preferred: if not found, run this pod on any node\n      - weight: 1\n        podAffinityTerm:\n          labelSelector:\n            matchExpressions:\n            - key: branch\n              operator: In\n              values:\n              - develop\n          topologyKey: topology.kubernetes.io/zone         # run this pod with the POD which includes \"branch=develop\" on the any NODE in the same ZONE \n    podAntiAffinity:                                       # anti-affinity: NOT run this pod with the following match \"\"\n      preferredDuringSchedulingIgnoredDuringExecution:\n      - weight: 100\n        podAffinityTerm:\n          labelSelector:\n            matchExpressions:\n            - key: deployment\n              operator: In\n              values:\n              - prod\n          topologyKey: topology.kubernetes.io/zone         # NOT run this pod with the POD which includes \"deployment=prod\" on the any NODE in the same ZONE   \n  containers:\n  - name: cachecontainer                                   # cache image and container name\n    image: redis:6-alpine\n```\n    \n![image](https://user-images.githubusercontent.com/10358317/154729871-1294d423-1429-4a00-9d2b-78cfcdace18a.png)\n\n![image](https://user-images.githubusercontent.com/10358317/154730052-19e96985-1452-4d93-9fc3-d70ea06ceb8a.png)\n    \n### Taint and Toleration \u003ca name=\"taint-tolereation\"\u003e\u003c/a\u003e\n- Node affinity is a property of Pods that attracts/accepts them to a set of nodes. Taints are the opposite, they allow a node to repel/reject a set of pods.\n- TAINTs are assigned to the NODEs. TOLERATIONs assigned to the PODs\n    - \"kubectl describe nodes minikube\", at taints section, it can be seen taints. \n    - To add taint to the node with commmand: \"kubectl taint node minikube app=production:NoSchedule\"\n    - To delete taint to the node with commmand: \"kubectl taint node minikube app-\"\n- If pod has not any toleration for related taint, it can not be started on the tainted node (status of pod remains pending)\n- Taint Types:\n    - **key1=value1:effect**: (e.g.\"kubectl taint node minikube app=production:NoSchedule\")\n- Taint \"effect\" types:\n    - **NoSchedule:** If pod is not tolerated with this effect, it can not run on the related node (status will be pending, until toleration/untaint)\n    - **PreferNoSchedule:** If pod is not tolerated with this effect and if there is not any untainted node, it can run on the related node. \n    - **NoExecute:** If pod is not tolerated with this effect, it can not run on the related node. If there are pods running on the node before assigning \"NoExecute\" taint, after tainting \"NoExecute\", untolerated pods stopped on this node. \n- For clarification, please have a look [LAB: K8s Taint Toleration](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Taint-Toleration.md)   \n    \n**Goto the Scenario:** [LAB: K8s Taint-Toleration](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Taint-Toleration.md)    \n    \n### Deamon Set \u003ca name=\"daemon-set\"\u003e\u003c/a\u003e\n- It provides to run pods on EACH nodes. It can be configured to run only specific nodes.\n- For example, you can run log application that runs on each node in the cluster and app sends these logs to the main log server. Manual configuration of each nodes could be headache in this sceneario, so using deamon sets would be beneficial to save time and effort.\n- If the new nodes are added on the cluster and running deamon sets on the cluster at that time period, default pods which are defined on deamon sets also run on the new nodes without any action. \n    \n**Goto the scenario:** [LAB: K8s Daemonset - Creating 3 nodes on Minikube](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Daemon-Sets.md)\n    \n### Persistent Volume and Persistent Volume Claim \u003ca name=\"pvc\"\u003e\u003c/a\u003e\n- Volumes are ephemeral/temporary area that stores data. Emptydir and hostpath create volume on node which runs related pod.\n- In the scenario of creating Mysql pod on cluster, we can not use emptydir and hostpath for long term. Because they don't provide the long term/persistent volume. \n- Persistent volume provides long term storage area that runs out of the cluster.