12. DOCKER & KUBERNETES : KUBERNETES ARCHITECTURE

12. DOCKER & KUBERNETES : KUBERNETES ARCHITECTURE

https://drive.google.com/file/d/1fd2gYPFaOfKU48u_XB3OMP99yZIkrc2N/view?usp=sharing

 

#######################################################################

KUBERNATES

#######################################################################

############################Every day activity on Kubernates#####################

//in normal cmd - COMMAND1

----------

C:\Program Files\Kubernetes\Minikube\minikube start

//verify

minikube status

kubectl cluster-info

//you will see : Kubernetes master is running at https://192.168.99.101:8443

//All master service will run even in each Node also

//we see minikube server

//another cmd - COMMAND2

--------

minikube dashboard

//you will see browser opening - http://127.0.0.1:52935/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/overview?namespace=default

############################Every day activity on Kubernates#####################

//In 1st Terminal (minicube terminal)

//How many nodes are there

kubectl get nodes

//NAME       STATUS   ROLES    AGE    VERSION

//minikube   Ready    master   169m   v1.17.0

//it has master act as dual (both master and node)

kubectl get namespaces

//NAME                   STATUS   AGE

//default                Active   171m

//kube-node-lease        Active   171m

//kube-public            Active   171m

//kube-system            Active   171m

//kubernetes-dashboard   Active   170m

kubectl describe node minikube   

//same as inspect in docker, and inspect can work on any object

//but here we have to mention which object (eg: node)

//tells how many CPU's : 2

//momory ~2GB

//pods 110 //this is quota

//OS Image : Buildroot 2019.02.7

//OS : Linux

//Container Runtime : docker://19.3.5

kubectl describe namespaces kube-system

//No resource quota

//No LimitRange resources

//to check all the objects available

//In GIT bash terminal

kubectl api-resources

//nodes no

//namespaces ns

//pods po

//bindings

//services svc

//deployments ds

kubectl api-resources | grep pod  //will not work

//normal terminal

//what are all pods in kube-system

//here we can see all pods(services) available for kube-system, which mentioned in image Master

kubectl get po -n kube-system  //kube-sysem : its namespace

//kubectl get po - No resources found in default namespace so we have to give name space as above

//NAME                               READY   STATUS    RESTARTS   AGE

//coredns-6955765f44-4tnjq           1/1     Running   0          3h8m

//coredns-6955765f44-jbnn8           1/1     Running   0          3h8m

//etcd-minikube                      1/1     Running   0          3h8m

//kube-addon-manager-minikube        1/1     Running   0          3h8m

//kube-apiserver-minikube            1/1     Running   0          3h8m

//kube-controller-manager-minikube   1/1     Running   0          3h8m

//kube-proxy-pthhz                   1/1     Running   0          3h8m

//kube-scheduler-minikube            1/1     Running   0          3h8m

//storage-provisioner                1/1     Running   0          3h8m

kubectl get deployment -n kube-system

//NAME      READY   UP-TO-DATE   AVAILABLE   AGE

//coredns   2/2     2            2           3h10m

kubectl get po -n kube-system -o wide

kubectl describe pod etcd-minikube 

//normal termial

minikube ssh

sudo -i

ls /var

ls /var/lib

ls /var/lib/minikube

ls /var/lib/minikube/etcd

ls -a /var/lib/minikube/etcd/member

//where is docker running

ps ax | grep dockerd

//2545 ?        Ssl    5:48 /usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --default-ulimit=nofile=1048576:1048576 --tlsverify --tlscacert /etc/docker/ca.pem

//all docker command will work here

//kubectl will not work here

//in kubectl terminal

kubectl get deploy -n kube-system

//---------list pods belonging to particular deployment---------------------

//kubectl get po -n kube-system will list down all the pods but we have to filter

//1st get the selector:filter

kubectl get deployments -n kube-system -o wide

//we will get : selector as "k8s-app=kube-dns"

//2nd give selector

kubectl get po -n kube-system -l k8s-app=kube-dns  //give above selector - k8s-app=kube-dns

