diff --git a/topics/kubernetes/CKA.md b/topics/kubernetes/CKA.md
index 935fe57..ca24bd7 100644
--- a/topics/kubernetes/CKA.md
+++ b/topics/kubernetes/CKA.md
@@ -11,6 +11,9 @@
- [Troubleshooting ReplicaSets](#troubleshooting-replicasets)
- [Deployments](#deployments)
- [Troubleshooting Deployments](#troubleshooting-deployments)
+ - [Scheduler](#scheduler)
+ - [Labels and Selectors](#labels-and-selectors)
+ - [Taints](#taints)
## Setup
@@ -136,6 +139,14 @@ You can also run `k describe po POD_NAME`
`k delete po nm`
+
+List all the pods with the label "env=prod"
+
+`k get po -l env=prod`
+
+To count them: `k get po -l env=prod --no-headers | wc -l`
+
+
### Troubleshooting Pods
@@ -180,6 +191,12 @@ Because there is no such image `sheris`. At least for now :)
To fix it, run `kubectl edit ohno` and modify the following line `- image: sheris` to `- image: redis` or any other image you prefer.
+
+You try to run a Pod but it's in "Pending" state. What might be the reason?
+
+One possible reason is that the scheduler which supposed to schedule Pods on nodes, is not running. To verify it, you can run `kubectl get po -A | grep scheduler` or check directly in `kube-system` namespace.
+
+
## Namespaces
@@ -194,6 +211,32 @@ To fix it, run `kubectl edit ohno` and modify the following line `- image: sheri
`k create ns alle`
+
+Check how many namespaces are there
+
+`k get ns --no-headers | wc -l`
+
+
+
+Check how many pods exist in the "dev" namespace
+
+`k get po -n dev`
+
+
+
+Create a pod called "kartos" in the namespace dev. The pod should be using the "redis" image.
+
+If the namespace doesn't exist already: `k create ns dev`
+
+`k run kratos --image=redis -n dev`
+
+
+
+You are looking for a Pod called "atreus". How to check in which namespace it runs?
+
+`k get po -A | grep atreus`
+
+
## Nodes
@@ -212,10 +255,57 @@ Note: create an alias (`alias k=kubectl`) and get used to `k get no`
## Services
+
+Check how many services are running in the current namespace
+
+`k get svc`
+
+
Create an internal service called "sevi" to expose the app 'web' on port 1991
+
+How to reference by name a service called "app-service" within the same namespace?
+
+app-service
+
+
+
+How to check the TargetPort of a service?
+
+`k describe svc `
+
+
+
+How to check what endpoints the svc has?
+
+`k describe svc `
+
+
+
+How to reference by name a service called "app-service" within a different namespace, called "dev"?
+
+app-service.dev.svc.cluster.local
+
+
+
+Assume you have a deployment running and you need to create a Service for exposing the pods. This is what is required/known:
+
+* Deployment name: jabulik
+* Target port: 8080
+* Service type: NodePort
+* Selector: jabulik-app
+* Port: 8080
+
+
+`kubectl expose deployment jabulik --name=jabulik-service --target-port=8080 --type=NodePort --port=8080 --dry-run=client -o yaml -> svc.yaml`
+
+`vi svc.yaml` (make sure selector is set to `jabulik-app`)
+
+`k apply -f svc.yaml`
+
+
## ReplicaSets
@@ -427,3 +517,56 @@ status: {}
The selector doesn't match the label (dep vs depdep). To solve it, fix depdep so it's dep instead.
+
+## Scheduler
+
+
+How to schedule a pod on a node called "node1"?
+
+`k run some-pod --image=redix -o yaml --dry-run=client > pod.yaml`
+
+`vi pod.yaml` and add:
+
+```
+spec:
+ nodeName: node1
+```
+
+`k apply -f pod.yaml`
+
+Note: if you don't have a node1 in your cluster the Pod will be stuck on "Pending" state.
+
+
+## Labels and Selectors
+
+
+How to list all the Pods with the label "app=web"?
+
+`k get po -l app=web`
+
+
+
+How to list all objects labeled as "env=staging"?
+
+`k get all -l env=staging`
+
+
+
+How to list all deployments from "env=prod" and "type=web"?
+
+`k get deploy -l env=prod,type=web`
+
+
+## Taints
+
+
+Check if there are taints on node "master"
+
+`k describe no master | grep -i taints`
+
+
+
+Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"
+
+`k taint node minikube app=web:NoSchedule`
+
\ No newline at end of file
diff --git a/topics/kubernetes/README.md b/topics/kubernetes/README.md
index 87a1ec4..963fae4 100644
--- a/topics/kubernetes/README.md
+++ b/topics/kubernetes/README.md
@@ -15,10 +15,14 @@ What's your goal?
