This document provides an overview of Kubernetes administration from the perspective of a junior administrator. It begins with introductions to cloud computing, containers, and container orchestration. It then dives deeper into Kubernetes concepts like the control plane, nodes, objects, and architecture. Role-based access control (RBAC) and ways to access the Kubernetes API are also covered. The remainder of the document outlines exercises for understanding the lab environment, configuring RBAC, and exploring different Kubernetes workload types.
Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.
This document provides an overview of Kubernetes concepts including:
- Kubernetes architecture with masters running control plane components like the API server, scheduler, and controller manager, and nodes running pods and node agents.
- Key Kubernetes objects like pods, services, deployments, statefulsets, jobs and cronjobs that define and manage workloads.
- Networking concepts like services for service discovery, and ingress for external access.
- Storage with volumes, persistentvolumes, persistentvolumeclaims and storageclasses.
- Configuration with configmaps and secrets.
- Authentication and authorization using roles, rolebindings and serviceaccounts.
It also discusses Kubernetes installation with minikube, and common networking and deployment
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBitnami
This document discusses building cloud-native applications with Kubernetes, Helm, and Kubeless. It introduces cloud-native concepts like containers and microservices. It then explains how Kubernetes provides container orchestration and Helm provides application packaging. Finally, it discusses how Kubeless enables serverless functionality on Kubernetes.
This talk discusses the core concepts behind the Kubernetes extensibility model. We are going to see how to implement new CRDs, operators and when to use them to automate the most critical aspects of your Kubernetes clusters.
We believe that the popularity of Kubernetes derives from its ability to adapt and improve the infrastructure in which is deployed. I'll explain how this is done
This document provides an overview of Kubernetes, including its architecture, components, concepts, and configuration. It describes that Kubernetes is an open-source container orchestration system designed by Google to manage containerized applications across multiple hosts. The key components include the master nodes which run control plane components like the API server, scheduler, and controller manager, and worker nodes which run the kubelet and containers. It also explains concepts like pods, services, deployments, networking, storage, and role-based access control (RBAC).
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupLaure Vergeron
Julien Girardin presents metal-k8s, an opinionated Kubernetes distribution designed for bare-metal deployments. Julien explains why we chose certain Kubespray plugins over others for Zenko's needs of scalability and petabyte-scale storage over multiple public and private clouds.
Presented by Drew Malone, Staff Solutions Engineer Tanzu Federal VMware at Kubernetes Community Days, Washington DC, September 14, 2022
What do US Government Users Say About Kubernetes?
● Complex to manage Day Two Operations
● Disconnected Environments from Day One
● Need capability both in the cloud and at the edge (various meanings)
● Developer Experience is Lacking because of the complexity
● Ton of Hype about Kubernetes but Commanders and CIO’s want outcomes
● Everyone talks about installing and securing Kubernetes, but rarely do we see Developers pushing apps to production on kubernetes
Standing up Airgapped Kubernetes is Hard
Securing, Operating and Pushing Code to k8s is even Harder
Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.
This document provides an overview of Kubernetes concepts including:
- Kubernetes architecture with masters running control plane components like the API server, scheduler, and controller manager, and nodes running pods and node agents.
- Key Kubernetes objects like pods, services, deployments, statefulsets, jobs and cronjobs that define and manage workloads.
- Networking concepts like services for service discovery, and ingress for external access.
- Storage with volumes, persistentvolumes, persistentvolumeclaims and storageclasses.
- Configuration with configmaps and secrets.
- Authentication and authorization using roles, rolebindings and serviceaccounts.
It also discusses Kubernetes installation with minikube, and common networking and deployment
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBitnami
This document discusses building cloud-native applications with Kubernetes, Helm, and Kubeless. It introduces cloud-native concepts like containers and microservices. It then explains how Kubernetes provides container orchestration and Helm provides application packaging. Finally, it discusses how Kubeless enables serverless functionality on Kubernetes.
This talk discusses the core concepts behind the Kubernetes extensibility model. We are going to see how to implement new CRDs, operators and when to use them to automate the most critical aspects of your Kubernetes clusters.
We believe that the popularity of Kubernetes derives from its ability to adapt and improve the infrastructure in which is deployed. I'll explain how this is done
This document provides an overview of Kubernetes, including its architecture, components, concepts, and configuration. It describes that Kubernetes is an open-source container orchestration system designed by Google to manage containerized applications across multiple hosts. The key components include the master nodes which run control plane components like the API server, scheduler, and controller manager, and worker nodes which run the kubelet and containers. It also explains concepts like pods, services, deployments, networking, storage, and role-based access control (RBAC).
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupLaure Vergeron
Julien Girardin presents metal-k8s, an opinionated Kubernetes distribution designed for bare-metal deployments. Julien explains why we chose certain Kubespray plugins over others for Zenko's needs of scalability and petabyte-scale storage over multiple public and private clouds.
Presented by Drew Malone, Staff Solutions Engineer Tanzu Federal VMware at Kubernetes Community Days, Washington DC, September 14, 2022
What do US Government Users Say About Kubernetes?
