Naming Conventions

K8S (pronounced Kates) is short for Kubernetes, following the i18n web internationalisation standard.

You keep the first and last letters, and replace everything in between with the count of the letters replaced.
- Kubernetes => K8S
- internationalization => i18n
Command Line

[K8 Commands]

Create

Create a resource from a file or STDIN.
Accepts JSON and YAML.


kubectl create -f <path_to_file>

kubectl create -f <url_to_file>

-f or --filename means the filename is next

Apply

Apply a configuration to a resource by filename or STDIN.
Accepts JSON and YAML.


kubectl apply -f <path_to_file>

kubectl apply -k <directory_of_files>

Patch

Update fields of a resource with strategic merge patch, a JSON merge patch, or a JSON patch.
Accepts JSON and YAML.

Use PATCH to update a resource that has already been CREATED.


kubectl patch -n "${_namespace}" ingress "${_service}" --patch -f ./cd/k8s/oauth-patch-deploy.yml 

Do you need to PATCH or CREATE?
Bash example:

if ! kubectl get ${_resource}/${_service} -n ${_namespace} 2>&1 1>/dev/null
then
  kubectl apply -f "${_filename}"
else
  kubectl patch ${_resource} ${_service} --patch="$(cat ${_filename})" -n ${_namespace} --dry-run
fi

Ingress

Ingresses route external http(s) traffic to internal services.

Example ingress yaml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: service-a
  namespace: services-abc
  labels:
    stable.k8s.psg.io/kcm.class: "default"
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
  - host: "service-a-url"
    http:
      paths:
      - path: / #matches any path
        backend:
          serviceName: service-a
          servicePort: 8080
  tls:
    - hosts:
      - "service-a-url"
      secretName: tls.wildcard.services-abc

Service

Example service yaml:

apiVersion: v1
kind: Service
metadata:
  name: service-a
  namespace: services-abc
  labels:
    application: service-a
spec:
  type: NodePort
  selector:
    application: service-a
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  - name: https
    port: 8443
    targetPort: 8443
Deployment

Sample deployment yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: service-a
  namespace: services-abc
  labels:
    application: service-a
spec:
  revisionHistoryLimit: 2
  replicas: replicas-a
  minReadySeconds: 20 #give the deployment 20s to spin up.
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1 #rollout 1 at time.
      maxUnavailable: 1 #don't rollout another until new one is available.
  selector:
    matchLabels:
      application: service-a
  template:
    metadata:
      labels:
        application: service-a
    spec:
      containers:
        - name: service-a
          image: docker.cicd.mycompany.com/service-a:1.0.1
          imagePullPolicy: Always
          env:
           - name: ASPNETCORE_ENVIRONMENT
             value: "<DOTNET_ENVIRONMENT>"
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
              scheme: HTTP
              httpHeaders:
              - name: X-Forwarded-Host
                value: service-a-url
              - name: X-Forwarded-Proto
                value: https
            initialDelaySeconds: 10
            periodSeconds: 30
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
              scheme: HTTP
              httpHeaders:
              - name: X-Forwarded-Host
                value: service-a-url
              - name: X-Forwarded-Proto
                value: https
            initialDelaySeconds: 10
            periodSeconds: 30
      imagePullSecrets:
        - name: mycompany-docker-registry
Cron Job

Cron jobs run commands on periodic schedules.

Sample con job yaml:

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: service-a-some-task
  namespace: services-abc
  labels:
    application: service-a
spec:
  schedule: "*/5 * * * *" #every 5 minutes
  jobTemplate:
    spec:
      backoffLimit: 1 #only attempt to run once per scheduled time slot
      activeDeadlineSeconds: 180 #can run for up to 3 minutes
      ttlSecondsAfterFinished: 1800 #clean up old jobs 30 minutes after they are completed
      completions: 1
      parallelism: 1
      template:
        spec:
          restartPolicy: Never
          containers:
          - name: service-a-some-task
            image: buildpack-deps:curl
            command:
                - /usr/bin/curl 
                - --verbose
                - --request 
                - POST                
                - '--data'  #to get the Content-Length:0 header
                - '""'      #to get the Content-Length:0 header
                - 'http://service-a:8080/private/v1/someTask'

A cron job can connect to a service endpoint that does not have a K8S ingress.