- [Pods](#pods)
- [Service](#service)
- [ReplicaSet](#replicaset)
+ - [Labels and Selectors](#labels-and-selectors)
+ - [Scheduler](#scheduler)
- [Kubernetes Questions](#kubernetes-questions)
- [Kubernetes 101](#kubernetes-101)
- [Cluster and Architecture](#cluster-and-architecture)
- [Pods](#pods-1)
+ - [Pods - Commands](#pods---commands)
+ - [Pods - Troubleshooting and Debugging](#pods---troubleshooting-and-debugging)
- [Deployments](#deployments)
- [Services](#services)
- [Ingress](#ingress)
@@ -43,6 +47,8 @@ What's your goal?
- [Troubleshooting Scenarios](#troubleshooting-scenarios)
- [Istio](#istio)
- [Controllers](#controllers)
+ - [Scheduler](#scheduler-1)
+ - [Taints](#taints)
- [Scenarios](#scenarios)
## Kubernetes Exercises
@@ -68,6 +74,18 @@ What's your goal?
| Operating ReplicaSets | ReplicaSet | [Exercise](replicaset_02.md) | [Solution](solutions/replicaset_02_solution.md)
| ReplicaSets Selectors | ReplicaSet | [Exercise](replicaset_03.md) | [Solution](solutions/replicaset_03_solution.md)
+### Labels and Selectors
+
+|Name|Topic|Objective & Instructions|Solution|Comments|
+|--------|--------|------|----|----|
+| Labels and Selectors 101 | Labels, Selectors | [Exercise](exercises/labels_and_selectors/exercise.md) | [Solution](exercises/labels_and_selectors/solution.md)
+
+### Scheduler
+
+|Name|Topic|Objective & Instructions|Solution|Comments|
+|--------|--------|------|----|----|
+| Taints 101 | Taints | [Exercise](exercises/taints_101/exercise.md) | [Solution](exercises/taints_101/solution.md)
+
## Kubernetes Questions
### Kubernetes 101
@@ -259,9 +277,9 @@ Apply requests and limits, especially on third party applications (where the unc
-True of False? The scheduler is responsible for both deciding where a Pod will run and actually run it
+What kubectl get componentstatus does?
-False. While the scheduler is responsible for choosing the node on which the Pod will run, Kubelet is the one that actually runs the Pod.
+Outputs the status of each of the control plane components.
### Pods
@@ -330,40 +348,16 @@ False. By default, pods are non-isolated = pods accept traffic from any source.
False. "Pending" is after the Pod was accepted by the cluster, but the container can't run for different reasons like images not yet downloaded.
-
-How to list the pods in the current namespace?
-
-`kubectl get po`
-
-
-
-How view all the pods running in all the namespaces?
-
-`kubectl get pods --all-namespaces`
-
-
True or False? A single Pod can be split across multiple nodes
False. A single Pod can run on a single node.
-
-How to delete a pod?
-
-`kubectl delete pod pod_name`
-
-
You run a pod and you see the status ContainerCreating
-
-How to find out on which node a certain pod is running?
-
-`kubectl get po -o wide`
-
-
What are "Static Pods"?
@@ -513,12 +507,48 @@ False. Each Pod gets an IP address but an internal one and not publicly accessib
To make a Pod externally accessible, we need to use an object called Service in Kubernetes.
+#### Pods - Commands
+
-How to check to which worker node the pods were scheduled to?
+How to check to which worker node the pods were scheduled to? In other words, how to check on which node a certain Pod is running?
`kubectl get pods -o wide`
+
+How to delete a pod?
+
+`kubectl delete pod pod_name`
+
+
+
+List all the pods with the label "env=prod"
+
+`k get po -l env=prod`
+
+To count them: `k get po -l env=prod --no-headers | wc -l`
+
+
+
+How to list the pods in the current namespace?
+
+`kubectl get po`
+
+
+
+How view all the pods running in all the namespaces?
+
+`kubectl get pods --all-namespaces`
+
+
+#### Pods - Troubleshooting and Debugging
+
+
+You try to run a Pod but it's in "Pending" state. What might be the reason?
+
+One possible reason is that the scheduler which supposed to schedule Pods on nodes, is not running. To verify it, you can run `kubectl get po -A | grep scheduler` or check directly in `kube-system` namespace.
