Kubernetes 101

A Kubernetes cluster is your entire Kubernetes system. Everything is within it.

Nodes are the server instances that run inside your hosting provider to run your Kubernetes cluster on.

Nodes are essentially what you pay for if you use a cloud provider's Kubernetes offering. There are two different nodes, "worker nodes" and "management nodes". Some of the cloud providers provide the master nodes for free.

Basically your application. A Docker containerised application that can be scaled.

There are many other types of "deployment": e.g. cron jobs, etc, but for the purpose of this guide, and most common use, think of it as your actual application.

A pod is what you actually horizontally scale across nodes. It wraps your deployment container as a unit.

It may include other deployments that you want associated closely with each other. And it can include sidecar containers as well. Most of the time though a container contains just one deployment.

A pod is often what you interact with when you are interacting and debugging something running on your Kubernetes cluster.

The component that exposes your Deployment application. Mostly just internally inside your cluster, but can also be exposed externally. You can expose it externally directly via a NodePort service type in a crude but often useful manner. Or via Load Balancer (see below), or via an Ingress which is the most extensible option.

A load balancer is a type of service that distributes traffic to your services from the internet. It will be associated with an external IP address. If you run Kubernetes on your own hardware it will deploy as a specific service. But if you use a cloud provider it might utilise that providers custom load balancer. Think ELB if on AWS for example, or Digital Ocean's cloud controller. Kubernetes will provision and configure the cloud provided load balancer automatically and invisibly for you.

Ingresses lets you define which service gets traffic redirected to them. Usually with a load balancer in front to expose it. A typical configuration is routing via request host or path.

E.g. If you host several apps or websites in the same cluster, you might configure the Ingress so that requests to www.example.com goes to one service and www.dummy.org goes to another.

Or request to paths starting with /shoppingcart goes to one and /admin goes to another.

Config maps are the run time configuration and environment variables you define to configure your applications.

Secrets are a special type of encrypted config maps. Suitable for database connections, API tokens, encryption keys and more.

And there is so much more to Kubernetes. Namespaces, cluster issuers, cronjobs, storage options, DNS, liveness probes, memory limits, autoscaling, etc, etc.

You can deploy a cluster locally. With amongst others:

• Docker for Mac. The official client from Docker inc does include an option to create a Kubernetes cluster locally.
• Minikube. A full cluster locally. Widely used for development.
• Microk8s. Simple local Kubernetes with Ubuntu.

Having a local cluster is handy for development but not essential. I suggest delaying setting up a local one until you have a real cluster running elsewhere.

You can follow Kubernetes The Hard Way to create a cluster on your own servers from scratch.

Or follow some ready made guides for server instances from a cloud provider:

• Amazon's AWS turnkey Kubernetes
• Google's GCE turnkey Kubernetes
• Microsoft's Azure turnkey Kubernetes

The quickest and easiest way to create a Kubernetes cluster is to use a cloud provider's Kubernetes service.

• EKS by AWS
• GKE by Google
• AKS by Azure
• Digital Ocean Kubernetes

EKS by AWS is probably the most used, primarly because so many already use AWS. However it is not cheap.

GKE was launched a long time before the others, and is comprehensive. Google's offering seems to be the one where Kubernetes is the priority of their entire cloud offering. For most people I would suggest taking a look at GKE first.

I have heard good things about AKS, as I have with a lot of the new Microsoft. But I have not tried it yet.

Digital Ocean's Kubernetes is still in Βeta and is the newest. It is however my prefered Kubernetes provider as it is quite polished and uncomplicated.

Many tools exists to abstract the creation and management of clusters in different ways. Some offer their own hosting, some allows abstract multi cloud clusters, some a fancy UI, etc. For example:

• Containership
• Rancher
• Tectonic
• OpenShift
• IBM container service
• Triton Kubernetes
• Terraform
• Docker Orchestration

Some of these are really good. But I would suggest using vanilla Kubernetes initially to understand it properly. You might find you don't need any abstractions on top of it.