\n- There are many storage solutions that can be enabled on the cluster: nfs, iscsi, azure disk, aws ebs, google pd, cephfs. \n- Container Storage Interface (CSI) provides the connection of K8s cluster and different storage solution. \n\n#### Persistent Volume \n- \"accessModes\" types:\n    - \"ReadWriteOnce\": read/write for only 1 node.\n    - \"ReadOnlyMany\" : only read for many nodes.\n    - \"ReadWriteMany\": read/write for many nodes.\n- \"persistentVolumeReclaimPolicy\" types: it defines the behaviour of volume after the end of using volume.\n    - \"Retain\" : volume remains with all data after using it.\n    - \"Recycle\": volume is not deleted but all data in the volume is deleted. We get empty volume if it is chosen.\n    - \"Delete\" : volume is deleted after using it.\n\n```yaml\n# Creating Persistent Volume on NFS Server on the network    \napiVersion: v1                               \nkind: PersistentVolume\nmetadata:\n   name: mysqlpv\n   labels:\n     app: mysql                                # labelled PV with \"mysql\"\nspec:\n  capacity:\n    storage: 5Gi                               # 5Gibibyte = power of 2; 5GB= power of 10\n  accessModes:\n    - ReadWriteOnce\n  persistentVolumeReclaimPolicy: Recycle       # volume is not deleted, all data in the volume will be deleted.\n  nfs:\n    path: /tmp                                 # binds the path on the NFS Server\n    server: 10.255.255.10                      # IP of NFS Server\n``` \n\n![image](https://user-images.githubusercontent.com/10358317/154734368-323af0cc-e745-4aa0-b844-65b4a410426d.png)\n    \n#### Persistent Volume Claim (PVC)  \n- We should create PVCs to use volume. With PVCs, existed PVs can be chosen.\n- The reason why K8s manage volume with 2 files (PVC and PV) is to seperate the management of K8s Cluster (PV) and using of volume (PVC).\n- If there is seperate role of system management of K8s cluster, system manager creates PV (to connect different storage vendors), developers only use existed PVs with PVCs.    \n\n```yaml\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: mysqlclaim\nspec:\n  accessModes:\n    - ReadWriteOnce\n  volumeMode: Filesystem                    # VolumeMode\n  resources:\n    requests:\n      storage: 5Gi\n  storageClassName: \"\"\n  selector:\n    matchLabels:                          \n      app: mysql                            # choose/select \"mysql\" PV that is defined above.\n ```\n\n![image](https://user-images.githubusercontent.com/10358317/154735404-80221355-1493-4043-ba7a-8c7a4ddc8df0.png)\n \n**Goto the scenario:** [LAB: K8s Persistant Volume and Persistant Volume Claim](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-PersistantVolume.md)    \n    \n### Storage Class \u003ca name=\"storageclass\"\u003e\u003c/a\u003e\n- Creating volume with PV is manual way of creating volume. With storage classes, it can be automated. \n- Cloud providers provide storage classes on their infrastructure.\n- When pod/deployment is created, storage class is triggered to create PV automatically (Trigger order: Pod -\u003e PVC -\u003e Storage Class -\u003e PV). \n\n```yaml\n# Storage Class Creation on Azure\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n  name: standarddisk\nparameters:\n  cachingmode: ReadOnly\n  kind: Managed\n  storageaccounttype: StandardSSD_LRS\nprovisioner: kubernetes.io/azure-disk\nreclaimPolicy: Delete\nvolumeBindingMode: WaitForFirstConsumer    \n```\n    \n- \"storageClassName\" is added into PVC file.\n\n```yaml\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: mysqlclaim\nspec:\n  accessModes:\n    - ReadWriteOnce\n  volumeMode: Filesystem\n  resources:\n    requests:\n      storage: 5Gi\n  storageClassName: \"standarddisk\"               # selects/binds to storage class (defined above)\n```    \n- When deployment/pod request PVC (claim), storage class provides volume on the infrastructure automatically. \n    \n### Stateful Set \u003ca name=\"statefulset\"\u003e\u003c/a\u003e\n- Pods/Deployments are stateless objects. Stateful set provides to run stateful apps.\n- Differences between Deployment and Statefulset:\n    - Name of the pods in the statefulset are not assigned randomly. It gives name statefulsetName_0,1,2,3.\n    - Pods in the statefulset are not created at the same time. Pods are created in order (new pod creation waits until previous pod's running status).