- 🌟 Certified Kubernetes Application Developer (CKAD) 🌟
- Important links
- Cosign
- regctl
- Kubernetes Commands and Explanations
- Command docker
- Commands
- check running proses
- Docker commands
- add secret fully as env
- Create inline secrets
- Get Cluster Info
- create a pod and expose it with given port using one command
- Run a Pod
- Create a Pod from YAML
- Generate YAML Templates
- Create yaml from existing object
- Explain a Specific Keyword in Definition File
- Extract Pod Definition to File - For more details, refer:
- Edit Pod Properties
- Validate Yamls
- scale up/dow replica sets on the fly
- Create namespace
- delete namespace
- view resource Quota usage
- Accessing resource in another namespace
- switch to a namespace permanently
- Services
- create symbolic link
- Explanations
- Kubernetes Deployments
- Kubernetes Namespaces
- Kubernetes configMap call in a pod
- Kubernetes Resource Allocation
- Certified Kubernetes Application Developer: Official certification page with all the details.
- Candidate Handbook: Comprehensive guide for exam preparation.
- Exam Tips: Essential tips to ace your exam.
Use the code 20KLOUD
while registering for the CKA or CKAD exams at the Linux Foundation to receive a 20% discount! 🎉
Good luck with your certification journey! 🚀
https://github.com/tektoncd/pipeline/blob/main/docs/auth.md#unsuccessful-cred-copy-warning
https://github.com/tektoncd/experimental/blob/f60e1cd8ce22ed745e335f6f547bb9a44580dc7c/pipeline-in-pod/OWNERS
https://edu.chainguard.dev/open-source/sigstore/cosign/an-introduction-to-cosign/
export DOCKER_CONFIG=/mnt/c/Data/pi-2024/temp/dockerconf
# this will refer docker config
regctl image digest crnxscicdmvp001.azurecr.io/nexus/health:0.1.2
- Node Workers: Physical VM or server in the Kubernetes cluster.
docker inspect nginx --format='{{.Config.User}}'
ps aux
# run ubuntu image and exit
docker run ubuntu
# list running containers
docker ps
# list all containers
docker ps -a
# override commands in image
docker run -it ubuntu /bin/bash
docker run <image name build with sleep> sleep 5
Note:
CMD sleep 5 where runtime we will override full command
ENTRYPOINT["sleep"] runtime we can append to the command like time to sleep
combine both to get default sleep value
ENTRYPOINT["sleep"]
CMD["5"]
override entrypoint at runtime
docker run --entrypoint sleep 2.0 ubuntu-sleeper 10
spec:
containers:
- name: webapp-container
image: webapp-image
envFrom:
- secretRef:
name: webapp-secret
kubectl create secret generic \
db-secret --from-literal=DB_Host=aasww \
--from-literal=DB_User=asdasd \
--from-literal=DB_Password=cGFzc3dvcmQxMjM=
kubectl cluster-info
kubectl get nodes
kubectl run httpd --image httpd:alpine --expose=true --port 80
kubectl run nginx --image=nginx
kubectl get pods
kubectl create -f <yaml pod or deployment>
kubectl run my-pod --image=nginx --dry-run=client -o yaml
kubectl create deployment nginx-deployment --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml
kubectl get <object-type> <object-name> -o yaml > <output-file>.yaml
kubectl explain pod.spec.containers.image
kubectl explain pod.spec.containers --recursive
kubectl get pod <pod-name> -o yaml > pod-definition.yaml
Options:
-o json
: Makes the output JSON-formatted.-o name
: Displays only the name of the resource.-o wide
: Provides additional information in a plain-text format.-o yaml
: Formats the output in YAML.
https://kubernetes.io/docs/reference/kubectl/overview/
https://kubernetes.io/docs/reference/kubectl/cheatsheet/
kubectl edit pod <pod-name>
kubectl apply -f replicaset-definition-1.yaml --dry-run=client
kubectl scale --replicas=5 rs/new-replica-set
or
kubectl edit replicaset
rs/<name of the replica set>
kubectl create namespace <namespace-name>
kubectl delete namespace <namespace-name>
kubectl config get-contexts
kubectl config use-context context-2
kubectl config set-context --current --namespace=<namespace-name>
kubectl describe resourcequota my-resource-quota -n my-namespace
service create DNS will get add to it
db-service.dev.svc.cluster.local
cluster.local= default domain name
svc = subdomain for servic
dev = namespace
db-service= service name
kubectl config set-context $(kubectl config current-context) --namespace=dev
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml
Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes:
kubectl expose pod nginx --port=80 --name nginx-service --type=NodePort --dry-run=client -o yaml
(This will automatically use the pod's labels as selectors, but you cannot specify the node port. You have to generate a definition file and then add the node port in manually before creating the service with the pod.)