● Complex to manage Day Two Operations
● Disconnected Environments from Day One
● Need capability both in the cloud and at the edge (various meanings)
● Developer Experience is Lacking because of the complexity
● Ton of Hype about Kubernetes but Commanders and CIO’s want outcomes
● Everyone talks about installing and securing Kubernetes, but rarely do we see Developers pushing apps to production on kubernetes
Standing up Airgapped Kubernetes is Hard
Securing, Operating and Pushing Code to k8s is even Harder
Load Balancing in the Cloud using Nginx & KubernetesLee Calcote
Presented on March 16, 2017 through O'Reilly - http://www.oreilly.com/pub/e/3864
Modern day applications bring modern day infrastructure requirements. Whether you bring your own or you use your cloud provider's managed load-balancing services, even moderately sophisticated applications are likely to find their needs underserved.
This document provides an overview of Linux containers, Docker, and Kubernetes. It discusses how Linux containers have limitations that Docker aimed to address by providing a platform for managing containers. However, standalone Docker has issues at scale, which Kubernetes was created to solve by offering clustering and orchestration of Docker containers across multiple hosts. Key Kubernetes concepts are explained such as pods, labels, services, and deployments. The document concludes with a reference to a Kubernetes demo.
OSDC 2019 | KubeVirt: Converge IT infrastructure into one single Kubernetes p...NETWAYS
We will dive into KubeVirt and see how we could create and manage VMs in Kubernetes In this session we will talk about what is KubeVirt and how it works on a kubernetes platform. KubeVirt allows users to create and manage virtual machines within a Kubernetes Cluster.
This session will be covering the following topics:
KubeVirt Installation
Basic KubeVirt objects and components
How to deploy and manage virtual machines
KubeVirt Storage
KubeVirt Networking
Benefits :
Kubernetes is a well established container platform, but migrating applications/services to containers is not always easy. KubeVirt allows in such situations to migrate virtual machine based workloads to the same platform where the containers are already running, thus helping converge IT Infrastructure into one single platform, Kubernetes.
An Operator is an application that encodes the domain knowledge of the application and extends the Kubernetes API through custom resources. They enable users to create, configure, and manage their applications. Operators have been around for a while now, and that has allowed for patterns and best practices to be developed.
In this talk, Lili will explain what operators are in the context of Kubernetes and present the different tools out there to create and maintain operators over time. She will end by demoing the building of an operator from scratch, and also using the helper tools available out there.
Get an intro on Kubernetes and how to deploy through Rancher. Discover how to start your CI/CD flow and integrate your build tools within Kubernetes. We'll show you how to secure your environment and manage your logging and monitoring.
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called Pods. ReplicaSets ensure that a specified number of pod replicas are running at any given time. Key components include Pods, Services for enabling network access to applications, and Deployments to update Pods and manage releases.
1. CNCF kubernetes meetup - Ondrej SikaJuraj Hantak
Kubernetes is a production-grade container orchestration system that abstracts away the underlying hardware infrastructure. It deploys and manages containerized applications and services through declarative configurations that define the desired state. Kubernetes can run on various cloud and on-premise infrastructure and is not tied to any specific vendor. It is useful for organizations that need high availability, manage many applications on servers, and want to easily deploy Dockerized workloads without worrying about infrastructure management. Core concepts in Kubernetes include Pods, Deployments, Services, Namespaces, and various cluster components like the API server, scheduler, and kubelet that ensure the actual cluster state matches the desired configurations.
Serverless frameworks are changing the way we do computing. In open source container world, Kubernetes is playing a pivotal role in manifesting this. This presentation will go deep into various features of Kubernetes to create serverless functions.
Also includes a comparative study of various serverless frameworks such as Kubeless, Fission and Funktion are available in open source world. Will conclude with an implementation demo and some real world use cases.
Presented in serverless summit 2017: www.inserverless.com
Kubernetes for FaaS (Function as a Service) - Serverless evolution, some basic constructs, kubenetes features, comparisons - from Serverless conference 2017 Bangalore.
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
This document provides an agenda and instructions for a hands-on introduction to Kubernetes tutorial. The tutorial will cover Kubernetes basics like pods, services, deployments and replica sets. It includes steps for setting up a local Kubernetes environment using Minikube and demonstrates features like rolling updates, rollbacks and self-healing. Attendees will learn how to develop container-based applications locally with Kubernetes and deploy changes to preview them before promoting to production.
The document discusses Amazon Web Services container management services and Kubernetes. It provides an overview of AWS services like Amazon ECS, EKS, Fargate, ECR, Cloud Map and App Mesh. It also describes Kubernetes concepts like pods, deployments, services, namespaces and control plane/data plane architecture. Amazon EKS is highlighted as a managed Kubernetes service that makes it easy to run Kubernetes on AWS without operating the control plane.
JDO 2019: What you should be aware of before setting up kubernetes on premise...PROIDEA
Kubernetes is trendy. There are tons of presentations on how companies saved lots of money by migrating to Kubernetes. Kubernetes is mostly advertised as a cloud service, but there are companies that can't or don't want to migrate their services to the cloud. For them there are solutions to set up Kubernetes on premise. Before you decide to visit that land, I must warn you: there are demons waiting for you, demons that nobody speaks about in public...