\n    - When scaling down of statefulset, pods are not deleted in random. Pods are deleted in reverse order.\n    - If PVC is defined in the statefulset, each pod in the statefulset has own PV\n\n**Goto the scenario:** [LAB: K8s Stateful Sets - Nginx](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Statefulset.md)  \n    \n### Job, CronJob \u003ca name=\"job\"\u003e\u003c/a\u003e\n#### Job Object \n- \"A Job creates one or more Pods and will continue to retry execution of the Pods until a specified number of them successfully terminate\". If the container is not successfully completed, it will recreated again.  \n- \"When a specified number of successful completions is reached, the task (ie, Job) is complete.\"\n- After finishing a job, pods are not deleted. Logs in the pods can be viewed.\n- Job is used for the task that runs once (e.g. maintanence scripts, scripts that are used for creating DB)\n- Job is also used for processing tasks that are stored in queue or bucket. \n\n```yaml\nspec:\n  parallelism: 2               # each step how many pods start in parallel at a time\n  completions: 10              # number of pods that run and complete job at the end of the time\n  backoffLimit: 5              # to tolerate fail number of job, after 5 times of failure, not try to continue job, fail the job\n  activeDeadlineSeconds: 100   # if this job is not completed in 100 seconds, fail the job\n```  \n    \n![image](https://user-images.githubusercontent.com/10358317/154946885-80e87f3c-5120-4c09-bde2-a35cd09a7383.png)    \n    \n**Goto the scenario:** [LAB: K8s Job](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Job.md)\n    \n#### Cron Job Object\n- Cron job is a scheduled job that can be started in scheduled time.\n\n```    \n# ┌───────────── minute (0 - 59)\n# │ ┌───────────── hour (0 - 23)\n# │ │ ┌───────────── day of the month (1 - 31)\n# │ │ │ ┌───────────── month (1 - 12)\n# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;\n# │ │ │ │ │                                   7 is also Sunday on some systems)\n# │ │ │ │ │\n# │ │ │ │ │\n# * * * * *\n#\n# https://crontab.guru/ \n# Examples: \n#   5 * * * *   : (means) For every day start at minute 5: 00:05 - Second day 00:05 ....\n#   */5 * * * * : (means) At every 5th minute: 00:05 - 00:10 - 00:15 ... \n#   0 */2 * * * : (means) At minute 0 pass every 2d hour: 00:00 - 02:00 - 04:00 ... \n#  \"*\" means \"every\"\n#  \"/\" means \"repetitive\"\n``` \n  \n```yaml\nspec:\n  schedule: \"*/1 * * * *\"                        # At every 1st minute: 00:01 - 00:02 ...\n  jobTemplate:\n    spec:\n      template:\n        spec:\n          containers:\n          - name: hello\n            image: busybox\n            imagePullPolicy: IfNotPresent\n            command:                             # start shell and echo  \n            - /bin/sh\n            - -c\n            - date; echo Hello from the Kubernetes cluster \n          restartPolicy: OnFailure\n``` \n\n![image](https://user-images.githubusercontent.com/10358317/154948618-8b71bf38-62a7-44de-bdd2-ac40a1709eb4.png)\n    \n**Go to the scenario:** [LAB: K8s Cron Job](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-CronJob.md)\n\n### Authentication, Role Based Access Control, Service Account \u003ca name=\"authentication\"\u003e\u003c/a\u003e\n    \n#### Authentication \n- It is related to authenticate user to use specific cluster. \n- Theory of the creating authentication is explained in short:\n    - user creates .key (key file) and .csr (certificate signing request file includes username and roles) with openssl application\n    - user sends .csr file to the K8s admin\n    - K8s admin creates a K8s object with this .csr file and creates .crt file (certification file) to give user\n    - user gets this .crt file (certification file) and creates credential (set-credentials) in user's pc with certification. \n    - user creates context (set-context) with cluster and credential, and uses this context.\n    - now it requires to get/create authorization for the user.