CKAD Preparation - Pods
April 02, 2021
| kubernetes | ckad |
PODS
Pod is a smallest component in the K8S architecture. A container typically has one-one relation with a Pod. For scenarios where application needs pattern implementation like sidecar or adaptor or even ambassador.
YAML for PODS
K8S YAML has 4 root levels required fields: apiVersion, kind, metadata, spec
apiVersion : ApiVersion of K8S (v1 → all 1.xx versions, including alpha and beta)
kind : Type of object (Pods, Service, ReplicaSet, Deployment)
metadata : A Dictionary of the object like name (string value), labels (Dictionary value, any non k8s specific unlike the root level metadata)
spec: Depending on type of object, the information changes. This is also a dictionary.
POD definition - vanilla flavour
# nginx-pod-definition.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-app
labels:
app: api
type: frontend
spec:
containers:
- name: nginx-container
image: nginxPOD definition file with Arguments
Most of the container images built have docker file with ENTRYPOINT (which command to execute on startup of the container) and CMD (what are the input arguments to be passed). When creating a POD definition to deploy such a container and overwrite the default values defined in the dockerfile, include under the containers section command and args. Note that args accepts array of values.
# tomcat-pod-definition.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-app-2
labels:
app: api-2
type: frontend
spec:
containers:
- name: tomcat-container
image: tomcat
command: '/usr/local/tomcat/entrypoint.sh'
args: ["8080"]Create POD in K8S
To create the container with the above file use:
kubectl create -f ./nginx-pod-definition.yamlSecurity on POD
K8S provides capabilities to add security at either POD level or at the container level. By adding SecurityContext Object with runAsUser along with required capabilities is a way forward to provide fine grained access to the users. Following is a sample POD definition:
# nginx-pod-definition.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-app
labels:
app: api
type: frontend
spec:
# POD level security
# Add user who has ID 1000
securityContext:
runAsUser: 2000
containers:
- name: nginx-container
image: nginx
# Container level security
# Add user who has ID 2000, and restricted capabilties to only manage system date
securityContext:
runAsUser: 2000
capablities:
add: ["SYS_DATE"]Debugging
- If the YAML is malformed, kubectl errors outs during execution.
- If the
imageprovided in the definitionspecis not found,kubectl get podsstill returns the described pod but with stateImagepullbackoff. -
To see the details of a pod use the following
# get all details kubectl describe pod <podname> | grep # get information without full details kubectl get pods <podname> -o wide- Events: list of actions performed in sequence
- Node
-
To extract pod definition yaml for an existing pod:
kubectl get pod <pod-name> -o yaml > <pod-definition-file-name.yaml> kubectl get pod <pod-name> -o wide # all details of pod -
To apply changes to a running pod,
# get current running config and once updated and save it is directly applied kubectl edit pod <pod-name> -
To search for the PODs based on their labels:
kubectl get pod -l <name-of-lable>=<value-of-label> -
To dive into the running pod, similar to Docker
kubectl exec -it <name-of-pod> -- <command> kubectl exec -it ubuntu-sleeper -- date -s 'Apr 27 2021, 07:00:00'
Gottcha
- Want to overwrite the container
entrypointon running container in the POD, no cannot. To do so, delete the POD and recreate it. Use the deployment YAML which automatically takes care if it