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
Build your own container-based system
with the Moby project
Docker Community Edition—an open source product that lets you build, ship, and run containers—is an assembly of modular components built from an upstream open source project called Moby. Moby provides a “Lego set” of dozens of components, the framework for assembling them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
Patrick Chanezon and Mindy Preston explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud, or bare-metal scenarios. Patrick and Mindy explore Moby’s framework, components, and tooling, focusing on two components: LinuxKit, a toolkit to build container-based Linux subsystems that are secure, lean, and portable, and InfraKit, a toolkit for creating and managing declarative, self-healing infrastructure. Along the way, they demo how to use Moby, LinuxKit, InfraKit, and other components to quickly assemble full-blown container-based systems for several use cases and deploy them on various infrastructures.
This document provides an introduction to Kubernetes including:
- What Kubernetes is and what it does including abstracting infrastructure, providing self-healing capabilities, and providing a uniform interface across clouds.
- Key concepts including pods, services, labels, selectors, and namespaces. Pods are the atomic unit and services provide a unified access method. Labels and selectors are used to identify and group related objects.
- The Kubernetes architecture including control plane components like kube-apiserver, etcd, and kube-controller-manager. Node components include kubelet and kube-proxy. Optional services like cloud-controller-manager and cluster DNS are also described.
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Shift Conference
Usually Kubernetes is deployed on top of virtual machines. In this session, we are going to explain how to deploy Kubernetes on top of a physical infrastructure, including compute, networking, and storage services. Metalkube provides infrastructure management integrated directly with Kubernetes, allowing to host workloads that require running on the host directly: machine learning, VNFs for telcos, or for cases like Edge Computing where you need to have all the infrastructure self-hosted but still leverage the high-availability and fault-tolerance of Kubernetes.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
Load Balancing in the Cloud using Nginx & KubernetesLee Calcote
Presented on March 16, 2017 through O'Reilly - http://www.oreilly.com/pub/e/3864
Modern day applications bring modern day infrastructure requirements. Whether you bring your own or you use your cloud provider's managed load-balancing services, even moderately sophisticated applications are likely to find their needs underserved.
This document provides an overview of Linux containers, Docker, and Kubernetes. It discusses how Linux containers have limitations that Docker aimed to address by providing a platform for managing containers. However, standalone Docker has issues at scale, which Kubernetes was created to solve by offering clustering and orchestration of Docker containers across multiple hosts. Key Kubernetes concepts are explained such as pods, labels, services, and deployments. The document concludes with a reference to a Kubernetes demo.
OSDC 2019 | KubeVirt: Converge IT infrastructure into one single Kubernetes p...NETWAYS
We will dive into KubeVirt and see how we could create and manage VMs in Kubernetes In this session we will talk about what is KubeVirt and how it works on a kubernetes platform. KubeVirt allows users to create and manage virtual machines within a Kubernetes Cluster.
This session will be covering the following topics:
KubeVirt Installation
Basic KubeVirt objects and components
How to deploy and manage virtual machines
KubeVirt Storage
KubeVirt Networking
Benefits :
Kubernetes is a well established container platform, but migrating applications/services to containers is not always easy. KubeVirt allows in such situations to migrate virtual machine based workloads to the same platform where the containers are already running, thus helping converge IT Infrastructure into one single platform, Kubernetes.
An Operator is an application that encodes the domain knowledge of the application and extends the Kubernetes API through custom resources. They enable users to create, configure, and manage their applications. Operators have been around for a while now, and that has allowed for patterns and best practices to be developed.
In this talk, Lili will explain what operators are in the context of Kubernetes and present the different tools out there to create and maintain operators over time. She will end by demoing the building of an operator from scratch, and also using the helper tools available out there.
Get an intro on Kubernetes and how to deploy through Rancher. Discover how to start your CI/CD flow and integrate your build tools within Kubernetes. We'll show you how to secure your environment and manage your logging and monitoring.
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called Pods. ReplicaSets ensure that a specified number of pod replicas are running at any given time. Key components include Pods, Services for enabling network access to applications, and Deployments to update Pods and manage releases.
1. CNCF kubernetes meetup - Ondrej SikaJuraj Hantak
Kubernetes is a production-grade container orchestration system that abstracts away the underlying hardware infrastructure. It deploys and manages containerized applications and services through declarative configurations that define the desired state. Kubernetes can run on various cloud and on-premise infrastructure and is not tied to any specific vendor. It is useful for organizations that need high availability, manage many applications on servers, and want to easily deploy Dockerized workloads without worrying about infrastructure management. Core concepts in Kubernetes include Pods, Deployments, Services, Namespaces, and various cluster components like the API server, scheduler, and kubelet that ensure the actual cluster state matches the desired configurations.
Serverless frameworks are changing the way we do computing. In open source container world, Kubernetes is playing a pivotal role in manifesting this. This presentation will go deep into various features of Kubernetes to create serverless functions.
