K8S (pronounced Kates) is short for Kubernetes, following the i18n web internationalisation standard.
You keep the first and last letters, and replace everything in between with the count of the letters replaced.
- Kubernetes => K8S
- internationalization => i18n
[K8 Commands]
Create a resource from a file or STDIN.
Accepts JSON and YAML.
kubectl create -f <path_to_file>
kubectl create -f <url_to_file>
-f or --filename means the filename is next
Apply a configuration to a resource by filename or STDIN.
Accepts JSON and YAML.
kubectl apply -f <path_to_file>
kubectl apply -k <directory_of_files>
Update fields of a resource with strategic merge patch, a JSON merge patch, or a JSON patch.
Accepts JSON and YAML.
Use PATCH to update a resource that has already been CREATED.
kubectl patch -n "${_namespace}" ingress "${_service}" --patch -f ./cd/k8s/oauth-patch-deploy.yml
Do you need to PATCH or CREATE?
Bash example:
if ! kubectl get ${_resource}/${_service} -n ${_namespace} 2>&1 1>/dev/null
then
kubectl apply -f "${_filename}"
else
kubectl patch ${_resource} ${_service} --patch="$(cat ${_filename})" -n ${_namespace} --dry-run
fi
Ingresses route external http(s) traffic to internal services.
Example ingress yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: service-a
namespace: services-abc
labels:
stable.k8s.psg.io/kcm.class: "default"
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: "service-a-url"
http:
paths:
- path: / #matches any path
backend:
serviceName: service-a
servicePort: 8080
tls:
- hosts:
- "service-a-url"
secretName: tls.wildcard.services-abc
Example service yaml:
apiVersion: v1
kind: Service
metadata:
name: service-a
namespace: services-abc
labels:
application: service-a
spec:
type: NodePort
selector:
application: service-a
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
Sample deployment yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: service-a
namespace: services-abc
labels:
application: service-a
spec:
revisionHistoryLimit: 2
replicas: replicas-a
minReadySeconds: 20 #give the deployment 20s to spin up.
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 #rollout 1 at time.
maxUnavailable: 1 #don't rollout another until new one is available.
selector:
matchLabels:
application: service-a
template:
metadata:
labels:
application: service-a
spec:
containers:
- name: service-a
image: docker.cicd.mycompany.com/service-a:1.0.1
imagePullPolicy: Always
env:
- name: ASPNETCORE_ENVIRONMENT
value: "<DOTNET_ENVIRONMENT>"
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
httpHeaders:
- name: X-Forwarded-Host
value: service-a-url
- name: X-Forwarded-Proto
value: https
initialDelaySeconds: 10
periodSeconds: 30
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
httpHeaders:
- name: X-Forwarded-Host
value: service-a-url
- name: X-Forwarded-Proto
value: https
initialDelaySeconds: 10
periodSeconds: 30
imagePullSecrets:
- name: mycompany-docker-registry
Cron jobs run commands on periodic schedules.
Sample con job yaml:
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: service-a-some-task
namespace: services-abc
labels:
application: service-a
spec:
schedule: "*/5 * * * *" #every 5 minutes
jobTemplate:
spec:
backoffLimit: 1 #only attempt to run once per scheduled time slot
activeDeadlineSeconds: 180 #can run for up to 3 minutes
ttlSecondsAfterFinished: 1800 #clean up old jobs 30 minutes after they are completed
completions: 1
parallelism: 1
template:
spec:
restartPolicy: Never
containers:
- name: service-a-some-task
image: buildpack-deps:curl
command:
- /usr/bin/curl
- --verbose
- --request
- POST
- '--data' #to get the Content-Length:0 header
- '""' #to get the Content-Length:0 header
- 'http://service-a:8080/private/v1/someTask'
A cron job can connect to a service endpoint that does not have a K8S ingress.