---------------------------------------------------------------

//create namespace

kubectl create ns demo

//namespace/demo created

kubectl describe ns demo

//No resource quota

//No LimitRange resource

//going to deploy in to namespace

//1st create deployment

//creating deployment "nginx-deployment" in namespace = "demo" with pod contains continers of "nginx" with replicaiton of 2

//it will create 2 POD as replica is 2

//pod contains container of "nginx"

kubectl run nginx-deployment --image=nginx --port=80 --replicas=2 -n demo 

kubectl get pods -n demo

//we see 2 pods

//go inside the pod

kubectl exec -i -t nginx-deployment-5567b746cd-dt28v bash -n demo

exit

//verify pods are running or not

kubectl get pods -n demo

//increase the replica from 2 to 4 ----------------------

//1st check how many replica we have

kubectl get deployments -n demo

//2/2

//we use edit

kubectl edit deployment nginx-deployment -n demo

//opens a YAML file

//under spec: replicas:2  //modify from 2 to 4

kubectl get deployments -n demo

//now we see 4/4

//nginx-deployment   4/4     4            4           11m

kubectl get pods -n demo

//we will see 4 Pods bez replica is 4

//decrease the replica to 2

//instead of edit, use scale : another way to change replica

kubectl scale deployment nginx-deployment --replicas=2 -n demo

kubectl get pods -n demo

////we will see 2 pods again

kubectl delete pod nginx-deployment-5567b746cd-8bnmx -n demo

//deleted

kubectl get pods -n demo

////we will see 2 pods again bez deployment maintains replica 2 always

//to check what events done on this namespace

kubectl get events -n demo

//88s         Normal   Pulling            pod/nginx-deployment-5567b746cd-79cbc    Pulling image "nginx"

//83s         Normal   Pulled             pod/nginx-deployment-5567b746cd-79cbc    Successfully pulled image "nginx"

//83s         Normal   Created            pod/nginx-deployment-5567b746cd-79cbc    Created container nginx-deployment

LOGS#########################

1. Service logs

2. POD logs

3. Namespace logs

kubectl get pods -n demo

kubectl describe pod  nginx-deployment-5567b746cd-79cbc -n demo

//how to check whether service running in pod or not

//we have 2 pods

kubectl describe pod  nginx-deployment-5567b746cd-79cbc -n demo

//Port: 80/TCP

//Host Port: 0/TCP

//means service is not running

//Create Extenrnal service-###############################################

//Expose the deployment outside the cluster (means : public servvice)

//going to expose all deployments

kubectl get deployments -n demo  //check how many deployments we have

//expose

kubectl expose deployment nginx-deployment --type=NodePort -n demo

//service/nginx-deployment exposed

kubectl get services -n demo

//NAME               TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE

//nginx-deployment   NodePort   10.96.149.146   <none>        80:31032/TCP   16s

kubectl describe svc nginx-deployment -n demo

//Endpoints:                172.17.0.10:80,172.17.0.6:80

//bez we have 2 pods we get 2 ips

minikube ip

//192.168.99.101

minikube service nginx-deployment -n demo

//it will open the browser with ip and port

//192.168.99.101

//Create Internal service-###############################################

kubectl run nginx-internal --image=nginx --port=80 -n demo

//deployment.apps/nginx-internal created

kubectl get deployments -n demo

kubectl expose deployment nginx-internal --type=ClusterIP -n demo

kubectl get services -n demo

//nginx-internal     ClusterIP   10.96.149.15

minikube service nginx-internal -n demo   //since service is exposed as internal 

NAMESPACE |      NAME      | TARGET PORT |     URL      |

|-----------|----------------|-------------|--------------|

| demo      | nginx-internal |             | No node port

//since service is exposed as internal we cannot open in browser

//another termial ssh machine (minikube ssh)

curl 10.96.149.15:80

//we see index.html

//Expose service as External IP (LoadBalancer) ###############################################