Also includes a comparative study of various serverless frameworks such as Kubeless, Fission and Funktion are available in open source world. Will conclude with an implementation demo and some real world use cases.
Presented in serverless summit 2017: www.inserverless.com
Kubernetes for FaaS (Function as a Service) - Serverless evolution, some basic constructs, kubenetes features, comparisons - from Serverless conference 2017 Bangalore.
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
This document provides an agenda and instructions for a hands-on introduction to Kubernetes tutorial. The tutorial will cover Kubernetes basics like pods, services, deployments and replica sets. It includes steps for setting up a local Kubernetes environment using Minikube and demonstrates features like rolling updates, rollbacks and self-healing. Attendees will learn how to develop container-based applications locally with Kubernetes and deploy changes to preview them before promoting to production.
The document discusses Amazon Web Services container management services and Kubernetes. It provides an overview of AWS services like Amazon ECS, EKS, Fargate, ECR, Cloud Map and App Mesh. It also describes Kubernetes concepts like pods, deployments, services, namespaces and control plane/data plane architecture. Amazon EKS is highlighted as a managed Kubernetes service that makes it easy to run Kubernetes on AWS without operating the control plane.
JDO 2019: What you should be aware of before setting up kubernetes on premise...PROIDEA
Kubernetes is trendy. There are tons of presentations on how companies saved lots of money by migrating to Kubernetes. Kubernetes is mostly advertised as a cloud service, but there are companies that can't or don't want to migrate their services to the cloud. For them there are solutions to set up Kubernetes on premise. Before you decide to visit that land, I must warn you: there are demons waiting for you, demons that nobody speaks about in public...
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
Build your own container-based system
with the Moby project
Docker Community Edition—an open source product that lets you build, ship, and run containers—is an assembly of modular components built from an upstream open source project called Moby. Moby provides a “Lego set” of dozens of components, the framework for assembling them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
Patrick Chanezon and Mindy Preston explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud, or bare-metal scenarios. Patrick and Mindy explore Moby’s framework, components, and tooling, focusing on two components: LinuxKit, a toolkit to build container-based Linux subsystems that are secure, lean, and portable, and InfraKit, a toolkit for creating and managing declarative, self-healing infrastructure. Along the way, they demo how to use Moby, LinuxKit, InfraKit, and other components to quickly assemble full-blown container-based systems for several use cases and deploy them on various infrastructures.
This document provides an introduction to Kubernetes including:
- What Kubernetes is and what it does including abstracting infrastructure, providing self-healing capabilities, and providing a uniform interface across clouds.
- Key concepts including pods, services, labels, selectors, and namespaces. Pods are the atomic unit and services provide a unified access method. Labels and selectors are used to identify and group related objects.
- The Kubernetes architecture including control plane components like kube-apiserver, etcd, and kube-controller-manager. Node components include kubelet and kube-proxy. Optional services like cloud-controller-manager and cluster DNS are also described.
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Shift Conference
Usually Kubernetes is deployed on top of virtual machines. In this session, we are going to explain how to deploy Kubernetes on top of a physical infrastructure, including compute, networking, and storage services. Metalkube provides infrastructure management integrated directly with Kubernetes, allowing to host workloads that require running on the host directly: machine learning, VNFs for telcos, or for cases like Edge Computing where you need to have all the infrastructure self-hosted but still leverage the high-availability and fault-tolerance of Kubernetes.
Similar to Kubernetes Administration from Zero to Hero.pdf (20)
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Project Management: The Role of Project Dashboards.pdfKarya Keeper
Project management is a crucial aspect of any organization, ensuring that projects are completed efficiently and effectively. One of the key tools used in project management is the project dashboard, which provides a comprehensive view of project progress and performance. In this article, we will explore the role of project dashboards in project management, highlighting their key features and benefits.
Preparing Non - Technical Founders for Engaging a Tech AgencyISH Technologies
Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
4. 4
(c) 2018 Component Soft Ltd. - v1.11revdraf
Cloud computing in general
● a model for enabling ubiquitous network access to a
shared pool of configurable computing resources*
– resources (compute, storage, network, apps) as services
● resources are allocated on demand
– scaling and removal also happens rapidly ( seconds-minutes)
● multi-tenancy
– share resources among thousands of users
– resource quotas
– cost effective IT
● Pay-As-You-Go model
– pay per hour/gigabyte instead of flat rate
● maximized effectiveness of the shared resources
– maybe over-provisioning
● lower barriers to entry (nice for startups)
– focus on your business instead of your infrastructure
*definition by NIST
5. 5
(c) 2018 Component Soft Ltd. - v1.11revdraf
Cloud native computing
– a new computing paradigm that is optimized for modern
distributed systems environments capable of scaling to tens of
thousands of self healing multi-tenant nodes.
– Main properties:
● Container packaged – containers represents an isolated unit of application
deployment.
● Dynamically managed - actively scheduled and actively managed by a
central orchestrating process.
● Micro-services oriented - loosely coupled with dependencies explicitly
described (e.g. through service endpoints).
