radin/my-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change dir name orch,container

Browse Source
This commit is contained in:
RadinPirouz
2025-10-04 09:53:08 +03:30
parent 1c472e4b94
commit 6beeea3e5c
43 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
Containerization-Orchestration/Kubernetes/1-Information.md Executable file
View File

@@ -0,0 +1,87 @@
# 🚢 Kubernetes (K8s) Documentation
## 🌐 Overview
**Kubernetes (K8s)** is an open-source container orchestration platform designed to automate the deployment, scaling, and operation of containerized applications.
---
## 🧠 Control Plane (CP)
The **Control Plane** is the core management component of a Kubernetes cluster. It makes global decisions about the cluster (e.g., scheduling) and maintains the desired state of the cluster by managing workloads and directing communication within the system.
> 💡 **Note:** By default, the Control Plane does not directly manage or run application containers.
### 🔑 Key Components of the Control Plane
- **API Server (`kube-apiserver`)**
Exposes the Kubernetes API and serves as the cluster's entry point. It handles communication between internal components and external clients.
- **Scheduler (`kube-scheduler`)**
Assigns workloads (e.g., Pods) to nodes based on resource availability and defined policies.
- **Controller Manager (`kube-controller-manager`)**
Runs controllers that monitor and regulate the cluster's state, such as the Node Controller and Replication Controller.
- **etcd**
A consistent and highly available key-value store that stores all cluster data, configurations, and state. This is the "database" of Kubernetes.
---
## 🧱 Worker Nodes
**Worker nodes** are the machines where containerized applications run. Each node contains essential components for managing containers.
### 🔧 Key Components of a Worker Node
- **Kubelet**
An agent that ensures containers run as specified in their Pod definitions. It communicates with the Control Plane to execute assigned tasks.
- **Kube Proxy**
Maintains network rules and manages routing for communication within the cluster and with external systems.
---
## 🔄 Data Flow
- **Kubelet** and **Kube Proxy** on each worker node interact with the **API Server** to perform operations and update resource states.
- The **Scheduler** selects suitable nodes for pod placement based on available resources.
- The **Controller Manager** ensures the actual state of the cluster matches the desired state.
---
## 🛠️ Administration Tools
- **`kubeadm`**
A command-line tool to bootstrap and configure Kubernetes clusters. It streamlines the setup of both the Control Plane and worker nodes.
- **`kubectl`**
The CLI for interacting with the Kubernetes API. It's used to deploy apps, inspect cluster resources, and manage configurations.
---
## 🧩 Kubernetes Version Compatibility
### Kubernetes and Container Runtimes
- **Kubernetes ≤ 1.23**
✅ Compatible with **Docker** as the default container runtime.
- **Kubernetes 1.24 1.25**
❌ Docker is **not supported** directly. Use `containerd` or another CRI-compliant runtime.
- **Kubernetes ≥ 1.25**
⚠️ Docker may be installed on the system but must be used **indirectly** through `containerd` or another supported CRI.
---
## 👥 Kubernetes Roles
- **Control Plane (Manager)**
Requires an **odd number** of nodes for high availability (e.g., 1, 3, 5, ...). This ensures quorum in distributed consensus.
- **Worker (none)**
These nodes run application workloads and do not participate in control decisions.
image pull policy in kubernetes:
example of all work loads:
https://k8s-examples.container-solutions.com/

161
Containerization-Orchestration/Kubernetes/2-Installtion.md Executable file
View File

@@ -0,0 +1,161 @@
# 🐳 Containerd and Kubernetes Installation Guide
A comprehensive step-by-step guide for setting up a Kubernetes cluster using **Containerd** as the container runtime. This guide is intended for Ubuntu-based systems.
---
## ⚙️ 1. Disable Swap
Kubernetes requires swap to be disabled for proper scheduling and memory management.
```bash
sudo swapoff -a
sudo sed -i '/swap/d' /etc/fstab
```
---
## 🧩 2. Enable Required Kernel Modules
Load the necessary kernel modules for networking and overlay file systems.
```bash
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
```
---
## 🌐 3. Enable IPv4 Forwarding
Enable packet forwarding to allow pods to communicate across the network.
```bash
sudo tee /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
```
---
## 📦 4. Install and Configure Containerd
Install and configure **Containerd** with `systemd` as the cgroup driver.
```bash
sudo apt-get update && sudo apt-get install -y containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
```
---
## ⎈ 5. Install Kubernetes Components
Add the Kubernetes repository and install the core components: `kubelet`, `kubeadm`, and `kubectl`.
```bash
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
```
---
## 🔁 6. Enable Kubelet Service
Start and enable the kubelet to run on system boot.
```bash
sudo systemctl enable --now kubelet
```
---
## 🚀 7. Initialize the Kubernetes Control Plane
Initialize the cluster. Replace the IP with your master node's IP address.
```bash
sudo kubeadm init \
--control-plane-endpoint 192.168.2.100 \
--apiserver-advertise-address 192.168.2.100 \
--pod-network-cidr 10.244.0.0/16 | tee kuber-install.log
```
---
## 🛠 8. Configure kubectl Access
Set up `kubectl` for the current (non-root) user.
```bash
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
```
---
## 🧾 9. Create Control Plane Join Command
Generate a command for other control plane nodes to join the cluster.
```bash
sudo kubeadm init phase upload-certs --upload-certs
```
Copy the **certificate key** from the output above and run:
```bash
sudo kubeadm token create --certificate-key <CERTIFICATE_KEY> --print-join-command | tee cp-command.txt
```
Replace `<CERTIFICATE_KEY>` with the actual key.
---
## 🧑‍🤝‍🧑 10. Join Control Plane and Worker Nodes
* **Control Plane Nodes**: Use the command from `cp-command.txt` on each node.
* **Worker Nodes**: Use the `kubeadm join` command printed at the end of the `kubeadm init` output or found in `kuber-install.log`.
---
## ✅ Final Step: Install a Pod Network Add-on
Choose and apply a pod network add-on (e.g., Flannel, Calico, Cilium). Here's an example with Flannel:
```bash
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
```
---
🎉 **Your Kubernetes cluster is now up and running!**
Ensure all nodes are ready by running:
```bash
kubectl get nodes
```