+
+
### Deployments
@@ -700,6 +730,16 @@ The selector doesn't match the label (dep vs depdep). To solve it, fix depdep so
In simpler words, it allows you to add an internal or external connectivity to a certain application running in a container.
+
+Place the components in the right placeholders in regards to Kubernetes service
+
+
+
+
+
+
+
+
How to create a service for an existing deployment called "alle" on port 8080 so the Pod(s) accessible via a Load Balancer?
@@ -708,12 +748,6 @@ The imperative way:
`kubectl expose deployment alle --type=LoadBalancer --port 8080`
-
-An internal load balancer in Kubernetes is called ____ and an external load balancer is called ____
-
-An internal load balancer in Kubernetes is called Service and an external load balancer is Ingress
-
-
True or False? The lifecycle of Pods and Services isn't connected so when a Pod dies, the Service still stays
@@ -726,6 +760,12 @@ True
`kubectl get svc`
+
+What's the default Service type?
+
+ClusterIP - used for internal communication.
+
+
What Service types are there?
@@ -926,6 +966,12 @@ Explanation as to who added them:
You can run `curl :` to examine the output.
+
+An internal load balancer in Kubernetes is called ____ and an external load balancer is called ____
+
+An internal load balancer in Kubernetes is called Service and an external load balancer is Ingress
+
+
### Ingress
@@ -1435,7 +1481,6 @@ When chosen as the data store etcd was (and still is of course):
Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense and is completely separated from the other groups (so you can for example create an app with the same name in two different namespaces)
-
Why to use namespaces? What is the problem with using one default namespace?
@@ -1471,20 +1516,58 @@ False. When a namespace is deleted, the resources in that namespace are deleted
How to list all namespaces?
-`kubectl get namespaces`
+`kubectl get namespaces` OR `kubectl get ns`
+
+
+
+
+Create a namespace called 'alle'
+
+`k create ns alle`
+
+
+
+
+Check how many namespaces are there
+
+`k get ns --no-headers | wc -l`
+
+
+
+
+Check how many pods exist in the "dev" namespace
+
+`k get po -n dev`
+
+
+
+
+Create a pod called "kartos" in the namespace dev. The pod should be using the "redis" image.
+
+If the namespace doesn't exist already: `k create ns dev`
+
+`k run kratos --image=redis -n dev`
+
+
+
+
+You are looking for a Pod called "atreus". How to check in which namespace it runs?
+
+`k get po -A | grep atreus`
+
What kube-public contains?
* A configmap, which contains cluster information
-* Publicely accessible data
+* Publicly accessible data
How to get the name of the current namespace?
-kubectl config view | grep namespace
+`kubectl config view | grep namespace`
@@ -1493,27 +1576,6 @@ kubectl config view | grep namespace
It holds information on hearbeats of nodes. Each node gets an object which holds information about its availability.
-
-How to create a namespace?
-
-One way is by running `kubectl create namespace [NAMESPACE_NAME]`
-
-Another way is by using namespace configuration file:
-```
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: some-cofngimap
- namespace: some-namespace
-```
-
-
-
-What default namespace contains?
-
-Any resource you create while using Kubernetes.
-
-
True or False? With namespaces you can limit the resources consumed by the users/teams
@@ -1545,13 +1607,7 @@ kubectl create quota some-quota --hard-cpu=2,pods=2
Which resources are accessible from different namespaces?
-Service.
-
-
-
-Let's say you have three namespaces: x, y and z. In x namespace you have a ConfigMap referencing service in z namespace. Can you reference the ConfigMap in x namespace from y namespace?
-
-No, you would have to create separate namespace in y namespace.
+Services.
@@ -1653,22 +1709,6 @@ kubectl delete pods --field-selector=status.phase!='Running'
kubectl top pod
-
-What kubectl get componentstatus does?
-
-Outputs the status of each of the control plane components.
-
-
-
-What is Minikube?
-
-Minikube is a lightweight Kubernetes implementation. It create a local virtual machine and deploys a simple (single node) cluster.
-
-
-
-How do you monitor your Kubernetes?
-
-
You suspect one of the pods is having issues, what do you do?
@@ -2410,6 +2450,53 @@ Explained [here](https://www.youtube.com/watch?v=i9V4oCa5f9I)
- Act - Bring current cluster state to the desired state (basically reach a state where there is no diff)
+### Scheduler
+
+
+True of False? The scheduler is responsible for both deciding where a Pod will run and actually running it
+
+False. While the scheduler is responsible for choosing the node on which the Pod will run, Kubelet is the one that actually runs the Pod.
