Certified Kubernetes Administrator
This is for EKS 1.22
Kubernetes basics
Controle plane
- Multiple servers
- Control the cluster
- Components:
- kube-api-server: kubernetes API
- etcd: key-value storage for cluster info
- kube-scheduler: select available node to put a pod
- kube-controller-manager: multiple utilities that automate tasks
- cloud-controller-manager: only with aws, azure, gcp
Nodes
- Components:
- kubelete: communicates with control plane
- container runtime: software to run containers
- kube-proxy: networking between containers
Building a kubernetes cluster
- 3 nodes minimum
- make sure have host names and all 3 nodes can ping each other by names
- /etc/modules-load.d/containerd.conf
- add: overlay and br_netfilter
- sudo modprobe
- /etc/sysctl.d/99-ubernetes-cri.conf
- net.bridge.bridge-nf-call-iptables = 1
- net.ip4.ip_forward = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- sudo systemctl reload
- install containerd package
- /etc/containerd/config.toml
- systemctl restart containerd
- sudo swapoff -a and /etc/fstab disable swap
- install apt-transport-https curl
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add-
- apt-get install kubelet kubeadm kubectl
- apt-mark hold kubelet kubeadm kubectl
- (master) kubeadm init –por-network-cidr 192.168.0.0/16 –kubernetes-version 1.22.0
- (master): mkdir $HOME/.kube; cp -i /etc/kubernetes/admin.conf $HOME/.kube/config; chown $(id -u):$(id -g) $HOME/.kube/config
- (master): kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
- (master): kubeadm token create –print-join-command
- (node): kubeadm join $IPADDR –token $TOKEM –discovery-token-ca-cert-hash sha256:xxxxxx
Namespaces
Virtual clusters on same cluster
Tools
- kubeadm
- kubectl
- kompose
- kustomize
- minikube
- helm
Safely draining a k8s node
kubectl drain $NODE_NAME --ignore-daemonsets --force
to remove node from the clusterkubectl uncordon $NODE_NAME
to attach the node again to the cluster, enable k8s scheduler in the node
Upgrade k8s with kubeadm
On the master node (control plane)
- kubectl drain k8s-control –ignore-daemonsets
- sudo apt-get update && sudo apt install kubeadm
- sudo kubeadm upgrade plan v1.22.2
- sudo kubeadm upgrade apply v1.22.2
- sudo apt-get update && sudo apt install kubectl
- sudo systemctl daemon-reload
- sudo systemctl restart kubelet
- kubectl uncordon k8s-control
On workers:
- kubectl drain k8s-worker1 –ignore-daemonsets –force # from master
- sudo apt-get update && sudo apt install kubeadm
- sudo kubeadm upgrade node
- sudo apt-get update && sudo apt install kubectl
- sudo systemctl daemon-reload
- sudo systemctl restart kubelet
- kubectl uncordon k8s-worker1 # from master
Backup and restore etcd
ETCDCTL_API=3 etcdctl --endopints $ENDPOINT snapshot save <file name>
ETCDCTL_API=3 etcdctl --endopints $ENDPOINT snapshot restore <file name>