//For this we should have Cloud

//Showing in Google Cloud

kubectl run nginx-external --image=nginx --port=80

kubectl get deployments

kubectl expose deployment nginx-external --type=LoadBalancer

kubectl get services

//wait for service it will show ip

//open browser

http://35.188.191.136/

-----------------------------------------------------

//all services available

kubectl get services -n kube-system

//TCP -> gateway to POD

//UDP -> POD to POD communication...

minikube addons list

//metrics server

//we will enable metrics server (Monitoring tool)

minikube addons enable metrics-server

// metrics-server was successfully enabled

kubectl get pods -n kube-system

//we see metrics   running

//close minikube dashboard browser which was open

//come out from minikube dashboard (Ctrl + C)

//run again

minikube dashboard

//again browser will open with dashboard with graphs

//leftside navigation - Nodes

//click on minikube link below

//filter namespace "demo"

//we see pods , its memory etc...

//How to create a POD with out deployment############################

kubectl run --generator=run-pod/v1 --image=nginx nginx-pod --port=80

//POD is created without deployment, we did not get warning bez we used --generator

//it will create in default namespace

kubectl get pods

//delete pod

kubectl delete pod nginx-pod

//deleted

//to pass env variable in command

//in YAML we hardcoded password in docker file

//but in kubernates we can pass in command

kubectl get secrets

//describe with name given above command

kubectl describe secret default-token-q4ql9

//token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1HWGlrdnhUQjNPUC1kMDNJMVpYUEhlQ3BCYVY1ZWMwOTdfUVQ

//ca.crt:     1066 bytes

//namespace:  7 bytes

//we will create similar secret file with username and password

kubectl create secret generic db-pass-values --from-literal=username=root --from-literal=password=admin

//secret/db-pass-values created

kubectl get secrets

//we see new entry which we created - "db-pass-values"

//db-pass-values        Opaque                                2      42s

//default-token-q4ql9   kubernetes.io/service-account-token   3      6h44m

kubectl describe secret db-pass-values

//Name:         db-pass-values

//Namespace:    default

//Labels:       <none>

//Annotations:  <none>

//In real time only we can manage deployment, we cannot create, delete deployments

//get roles

kubectl get clusterroles -n kube-system

//NAME                                                                   AGE

//admin                                                                  6h46m

//cluster-admin

kubectl describe clusterroles admin -n kube-system

11. DOCKER & KUBERNETES : KUBERNETES INSTALLATION

11. DOCKER & KUBERNETES : KUBERNETES INSTALLATION

#######################################################################

KUBERNATES INSTALL

#######################################################################

------------------------ 1. kubectl ----------------------------------------------------------------------
google.com

search -> kubectl install

https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-windows

paste it in - C:\Windows\System32\kubectl.exe


-----------------------2. minikube (VirtualBox with Docker & Kubernates Installed--------------------------
google.com

search for - minikube install

https://github.com/kubernetes/minikube/releases

C:\Program Files\Kubernetes\minikube-installer.exe

//Doubbleclick and install


//Minicube is a Virtual machine with Docker and Kubernaties installed in it
//1st docker on top of that kubernates installed
//in Oracle VM VirtualBox - you see new entry as minikube

#######################################################################

KUBERNATES START

#######################################################################

//TERMINAL1 : in normal cmd
----------
C:\Program Files\Kubernetes\Minikube\minikube start --cpus=2 --memory=3072 --vm-driver=virtualbox
    //it will create virtualBox takes more time
    //Creating virtualbox VM (CPUs=2, Memory=3072MB, Disk=20000MB) ...

//TERMINAL2: another cmd
--------
minikube dashboard



//In Terminal1 verify the IP address
kubectl cluster-info

10. DOCKER & KUBERNETES : KUBERNETES INTRODUCTION

10. DOCKER & KUBERNETES : KUBERNETES INTRODUCTION

#######################################################################
KUBERNATES INTRODUCTION
#######################################################################

Why we need Kubernetes..? CLUSTER CONTAINER RUNTIME
-----------------------------------------
//In docker - If machine goes down then all services will go for toss
//In kubernates - multiple machines -
    //to get high availablility
    - if one m/c goes down other m/c will pick up

