Docker and Kubernetes

In Kubernetes, a Service is a method for exposing a network application that is running as one or more  Pods  in your cluster. The set of Pods targeted by a Service is usually determined by a  selector  that you define. For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that, nor should they need to keep track of the set of backends themselves.  The Service abstraction enables this decoupling. Here is an example of a service of type NodePort which exposes a port(Nodeport) of a Node in the kubernetes cluster and also describes which port on the pod would the calls be forwarded to (targetPort) - *A nodePort is a temporary solution to expose the applications to the internet, usually done for testing purposes, other types of services e.g. ...

  A pod can have multiple containers All containers inside a Pod share the same network stack, which includes the following IP Address Network interfaces Routing tables Ports Every pod has a unique IP address and all containers inside a pod have the same IP address as that of the pod and that is why the containers inside the same pod are able to talk to each other using localhost If two containers within the same Pod attempt to bind to the same port, it will result in a conflict Here is an example from a yaml file where the "containerPort"s are the ports which tell kubernetes that the respective applicaton is running inside the container on this port, so when someone wants to access this application, they will have to make a call to the same port number on the Pod and then the Pod will forward the request to the same port number on the container, by default the ports on the pod are mapped to the same port numbers in contianers  spec: containers: - name: eggpla...

When we say "connect to a Kubernetes cluster," we are referring to the process of establishing a connection from your local development environment or another system to a Kubernetes cluster. Kubernetes is a container orchestration platform that allows you to automate the deployment, scaling, and management of containerized applications. Connecting to a Kubernetes cluster involves interacting with the Kubernetes API server, which is the central control point for managing the cluster. The Kubernetes API server, often referred to simply as the "API server," is a component of the Kubernetes control plane. It is a central component that exposes the Kubernetes API, which is used for managing the entire cluster. The API server acts as the front-end for the Kubernetes control plane and is responsible for processing RESTful API requests, validating them, and then updating the corresponding objects in the cluster, such as pods, services, and deployments. API server exists in ...

  A service account is  a special kind of account used by an application or compute workload, rather than a person . Service accounts are managed by Identity and Access Management (IAM) in GCP

It is an Infrastructure as Code tool Normally, if one has to configure VMs or other resources on the cloud, they have to go to the cloud provider's website and click a lot to get things done as supposed, terraform can do all of that provided you tell it precisely what to do in a .tf file e.g. which cloud provider you are using(GCP, Azure etc), which resource to configure with what specifications. One writes the file in hashicorp language (kinda like JSON) Free and Open source One has to install the CLI terraform init terraform apply  (to make the changes to cloud) terraform destroy

GKE Docs: https://cloud.google.com/kubernetes-engine/docs/ Create a cluster in GKE Autopilot mode In Autopilot mode, Google manages most of the infrastructure and provides a more managed K8s experience than GKE Standard mod Create an Autopilot cluster by specifying a name and region. After the cluster is created, you can deploy your workload through Kubernetes and Google will take care of the rest, including:    Nodes:  Automated node provisioning, scaling, and maintenance    Networking:  VPC-native traffic routing for public or private clusters    Security:  Shielded GKE Nodes and Workload Identity    Telemetry:  Cloud Operations logging and monitoring When creating a cluster, Google cloud asks for Network configurations for the cluster Public clusters:  Choose a public cluster to configure access from public networks to the cluster's workloads. Routes aren't created automatically. You cannot change this setting after t...

A Pod always runs on a   Node .  A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine, depending on the cluster.  Each Node is managed by the control plane.  A Node can have multiple pods, and the Kubernetes control plane automatically handles scheduling the pods across the Nodes in the cluster. The control plane's automatic scheduling takes into account the available resources on each Node. Every Kubernetes Node runs at least: Kubelet, a process responsible for communication between the Kubernetes control plane and the Node; it manages the Pods and the containers running on a machine. A container runtime (like Docker) responsible for pulling the container image from a registry, unpacking the container, and running the application.

Kubectl is   Kubernetes command line interface Kubectl uses the Kubernetes API to interact with the cluster The common format of a kubectl command is:  kubectl  action resource This performs the specified  action  (like  create ,  describe  or  delete ) on the specified  resource  (like  node  or  deployment ). You can use  - -help  after the subcommand to get additional info about possible parameters (for example:  kubectl get nodes --help ). Check that kubectl is configured to talk to your cluster, by running the  kubectl version  command. Check that kubectl is installed and you can see both the client and the server versions. To view the nodes in the cluster, run the  kubectl get nodes  command. The most common operations can be done with the following kubectl subcommands: kubectl get  - list resources kubectl describe  - show detailed information about a resource kubect...