6. 6
(c) 2018 Component Soft Ltd. - v1.11revdraf
Application containers
– OS level virtualization – OS partitioning (virtual OS vs virtual HW)
– Allows us to run multiple isolated user-space application
instances in parallel.
– Instances will have:
● Application code
● Required libraries
● Runtime
– Self sufficient – no external dependencies
– Portable
– Lightweight
– Immutable images Hardware
Operating system
Libraries,
binaries
Application
Libraries,
binaries
Application
Libraries,
binaries
Application
7. 7
(c) 2018 Component Soft Ltd. - v1.11revdraf
Container orchestration
– tools that are providing an enterprise-level framework for
integrating and managing containers at scale.
– aim to simplify container management
● a framework for defining initial container deployment
● availability
● scaling
● networking
– Docker Swarm
– Mesosphere Marathon
– Kubernetes
8. 8
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes
– Kubernetes – ancient Greek word for helmsman
or pilot of the ship
– Initially developed by google
– Has its origins in Borg cluster manager
– “Kubernetes is an open-source system for
automating deployment, scaling, and
management of containerized applications.”
– Places containers on nodes
– Recovers from failure
– Basic monitoring, logging, health checking
– Enables containers to find each other
9. 9
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes concepts
– Kubernetes Master – maintains the desired state for the cluster
– Kubernetes Node – runs the applications
– Kubernetes objects - abstractions that represent the state of
the cluster.
● A “record of intent” - a desired state of the cluster
● Objects have
– Spec – describes its desired state
– State – describes the actual state; updated by Kubernetes.
– Name – client provided; unique for a kind in a namespace, can be
reused
– Namespaces – virtual clusters; provides a scope for names.
– Labels – key-value pairs attached to objects
– Label selector – is the core grouping primitive
– Annotations – attach arbitrary non-identifying metadata to
objects
10. 10
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes objects categories
– Workloads – used to manage and run the containers (Pod,
ReplicationController, deployment)
– Discovery & LB – "stitck" workloads together into an externally
accessible, load-balanced Service (Service, Ingress).
– Config & Storage – objects we can use to inject initialization
data into applications, and to persist data that is external to the
containers (Volume, Secret).
– Metadata – objects used to configure the behavior of other
resources within the cluster (LimitRange)
– Cluster – objects responsible for defining the configuration of
the cluster itself (Namespace, Binding)
11. 11
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes architecture
– Kubernetes master
– Kubernetes node
Kubernetes master
API Server
Controller
Manager
Scheduler
etcd
Kubernetes node
Kubelet Kube-Proxy
Pod Pod Pod Pod
...
.
.
.
Container engine
Kubernetes node
Kubelet Kube-Proxy
Pod Pod Pod Pod
...
Container engine
Users
Kubernetes node
Devops
12. 12
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes master
– provide the cluster’s control plane
– kube-apiserver
● Exposes the Kubernetes API – the front-end
for the Kubernetes control plane.
● Designed to scale horizontally.
– etcd
● Is the backing store of Kubernetes.
● Distributed key-value store
– Kube-controller-manager
● background threads that handle routine tasks
– Node Controller
– Replication Controller
– Endpoints Controller
– Service Account & Token Controllers
– kube-scheduler
● Assigns nodes to the newly created pods
Kubernetes master
API Server
Controller
Manager
Scheduler
etcd
13. 13
(c) 2018 Component Soft Ltd. - v1.11revdraf
Kubernetes node
– kubelet - the primary node agent. It watches for pods that have
been assigned to its node and:
● Mounts the pod’s required volumes.
● Downloads the pod’s secrets.
● Runs the pod’s containers.
● Periodically executes any requested container
liveness probes.
● Reports the status of the pod.
● Reports the status of the node.
– kube-proxy
● enables the Kubernetes service abstraction by maintaining network rules
on the host and performing connection forwarding
– Container engine
● Used to run the containers
● Docker by default, rkt optionally.
● Container Runtime Interface – paves the way to alternative runtimes
Kubernetes node
Kubelet Kube-Proxy
Pod Pod
...
Container engine
15. 15
(c) 2018 Component Soft Ltd. - v1.11revdraf
2. Accessing the kubernetes API
– Ways to access the API
– Controlling access to the API
– Authentication
– Authorization
– Role Based Access Control
16. 16
(c) 2018 Component Soft Ltd. - v1.11revdraf
Accessing the kubernetes cluster
– kubectl – the command line tool for deploying and managing
applications on kubernetes
● Inspect cluster resources
● Create, delete, update components
● Configuration file: ~/.kube/config – information for finding and accessing
a cluster
● bash autocompletion
– Dashboard – web based user interface (add-on)
● Manage applications
● Manage the cluster itself
– Direct access to the API
● HTTP REST
17. 17
(c) 2018 Component Soft Ltd. - v1.11revdraf
Controlling access to the API
– A request for the API will pass several stages before reaching it
Authentication Authorization
Admission
control
Resource
Resource
Request
– Authentication – Ensures that the user it is who it pretends to be
– Kubernetes has 2 categories of users:
● Service accounts – managed by kubernetes
● Normal users – managed by an independent service
– API requests can be treated as anonymous ones if are not tied
to a user or service account.
