|
| 1 | +## Kubernetes API Versioning, K8s Extension , Certification Tip: Lecture Notes |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | +## Admission Controllers |
| 6 | + |
| 7 | + |
| 8 | +### **Purpose:** |
| 9 | +Admission controllers are plugins that enforce policies on objects being created or updated in a Kubernetes cluster. These policies are essential to maintain security, resource limits, and operational efficiency. |
| 10 | + |
| 11 | +### **Types of Admission Controllers:** |
| 12 | +1. **Mutating Admission Controller:** |
| 13 | + - Modifies requests to enforce certain policies before they are accepted into the cluster. |
| 14 | + - Example: Automatically adding labels to pods. |
| 15 | + |
| 16 | +2. **Validating Admission Controller:** |
| 17 | + - Ensures requests meet certain criteria and validates configurations. |
| 18 | + - Example: Rejecting deployments with insecure configurations. |
| 19 | + |
| 20 | + |
| 21 | + |
| 22 | +### **Commonly Used Admission Controllers:** |
| 23 | +| Controller | Purpose | |
| 24 | +|--------------------|------------------------------------------------------| |
| 25 | +| Namespace Lifecycle | Prevents operations on resources in non-existent namespaces | |
| 26 | +| Limit Ranger | Enforces default resource limits | |
| 27 | +| Resource Quota | Enforces quotas on the number of resources used | |
| 28 | + |
| 29 | +--- |
| 30 | + |
| 31 | +## Kubernetes API Versions |
| 32 | + |
| 33 | +### **Stages of API Versions:** |
| 34 | +1. **Alpha:** |
| 35 | + - Experimental features. |
| 36 | + - May change or be removed in future releases. |
| 37 | + - **Not recommended** for production use. |
| 38 | + |
| 39 | +2. **Beta:** |
| 40 | + - Features have broader testing. |
| 41 | + - Guaranteed not to be removed. |
| 42 | + - May have minor changes. |
| 43 | + |
| 44 | +3. **Stable:** |
| 45 | + - Fully tested and ready for production. |
| 46 | + - No further breaking changes. |
| 47 | + - Example: `v1`. |
| 48 | + |
| 49 | +### **Examples of Kubernetes API Versions:** |
| 50 | +1. **v1:** Core stable API version including resources like: |
| 51 | + - Pods |
| 52 | + - Services |
| 53 | + - ConfigMaps |
| 54 | + |
| 55 | +2. **Other API Groups:** |
| 56 | + - `apps/v1` for Deployments |
| 57 | + - `batch/v1` for Jobs and CronJobs |
| 58 | + |
| 59 | +--- |
| 60 | + |
| 61 | +## Kubernetes Resources and Autoscaling |
| 62 | + |
| 63 | + |
| 64 | +### **Core Resources:** |
| 65 | +1. **Pods:** |
| 66 | + - Smallest deployable units in Kubernetes. |
| 67 | + - Represents a group of containers with shared storage, network, and specifications. |
| 68 | + |
| 69 | +2. **Services:** |
| 70 | + - Abstracts and exposes pods as network services. |
| 71 | + - Ensures stable communication between pods and users. |
| 72 | + |
| 73 | +3. **ConfigMaps:** |
| 74 | + - Stores non-sensitive configuration data in a key-value format. |
| 75 | + |
| 76 | +4. **Secrets:** |
| 77 | + - Stores sensitive data like passwords and tokens securely. |
| 78 | + |
| 79 | +5. **Namespaces:** |
| 80 | + - Provides a mechanism to isolate groups of resources within a cluster. |
| 81 | + |
| 82 | +6. **Persistent Volumes (PVs):** |
| 83 | + - Provides storage resources for pods, independent of their lifecycle. |
| 84 | + |
| 85 | +### **Workload Resources (apps/v1, batch/v1):** |
| 86 | +1. **Deployment:** |
| 87 | + - Manages replicated applications. |
| 88 | + - Supports rolling updates. |
| 89 | + |
| 90 | +2. **ReplicaSet:** |
| 91 | + - Ensures a specified number of pod replicas are running at any time. |
| 92 | + |
| 93 | +3. **StatefulSet:** |
| 94 | + - Manages stateful applications with stable network identities and persistent storage. |
