March 3, 2024

My Kubernetes Notes

My Kubernetes Notes

My Kubernetes Notes

Table of Contents

  1. Introduction to Kubernetes
  2. Kubernetes Architecture
  3. Kubernetes Objects
  4. Working with Pods, Deployments, and Services
  5. Kubernetes Networking
  6. Port Forwarding
  7. Sealed Secrets using Kubeseal
  8. ConfigMaps and Secrets
  9. Persistent Storage in Kubernetes
  10. Kubernetes Monitoring and Logging
  11. Helm: Package Manager for Kubernetes
  12. Kubernetes Security Best Practices
  13. Commands Cheat Sheet

1. Introduction to Kubernetes

Kubernetes (K8s) is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

Key Features:

  • Automated Scaling: Scale applications up/down based on demand.
  • Self-Healing: Restarts failed containers and replaces them.
  • Load Balancing: Distributes network traffic.
  • Rolling Updates & Rollbacks: Updates applications with zero downtime.
  • Storage Orchestration: Manages persistent storage.

2. Kubernetes Architecture

Master Node Components:

  • API Server: Entrypoint for all commands.
  • Scheduler: Assigns workloads to nodes.
  • Controller Manager: Ensures desired state.
  • etcd: Key-value store for cluster data.

Worker Node Components:

  • Kubelet: Communicates with the master.
  • Kube-Proxy: Manages network rules.
  • Container Runtime: Runs containers (e.g., Docker, containerd).

3. Kubernetes Objects

Common Objects:

  • Pod: Smallest deployable unit (1+ containers).
  • Deployment: Manages Pods (scaling, updates).
  • Service: Exposes Pods via stable IP/DNS.
  • ConfigMap & Secret: Stores configuration data.
  • PersistentVolume (PV) & PersistentVolumeClaim (PVC): Manages storage.

4. Working with Pods, Deployments, and Services

Create a Pod:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
    - name: nginx
      image: nginx:latest
      ports:
        - containerPort: 80

Apply: kubectl apply -f pod.yaml

Create a Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80

Apply: kubectl apply -f deployment.yaml

Expose a Service:

kubectl expose deployment nginx-deployment --type=LoadBalancer --port=80

Or via YAML:

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: LoadBalancer

5. Kubernetes Networking

  • ClusterIP: Internal IP (default).
  • NodePort: Exposes on a static port.
  • LoadBalancer: External cloud-based LB.
  • Ingress: Manages external HTTP(S) traffic.

6. Port Forwarding

Allows accessing a Pod directly from localhost.

Forward Port to a Pod:

kubectl port-forward pod/nginx-pod 8080:80

Access: http://localhost:8080

Forward Port to a Service:

kubectl port-forward svc/nginx-service 8080:80

7. Sealed Secrets using Kubeseal

Sealed Secrets encrypts Kubernetes Secrets so they can be safely stored in Git.

Install Kubeseal:

brew install kubeseal  # macOS
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml

Create a Sealed Secret: Create a Secret:

kubectl create secret generic my-secret --from-literal=<api_key>=1234 --dry-run=client -o yaml > <filename>.secret.yaml

Seal it:

kubeseal --format yaml < secret.yaml > sealed-secret.yaml

Apply:

kubectl apply -f sealed-secret.yaml

8. ConfigMaps and Secrets

ConfigMap Example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  config.properties: |
    db.url=jdbc:mysql://db-host:3306/mydb

Apply: kubectl apply -f configmap.yaml

Secret Example:

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4= # base64 encoded
  password: MTIzNA==

9. Persistent Storage in Kubernetes

PersistentVolume (PV) & PersistentVolumeClaim (PVC)

# PV
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-volume
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"
 
# PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pv-claim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

10. Kubernetes Monitoring and Logging

Check Logs:

kubectl logs <pod-name>

Monitor Resources:

kubectl top pods
kubectl top nodes

Prometheus & Grafana Setup Install using Helm:

helm install prometheus prometheus-community/prometheus
helm install grafana grafana/grafana

11. Helm: Package Manager for Kubernetes

Install Helm:

brew install helm  # macOS

Create a Helm Chart:

helm create mychart

Install a Chart:

helm install my-release ./mychart

12. Kubernetes Security Best Practices

  • Use RBAC: Restrict access via Roles & RoleBindings.
  • Enable Network Policies: Control Pod-to-Pod traffic.
  • Scan Images for Vulnerabilities: Use tools like Trivy.
  • Avoid Running as Root: Set securityContext.runAsNonRoot: true.

13. Commands Cheat Sheet

CommandDescription
kubectl get podsList all Pods in current namespace
kubectl get pods -o wideList Pods with additional details
kubectl get pods -l <label>=<value>List Pods matching label selector
kubectl get pod <name>Get details of a specific Pod
kubectl describe pod <name>Show detailed information about a Pod
kubectl logs <pod>Display Pod container logs
kubectl exec -it <pod> -- /bin/shExecute shell in a running Pod
kubectl delete pod <pod>Delete a specific Pod
kubectl explain podShow documentation for Pod resource
kubectl create deployment <name> --image=<image>Create a new Deployment
kubectl get deploymentsList all Deployments
kubectl describe deployment <name>Show detailed Deployment information
kubectl scale deployment <name> --replicas=<number>Scale a Deployment
kubectl rollout restart deployment/<name>Restart a Deployment
kubectl rollout status deployment/<name>Check rollout status
kubectl get servicesList all Services
kubectl describe service <name>Show detailed Service information
kubectl expose pod <name>Create a Service for a Pod
kubectl delete service <name>Delete a Service
kubectl port-forward <pod> <local_port>:<remote_port>Forward local port to Pod
kubectl create configmap <name> --from-literal=<key>=<value>Create ConfigMap
kubectl create secret generic <name> --from-literal=<key>=<value>Create Secret
kubectl get configmapsList all ConfigMaps
kubectl get secretsList all Secrets
kubectl describe configmap <name>Show ConfigMap details
kubectl get namespacesList all namespaces
kubectl create namespace <name>Create a new namespace
kubectl delete namespace <name>Delete a namespace
kubectl config set-context --current --namespace=<name>Set current namespace
kubectl apply -f <file>Apply configuration from file
kubectl edit <type> <name>Edit resource configuration
kubectl delete -f <file>Delete resources from file
kubectl get <type>List resources of specified type
kubectl describe <type> <name>Show detailed resource information
kubectl top nodesShow node resource usage
kubectl top podsShow Pod resource usage
kubectl get eventsList cluster events
kubectl get rolesList RBAC roles

Conclusion

This guide covers essential Kubernetes concepts, including port-forwarding, Sealed Secrets, Helm, and security practices. Kubernetes is a powerful tool for managing containerized applications at scale.

🚀 Happy Kubernetting! 🚀

Thank you for reading! I hope you found this post insightful. Stay curious and keep learning!

📫 Connect with me:

© 2025 Ayush Rudani

See all blogs