sudo ln -s $(which kubectl) /usr/local/bin/k
kubectl create serviceaccount <service account name>
Note :
Service account token use external app to work with apis ect.
but new version this token not create auto and also now having expiration time to it token is a secret
if app in k8 cluster
use mount the secret as a volume
containers:
serviceAccountName: dashboard-sa < to use service account >
automountServiceAccountToken: false < disable the mount >
decode token
jq -R 'split(".") | select(length > 0) | .[0],.[1] | @base64d | fromjson' <<< <token>
for new version secret not mount directly now it is projected volume
volumes:
projected:
sources:
- serviceAccountToken:
expirationSeconds: 456
path: token
- key:
v1.24 <no longer create token>
kubectl create token <sa>
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-sleeper
namespace: default
resourceVersion: "840"
uid: 9d465e6f-0f5a-4f61-991a-bf75e4eb98cc
spec:
containers:
- command:
- sleep
- "4800"
image: ubuntu
securityContext:
runAsUser: 1010
capabilities:
add : [SYS_TIME]
imagePullPolicy: Always
```
## Kubernetes Pod Controllers
Pod Controllers are responsible for managing the lifecycle and scaling of Pods in a Kubernetes cluster. They ensure that the desired number of Pods is running and handle various tasks like scaling, updating, and rolling back Pods.
## Types of Pod Controllers
### 1. ReplicaSet
- **Purpose**: Ensures that a specified number of Pod replicas are running at any given time.
- **Usage**: Commonly used by Deployments to maintain the desired state of Pods.
- **Key Commands**:
```bash
kubectl get replicasets
kubectl describe replicasets <replicaset-name>
kubectl delete replicasets <replicaset-name>
kubectl create replicaset <replicaset-name> --image=<container-image> --replicas=<
Here's an example of a ReplicaSet YAML configuration:
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: my-app-replicaset
labels:
app: my-app-replicaset
spec:
template:
metadata:
name: my-pod
labels:
app: my-app
spec:
containers:
- name: my-container
image: nginx
replicas: 3
selector:
matchLabels:
app: my-app
A Deployment in Kubernetes is a controller that manages the deployment and scaling of a set of Pods. It ensures that the desired number of Pods are running and provides capabilities for rolling updates, rollbacks, and scaling.
- ReplicaSet: A Deployment manages one or more ReplicaSets, which in turn manage the Pods.
- Rolling Updates: Deployments allow for zero-downtime deployments by gradually updating Pods with new versions.
- Rollbacks: If something goes wrong with a new deployment, you can roll back to a previous stable version.
- Scaling: You can scale the number of Pods up or down as needed.
Here’s an example of a Kubernetes Deployment YAML configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app-deployment
labels:
app: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: nginx
ports:
- containerPort: 80
In Kubernetes, a Namespace is a way to divide cluster resources between multiple users or teams. Namespaces help manage and organize resources in a large cluster, providing a scope for names and enabling resource isolation. They are useful for:
- Organizing Resources: Grouping related resources together.
- Resource Isolation: Limiting access to resources within a namespace.
- Quotas and Limits: Applying resource quotas and limits on a per-namespace basis.
- Access Control: Implementing role-based access control (RBAC) policies specific to namespaces.
apiVersion: v1
kind: Namespace
metadata:
name: my-namespace
labels:
name: my-namespace
spec:
containers:
- env:
- name: APP_COLOR
valueFrom:
configMapKeyRef:
name: webapp-config-map
key: APP_COLOR
A ResourceQuota
is used to limit the amount of resources that can be consumed by a namespace. It helps to ensure fair usage of cluster resources and prevents any single namespace from using more than its allocated share.
To create a ResourceQuota
, you need to define it in a YAML file. Below is an example YAML configuration:
apiVersion: v1
kind: ResourceQuota
metadata:
name: my-resource-quota
namespace: my-namespace
spec:
hard:
cpu: "4"
memory: 16Gi
pods: "10"
services: "5"
persistentvolumeclaims: "10"
apiVersion: v1
kind: Pod
metadata:
name: my-pod
namespace: my-namespace
spec:
containers:
- name: my-container
image: nginx
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"