+
+
+
+How to schedule a pod on a node called "node1"?
+
+`k run some-pod --image=redix -o yaml --dry-run=client > pod.yaml`
+
+`vi pod.yaml` and add:
+
+```
+spec:
+ nodeName: node1
+```
+
+`k apply -f pod.yaml`
+
+Note: if you don't have a node1 in your cluster the Pod will be stuck on "Pending" state.
+
+
+## Taints
+
+
+Check if there are taints on node "master"
+
+`k describe no master | grep -i taints`
+
+
+
+Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"
+
+`k taint node minikube app=web:NoSchedule`
+
+
+
+What taint effects are there? Explain each one of them
+
+`NoSchedule`: prevents from resources to be scheduled on a certain node
+`PreferNoSchedule`: will prefer to shcedule resources on other nodes before resorting to scheduling the resource on the chosen node (on which the taint was applied)
+`NoExecute`: Appling "NoSchedule" will not evict already running Pods (or other resources) from the node as opposed to "NoExecute" which will evict any already running resource from the Node
+
+
### Scenarios
@@ -2434,4 +2521,10 @@ Some ways to debug:
2. Run `kubectl logs mypod`
1. This should provide an accurate output of
2. For specific container, you can add `-c CONTAINER_NAME`
+
+
+
+An engineer form your organization asked whether there is a way to prevent from Pods (with cretain label) to be scheduled on one of the nodes in the cluster. Your reply is:
+
+Yes, using taints, we could run the following command and it will prevent from all resources with label "app=web" to be scheduled on node1: `kubectl taint node node1 app=web:NoSchedule`
\ No newline at end of file
diff --git a/topics/kubernetes/exercises/labels_and_selectors/exercise.md b/topics/kubernetes/exercises/labels_and_selectors/exercise.md
new file mode 100644
index 0000000..d8600c2
--- /dev/null
+++ b/topics/kubernetes/exercises/labels_and_selectors/exercise.md
@@ -0,0 +1,11 @@
+# Labels and Selectors 101
+
+## Objectives
+
+1. How to list all the Pods with the label "app=web"?
+2. How to list all objects labeled as "env=staging"?
+3. How to list all deployments from "env=prod" and "type=web"?
+
+## Solution
+
+Click [here](solution.md) to view the solution.
\ No newline at end of file
diff --git a/topics/kubernetes/exercises/labels_and_selectors/solution.md b/topics/kubernetes/exercises/labels_and_selectors/solution.md
new file mode 100644
index 0000000..def344e
--- /dev/null
+++ b/topics/kubernetes/exercises/labels_and_selectors/solution.md
@@ -0,0 +1,13 @@
+# Labels and Selectors 101
+
+## Objectives
+
+1. How to list all the Pods with the label "app=web"?
+2. How to list all objects labeled as "env=staging"?
+3. How to list all deployments from "env=prod" and "type=web"?
+
+## Solution
+
+`k get po -l app=web`
+`k get all -l env=staging`
+`k get deploy -l env=prod,type=web`
\ No newline at end of file
diff --git a/topics/kubernetes/exercises/taints_101/exercise.md b/topics/kubernetes/exercises/taints_101/exercise.md
new file mode 100644
index 0000000..2830398
--- /dev/null
+++ b/topics/kubernetes/exercises/taints_101/exercise.md
@@ -0,0 +1,17 @@
+# Taints 101
+
+## Objectives
+
+1. Check if one of the nodes in the cluster has taints (doesn't matter which node)
+2. Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"
+ 1. Explain what it does exactly
+ 2. Verify it was applied
+
+## Solution
+
+Click [here](solution.md) to view the solution.
+
+1. `kubectl describe no minikube | grep -i taints`
+2. `kubectl taint node minikube app=web:NoSchedule`
+ 1. Any resource with "app=web" key value will not be scheduled on node `minikube`
+ 2. `kubectl describe no minikube | grep -i taints`
\ No newline at end of file
diff --git a/topics/kubernetes/images/service_exercise.png b/topics/kubernetes/images/service_exercise.png
new file mode 100644
index 0000000..b924eb6
Binary files /dev/null and b/topics/kubernetes/images/service_exercise.png differ
diff --git a/topics/kubernetes/images/service_solution.png b/topics/kubernetes/images/service_solution.png
new file mode 100644
index 0000000..5e01c4c
Binary files /dev/null and b/topics/kubernetes/images/service_solution.png differ