– Kubernetes uses client certificates, bearer tokens, an
authenticating proxy, or HTTP basic auth to authenticate API
requests through authentication plugins.
18. 18
(c) 2018 Component Soft Ltd. - v1.11revdraf
Authorization
– After the user authentication step the request will have to pass the
authorization step.
– All parts of an API request must be allowed by some policy →
permissions are denied by default.
– Authorization modules
● Node
● ABAC – Attribute-based access control
● RBAC – Role-based access control
● Webhook
19. 19
(c) 2018 Component Soft Ltd. - v1.11revdraf
Role Based Access Control
– RBAC allows fine grained rules for accessing the cluster
– allows dynamic configuration of policies through the Kubernetes API.
– uses the “rbac.authorization.k8s.io” API group
– It defines Roles and RoleBindings in order to assign permissions to
subjects.
– These permissions can be set
● Clusterwide – can be used for cluster-scoped resources, non-resource
endpoints, namespaced resources across all namespaces
● Within a namespace.
● For one single resource.
– Subjects can be users, groups, and service accounts
20. 20
(c) 2018 Component Soft Ltd. - v1.11revdraf
Roles and ClusterRoles
– RBAC roles contains the rules that represent the permissions
– Permissions are purely additive
– A role can be defined within a namespace, or cluster-wide
(ClusterRole)
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
– ClusterRoles are not namespaced
21. 21
(c) 2018 Component Soft Ltd. - v1.11revdraf
Role bindings
– Role binding grants the permissions defined in a role to a subject.
– Permissions can be granted within a namespace with a RoleBinding,
or cluster-wide with a ClusterRoleBinding
– A RoleBinding can use a ClusterRole. The rules will apply to the
namespace of the binding.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-pods
namespace: development
subjects:
- kind: User
name: dave
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cluster-pod-reader
apiGroup: rbac.authorization.k8s.io
22. 22
(c) 2018 Component Soft Ltd. - v1.11revdraf
Exercise 2: RBAC
– Use RBAC to control access to the API
23. 23
(c) 2018 Component Soft Ltd. - v1.11revdraf
3. Kubernetes workloads
– Pod
– Replication controllers
– Deployments, Replica sets
– Jobs and CronJobs
– DaemonSets
24. 24
(c) 2018 Component Soft Ltd. - v1.11revdraf
The pod
– Pod - the smallest deployable object in the Kubernetes object model.
– It runs a single instance of an application
– Contains
● One or more application containers
● Storage resources
● A unique IP address
● Options about how the container(s) should run.
– Containers in one pod are sharing the
network namespace and storage resources
– A pod is scheduled on a node and remains
there until terminated or evicted
– Pods do not self-heal by themselves →
controller.
Volume
Pause
Container1
Container2
eth0
Network
Namesp
ace
Network
25. 25
(c) 2018 Component Soft Ltd. - v1.11revdraf
The pod (cont)
– Pod lifecycle:
● Pending – pod has been accepted by the Kubernetes system, but one or more
of the Container images has not been created.
● Running – has been bound to a node, all of the containers have been created.
At least one container is still running (or starting / restarting).
● Succeeded – all containers have terminated in success, and will not be
restarted
● Failed - All Containers have terminated; at least one has terminated in failure.
● Unknown – the state of the pod could not be obtained
– Probes – performed by the kubelet on a Container using a handler
● Probe types – what is testing: readinessProbe, livenessProbe
● Handler Types – how is testing: ExecAction, TCPSocketAction, HTTPGetAction
● Probe result: Success, Failure, Unknown
– Restart policy – restarts a pod based on the liveness test result
● restartPolicy: Always, OnFailure, Never
– Pods are restarted on the same node, only controllers can schedule
a new pod on a different node.
26. 26
(c) 2018 Component Soft Ltd. - v1.11revdraf
Our first Pod
Describe the Pod using a YAML file:
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
restartPolicy: OnFailure
containers:
name: busybox
image: busybox
command:
sleep
args:
"100"
27. 27
(c) 2018 Component Soft Ltd. - v1.11revdraf
Operations on pods
– Create the pod using the kubectl command:
● kubectl create -f pod1.yaml
– Check the pod status
● kubectl get pod busybox [-o wide]
● kubectl get pod --watch
– Get information about the pod
● kubectl describe pod busybox
● kubectl get pod busybox -o yaml
– Check the logs of a pod
● kubectl logs busybox
– Execute a command inside the pod
● kubectl exec -ti busybox sh
– Delete the pod
● kubectl delete pod busybox
28. 28
(c) 2018 Component Soft Ltd. - v1.11revdraf
ReplicaSet
– The ReplicaSet controller simply
ensures that the desired number of
pods matches its label selector
exists and are operational
– If the labels of the pod are modified
and they do not match the label
selector, then a new pod is spawned,
the old one stays there.
– The ReplicaSet provide a declarative
definition of what a Pod should be
and how many of it should be running
at a time.