Kubernetes coordinates a highly available cluster of computers that are connected to work as a single unit.   The abstractions in Kubernetes allow you to deploy containerized applications to a cluster without tying them specifically to individual machines.  To make use of this new model of deployment, applications need to be packaged in a way that decouples them from individual hosts: they need to be containerized. Containerized applications are more flexible and available than in past deployment models, where applications were installed directly onto specific machines as packages deeply integrated into the host.   Kubernetes automates the distribution and scheduling of application containers across a cluster in a more efficient way. A Kubernetes cluster consists of two types of resources:     1.  The  Control Plane  coordinates/manages the cluster The Control Plane coordinates all activities in your cluster, such as  scheduling applications...

Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems. The Minikube CLI provides basic bootstrapping operations for working with your cluster, including start, stop, status, and delete.

Pods that are running inside Kubernetes are running on a private, isolated network. By default they are visible from other pods and services within the same Kubernetes cluster, but not outside that network Every Pod has a unique IP address And it is reachable from all other Pods in the K8s cluster A pod is a host, just like your laptop, having an ip-address and a range of ports that can be alloted to containers A container runs on a specific port inside a pod In a Kubernetes environment, when services are deployed within the same namespace , they can communicate with each other using the service name as the hostname e.g. in the following snippet from appsetting.json form a .net core project, ' document-api'  is the name of the service "DocumentApiConfiguration" : { "BaseUrl" : "http://document-api/" } What if I want to access a service from another namespace? When you want to access a service from another namespace in Kubernetes, you typica...

A Pod is the smallest execution unit in Kubernetes Pods are ephemeral by nature If a pod (or the node it executes on) fails, Kubernetes can automatically create a new replica of that pod to continue operations. Because we're not supposed to pack multiple processes into a single container, we need a higher-level structure that will allow us to tie and wrap containers together and manage them as a single unit. This is the reasoning behind the pods. Simply put, a Kubernetes pod is a collection of containers. In case of a Node failure, identical Pods are scheduled on other available Nodes in the cluster.

Docker Hub is a central place to upload Docker images. Many products, including Kubernetes, can create containers based on images in Docker Hub.  Login with your docker credentials with the following command docker login  Retag or rename the Docker images you created under your Docker username with the following command docker tag old - image - name: old - tag new - image - name: new - tag What is a tag? After the image name, the optional TAG is a custom, human-readable manifest identifier that is typically a specific version or variant of an image. Finally push or upload the docker image to dockerhub with the following command docker push [YOUR DOCKER USER NAME]/[IMAGE NAME]

Some keywords: Node A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine, depending on the cluster Clusters Kubernetes coordinates a highly available cluster of computers (nodes) that are connected to work as a single unit Namespace Namespaces are a way to organize clusters into virtual sub-clusters — they can be helpful when different teams or projects share a Kubernetes cluster . Any number of namespaces are supported within a cluster , each logically separated from others but with the ability to communicate with each other Kubernetes: Kubernetes is a portable, extesible open-source platform for managing and orchestration containerized workloads . It abstracts away complex container management tasks Provides us with declarative configuration to orchestrate containers in different computing environments This orchestration platform gives you the same ease of use and flexibility you might already know from Platform-as-a-Service (PaaS) or Infrastruct...

 Container management is the process of organising, adding, removing or updating multiple containers. Container Orchestration A container orchestrator is a system that automatically deploys and manages containerized apps e.g. Kubernetes, Docker etc.

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Suppopse that we have two services that we'd like to group together to build and deploy as a single unit. We decided to use Docker Compose to build the services together. In this exercise, we create a Docker Compose YAML file, then use the Docker Compose utility to both build the Docker container images and run them. Here is an example of a dockercompose.yml file. After the dockercompose.yml file is ready, we run the follwing commands docker compose build : Builds the container images docker compose up : This starts both the frontend website and backend web API by running the containers

As introduced previously, in a microservice-based approach, each microservice owns its model and data so it will be autonomous from a development and deployment point of view. These kinds of systems are complex to scale out and manage. Therefore, you absolutely need an orchestrator if you want to have a production-ready and scalable multi-container application. The orchestrator helps with composing applications consisting of many microservices into one deployable unit . That unit is then moved — or deployed — to a host. Once deployed, the orchestrator helps with managing the host.  It can automatically start the containers, scale them out with multiple instances for each image,  suspend them,  or shut them down when needed.  The orchestrator can also control how containers access resources like the network and data storage. Orchestrators can perform tasks such as  load-balancing and routing in scenarios when multiple containers exist on multiple hosts in a compl...

CI(Continuous Integration): Focuses on preparing code for release (build/test),  CD(Continuous Deployment): Involves the actual release of code and deployment (release/deploy). A few code health check and security analysis tools for CI pipelines Sonarqube :  SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages Trivy : Trivy  is  a simple and comprehensive vulnerability scanner for containers and other artifacts . A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System