\n\n#### Role Based Access Control (RBAC, Authorization) \n- It provides to give authorization (role) to the specific user. \n- \"Role\", \"RoleBinding\" K8s objects are used to bind users for specific \"namespace\". \n- \"ClusterRole\", \"ClusterRoleBinding\" K8s objects are used to bind users for specific \"namespace\". \n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  namespace: default\n  name: pod-reader\nrules:\n- apiGroups: [\"\"]                            # \"\" indicates the core API group\n  resources: [\"pods\"]                        # \"services\", \"endpoints\", \"pods\", \"pods/log\" etc.\n  verbs: [\"get\", \"watch\", \"list\"]            # \"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"  \n``` \n\n![image](https://user-images.githubusercontent.com/10358317/154953311-84f616cf-3a25-486f-beb9-e2d6a3a2e01a.png)\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: read-pods\n  namespace: default\nsubjects:\n- kind: User\n  name: username@hostname.net                 # \"name\" is case sensitive, this name was defined while creating .csr file\n  apiGroup: rbac.authorization.k8s.io\nroleRef:\n  kind: Role #this must be Role or ClusterRole\n  name: pod-reader                            # this must match the name of the Role or ClusterRole you wish to bind to\n  apiGroup: rbac.authorization.k8s.io    \n```\n    \n![image](https://user-images.githubusercontent.com/10358317/154953439-1dd52309-611b-48bf-8f7b-51433b678f8c.png)\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: secret-reader\nrules:\n- apiGroups: [\"\"]\n  resources: [\"secrets\"]\n  verbs: [\"get\", \"watch\", \"list\"]    \n```  \n    \n![image](https://user-images.githubusercontent.com/10358317/154953542-3723d691-632e-41d6-908f-5b15080ffa7b.png)\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: read-secrets-global\nsubjects:\n- kind: Group\n  name: DevTeam                              # Name is case sensitive\n  apiGroup: rbac.authorization.k8s.io\nroleRef:\n  kind: ClusterRole\n  name: secret-reader\n  apiGroup: rbac.authorization.k8s.io \n```\n    \n![image](https://user-images.githubusercontent.com/10358317/154953630-dcd71073-6de6-4194-955e-9b50a0f9c978.png)\n    \n#### Service Account\n- RBACs are used for real people. \n- Service accounts are used for pods/apps that can connect K8s API to create K8s objects.\n    \n    \n### Ingress \u003ca name=\"ingress\"\u003e\u003c/a\u003e\n- \"An API object that manages external access to the services in a cluster, typically HTTP.\" (ref: Kubernetes.io)\n- \"Ingress may provide load balancing, SSL termination and name-based virtual hosting\" (ref: Kubernetes.io)\n- Ingress is not a Service type, but it acts as the entry point for your cluster.  \n- Ingress resource only supports rules for directing HTTP(S) (L7) traffic.\n- \"Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.\" (ref: Kubernetes.io)\n- Ingress controller is a L7 Application Loadbalancer that works in K8s according to K8s specification. \n    - Ingress Controllers: Nginx, HAproxy, Traefik      \n \n![image](https://user-images.githubusercontent.com/10358317/152972977-5cfb148f-4ac7-4fb6-b68b-9a576e199e68.png) (ref: Kubernetes.io)\n\n```yaml\n# Simple Ingress Object Definition    \napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: minimal-ingress\n  annotations:\n    nginx.ingress.kubernetes.io/rewrite-target: /\nspec:\n  ingressClassName: nginx-example\n  rules:\n  - http:\n      paths:\n      - path: /testpath\n        pathType: Prefix\n        backend:\n          service:\n            name: test\n            port:\n              number: 80\n```\n    \n**Goto the scenario:** [LAB: K8s Ingress](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Ingress.md)    \n    \n### Dashboard \u003ca name=\"dashboard\"\u003e\u003c/a\u003e\n- You can view followings using default K8s dashboard:\n    - All Workloads on Cluster: Memory and CPU usages, update time, image name, node name, status\n    - Cron Jobs and Jobs\n    - Daeamon Sets\n    - Deployments, Replicasets\n    - Pods, Stateful Sets\n    - Services, Endpoints, IPs, Ports,\n    - Persistent Volume Claims, Persisten Volumes\n    - Config Maps,\n    - Secrets, Storage Classes\n    - Cluster Roles and Role Binding\n    - Namespaces\n    - Network Policies\n    - Nodes\n    - Roles and Role Bindings\n    - Service Accounts\n     \n``` \n# if working on minikube\nminikube addons enable dashboard\nminikube addons enable metrics-server\nminikube