| 95 | + |
| 96 | +4. **DaemonSet:** |
| 97 | + - Ensures a copy of a pod runs on all or selected nodes in the cluster. |
| 98 | + |
| 99 | +5. **Job:** |
| 100 | + - Manages batch jobs. |
| 101 | + - Ensures specified tasks are completed successfully. |
| 102 | + |
| 103 | +6. **CronJob:** |
| 104 | + - Schedules jobs to run at specific times or intervals. |
| 105 | + |
| 106 | +### **Networking Resources (networking.k8s.io):** |
| 107 | +1. **Ingress:** |
| 108 | + - Manages external access to services within the cluster. |
| 109 | + - Acts as an HTTP/HTTPS proxy. |
| 110 | + |
| 111 | +2. **Network Policy:** |
| 112 | + - Controls traffic flow between pods. |
| 113 | + - Example: Allowing only specific pods to communicate. |
| 114 | + |
| 115 | +3. **Service:** |
| 116 | + - Exposes a set of pods and ensures stable networking. |
| 117 | + |
| 118 | +### **Storage Resources:** |
| 119 | +1. **Storage Class:** |
| 120 | + - Defines different types of storage and policies for dynamic provisioning. |
| 121 | + |
| 122 | +### **RBAC & Authorization:** |
| 123 | +Kubernetes provides **Role-Based Access Control (RBAC)** to manage permissions. |
| 124 | + |
| 125 | +**API Group:** `rbac.authorization.k8s.io` |
| 126 | + |
| 127 | +**Resources:** |
| 128 | +1. **Roles:** |
| 129 | + - Assign permissions within a namespace. |
| 130 | + |
| 131 | +2. **Role Bindings:** |
| 132 | + - Binds roles to users or groups within a namespace. |
| 133 | + |
| 134 | +3. **Cluster Roles:** |
| 135 | + - Assign permissions cluster-wide. |
| 136 | + |
| 137 | +4. **Cluster Role Bindings:** |
| 138 | + - Binds cluster roles to users or groups cluster-wide. |
| 139 | + |
| 140 | +### **Custom Resources:** |
| 141 | +1. **Custom Resource Definition (CRD):** |
| 142 | + - Extends the Kubernetes API. |
| 143 | + - Allows users to define and use their own resources. |
| 144 | + |
| 145 | +--- |
| 146 | + |
| 147 | +## Autoscaling |
| 148 | +Kubernetes provides tools to automatically adjust resources based on usage. |
| 149 | + |
| 150 | +1. **Horizontal Pod Autoscaler (HPA):** |
| 151 | + - Scales pods horizontally based on CPU or custom metrics. |
| 152 | + |
| 153 | +2. **Vertical Pod Autoscaler (VPA):** |
| 154 | + - Adjusts resource requests and limits for containers based on actual usage. |
| 155 | + |
| 156 | +--- |
| 157 | + |
| 158 | +## Key Commands (kubectl) |
| 159 | + |
| 160 | + |
| 161 | +### **Basic Pod Commands:** |
| 162 | +1. `kubectl get pods -o wide` |
| 163 | + - Displays detailed pod information in a wide format. |
| 164 | + |
| 165 | +2. `kubectl get pods -o json` |
| 166 | + - Outputs pod details in JSON format. |
| 167 | + |
| 168 | +3. `kubectl get pods --field-selector=status.phase=Running` |
| 169 | + - Filters pods based on their running status. |
| 170 | + |
| 171 | +4. `kubectl get pods --watch` |
| 172 | + - Watches for changes in pod status in real-time. |
| 173 | + |
| 174 | +### **Aliases:** |
| 175 | +1. `alias kgp='kubectl get pods'` |
| 176 | + - Shortens the command to list pods. |
| 177 | + |
| 178 | +### **Other Commands:** |
| 179 | +1. `kubectl exec` |
| 180 | + - Executes commands directly within a container. |
| 181 | + |
| 182 | +--- |
| 183 | + |
| 184 | +## **Examples for Better Understanding:** |
| 185 | +1. **Mutating Admission Controller Example:** |
| 186 | + - Automatically adding a label to pods using `MutatingWebhookConfiguration`. |
| 187 | + |
| 188 | +2. **Validating Admission Controller Example:** |
| 189 | + - Ensuring deployments do not use `latest` tag for images. |
| 190 | + |
| 191 | +3. **API Version Usage Example:** |
| 192 | + - Using `apps/v1` for deploying a sample application. |
| 193 | + |
| 194 | +--- |
0 commit comments