13
Containerization-Orchestration/Kubernetes/3-BasicSetup.md Normal file
View File

@@ -0,0 +1,13 @@
```bash
kubectl complation <shell>
```
exapmles:
```bash
kubectl completion zsh > "${fpath[1]}/_kubectl"
```
```bash
kubectl completion bash > ~/.kube/completion.bash.inc
```

121
Containerization-Orchestration/Kubernetes/Commands/3-Commands.md Executable file
View File

@@ -0,0 +1,121 @@
# Kubernetes Command Reference
This guide provides a concise reference for common `kubectl` commands used to manage Kubernetes clusters. Whether youre managing nodes, namespaces, pods, deployments, or autoscaling, the examples below will help you perform everyday tasks with confidence.
## General Commands
- **List API Resources**
Display all available API resources along with their short names:
```bash
kubectl api-resources
```
---
## API Resources & Documentation
- **Get Detailed Documentation for an API Resource**
```bash
kubectl explain <api-resource-name>
```
*Example:*
```bash
kubectl explain pod
```
```bash
kubectl explain pod.metadata
```
---
## Applying YAML Files
- **Apply a Configuration from a YAML File**
Apply a YAML configuration to a specific namespace:
```bash
kubectl apply -f <yaml-file> -n <namespace-name>
```
---
## Viewing Cluster Resources
- **Display All Resources in a Namespace**
```bash
kubectl get all -n <namespace-name>
```
- **Display ReplicaSets, Pods, and Deployments in a Specific Namespace**
```bash
kubectl get rs,pods,deployments -n <namespace-name>
```
---
## ReplicaSet & Deployment Management
### Scaling and Rollouts
- **Scale a ReplicaSet**
```bash
kubectl scale rs <replicaset-name> --replicas=<count> -n <namespace-name>
```
- **View Rollout History of a Deployment**
```bash
kubectl rollout history deployment <deployment-name> -n <namespace-name>
```
- **View Details of a Specific Revision**
```bash
kubectl rollout history deployment <deployment-name> -n <namespace-name> --revision=<number>
```
- **Roll Back a Deployment to a Specific Revision**
```bash
kubectl rollout undo deployment <deployment-name> -n <namespace-name> --to-revision=<number>
```
### Autoscaling
- **Autoscale a Deployment**
Automatically scale a deployment based on CPU utilization:
```bash
kubectl autoscale deployment <deployment-name> -n <namespace-name> --cpu-percent=<target-cpu-percentage> --min=<min-pods> --max=<max-pods>
```
- **View Horizontal Pod Autoscalers (HPA)**
```bash
kubectl get hpa -n <namespace-name>
```
---
---
## Additional Information
- **Static Manifest Files**
Any YAML files placed in `/etc/kubernetes/manifests/` are automatically loaded when the kubelet starts (for example, after a server reboot).
```bash
kubectl cp -n <ns> <pod-name>:dir/ ./
```

9
Containerization-Orchestration/Kubernetes/Commands/label.md Normal file
View File

@@ -0,0 +1,9 @@
- **Set a Custom Label on a Node**
```bash
kubectl label node <node-name> kubernetes.io/<label-key>=<label-value>
```
> **Note:** Replace `<node-name>`, `<label-key>`, and `<label-value>` with your desired values.

27
Containerization-Orchestration/Kubernetes/Commands/log-debug.md Normal file
View File

@@ -0,0 +1,27 @@
- **Stream Logs for a Running Pod**
```bash
kubectl logs -f -n <namespace-name> <pod-name>
```
```bash
kubectl logs -f -n <namespace-name> <pod-name> -c <container-name>
```
- **Get Detailed Information About a Pod**
```bash
kubectl describe pod <pod-name> -n <namespace-name>
```
in log swith the pod need to be up
but in describe dont need to pod be up
describe work on all components

63
Containerization-Orchestration/Kubernetes/Commands/node-manage.md Normal file
View File

@@ -0,0 +1,63 @@
# 🌐 Node Management with Kubernetes
Efficient management of Kubernetes nodes ensures cluster stability and workload flexibility. Below are key commands for listing and maintaining nodes.
---
## 📋 Listing Nodes
### 🔹 Show All Nodes
```bash
kubectl get nodes
````
### 🔹 Show Nodes with Labels
```bash
kubectl get nodes --show-labels
```
---
## 🔧 Node Maintenance (Cordon / Drain)
### 🚫 Cordon a Node
Prevent new pods from being scheduled on the node.
```bash
kubectl cordon <node-name>
```
### ✅ Uncordon a Node
Mark the node as schedulable again.
```bash
kubectl uncordon <node-name>
```
### 🧹 Drain a Node
Evict all pods from the node (excluding those managed by DaemonSets).
* Forcefully drain the node:
```bash
kubectl drain <node-name> --ignore-daemonsets --force
```
* Drain and delete local data:
```bash
kubectl drain <node-name> --ignore-daemonsets --delete-local-data
```
#### 🔄 Undo Drain (Uncordon)
```bash
kubectl uncordon <node-name>
```
> ⚠️ **Warning:** Draining a node will evict running pods. Ensure that this is planned to avoid service disruption.

58
Containerization-Orchestration/Kubernetes/Storage/Longhorn/with-kubectl.md Normal file
View File

@@ -0,0 +1,58 @@
# 📦 Deploying Longhorn with `kubectl`
This guide walks you through installing **Longhorn**, a cloud-native distributed block storage solution for Kubernetes, using `kubectl`.
---
## 🚀 Prerequisites
* A Kubernetes cluster (v1.21 or newer recommended)
* `kubectl` configured and connected to your cluster
* Internet access for downloading manifests
---
## 🧩 Step 1: Apply Longhorn YAML
Apply the official Longhorn deployment manifest in the `longhorn-system` namespace:
```bash
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.9.0/deploy/longhorn.yaml
```
This will create all required resources under the `longhorn-system` namespace.
---
## 🔍 Step 2: Monitor Longhorn Pods
Watch the pods being created to ensure Longhorn is deploying properly:
```bash
kubectl get pods \
--namespace longhorn-system \
--watch
```
Wait until all pods show a `Running` or `Completed` status.
---
## 📦 Step 3: Verify Storage Classes
Once Longhorn is running, verify that the storage classes have been registered:
```bash
kubectl get storageclasses
```
You should see a storage class named `longhorn`, which can now be used in your PersistentVolumeClaims (PVCs).
---
## ✅ Success!
Longhorn is now successfully deployed and ready to provide persistent block storage for your workloads.
For more information, visit the [official Longhorn documentation](https://longhorn.io/docs/).