    Horizontal scale - Infra scale - m/c (VM based scaling, monolythic)
    Vertical scale - Service scale, if one container goes down then another container should pickup

POD = one or more container

9. DOCKER & KUBERNETES :

9. DOCKER & KUBERNETES :

8. DOCKER & KUBERNETES : OJET -> NodeJS -> MYSQL

8. DOCKER & KUBERNETES : OJET -> NodeJS -> MYSQL

7. DOCKER & KUBERNETES : Create Image of MYSQL DB and Create tables in it

7. DOCKER & KUBERNETES : Create Image of MYSQL DB and Create tables in it

Requirement: Create Image of MYSQL DB and create table and insert few records init. ##################
Step1: Keep ready one createdb.sql (creates the table and insert one row)
Step2: Create docker file and use createdb.sql init
Step3: Create Image using dockerfile
Step4: Run and test the Image
########################################################################
----------------------MYSQL in hub.docker.com---------------------------------------------
//Will use mysql image

docker pull mysql:5.7

docker images  //mysql is 456MB

docker inspect mysql:5.7  //ExposedPort 3306 port, CMD : mysqld,  volume : 

//In container we cannot modify in running container is
1. Docker image associated
2  ID - Readonly
3. Volume (data inside volume can change, but cannot add volume - Readonly, means during container creation if volume is assigned then later addition is not possible
4. Cannot increase decrease ports - Readonly

//What cannot change in Docker image
//Entire Docker image is readonly

//Overwrite and image is possible
//Overwrite a container is not possible (overright - ID, Volume, Porsts, DockerImage not possible)

//we will mount some thing to 
https://github.com/dhanan77/RESTAPI22.05/blob/master/createdb.sql

Step1: Keep ready one createdb.sql (creates the table and insert one row)
vi createdb.sql

//paste below code
####################################################
CREATE DATABASE IF NOT EXISTS `pythonlogin` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
USE `pythonlogin`;

CREATE TABLE IF NOT EXISTS `accounts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(50) NOT NULL,
  `password` varchar(255) NOT NULL,
  `email` varchar(100) NOT NULL,
    PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO `accounts` (`id`, `username`, `password`, `email`) VALUES (1, 'test', 'test', 'test@test.com');

####################################################
Esc :wq!


ls

Step2: Create docker file and use createdb.sql init
vi Dockerfile2
####################################################
#mysql 5.7 Implementation of Custom DB created.
FROM mysql:5.7
label maintainer dj@dba-ops.com
ENV MYSQL_ROOT_PASSWORD=admin
COPY createdb.sql /docker-entrypoint-initdb.d/createdb.sql
####################################################
Esc :wq!

Step3: Create Image using dockerfile
//newmysql is image name
docker build -t newmysql -f Dockerfile2 .

vi .dockerignore 

      *.tar  //add this

Esc :wq!

ls -a  //should see .dockerignore

cat .dockerignore

Step4: Run and test the Image "newmysql" by creating the container "testdb"
docker run --name testdb -d newmysql  //it will give id

//check whether "testdb" container is running or not
docker ps -a | grep testdb

//verify db is ready to for connection , means sql file given is executed or not
docker logs testdb  //it will show port and othr information.. and we see in the log createdb.sql is executed..

6. DOCKER & KUBERNETES : ImageCreate Way2 : Create Image using Dockerfile

6. DOCKER & KUBERNETES : ImageCreate Way2 : Create Image using Dockerfile

Requirement: Creating Image using Dockerfile ############################################
Step1: Create docker file (vi Dockerfile)
Step2: Create Image using docker file (docker build -t newubuntu:1.0 -f Dockerfile .)
Step3: Run and test the image (docker run --rm newubuntu:1.0)
########################################################################################

Step1: Create docker file
Example1 : We will create DockerFile
##########################################
//refer image...

https://github.com/dhanan77/RESTAPI22.05

click on -> Sample.sh

#######################################
#!/bin/bash
if [ $# -gt 0 ]
then
if [ -f $1 ]
then
  echo "Contents of the file..."
  cat $1
else
  echo "File Not Found.."$1
fi
else
  echo "Not enough command line arguments..."
fi

