Kubernetes Reference

Contents

• Documentation
  • Reference
  • Software
  • Learning and Guides
• Working with Objects
  • imperative vs declarative
  • API Groups
• kubectl
  • Installation
  • krew, kubectl Plugin Manager
    • Resources
  • Commands
    • Basic
    • kubectl config
    • kubectl apply
    • kubectl get
    • kubectl describe
    • kubectl logs
    • Infrequently Used
• minikube
  • Installation
  • Commands
  • Predictable Cluster IPs
• TLS and ingress
  • Secrets
• Working with Docker and Kubernetes
• Kubernetes Terminology

Documentation

Reference

• Kubernetes API Reference: v1.17
• Official minikube Documentation

Software

• Official Kubernetes Releases
• Kubernetes GitHub Repository
• krew GitHub Repository

Learning and Guides

• Kubernetes Concepts | kubernetes.io documentation
• Kubernetes Tasks | kubernetes.io documentation
• Official minikube quickstart

Working with Objects

imperative vs declarative

An imperatively created object is one made by executing kubectl with a direct command:

# create a deployment named nginx-imperative that runs the nginx image
kubectl create deployment nginx-imperative --image=nginx

A declaratively created object is one made by defining its structure in a manifest file and supplying that information to the control plane:

# deployment-nginx-declarative.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-declarative
  labels:
    app: nginx-declarative
spec:
  selector:
    matchLabels:
      app: nginx-declarative
  template:
    metadata:
      labels:
        app: nginx-declarative
    spec:
      containers:
        -
          image: nginx
          name: nginx

kubectl apply -f ./deployment-nginx-declarative.yaml

Both objects may be inspected for comparison, where the only differences are in the last-applied-configuration annotation and the expected names and times, and IDs:

kubectl get deployment nginx-imperative -o yaml

kubectl get deployment nginx-declarative -o yaml

kubectl apply also works on directories, where order is determined via filename in ascending order (e.g. 01-foo.yaml applied before 02-bar.yaml):

kubectl apply -f ./config/

My preference is to define objects within manifest files and apply them.

API Groups

The grouping specified within the REST path of an object’s apiVersion field. Falls into two groups:

• The core / legacy group from /api/v1 and specified via apiVersion: v1
• The named REST path ( /apis/$GROUP_NAME/$VERSION) of the object, specified via apiVersion: $GROUP_NAME/$VERSION

You can find out the named REST path and corresponding API Groups and Versions by looking at the documentation for the object in the version of kubernetes you are running. For example, if we were running 1.14 and wanted to know information for a Deployment, we could look to the documentation and note the following information:

Leading us to specify in our configuration YAML as apiVersion: apps/v1.

kubectl

kubectl is a CLI tool that controls the Kubernetes cluster manager.

Installation

On macOS, I install directly using the release binaries matching the cluster version I am targeting (taking into account Kubernetes version skew). Instructions are available in the official documentation.

krew, kubectl Plugin Manager

Allows for kubectl commands to be extended within a specific scope. I currently just use it for the ingress-nginx plugin:

kubectl ingress-nginx help

Resources

• krew User Guide

Commands

kubectl commands are typically of the form:

kubectl <verb> <resource> --flags

Example:

kubectl describe pods --selector='run=my-nginx'

Basic

Confirm your Client and Server versions:

kubectl version

kubectl config

kubectl can connect to multiple clusters through the specification of “context” objects which are mappings of names to “cluster” and “user” information.

Config management functions are accessible through:

kubectl config --help

The default location kubectl stores information about clusters, contexts and users is:

~/.kube/config

Determine current context:

kubectl config current-context

Switch context to minikube:

kubectl config use-context minikube

Delete config reference to cluster cluster-test:

kubectl config delete-cluster cluster-test

Delete context cluster-test:

kubectl config delete-context cluster-test

Delete user cluster-test:

kubectl config unset users.cluster-test

kubectl apply

Applies the configuration to a resource, creating it if it does not exist.

Apply changes from a file:

kubectl apply -f path/to/file.yaml

Apply changes from a directory (files are applied in ascending order by filename):

kubectl apply -f ./config/

Tip: number your manifest files based on the order you wish them to execute in (e.g. 01-foo.yaml applied before 02-bar.yaml).

kubectl get

Prints the most important information about the specified resources, scoped by namespace unless --all-namespaces is used. Resource types may be specified with their full name, plural, or shorthand version.

kubectl get pods

kubectl describe

Prints a detailed description about the specified resources, scoped by namespace unless --all-namespaces is used.

kubectl describe pod nginx

kubectl logs

Prints the logs for the specified resources. Useful options are:

• --tail=N where N is the number of lines to tail
• --since=T where T is the human-readable relative duration, like “5m”

kubectl logs nginx

Infrequently Used

Get any Custom Resource Definitions (like from an add-on):

kubectl get crd

minikube

minikube is a CLI tool that provisions and manages single-node (typically local) Kubernetes clusters optimized for development workflows.

Installation

Via homebrew:

brew install minikube

Note: on macOS I needed to install virtualbox via:

brew cask install virtualbox

Commands

To start a local cluster, specifying Kubernetes version v1.13.7:

minikube start --kubernetes-version v1.13.7

To get the status of a local cluster:

minikube status

To delete a local cluster, taking with it all kubernetes and docker objects:

minikube delete

Version:

minikube version

To ssh into the VM hosting the cluster:

minikube ssh

Note: this is not a machine inside the cluster, so cluster DNS service resolution may not work as you expect.

To get the URL of a service:

minikube service my-service-name --url

Access the minikube dashboard via:

minikube dashboard --url

Predictable Cluster IPs

On macOS using VirtualBox, DHCP leases are stored in:

~/Library/VirtualBox/HostInterfaceNetworking-vboxnet0-Dhcpd.leases

A hack to get around incrementing IPs is to delete this file before starting the cluster.

TLS and ingress

Convention to name the secret for example.com as example-com-tls.

Secrets

Three options from kubectl create secret --help are:

• docker-registry
• generic
• tls

Secrets are scoped to their namespaces.

As of v1.14 an ingress with a missing secret still works OK.

Working with Docker and Kubernetes

To set up Docker environment variables to use the Docker daemon in minikube, allowing easy access to built images:

eval $(minikube docker-env)

and to tear down:

eval $(minikube docker-env --unset)

Kubernetes Terminology

cluster

a set of nodes running containerized applications

container

a runnable instance of an image. also a loosely isolated environment

control plane

the master system managing the cluster, comprised of a master node and various Kubernetes-internal services

controller

object that manages high level component behavior through pod management

image

a read-only template with instructions for creating a compute environment

manifest

the YAML configuration file describing an object

node

a worker machine configured to run pods and be managed by the control plane

pod

the host environment within which a collection of one or more containers are run

service

object representing a set of pods identified using label selectors