210
Containerization-Orchestration/Kubernetes/Storage/Pv.md Normal file
View File

@@ -0,0 +1,210 @@
# 🌐 Kubernetes Persistent Volumes (PV) Cheat Sheet
## 📦 What is a Persistent Volume (PV)?
A **Persistent Volume (PV)** is a piece of storage in a Kubernetes cluster that can be:
- **Pre-provisioned** by an administrator, or
- **Dynamically provisioned** using a **StorageClass**.
> PVs allow data to **persist beyond the lifecycle of individual Pods**.
---
## 📁 PV Storage Options
### 1. **HostPath**
- Mounts a file or directory from the host nodes filesystem into a Pod.
- Only suitable for **single-node testing or development** environments.
### 2. **Persistent Volume (PV) & Persistent Volume Claim (PVC)**
- **PV**: Represents the actual physical or virtual storage resource.
- **PVC**: A user's request for specific storage resources and access modes.
---
## 🧱 Kubernetes Storage Architecture
1. **Persistent Volume (PV)** The actual storage unit, managed by the admin or provisioned dynamically.
2. **Persistent Volume Claim (PVC)** A users request for a certain amount and type of storage.
---
## 🔄 PV Lifecycle Phases
| **State** | **Description** |
|---------------|---------------------------------------------|
| Provisioning | PV is being created or initialized. |
| Binding | PV is bound to a PVC. |
| Using | PV is in use by a Pod. |
| Releasing | PVC is deleted; PV becomes unbound. |
| Reclaiming | Based on reclaim policy: |
| | - `Delete`: Remove the storage. |
| | - `Recycle`: Basic scrub (deprecated). |
| | - `Retain`: Manual cleanup required. |
---
## 🔒 PV Access Modes
| **Mode** | **Description** |
|------------|-------------------------------------------------|
| `RWO` | **ReadWriteOnce** One node can read/write. |
| `ROX` | **ReadOnlyMany** Multiple nodes can read. |
| `RWX` | **ReadWriteMany** Multiple nodes can read/write. |
| `RWOP` | **ReadWriteOncePod** Only one Pod can mount it with read/write access. |
---
## 🛠️ CLI Commands to Manage PVs & PVCs
```bash
# List all Persistent Volumes
kubectl get pv
# List all Persistent Volume Claims
kubectl get pvc
# Edit a PVC
kubectl edit pvc -n <namespace> <pvc-name>
```
---
## 🚀 Example: Deployment with `hostPath` Volume
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-1
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
name: nginx
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: nginx-log
mountPath: /var/log/nginx
volumes:
- name: nginx-log
hostPath:
path: /root/nginx/logs
type: DirectoryOrCreate
```
### Valid `hostPath` Types:
- `DirectoryOrCreate`
- `Directory`
- `FileOrCreate`
- `File`
- `Socket`
- `CharDevice`
- `BlockDevice`
---
## 📄 Example: Static Persistent Volume (PV)
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv001
spec:
capacity:
storage: 128Mi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
```
---
## 📄 Example: Persistent Volume Claim (PVC)
```yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-2
namespace: db
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Mi
```
> ✅ To bind a PVC to a specific PV, add `volumeName: <pv-name>` in the PVC spec:
```yaml
volumeName: pv001
```
---
## 🌐 NFS-Based Persistent Volume
### Persistent Volume (PV)
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-nfs-2
spec:
capacity:
storage: 128Mi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: nginx-files
mountOptions:
- hard
- nfsvers=4.2
nfs:
path: /root/Nginx_Files
server: 192.168.6.160
```
### Persistent Volume Claim (PVC)
```yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-1
namespace: db
spec:
volumeName: pv-nfs-2
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Mi
storageClassName: nginx-files
```
---
## 🏗️ Static StorageClass for Pre-Provisioned Volumes
```yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nginx-files
provisioner: kubernetes.io/no-provisioner
```

64
Containerization-Orchestration/Kubernetes/Storage/emptydir_vol.md Normal file
View File

@@ -0,0 +1,64 @@
## 📦 Pod Volume Lifecycle & `emptyDir` Usage in Kubernetes
This document describes how volumes work in the context of Kubernetes Pods, focusing on `emptyDir` and its lifecycle behavior.
---
### 🔁 Pod Lifecycle & Volumes
* **Volumes are defined at the Pod level.**
They are not tied to a specific container, but can be shared among containers within the same Pod.
* **Volumes are attached to containers through `volumeMounts`.**
This enables containers to access the volumes filesystem at the specified `mountPath`.
* **Data in `emptyDir` volumes is ephemeral.**
The volume is created when the Pod starts and **deleted when the Pod is removed**, erasing all stored data.
---
### ⚠️ Visibility Across Pods & Containers
* A **Pod cannot access another Pods volume**, even if it's of type `emptyDir`.
For example:
* Pod A cannot see Pod Bs `emptyDir`.
* However, **containers within the same Pod can share and access the same `emptyDir`** volume.
---
### 🧪 Example: Pod with `emptyDir` Volume in Memory
```yaml
apiVersion: v1
kind: Pod
metadata:
namespace: ns-test
name: pod-tests
spec:
containers:
- name: nginx
image: nginx
resources:
limits:
memory: "150Mi"
cpu: "500m"
volumeMounts:
- name: nginx-log
mountPath: /var/log/nginx
