Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
How to Troubleshoot Apps for the Modern Connected Worker
CKA Certified Kubernetes Administrator Notes
1.
2.
3.
4. These notes follow LinuxAcademy structure which can be found here: https://
linuxacademy.com/course/cloud-native-certified-kubernetes-administrator-cka/. I
would recommend viewing the course to gain full and detailed explanations.
I have created these notes as part of my personal learning and hope to be able to
help and inspire others.
As i am also learning, there may well be mistakes, please do reach out and let me
know, so i can correct them.
Follow me on instagram: https://www.instagram.com/adnans_techie_studies/
All my notes are hosted here: https://adnan.study
Connect with me on LinkedIn: https://www.linkedin.com/in/adnanrashid1/
Overview
5.
6. ETCD
SCHEDULER
DATAASSIGNPODPOD
TO NODE
NODE NODE NODE
p
CLUSTER CONFIG
MASTER
CONTROLLER
y MANAGER
0 API
t SERVER iE9iE9
MeffNsIAEtN
COMMUNICATION HUB
v
NODE REPLICATE
FAILURE COMPONENTS
Cluster Architecture
7. API
SERVER
g
r
KUBELET KUBE PROXY
r
7
API SERVER
WORKER
NODE NODES KP KP KP KP
v
CONTAINER DOCKER
RUNTIME SCONTAINERD
e
RUNSYOUR
CONTAINERS
Network rules on nodes
Manages containers
on the node
Network Proxy that runs on each node
8. MODEL
MASTER POD
KUBELET
KUBE Proxy
2 N
DOCKER
IMAGE
REGISTRY
KUBECTL
YAML
FILES
G IT
Application running on Kubernetes
API Primitives
Convert to JSON
when making
request
API server is the only one that communicates with Etcd
Every component communicates with the API server only and not directly with one another.
Objects like pods and services are declarative intents.
9. API VERSION
KIND
METADATA s
L v
SPEC
STATUS
s
YAML File Composition
Clear consistent view of resources
The kind of object you want to create
Pod•
Deployment•
Job•
NamespaceName String UID
Uniquely identify the object
Container image volume exposed ports
State of the object —> match desired states
10. u r
32767 32767
v v
SERVICE s
POD
POD
u
POD
NODE 1 NODE 2
CONSISTENT IP ADDRESS
Services and Network Primitives
Services allow you to dynamically access a group of replica pods
13. PICKING THE RIGHT SOLUTION
OR
CLOUD
ON PREM
CUSTOM PRE BUILT
OR
Release Binaries, Provisioning and Types of Clusters
Minikube•
Minishift•
Micro K8S•
Ubuntu on LXD•
AWS, Azure and GCP•
Install manually•
Configure your own network fabric•
Locate the release binaries•
Build your own Images•
Secure cluster comms•
14. MASTER WORKERS
DOCKER t s GPGKEY
KUBERNETES
ADDREPOS
2 UPDATEPACKAGES
3 INSTALL DOCKER KUBELET KUBEADM KUBECTL
4 MODIFY BRIDGE ADAPTERSETTINGS
MASTER ONLY
I INITIALISE CLUSTER
2 MAKEDIRECTORY FORK8S
3 COPY KUBE CONFIG
4 CHANGE OWERSHIP OF CONFIG
5 APPLY FLANNEL CNI
Installing kubernetes master and nodes
15. MASTER 3
MASTER 2
MASTER I
APISERVER
t EDI Eh'InhIE
ER
or
ACTIVE
NODE 1
LOAD BALANCER
n r
KUBELET KUBELET KUBELET
WORKER 1 WORKER2 WORKER3
All components can be replicated, but only certain ones can operate simultaneously
Building highly available cluster
16. SCHEDULER CM o
0 ARE WE IN
tEEEE
II CHARGE
IiiI
CLUSTER
igg
theft
o
NOTTEIRET
E o j
SCHEDULER CM
LEADINGTO DUPLICATERESOURCES OR CORRUPTION
HOW DO WE
DECIDE
LEADER
ELECT CREATESENDPOINT RESOURCE
OPTION SEE IN SCHEDULER YAML
HOLDERIDENTITY
The controller manager and the scheduler actively watch
the cluster state and take action when it changes
17. TOPOLOGY
L J
STACKED EXTERNAL TO
KUBERNETES CLUSTER
EACH CONTROL
PLANE NODE
CREATES LOCAL
ETCDMEMBER
ONLYCOMMUNICATES WITH
API SERVER
nv v
ETCD ETCD
RAFT CONSENSUS ALGORITHMin
ETCD REQUIRES MAJORITY
THEREMUST BE MORETHANHALF
APISERVER TAKINGPLACE IN THE STATE
CHANGEANDTHEREFORE THERE
MUST BE ODDNUMBEROF NODES
Replicating etcd