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
rs1.yaml
29. 29
(c) 2018 Component Soft Ltd. - v1.11revdraf
Working with ReplicaSet
– Create the ReplicaSet
● kubectl create -f rs1.yaml
– Check the status
● kubectl get rs [--watch]
● kubectl describe rs nginx
– Change the number of replicas
● kubectl scale rs nginx --replicas=3
– Delete the ReplicaSet
● kubectl delete rs nginx
30. 30
(c) 2018 Component Soft Ltd. - v1.11revdraf
Deployments
– A Deployment provides declarative updates for Pods and
ReplicaSets
– Deployment creates ReplicaSet, which creates the Pods
– Updating a deployment creates new ReplicaSet and updates the
revision of the deployment.
– During update pods from the initial RS are scaled down, while pods
from the new RS are scaled up.
– Rollback to an earlier revision, will update the revision of Deployment
– The --record flag of kubectl allows us to record current command in
the annotations of the resources being created or updated
– Strategy – how to replace the old pods
● Rolling update (default): maxUnavailable, maxSurge
● Recreate
32. 32
(c) 2018 Component Soft Ltd. - v1.11revdraf
Working with Deployments (cont)
– Check the status
● kubectl get deployment nginx [--watch]
● kubectl get deployment nginx -o yaml
● kubectl describe deployment nginx
– Scale a deployment
● kubectl scale deployment nginx --replicas=4
33. 33
(c) 2018 Component Soft Ltd. - v1.11revdraf
Working with Deployments (cont)
– Update a deployment
● kubectl set image deployment/nginx nginx=nginx:1.7.9 --all=true
● kubectl edit deployment nginx
– Check the status of a rollout
● kubectl rollout status deployment nginx
● kubectl rollout history deployment nginx
– Undo a rollout
● kubectl rollout undo deployment/nginx [--to-revision=2]
– Pause and resume a deployment – allows multiple changes
● kubectl rollout pause deployment/nginx
● kubectl rollout resume deployment/nginx
34. 34
(c) 2018 Component Soft Ltd. - v1.11revdraf
Jobs, CronJobs
– A job creates one or more pods and ensures that a specified number
of them successfully terminate.
– Jobs can be used to reliably run a Pod to completion the specified
number of times (.spec.completions)
– Jobs can run multiple Pods in parallel (.spec.parallelism)
– Pods in a Job can only use Never or OnFailure as their RestartPolicy
– It is up to the user to delete old jobs after noting their status
– Deleting a Job will delete the related Pods
– If Pods are failing, the Job will create new Pods forever. The
.spec.activeDeadlineSeconds will limit the time for which a Job will
create new Pods.
– CronJobs can create Jobs once or repeatedly at specified times
– .spec.jobTemplate will specify the Job to be created
– concurrencyPolicy: Allow, Forbid, Replace
35. 35
(c) 2018 Component Soft Ltd. - v1.11revdraf
Jobs example
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
completions: 10
parallelism: 3
template:
metadata:
name: pi
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
37. 37
(c) 2018 Component Soft Ltd. - v1.11revdraf
DaemonSets
– A DaemonSet ensures that all (or some) nodes run a copy of a pod
– When nodes are added to the cluster, pods are added to them
– When nodes are removed from the cluster, those pods are garbage
collected
– To run pods only on some nodes:
● .spec.template.spec.nodeSelector – pods started on nodes that match the
node selector
● .spec.template.spec.affinity – pods are created on nodes that match the node
affinity
– If node labels are changed, the DaemonSet will promptly adapt
– Deleting a DaemonSet will delete the pods (except –cascade=false)
– UpdateStrategy:
● OnDelete - new pods will only be created when the old ones are manually
deleted
● RollingUpdate - after you update a DaemonSet template, old pods will be killed
38. 38
(c) 2018 Component Soft Ltd. - v1.11revdraf
Exercise 3: Kubernetes workloads
– Task 1: Working with pods
– Task 2: Working with deployments
40. 40
(c) 2018 Component Soft Ltd. - v1.11revdraf
Services
– Service – an abstraction which defines a logical set of Pods and a
policy by which to access them
– The service maps an incoming port to a target port
– The pods targeted are defined by the selector → Endpoints
– We can have services without selector → no Endpoints object is
created automatically
– iptables proxies depends on working readiness probes
– Service discovery:
● Environment variables – are created when the pod is created → requires
ordering (the service should be defined first)
● DNS – optional cluster add-on. No ordering is required.
41. 41
(c) 2018 Component Soft Ltd. - v1.11revdraf
Service types
– ClusterIP: Exposes the service on a cluster-internal IP – only
reachable from within the cluster. Default
– NodePort: Exposes the service on each Node’s IP at a static port.
The service will be reachable from outside the cluster using
NodeIP:NodePort
– LoadBalancer: Exposes the service externally using a cloud
provider’s load balancer.
– ExternalName: Maps the service to the contents of the
externalName field, by returning a CNAME record with its value.