volumes:
- name: nginx-log
emptyDir:
medium: Memory # Uses memory for faster read/write operations
sizeLimit: 64Mi # Volume size limited to 64Mi
```
---
### 🧠 Key Points
* `emptyDir` is ideal for temporary storage like logs, scratch space, or caches.
* Using `medium: Memory` stores data in memory (RAM) instead of disk, offering higher performance.
* `sizeLimit` restricts the amount of memory that the `emptyDir` can consume.

172
Containerization-Orchestration/Kubernetes/etcd-external.md Normal file
View File

@@ -0,0 +1,172 @@
# 🛠️ Setting Up a High Availability etcd Cluster for Kubernetes
This guide walks you through installing a 3-node etcd cluster and using it as an **external HA datastore for Kubernetes**.
---
## 📦 Step 1: Install etcd
Download the etcd binary:
```bash
wget https://github.com/etcd-io/etcd/releases/download/v3.6.2/etcd-v3.6.2-linux-amd64.tar.gz
```
Extract it:
```bash
tar -xzvf etcd-v3.6.2-linux-amd64.tar.gz
```
Move binaries to the system path:
```bash
cp etcd-v3.6.2-linux-amd64/etcd* /usr/local/bin
```
Create the data directory:
```bash
mkdir -p /var/lib/etcd
```
---
## ⚙️ Step 2: Configure etcd Systemd Services
Create a systemd service config at:
```bash
/etc/systemd/system/etcd.conf
```
### 🔹 Server 1 (`192.168.6.170`)
```ini
[Service]
ExecStart=/usr/local/bin/etcd \
--name etcd-1 \
--listen-client-urls http://192.168.6.170:2379,http://127.0.0.1:2379 \
--advertise-client-urls http://192.168.6.170:2379 \
--initial-advertise-peer-urls http://192.168.6.170:2380 \
--listen-peer-urls http://192.168.6.170:2380 \
--initial-cluster-token etcd-cluster-1 \
--initial-cluster etcd-1=http://192.168.6.170:2380,etcd-2=http://192.168.6.171:2380,etcd-3=http://192.168.6.172:2380 \
--initial-cluster-state new \
--data-dir /var/lib/etcd
Restart=always
User=root
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
```
### 🔹 Server 2 (`192.168.6.171`)
```ini
[Service]
ExecStart=/usr/local/bin/etcd \
--name etcd-2 \
--listen-client-urls http://192.168.6.171:2379,http://127.0.0.1:2379 \
--advertise-client-urls http://192.168.6.171:2379 \
--initial-advertise-peer-urls http://192.168.6.171:2380 \
--listen-peer-urls http://192.168.6.171:2380 \
--initial-cluster-token etcd-cluster-1 \
--initial-cluster etcd-1=http://192.168.6.170:2380,etcd-2=http://192.168.6.171:2380,etcd-3=http://192.168.6.172:2380 \
--initial-cluster-state new \
--data-dir /var/lib/etcd
Restart=always
User=root
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
```
### 🔹 Server 3 (`192.168.6.172`)
```ini
[Service]
ExecStart=/usr/local/bin/etcd \
--name etcd-3 \
--listen-client-urls http://192.168.6.172:2379,http://127.0.0.1:2379 \
--advertise-client-urls http://192.168.6.172:2379 \
--initial-advertise-peer-urls http://192.168.6.172:2380 \
--listen-peer-urls http://192.168.6.172:2380 \
--initial-cluster-token etcd-cluster-1 \
--initial-cluster etcd-1=http://192.168.6.170:2380,etcd-2=http://192.168.6.171:2380,etcd-3=http://192.168.6.172:2380 \
--initial-cluster-state new \
--data-dir /var/lib/etcd
Restart=always
User=root
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
```
---
## ▶️ Step 3: Start etcd Service
Enable and start the etcd service on **each server**:
```bash
systemctl start etcd
systemctl enable etcd
```
---
## ✅ Step 4: Verify etcd Cluster Health
Check endpoint health:
```bash
etcdctl --endpoints http://<IP>:2379 endpoint health
```
Check cluster membership:
```bash
etcdctl --endpoints http://<IP-SERVER-1>:2379 member list
```
If all members are healthy and visible, you're ready to move on.
---
## ☸️ Step 5: Install Kubernetes (Using External etcd)
Create a configuration file `config.yaml` on the **master node**:
```yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
etcd:
external:
endpoints:
- http://192.168.6.170:2379
- http://192.168.6.171:2379
- http://192.168.6.172:2379
networking:
podSubnet: 10.244.0.0/16
```
Initialize Kubernetes:
```bash
kubeadm init --config config.yaml
```
---
## 🎉 Done!
You now have a **Kubernetes cluster with external, high availability etcd**. :)

72
Containerization-Orchestration/Kubernetes/workloads/01-NameSpace.md Normal file
View File

@@ -0,0 +1,72 @@
# Kubernetes Namespaces Guide
Kubernetes **namespaces** allow you to organize and isolate resources within your cluster.
---
## 🧾 Listing Namespaces
To list all namespaces:
```bash
kubectl get namespaces
```
or the shorthand:
```bash
kubectl get ns
```
---
## 🛠️ Creating a Namespace
Create a new namespace:
```bash
kubectl create namespace <namespace-name>
```
or:
```bash
kubectl create ns <namespace-name>
```
---
## 🗑️ Deleting a Namespace
Delete a namespace:
```bash
kubectl delete ns <namespace-name>
```
---
## ⚠️ Best Practices & Notes
* **Namespaces are isolated**, but they **can still communicate** with each other by default.
* It is **not recommended to create namespaces that start with `kube-`**, as those are typically reserved for system components.
---
## 📄 Creating a Namespace with a Manifest
You can define a namespace using a YAML manifest:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: namespace-test
```
Apply it using:
```bash
kubectl apply -f namespace.yaml
```