dashboard\n# if running on WSL/WSL2 to open browser\nsensible-browser http://127.0.0.1:45771/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/\n```     \n- to see better resolution, click on it\n    \n![image](https://user-images.githubusercontent.com/10358317/152148024-6ec65b33-9fd0-42eb-89c3-927e453553a2.png)\n       \n![image](https://user-images.githubusercontent.com/10358317/152147845-017c6c10-a687-4ee3-b868-a08d96f6d884.png)\n    \n**Goto the scenario:** [LAB: Enable Dashboard on Real Cluster](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Enable-Dashboard-On-Cluster.md)\n\n## Play With Kubernetes \u003ca name=\"playwithkubernetes\"\u003e\u003c/a\u003e\n\n- https://labs.play-with-k8s.com/\n\n## Helm \u003ca name=\"helm\"\u003e\u003c/a\u003e\n- Helm is the package manager of K8s (https://helm.sh/). \n- \"Helm installs charts into Kubernetes, creating a new release for each installation. And to find new charts, you can search Helm chart repositories.\" (Ref: Helm.sh)    \n- With Helm, it is easy to install best-practice K8s designs and products. Search K8s packages =\u003e https://artifacthub.io/   \n- Detailed Tutorial =\u003e https://helm.sh/docs/intro/quickstart/\n- **Important Terms:** (Ref: Helm.sh)\n    - **Chart:** \"A Chart is a Helm package. It contains all of the resource definitions necessary to run an application, tool, or service inside of a Kubernetes cluster. Think of it like the Kubernetes equivalent of a Homebrew formula, an Apt dpkg, or a Yum RPM file.\" \n    - **Repository:** \"A Repository is the place where charts can be collected and shared\"\n    - **Release:** \"A Release is an instance of a chart running in a Kubernetes cluster. One chart can often be installed many times into the same cluster. And each time it is installed, a new release is created. Consider a MySQL chart. If you want two databases running in your cluster, you can install that chart twice. Each one will have its own release, which will in turn have its own release name.\"\n    \n**Goto the scenario:** [LAB: HELM Install \u0026 Usage](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/Helm.md) \n\n**Goto the scenario:** [LAB: Helm-Jenkins on running K8s Cluster (2 Node Multipass VM)](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Helm-Jenkins.md)   \n    \n**Goto:** [Helm Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/HelmCheatsheet.md)\n    \n       \n## Kubernetes Commands Cheatsheet \u003ca name=\"cheatsheet\"\u003e\u003c/a\u003e\n\n**Goto:** [Kubernetes Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/KubernetesCommandCheatSheet.md)\n    \n## Helm Commands Cheatsheet \u003ca name=\"helm_cheatsheet\"\u003e\u003c/a\u003e\n\n**Goto:** [Helm Commands Cheatsheet](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/HelmCheatsheet.md)\n\n## Kubernetes Cluster Setup: Kubeadm, Containerd, Multipass \u003ca name=\"cluster_setup\"\u003e\u003c/a\u003e\n    \n**Goto:** [LAB: K8s Kubeadm Cluster Setup](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Kubeadm-Cluster-Setup.md) \n    \n## Monitoring Kubernetes Cluster with SSH, Prometheus and Grafana \u003ca name=\"prometheus_grafana\"\u003e\u003c/a\u003e\n       \n**Goto:** [LAB: K8s Monitoring - Prometheus and Grafana](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Monitoring-Prometheus-Grafana.md)\n\n**Goto:** [LAB: Enable Dashboard on Real K8s Cluster](https://github.com/omerbsezer/Fast-Kubernetes/blob/main/K8s-Enable-Dashboard-On-Cluster.md)\n    \n## Other Useful Resources Related Docker  \u003ca name=\"resource\"\u003e\u003c/a\u003e\n- [KubernetesTutorial](https://kubernetes.io/docs/tutorials/)\n- Docker and Kubernetes Tutorial - Youtube: https://www.youtube.com/watch?v=bhBSlnQcq2k\u0026t=3088s\n\n## References  \u003ca name=\"references\"\u003e\u003c/a\u003e\n- [Kubernetes.io](https://kubernetes.io/docs/concepts/overview/)\n- [KubernetesTutorial](https://kubernetes.io/docs/tutorials/)\n- [udemy-course:Kubernetes-Temelleri](https://www.udemy.com/course/kubernetes-temelleri/)\n- [Helm.sh](https://helm.sh/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomerbsezer%2Ffast-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fomerbsezer%2Ffast-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomerbsezer%2Ffast-kubernetes/lists"}