########################################

copy

vi Sample.sh

paste

Esc :wq!

sh Sample.sh

sh Sample.sh xxxx

sh Sample.sh /etc/hosts

//create automation file (Docker file) for image management
vi Dockerfile

##############################################
# First Dockerfile simulation of Sample.sh
FROM ubuntu:16.04
LABEL MAINTAINER dj@devops.com
RUN mkdir /code
COPY Sample.sh /code/Sample.sh
RUN chmod +x /code/Sample.sh
CMD sh /code/Sample.sh /etc/hosts
#CMD ["sh","/code/Sample.sh","/etc/hosts"]
###############################################

Esc :wq!

ls  //we should have 2 files (Dockerfile   Sample.sh)

Step2: Create Image using docker file
//every thing does automatically mention all commands in Docker file and build..
//Every line in Dockerfile creates one layer.
//newubuntu is image name
//Creating image "newubuntu:1.0" using docker file "Dockerfile"
docker build -t newubuntu:1.0 -f Dockerfile .    //it will execute line by line mentioned in Dockerfile

docker history newubuntu:1.0  //to check all layers how layers are created...

docker inspect newubuntu:1.0

Step3: Run and test the image //we will test this image
docker run --rm newubuntu:1.0

//execute as bash, customers can go inside and check the code
//Means Its failing as Scaling section, bez people can go and paly with source code
//CF layer test - FAILED
docker run -i -t --rm newubuntu:1.0 bash
cd code
ls
cat Sample.sh

//customer can execute as below also
//CD layer test - FAILED
docker run --rm newubuntu:1.0 sh /code/Sample.sh xxx

docker run --rm newubuntu:1.0 xxx  //will not work

vi Dockerfile

###############################################
# First Dockerfile simulation of Sample.sh
FROM ubuntu:16.04
LABEL MAINTAINER dj@devops.com
RUN mkdir /code
COPY Sample.sh /code/Sample.sh
RUN chmod +x /code/Sample.sh
ENTRYPOINT ["sh","/code/Sample.sh"]
CMD ["/etc/hosts"]
CMD sh /code/Sample.sh /etc/hosts
#CMD ["sh","/code/Sample.sh","/etc/hosts"]
###############################################

Esc :wq!

//build again
docker build -t newubuntu:1.0 -f Dockerfile . 

//now test all security fails again
docker run -i -t --rm newubuntu:1.0 bash   //it will not go inside bash

docker run --rm newubuntu:1.0

docker run --rm newubuntu:1.0 /etc/resolv.conf  //valid file name should work

docker run --rm newubuntu:1.0 xxxxx  //invlid file name should not work

#########################################################################

Example2 : We will create DockerFile for PING and then create image##########################################

------------------- PING COMMAND in Docker file---------------------------------------------
//Do New operation ping like some part should be fixed and some parameter should come as parameter

ping 

docker pull ubuntu:trusty  //pull ping related layers

vi DockerfilePing

###############################################
# Second Dockerfile simulation of Ping
FROM ubuntu:trusty
LABEL MAINTAINER dj@netops.com
ENTRYPOINT ["ping","-c3"]
CMD ["localhost"]
###############################################

Esc :wq!

//build
//ping is image name
//Creating Image "ping:v1" using Dockerfile "DockerfilePing"
docker build -t ping:v1 -f DockerfilePing . 

docker history ping:v1 

docker run --rm ping:v1 //it will execute ping command mentioned DockerfilePing file

//go to Docker quickstart terminal

docker images

Different ways to ping:

1. Localhost (of Container IP)
2. Ping another Container IP
3. Ping Host IP (DM IP)
4. Ping External IP

//Testing on our newly created Image ping:v1
docker run --rm ping:v1
docker run --rm ping:v1 $(docker inspect -f "{{.NetworkSettings.IPAddress}}" TestLogs)
docker run --rm ping:v1 $(docker-machine ip default)
docker run --rm ping:v1 www.ndtv.com  //will work
docker run --rm ping:v1 www.hub.docker.com  //will not work as all cloud has security