138
Containerization-Orchestration/Kubernetes/workloads/02-Pod.md Normal file
View File

@@ -0,0 +1,138 @@
# 🌐 Kubernetes Pod Management Guide
A concise guide for managing Kubernetes Pods using `kubectl` and YAML manifests.
---
## 📋 Listing Pods
### 🔹 Default Namespace
List all Pods in the **default** namespace:
```bash
kubectl get pods
```
### 🔹 Wide Output (More Info)
List Pods with extended details (e.g., IP, node, etc.):
```bash
kubectl get pods -o wide
```
### 🔹 Specific Namespace
List Pods in a specific namespace:
```bash
kubectl get pods -o wide -n <namespace-name>
```
---
## 🚀 Running a Pod
> **Note:** `kubectl run` is ideal for quick tests or running **single** Pods. For production workloads, use **YAML manifests** or **Deployments**.
### 🔹 Run a Pod in Default Namespace
```bash
kubectl run <pod-name> --image=<image-name>
```
### 🔹 Run a Pod in a Specific Namespace
```bash
kubectl run <pod-name> --image=<image-name> -n <namespace>
```
---
## ❌ Deleting Pods
### 🔹 Standard Delete
```bash
kubectl delete pod <pod-name> -n <namespace-name>
```
### 🔹 Force Delete
```bash
kubectl delete pod <pod-name> -n <namespace-name> --force
```
### 🔹 Immediate Force Delete (No Grace Period)
```bash
kubectl delete pod <pod-name> -n <namespace-name> --force --grace-period=0
```
---
## ✏️ Editing a Pod
> **Warning:** Pods are **not directly editable**. Attempting to edit a running pod will result in a temporary patch but not persistent changes.
```bash
kubectl edit pod -n <namespace> <pod-name>
```
---
## 🔧 Executing into a Pod
Use this to start a shell or run commands inside a container:
```bash
kubectl exec -it -n <namespace> <pod-name> -- <command>
```
Example for a shell:
```bash
kubectl exec -it -n dev my-pod -- /bin/bash
```
---
## 🧾 Example Pod YAML Manifest
A multi-container Pod with resource limits and node selector:
```yaml
apiVersion: v1
kind: Pod
metadata:
namespace: dev
name: pod-1
labels:
label1: test
label2: test2
app.kubernetes.io/label3: test3
app.kubernetes.io/label4: test4
spec:
containers:
- name: nginx-server
image: nginx
- name: nginx-exporter
image: nginx-exporter
- name: ubuntu-c0
image: ubuntu
command: ["/bin/bash", "-c", "while true; do echo hello-world; sleep 5; done"]
resources:
limits:
memory: "256Mi"
cpu: "250m"
requests:
memory: "128Mi"
cpu: "125m"
nodeSelector:
hostname: k3s
app.kubernetes.io/disk: ssd
```

80
Containerization-Orchestration/Kubernetes/workloads/03-Replicaset.md Normal file
View File

@@ -0,0 +1,80 @@
# 🧩 Kubernetes ReplicaSet Management
A guide to working with **ReplicaSets** in Kubernetes, including inspection, editing behavior, and configuration examples.
---
## 📦 Listing Pods and ReplicaSets
### 🔹 List Pods in a Namespace
```bash
kubectl get pod -n <namespace>
```
### 🔹 List ReplicaSets in a Namespace
```bash
kubectl get rs -n <namespace>
```
---
## ✏️ Editing a ReplicaSet
You can attempt to edit a ReplicaSet:
```bash
kubectl edit rs -n <namespace> <replica-set-name>
```
> ⚠️ **Note:**
> Editing the **image** in a ReplicaSet directly will not automatically update existing Pods.
> This is because ReplicaSets do not perform **rolling updates**.
> Pods will only use the new image **after the old ones are deleted and new ones are created**.
**To apply image changes effectively:**
1. **Delete existing Pods** manually:
```bash
kubectl delete pod -l <label-selector> -n <namespace>
```
2. **Or**, use a higher-level controller like a **Deployment** for image updates and rolling behavior.
---
## 🧾 Example ReplicaSet YAML
Below is a minimal and clear ReplicaSet configuration:
```yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: app-1
namespace: dev
labels:
label1: test1
app.kubernetes.io/label2: test2
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/label2: test2
template:
metadata:
labels:
app.kubernetes.io/label2: test2
os: linux
spec:
containers:
- name: nginx
image: nginx
```
> ✅ **Tip:**
> Ensure that the `template.metadata.labels` **matches exactly** with `spec.selector.matchLabels`.
> This is critical for proper ReplicaSet Pod matching.