42. 42
(c) 2018 Component Soft Ltd. - v1.11revdraf
Working with Services
– Expose the ports of a deployment/RC
● kubectl expose deployment nginx --port=80 --type=NodePort
– Create services from file:
kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 80
kubectl create -f svc1.yaml
43. 43
(c) 2018 Component Soft Ltd. - v1.11revdraf
Working with Services
– Get service information:
● kubectl get svc
● kubectl describe svc
– Check service discovery
● kubectl exec -ti busybox env
● kubectl exec -ti busybox nslookup nginx
– Check the iptables rules on the nodes
● iptables -t nat -L -n
● iptables -L -n
44. 44
(c) 2018 Component Soft Ltd. - v1.11revdraf
Exercise 4: Services
– Working with services
46. 46
(c) 2018 Component Soft Ltd. - v1.11revdraf
Volumes
– By default the container filesystem is ephemeral – recreated each
time when the container starts → a clean state each time → can be
a problem for non trivial applications
– A pod can have multiple containers that are sharing files.
– A volume in the simplest form is just a directory which is accessible
to the containers in a pod.
– The type of volume determines the backend for the directory.
– The pod definition specifies what volumes are provided (the
spec.volumes field), and where are these mounted in the containers
(the spec.containers.volumeMounts field).
– The containers are independently specifying where to mount each
volume (the same volume can be mounted on different path in
different containers).
48. 48
(c) 2018 Component Soft Ltd. - v1.11revdraf
Volume types
– Kubernetes supports several volume types:
● emptyDir – initially empty; deleted when the pod is deleted (survives crashes)
● hostPath – mounts a directory from the host into the pod. The content is host
specific → pods with identical specs can behave differently on different nodes.
● gcePersistentDisk – mounts a Google Compute Engine (GCE) Persistent Disk
into the pod. Content preserved on pod delete → prepopulate, data “hand off”
● awsElasticBlockStore - mounts an Amazon Web Services EBS Volume into the
pod. Content preserved.
● nfs – allows an existing NFS share to be mounted into the pod. Allows multiple
writers. The server should be configured. Content is preserved.
● iscsi – single writer. Can be mounted read only by multiple pods.
● glusterfs – multiple writers.
● rbd - single writer. Can be mounted read only by multiple pods.
● cephfs – multiple writers.
● secret
● persistentVolumeClaim
49. 49
(c) 2018 Component Soft Ltd. - v1.11revdraf
Persistent Volumes
– PersistentVolume (PV) – a cluster resource that hides the details of
storage implementation from the pod.
● Can be of different types (HostPath, NFS, iSCSI, RBD, … plugins)
● Are independent from the pods that are using them.
– PersistentVolumeClaim (PVC) – a request for storage by a pod.
● PVCs will consume PV resources.
● PVC can request size, access mode, storage class.
– StorageClass – describes the “classes” of storages
● Classes can map to quality-of-service levels, backup policies, …
● Allows for dynamic provisioning of Pvs.
– The pod definition will use the PVC for defining the volumes
consumed by the containers.
– Dynamic provisioning is possible using the StorageClass definition.
● A StorageClass will contain the provisioner and parameter fields.
51. 51
(c) 2018 Component Soft Ltd. - v1.11revdraf
Persistent Volume example (cont)
– We define the PVC (the claim):
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: slow
52. 52
(c) 2018 Component Soft Ltd. - v1.11revdraf
Persistent Volume example (cont)
– the Pod (the consumer):
kind: Pod
apiVersion: v1
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: dockerfile/nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
persistentVolumeClaim:
claimName: myclaim
53. 53
(c) 2018 Component Soft Ltd. - v1.11revdraf
Secrets
– Secret objects are intended to hold sensitive information, such as
passwords.
– Safer than putting sensitive information into pod definition, or docker
images.
– Secrets can be used by pods as files in a volume, or injected by the
kubelet.
– Secrets can be created from files, or directly specifying them:
● kubectl create secret generic mysql --from-literal=password=mypasswd
– Checking secrets:
● kubectl get secret mysql -o yaml
54. 54
(c) 2018 Component Soft Ltd. - v1.11revdraf
Using Secrets as environmental variables
. . .
spec:
containers:
- image: mysql:5.5
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql
key: password
55. 55
(c) 2018 Component Soft Ltd. - v1.11revdraf
Using Secrets as volumes
...
spec:
containers:
- image: busybox
command:
- sleep
- "3600"
volumeMounts:
- mountPath: /mysqlpassword
name: mysql
name: busy
volumes:
- name: mysql
secret:
secretName: mysql
● kubectl exec -ti busybox -- cat /mysqlpassword/password
56. 56
(c) 2018 Component Soft Ltd. - v1.11revdraf
ConfigMaps
– ConfigMap objects are intended for passing information that tends to
be stored in a single config file
– Can store key-value pairs, or plain configuration files
● kubectl create configmap special-config --from-literal=special.how=very
● kubectl create configmap mymap –from-file=app.conf
– Check the values stored in the map
● kubectl get configmap mymap -o yaml
– Passing values to pods:
● As environmental variables (part of the pod definition):
env:
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.how
● As volumes:
volumes:
- name: config-volume
configMap:
name: special-config
57. 57
(c) 2018 Component Soft Ltd. - v1.11revdraf
Exercise 5: Storage in Kubernetes
– Use a volume in two containers