You can create a cluster wherever you prefer, but for the purpose of this howto I would assume it was with Digital Ocean. As Kubernetes is fairly agnostic the rest of the howto is pretty much the same wherever and with whomever your cluster was created.

Login or create an account with Digital Ocean. You can use my referral link.

You may need to activate their Kubernetes product if it is still in Βeta. Create a new cluster in the admin tool.

During cluster creation you will probably be asked to specify nodes required. Digital Ocean defaults to 3 nodes of the 2gb memory instance. I suggest changing that to 1 node and perhaps 4gb.

You can change and scale this differently later when you know your requirements better. And then you might need more redundancy and scaling requirements.

Make sure you download the config that you will use in the next section to set up kubectl.

Note, Digital Ocean's Kubernetes config certificates are rotated weekly. So you will have to update your ~/.kube/config every time. A bit annoying, an security feature that I hope they create a more smoother work around soon.

To connect to and control remote Kubernetes clusters you need the kubectl command line tool.

It is available for most operating systems and environments. It is available as .deb & .rpm for Linux OSes.

As an Ubuntu Snap package:

For MacOs you can install it via Homebrew:

And various options if on Windows.

When you created your cluster your provider hopefully supplied a context config for you. Open ~/.kube/config and insert these in to it.

It should contain a cluster section, a user section, and a context section that ties these together. Over time this file will contain config for other staging and production clusters, so make sure no YAML typos are made.

Check if the context is correct with this command that connects your cluster:

Any "can not log in" errors usually means there is a typo in your YAML config.

Open a deployment.yml file:

Note, I strongly suggest your version control all your Kubernetes configuration. Either as part of a project repository in e.g. a root kube folder. Or as separate config repositories.

Lets apply this to your Kubernetes cluster:

You can use the apply or create keyword on initial creation. But only apply to update an existing one from then on.

You can see if it deployed without problems with:

The output should be something like:

We will put a simple service on top that routes port 80 to the replicated containers port 5678.

Note, you can combine the deployment and service into one YAML file, seperated by a line containing ---. Some people prefer that. I don't.

Before we apply this Kubernetes lets check if anything is running. There should be a kubernetes service on port 443 and nothing else:

Then lets apply the echo service to Kubernetes:

And the status of the service(s):

Note, no external port.

You can expose this service directly to the internet by changing the service to a NodePort type. Or you can add an external IP by changing the service to a LoadBalancer type.

Below we will modify the echo1 service to be a load balancer.

Note there was only one line added from the original service, the type set to LoadBalancer in the spec.

Note the pending in external IP column. If you keep polling with that command eventualy this changes to:

You can now curl or use a browser to reach that external IP. Or add it your /etc/hosts file or a DNS.

To go into detail on how to build a Docker image is out of scope of this howto. However for a simple example please refer to my Migrate blog to Jekyll howto which describes how to use CircleCI to build a docker image, and how to upload it to a 3rd party Docker registry (Quay.io).

To use any publicly available images from Docker hub just refer to the image name and tag in your deployment's spec/containers/image section.

However most of the time you will use images you have created, that are private and not publicly available. They may even be stored in a 3rd party Docker Registry, for example:

• Quay.io
• Google Container Registry
• Amazon ECR

For that you need to configure the authentication that Docker will use to download the image. This is done via Kubernetes Secrets.

In this example I have upload an image to Quay.io. Quay recommends using Robot accounts, so I have set one up with my private repository with read access. Using its username and token I create a docker-registry Secret:

Then modify the deployment file to add a imagePullSecrets to the spec/template/spec section. For example if we just reused the echo1 configuration:

This should download the container image from the private repository. As this often goes wrong due to typos or permissions, it is worth checking the status of your pods for a little while.

If you see ImagePullBackOff as status then you have some checking to do. Otherwise if it says Running then it worked.