107
Containerization-Orchestration/Kubernetes/workloads/04-Deployment.md Normal file
View File

@@ -0,0 +1,107 @@
# 🚀 Kubernetes Deployment Management
A guide to managing **Deployments** in Kubernetes, including listing, editing, scaling, rollbacks, and version history.
---
## 📋 Listing & Editing Deployments
### 🔹 List Deployments in a Namespace
```bash
kubectl get deploy -n <namespace>
```
### 🔹 Edit a Deployment
```bash
kubectl edit deployment.apps -n <namespace> <deployment-name>
```
> 🛠️ **Note:**
> Unlike ReplicaSets, Deployments **automatically update** existing Pods when the image or spec is changed. This makes Deployments ideal for rolling updates and version control.
---
## 📈 Scaling a Deployment
Scale the number of replicas (Pods) for a Deployment:
```bash
kubectl scale -n <namespace> deployment <deployment-name> --replicas=<number>
```
---
## 🔁 Rollout Management
### 🔹 View Rollout History
```bash
kubectl rollout history deployment -n <namespace> <deployment-name>
```
### 🔹 View Specific Revision
```bash
kubectl rollout history deployment -n <namespace> <deployment-name> --revision=<revision-number>
```
### 🔹 Roll Back to a Previous Revision
```bash
kubectl rollout undo deployment -n <namespace> <deployment-name> --to-revision=<revision-number>
```
> ✅ **Tip:**
> Deployments maintain revision history. This allows you to **roll back to a previous working version** in case of failure.
---
## 🧾 Example Deployment YAML
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-1
namespace: dev
labels:
label1: test1
app.kubernetes.io/label2: test2
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/label2: test2
template:
metadata:
labels:
app.kubernetes.io/label2: test2
os: linux
spec:
containers:
- name: nginx
image: nginx
```
> 🎯 **Why use Deployments?**
> They offer:
* Rolling updates
* Rollbacks
* Declarative Pod management
* History tracking
---
## ✅ Summary
| Feature | Pod | ReplicaSet | Deployment |
| ---------------- | --- | ---------- | ---------- |
| Manual creation | ✅ | 🚫 | 🚫 |
| Scales Pods | ❌ | ✅ | ✅ |
| Self-healing | ❌ | ✅ | ✅ |
| Rolling updates | ❌ | ❌ | ✅ |
| Revision history | ❌ | ❌ | ✅ |

67
Containerization-Orchestration/Kubernetes/workloads/05-hpa.md Normal file
View File

@@ -0,0 +1,67 @@
# 📈 Horizontal Pod Autoscaler (HPA)
The Horizontal Pod Autoscaler automatically scales the number of pods in a deployment based on observed CPU utilization (or other select metrics).
---
## ⚙️ Basic Commands
### 🚀 Create an HPA
Create an HPA for a deployment, scaling based on CPU usage:
```bash
kubectl -n <namespace> autoscale deployment <deployment-name> --cpu-percent=20 --min=4 --max=10
````
### 📊 View Existing HPAs
List all HPAs in a specific namespace:
```bash
kubectl get hpa -n <namespace>
```
### ❌ Delete an HPA
Remove a Horizontal Pod Autoscaler:
```bash
kubectl delete hpa -n <namespace> <hpa-name>
```
### 🛠️ Edit an HPA
Manually edit an existing HPA configuration:
```bash
kubectl edit hpa -n <namespace> <hpa-name>
```
---
## 🧾 Example HPA Manifest
You can define an HPA using a YAML file for more control:
```yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: hpa-test
namespace: dev
spec:
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
```
> **Note:** The above manifest uses API version `autoscaling/v2` for enhanced metric support.
---

40
Containerization-Orchestration/Kubernetes/workloads/06-DaemonSet.md Normal file
View File

@@ -0,0 +1,40 @@
# 🧩 DaemonSet in Kubernetes
A **DaemonSet** ensures that a copy of a specific pod runs on **every (or some) node** in the cluster. Its typically used for background system-level services like log collection, monitoring, or networking tools.
---
## 📌 Key Characteristics
- Automatically deploys one pod per worker node.
- Ensures the pod stays on each node as long as the DaemonSet exists.
- Automatically adds pods to new nodes when they join the cluster.
---
## 📄 Example DaemonSet YAML
Below is a simple DaemonSet example that deploys `nginx` to every node in the `web` namespace:
```yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx
namespace: web
labels:
app: web-servers
spec:
selector:
matchLabels:
app: web-servers
template:
metadata:
labels:
app: web-servers
spec:
containers:
- name: nginx
image: nginx:1.27
````

48
Containerization-Orchestration/Kubernetes/workloads/07-Jobs.md Normal file
View File

@@ -0,0 +1,48 @@
# ⏳ Kubernetes Jobs
A **Job** in Kubernetes runs a pod to completion. It ensures that a specified number of pods successfully terminate.
Use Jobs for **batch processing**, **one-off tasks**, or **short-lived workloads**.
---
## 🔍 Job Commands
### 📄 List Jobs in a Namespace
```bash
kubectl get jobs.batch -n <namespace>
````
### ❌ Delete a Job
```bash
kubectl delete jobs.batch -n <namespace> <job-name>
```
---
## 🧾 Example Job Manifest
Heres a minimal example of a Job that runs a simple `echo` command:
```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: myjob
namespace: ns
spec:
template:
spec:
containers:
- name: job1
image: alpine
command:
- echo
- "hello world"
restartPolicy: Never
```
> 💡 **Note:** Always set `restartPolicy` to `Never` or `OnFailure` for jobs.
> 📌 Jobs are useful for tasks like backups, report generation, or database migrations.

51
Containerization-Orchestration/Kubernetes/workloads/08-Cronjobs.md Normal file
View File

@@ -0,0 +1,51 @@
# ⏰ Kubernetes CronJobs
A **CronJob** in Kubernetes allows you to run jobs on a recurring schedule, similar to traditional UNIX `cron` jobs. Ideal for periodic tasks like backups, reports, or scheduled notifications.
---
## 🔍 CronJob Commands
### 📄 List CronJobs in a Namespace
```bash
kubectl get cronjobs.batch -n <namespace>
````
### ❌ Delete a CronJob
```bash
kubectl delete cronjobs.batch -n <namespace> <cronjob-name>
```
---
## 🧾 Example CronJob Manifest
This CronJob runs every minute and prints the date followed by "Kubernetes":
```yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: cronjob1
namespace: ns
spec:
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: cronjob
image: debian:bookworm
command:
- /bin/bash
- -c
- date; echo Kubernetes
restartPolicy: Never
```
> 🛠 **Fix:** Changed `JobTemplate` to `jobTemplate` (YAML keys are case-sensitive).
> 🕐 The `schedule` field follows standard cron format: `minute hour day-of-month month day-of-week`.
> 🧠 **Tip:** Always test cron timing carefully to avoid unintentional frequent runs.

144
Containerization-Orchestration/Kubernetes/workloads/09-Services.md Normal file
View File

@@ -0,0 +1,144 @@
# 🔗 **Kubernetes Services (SVC)**
A **Service** in Kubernetes provides a stable network endpoint to access a set of Pods. It abstracts access through selectors and DNS names, enabling loose coupling between client applications and Pods.
---
## 🌐 **Service Basics**
### 📌 **Service Flow**
```
Service ➡️ Endpoint ➡️ Pods
```
* Services **group Pods** behind a single access point.
* They get a **cluster-wide DNS name** automatically.
* Use **label selectors** to forward traffic to matching Pods.
---
## 🧭 **Types of Services**
1. **ClusterIP** (default)
* Only reachable within the cluster.
2. **NodePort**
* Exposes the service via a static port on each node.
3. **LoadBalancer**
* Creates an external IP address using a cloud provider.
---
## 🧪 **Useful Commands**
### 🔍 Get Endpoints
```bash
kubectl get ep -n <namespace>
```
### 📄 Get Services
```bash
