05. Configuration ManagementΒΆ
Container ENVsΒΆ
-
Define Environment Variables for a Container
-
Mapping Pod entry point to docker container commands
| Docker | Kubernetes |
|---|---|
| EntryPoint | command |
| CMD | args |
Different method to define configsΒΆ
We have some different methods to define configuration
- Plain Key-Value
- ConfigMap a map from configuration in key-value format
- Secret
- Some more secure tools:
- Mozilla SOps
- HashiCorp Vault
- Helm Secrets
Multiple containers podsΒΆ
At the same time, a Pod can contain more than one container, if these containers are relatively tightly coupled.
Why does Kubernetes allow more than one container in a Pod?ΒΆ
Containers in a Pod runs on a "logical host": they use the same network namespace (same IP address and port space), IPC namespace and, optionally, they can use shared volumes. Therefore, these containers can efficiently communicate, ensuring data locality. Also, Pods allow managing several tightly coupled application containers as a single unit.
More info about Multiple Container Pods
Multi-Container Pod Design PatternsΒΆ
SidecarΒΆ
Sidecar containers extend and enhance the "main" container. Side car also can adds some new functionality to the main container.
Ambassador containersΒΆ
Ambassador containers proxy a local connection to the world.
Adapter containersΒΆ
Adapter containers standardize and normalize output main container to the outer world.
Init ContainersΒΆ
Init-Containers usually use for those purpose that we want to provision or meet dependencies for target containers in a special spences.
Self-Healing ApplicationsΒΆ
The kubelet uses liveness probes to know when to restart a container.
Liveness, Readiness, and Startup ProbesΒΆ
- Liveness Probes
- indicates weather the container is running
- if it fails, the kubelet kills the container
- Readiness Probes
- indicates the container is ready to respond to requests
- if it falls, pod's IP address is removed from the endpoints of all Services
- Startup Probes
- indicates weather the application is started
- if it falls, the kubelet kills the container
- when it succeeded, other probes start evaluation
How Kubelet Handles ProbesΒΆ
To perform a diagnostic, the Kubelet triggers handlers
ExecActionΒΆ
- Executes a specific command inside the container
TCPSocketActionΒΆ
- Perform a TCP check against the Pod's IP address on a specific port
HTTPGetActionΒΆ
- Performs an HTTP Get Request against the Pod's IP address on a specific port and path
Cluster MaintenanceΒΆ
- Operating System Upgrades
- Cluster Upgrade Process
- Backup and Restore Methodologies
Eviction APIΒΆ
drainΒΆ
- cordon with tag NoSchedule
- add tag NoExecute
- remove old pods without these two condition
cordonΒΆ
- add tag NoSchedule to node
uncordonΒΆ
- add tag NoSchedule to node
Difference Between Cordon & DrainΒΆ
CordonΒΆ
- Mark a node as unschedulable, which prevents new pods from being scheduled on that node.
- Existing pods continue to run on the node, but no new pods will be scheduled onto it.
DrainΒΆ
- Evacuate all workloads (pods) from a node, preparing it for maintenance (e.g., shutting it down or upgrading).
- All non-daemonset and non-static pods are gracefully evicted from the node, which involves:
- Rescheduling the evicted pods onto other available nodes (depending on pod tolerations and node availability)
- Daemonset pods (like monitoring agents) and pods without replica sets (i.e., pods that cannot be rescheduled) are not affected.
Key DifferencesΒΆ
| Feature | cordon | drain |
|---|---|---|
| Pods on the Node | Existing pods stay running | Existing pods are evicted/moved |
| New Pods | No new pods are scheduled | No new pods are scheduled |
| Effect on Running Pods | Running pods are not affected | Running pods are gracefully evicted |
| DaemonSet Pods | Not affected | Not evicted by default (needs --force flag) |
| Use Case | Prevent new workloads temporarily | Maintenance or permanent removal |
Kubernetes ReleasesΒΆ
There are many solution to install kubernetes cluster
- Install binary Separately
- Install via KubeADM
- Install via Kubespray
Update ClusterΒΆ
Best practice for kube cluster is all the components have a same version, but we also have different versioning according to this image
API-Server must be a higher version in the cluster
Kubernetes just supports 3 versions earlier than the current version in updating PATH