kubectl get svc -n <namespace>
```
```bash
kubectl expose deployment web-server-dep -n dev --port 80
```
---
## 🔁 **Port Forwarding**
To access a service from your local machine, forward a local port to the service port:
```bash
kubectl port-forward -n <namespace> svc/<service-name> <local-port>:<target-port>
```
> **Example:**
> Forward local port `8080` to port `80` of `my-service` in the `mynamespace` namespace:
>
> ```bash
> kubectl port-forward -n mynamespace svc/my-service 8080:80
> ```
You can also bind to all network interfaces:
```bash
kubectl port-forward -n <namespace> svc/nginx 80:80 --address 0.0.0.0
```
> 🌐 **DNS format:**
> `<service-name>.<namespace>.svc.cluster.local`
---
## 🧾 **Example Service Manifest**
```yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: ns
labels:
app: web-server
spec:
type: ClusterIP # Options: ClusterIP, NodePort, LoadBalancer
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 8080
```
> 🔍 **Note:** The `selector` must match the labels of the target Pods.
> 🧠 **Tip:** Use `kubectl describe svc <service-name>` to inspect the service and verify connectivity.
```yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: ns
labels:
app: web-server
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 8080
```
```yaml
apiVersion: v1
kind: Service
metadata:
name: db-svc
namespace: db
spec:
type: NodePort
ports:
- name: sql
port: 3306
targetPort: 3306
nodePort: 30000
selector:
app: db
```

189
Containerization-Orchestration/Kubernetes/workloads/10-Deployment-With-Services.md Normal file
View File

@@ -0,0 +1,189 @@
### **1st Document: Namespace**
```yaml
apiVersion: v1
```
* Specifies the API version used. Here, it's version 1 of the core Kubernetes API.
```yaml
kind: Namespace
```
* Declares the resource type. This is a **Namespace**, which logically isolates groups of resources.
```yaml
metadata:
name: ns
```
* Metadata block.
* `name: ns` sets the name of the namespace to `ns`.
---
### **2nd Document: Service**
```yaml
---
```
* Separates multiple documents in the YAML file.
```yaml
apiVersion: v1
```
* Uses the core v1 API again.
```yaml
kind: Service
```
* Declares a **Service** resource, which provides stable networking to access pods.
```yaml
metadata:
name: nginx-service
namespace: ns
labels:
app: nginx
```
* Metadata block:
* `name: nginx-service`: name of the Service.
* `namespace: ns`: places this service in the previously created `ns` namespace.
* `labels`: key-value pairs used for organizing and selecting resources. Here, `app: nginx`.
```yaml
spec:
type: ClusterIP
```
* `spec` describes the behavior.
* `type: ClusterIP`: exposes the service internally within the cluster using a virtual IP.
```yaml
selector:
app: nginx
```
* This selects pods with the label `app: nginx` to receive traffic from this service.
```yaml
ports:
- name: http
port: 80
targetPort: 8080
```
* Defines port configuration:
* `name: http`: a name for the port (optional but useful for readability).
* `port: 80`: the port that the service exposes internally.
* `targetPort: 8080`: the port on the pod that receives the traffic.
---
### **3rd Document: Deployment**
```yaml
---
```
* Separates from the previous document.
```yaml
apiVersion: apps/v1
```
* Uses the `apps/v1` API group, suitable for deployments and other controllers.
```yaml
kind: Deployment
```
* Declares a **Deployment**, which ensures a specified number of pod replicas are running.
```yaml
metadata:
name: nginx-deployment
namespace: ns
labels:
app: nginx
```
* Metadata block:
* `name: nginx-deployment`: name of the deployment.
* `namespace: ns`: places this in the `ns` namespace.
* `labels: app: nginx`: used for matching with selectors.
```yaml
spec:
replicas: 2
```
* Desired number of pod replicas to run: 2.
```yaml
selector:
matchLabels:
app: nginx
```
* Tells the deployment which pods to manage, by matching labels (`app: nginx`).
```yaml
template:
metadata:
labels:
app: nginx
```
* Template for creating new pods:
* Each pod created will have `app: nginx` label.
```yaml
spec:
containers:
- name: nginx
image: nginx:latest
```
* Pod spec:
* One container named `nginx`, using the latest official Nginx image.
```yaml
ports:
- containerPort: 8080
```
* The container exposes port 8080 (must match the `targetPort` in the Service).
```yaml
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "250m"
memory: "256Mi"
```
* **Resource management**:
* `requests`: the minimum guaranteed resources.
* `cpu: 100m` = 0.1 CPU core.
* `memory: 128Mi` = 128 MiB RAM.
* `limits`: the maximum resources the container can use.
* `cpu: 250m` = 0.25 CPU core.
* `memory: 256Mi` = 256 MiB RAM.

188
Containerization-Orchestration/Kubernetes/workloads/11-Config-map.md Normal file
View File

@@ -0,0 +1,188 @@
# 🧾 Kubernetes ConfigMap Guide
Manage configuration without hardcoding! `ConfigMaps` let you store external configurations as key-value pairs and inject them into Kubernetes workloads.
---
## 📘 What is a ConfigMap?
A **ConfigMap** is a Kubernetes object used to store **non-confidential configuration data** in **key-value** format. You can:
* 📄 Mount it as files inside a Pod
* 🌿 Use it as environment variables
* 🧩 Keep your container images decoupled from configuration
---
## ⚙️ Creating a ConfigMap
You can create a ConfigMap from files or directories:
```bash
kubectl -n <namespace> create configmap <configmap-name> --from-file=<file-or-directory>
```
### ✅ Examples
```bash
# From a single file
kubectl -n <ns> create configmap nginx-conf --from-file=./nginx.conf
# From multiple files
kubectl -n <ns> create configmap nginx-conf \
--from-file=./nginx.conf \
--from-file=./site.conf
```
---
## 📂 Viewing & Editing ConfigMaps
```bash
# List all ConfigMaps in a namespace
kubectl get cm -n <namespace>
# View detailed ConfigMap info
kubectl describe configmap <name> -n <namespace>
# Edit in-place
kubectl -n <namespace> edit configmap <configmap-name>
```
---
## 📄 YAML: ConfigMap Example
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: game-demo
data:
player_initial_lives: "3"
ui_properties_file_name: "user-interface.properties"
game.properties: |
enemy.types=aliens,monsters
player.maximum-lives=5
user-interface.properties: |
color.good=purple
color.bad=yellow
allow.textmode=true
```
---
## 💡 Usage Examples
### 📌 ConfigMap as Environment Variables
**ConfigMap:**
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: default
data:
APP_MODE: "production"
LOG_LEVEL: "info"
FEATURE_FLAG_X: "enabled"
```
**Pod:**
```yaml
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: my-container
image: busybox
command: ["/bin/sh", "-c", "env && sleep 3600"]
envFrom:
- configMapRef:
name: app-config
```
---
### 🧾 Mounting ConfigMap as a File (nginx.conf example)
**ConfigMap:**
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: default
data:
nginx.conf: |
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
```
**Pod:**
```yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- name: nginx-config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-config-volume
configMap:
name: nginx-config
```
---
## 🛠 Pro Tips
* 🔐 For **sensitive data**, use **Secrets** instead of ConfigMaps.
* 🧪 Combine ConfigMaps with **Deployment** objects for flexible, versioned config management.
* 📦 Use `--from-env-file` to load multiple key-value pairs from a `.env` style file:
```bash
kubectl create configmap my-config --from-env-file=env.list
```

21
Containerization-Orchestration/Kubernetes/workloads/12-Resource-quota.md Normal file
View File

@@ -0,0 +1,21 @@
resource Quota:
```bash
kubectl get resourcequota -n <ns>
```
```yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: my-ns-quota
namcespace: dev
spec:
hard:
pod: 10
requests.cpu: "1"
requests.memory: "1024Mb"
service: "5"
configmap: "2"
```

78
Containerization-Orchestration/Kubernetes/workloads/13-Secret.md Normal file
View File

@@ -0,0 +1,78 @@
# 🔐 Kubernetes Secrets Guide
Kubernetes **Secrets** are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. Unlike ConfigMaps, they are specifically designed for confidential data.
---
## 📌 Types of Kubernetes Secrets
| **Built-in Type** | **Usage** |
| ------------------------------------- | --------------------------------------- |
| `Opaque` | Arbitrary user-defined data |
| `kubernetes.io/service-account-token` | ServiceAccount token |
| `kubernetes.io/dockercfg` | Serialized `~/.dockercfg` file |
| `kubernetes.io/dockerconfigjson` | Serialized `~/.docker/config.json` file |
| `kubernetes.io/basic-auth` | Credentials for basic authentication |
| `kubernetes.io/ssh-auth` | Credentials for SSH authentication |
| `kubernetes.io/tls` | Data for a TLS client or server |
| `bootstrap.kubernetes.io/token` | Bootstrap token data |
---
## 📂 Creating a Secret
You can create a Secret directly with `kubectl`:
```bash
kubectl create secret generic db-pass --from-literal=password='123'
```
Verify it exists:
```bash
kubectl get secret db-pass
```
---
## 📜 Secret YAML Example
```yaml
apiVersion: v1
kind: Secret
metadata:
name: db-pass
type: Opaque
stringData:
password: '123'
```
---
## 🚀 Using a Secret in a Pod
Secrets can be injected into a Pod as **environment variables**:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: mariadb-db
spec:
containers:
- name: mariadb
image: mariadb
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-pass
key: password
```
This example sets the MariaDB root password from the `db-pass` Secret.
---
**Pro Tip**: Always base64-encode values when writing Secrets directly in YAML. Kubernetes expects the `data` field in base64, not plaintext.

2
Containerization-Orchestration/Kubernetes/workloads/14-Ingress.md Normal file
View File

@@ -0,0 +1,2 @@
traffic input --> ingress
traffic output --> egress

20
Containerization-Orchestration/Kubernetes/workloads/manifests/cronjob.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: cronjob1
namespace: ns-test
spec:
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: mycronjob
image: debian
command:
- /bin/bash
- -c
- "echo 'Hello, CronJob!'"
restartPolicy: Never

52
Containerization-Orchestration/Kubernetes/workloads/manifests/deployment-with-service.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: Namespace
metadata:
name: ns
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: ns
labels:
app: nginx
spec:
type: ClusterIP
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: ns
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 8080
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "250m"
memory: "256Mi"

28
Containerization-Orchestration/Kubernetes/workloads/manifests/deployment.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-deployment
namespace: ns-test
labels:
name: deployment-test
spec:
replicas: 2
selector:
matchLabels:
name: app1
template:
metadata:
labels:
name: app1
spec:
containers:
- name: nginx-deployment
image: nginx:1.26
resources:
limits:
cpu: "400m"
memory: "512Mi"
requests:
cpu: "200m"
memory: "128Mi"

19
Containerization-Orchestration/Kubernetes/workloads/manifests/ds.yml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: daemonset-test
namespace: ns-test
spec:
selector:
matchLabels:
name: node-exporter
template:
metadata:
labels:
name: node-exporter
spec:
containers:
- name: node-exporter
image: prom/node-exporter

15
Containerization-Orchestration/Kubernetes/workloads/manifests/job.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: batch/v1
kind: Job
metadata:
name: job1
namespace: ns-test
spec:
template:
spec:
containers:
- name: job-container
image: debian
command:
- echo
- "hello world"
restartPolicy: Never

5
Containerization-Orchestration/Kubernetes/workloads/manifests/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: Namespace
metadata:
name: ns-test

23
Containerization-Orchestration/Kubernetes/workloads/manifests/pod.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Pod
metadata:
namespace: ns-test
name: pod-tests
labels:
var1: var1_value
var2: var2_value
app.kubernetes.io/var3: var3_value
app.kubernetes.io/var4: var4_value
spec:
containers:
- name: nginx
image: nginx
resources:
limits:
memory: "150Mi"
cpu: "500m"
requests:
memory: "100Mi"
cpu: "200m"
nodeSelector:
kubernetes.io/hostname: kuber-2

18
Containerization-Orchestration/Kubernetes/workloads/manifests/replicaset.yml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: app1
namespace: ns-test
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: app1
template:
metadata:
labels:
app.kubernetes.io/name: app1
spec:
containers:
- name: nginx
image: nginx

15
Containerization-Orchestration/Kubernetes/workloads/manifests/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: ns-test
labels:
app: nginx
spec:
type: NodePort # ClusterIP Or LoadBalancer
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80

49
Containerization-Orchestration/Kubernetes/workloads/manifests/state-full-set.yaml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx
spec:
clusterIP: None
ports:
- name: web
port: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: simple-stateful-set
spec:
replicas: 3 # the default is 1
selector:
matchLabels:
app: nginx # has to match .spec.template.metadata.labels
serviceName: "nginx"
template:
metadata:
labels:
app: nginx # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
name: web
volumeMounts:
- mountPath: /usr/share/nginx/html
name: www
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
storageClassName: "longhorn "