18. ALLCOMMUNICATION VIA HTTPS
CLUSTERKUBERNETES
KUBECTL a
TRANSLATES API STATE
r
PROVIDES CRUD
u v s
CREATE READ UPDATE DELETE
RETURN RESPONSE
KUBECTL API STATE
CREATE POD
HTTPPOST SERVER STORED IN
ETCD
L i i 1
MULTIPLE AUTHENTICATION AUTHORISATION ADMISSION VALIDATION
PLUGINS 7 7 7
READ SKIP
CALLS TO
CREATEDETERMINE CANTHIS USER
REQUEST PERFORMTHIS MODIFY
ACTION DELETE
1
1
HTTP
HEADER CERTIFICATE
Configuring Secure Cluster Communications
19. O ACTION
f
s
ROLE
ROLE
BINDING
1012MORE v
WHOIAN
RESOURCE
DO IT WHATCAN
BEDONE
ROLE ROLE BINDING NAMESPACE RESOURCE
CLUSTERROLE CLUSTERROLEBINDING
CLUSTER LEVEL
RESOURCES
RBAC is used to prevent unauthorised users from modifying the cluster state
Building Highly Available Cluster
20. IDENTITY OF APP
POD c SERVICE
ACCOUNT RUNNING INPOD API
r
n
KYLE.io
YEr8FEeREEYouNTT0KENFILEATEfYIeff
T'ON
NAMESPACE 1 NAMESPACE 2
POD POD POD POD
L
SERVICE SERVICE
ACCOUNT
ACCOUNT
ONLYUSESERVICE
ACCOUNTIN SAME
NAMESPACE
Service Account
21. PERFORMANCE
EXAMPLEAND WHY
RESPONSE OF TESTS
APPLICATION
KUBETEST
POORCLUSTER
PERFORMANCE
Running end to end tests on cluster
Deployments can run•
Pods can run•
Pods can be directly accessed•
Logs can be collected•
Commands run from pods•
Services can provide access•
Nodes are healthy•
Pods are healthy•
24. NETWORKING WITHIN A NODE
10244 1.2 10 244 1.3
POD 1 POD 2
ETHO ETH
v v
VETHZAA VETH808
BRIDGE a
10.244 l 1 24 NODE 1
NETWORKING OUTSIDE OF THE NODE
10.244 t Z 102442.3
PODI VETH
VETH C POD2
BRIDGE
ETHO ETHO a BRIDGE
NODEI 172 31.43 91 NODEZ 172.31 34.144
NETWORK
Pod and Node Networking
25. 10.244 t Z 102442.3
PODI VETH
VETH a POD2
BRIDGE
ETHO CNI ETHOL BRIDGE
NODEI 172 31.43 91 NODEZ 172.31 34.144
NETWORK
CNI IS A NETWORKOVERLAY
ALLOWS BUILDING TUNNEL BETWEEN NODES
SITS ONTOP OF EXISTING NETWORKS
ENCAPSULATES PACKETS HEADER DATA TRAILER
or a
CHANGES SOURCEIDEST ADD
TOWDOES
CNI DO
THIS THERE ISAMAPPING ASSOCIATED IN USERSPACE
PROGRAM ALL PODIP ADDRESS'S TONODE IP
WHEN REACH OTHER NODE DE ENCAPSULATE
EXAMPLE CNI
PACKET ANDGIVE TO BRIDGE
As v
APPEARSLOCAL 10 NODE
MiCALICO FLANNEL
Container Network Interface
26. API SERVER
SERVICE
10.104185.62
10244.12 102442.3
KUBEPROXY KUBEPROXY
PODI VETH a r
VETHE POD2
Ip 1
Ip
BRIDGE TABLES ETHO ETHO TABLES BRIDGE
MODEL 17231.43 91 NODEZ 172 3134.149
NETWORK
PODSCOMEANDGO
HOWDOES THECLUSTERKEEP TRACK
SERVICES
PROVIDESVIRTUALINTERFACE AUTOASSIGNED TO
PODSBEHIND
EXAMPLE INTERFACE
CLUSTERIP
SERVICE
AUTOCREATED ON
CLUSTERCREATION
TAKESCAREOF INTERNALROUTING
NOMATTERWHEREMOVES OTHER PODS
KNOW HOWTO COMMUNICATE TO IT
Service Networking
27. SERVICE
TALKS 101 NODE
LOAD BALANCER AT A TIME
CANNOTSPLIT
TRAFFICLIKE A
LOADBALANCER
REDIRECTTRAFFIC CLIENTS TALK
TOALLNODESAND TO LB TO ACCESS
PORTS APPLICATION
ONLYACCESSIBLE DOESNOTHAVE
INTERNALLY EXTERNALIP
LOAD 7 EXTERNAL IPADDRESS
BALANCER FOREVERYSERVICE
MODEL NODEZ
i
PODI 31732 31732 POD2
r Iv v
SERVICE
APP EXAMPLE.COM APP1 SERVICE POD POD
INGRESS APP EXAMPLE.COM APP2 SERVICE pop pop
WEB EXAMPLE COM SERVICE polo POD
ACCESS MULTIPLESERVICESWITHSINGLE IPADDRESS
Ingress Rules and Load Balancers
Ingress
28. EVERY SERVICE DEFINED IN THE CLUSTER IS ASSIGNEDA DNSNAME
SERVICE
NAMESPACE BASEDOMAINNAMENAME
JENKINS DEFAULT SVC CLUSTER LOCAL
50 lo O I DEFAULT POD CLUSTER LOCAL
PODIP NAMESPACE BASEDOMAIN NAME
A PODS DNS SEARCH WILL INCLUDE THE PODS OWN
NAMESPACE AND THE CLUSTERS DEFAULT DOMAIN
Cluster DNS
29.
30. I
9
WHY
RULES ARE HOWEVER
PLACEDBY CAN CREATE r
DEFAULT OWN WORKERNODES
SAMENODE
HAVEDIFFERENTODISKS
SAVECOSTS
SCHEDULER I DOESTHENODEHAVEADEQUATEHARDWARE
RESOURCES
2 ISTHENODERUNNINGOUTOF RESOURCES
3 DOESTHEPODREQUEST A SPECIFICNODE
4 DOESTHENODE HAVE A MATCHINGLABEL
s IFPOD REQUEST A PORTIS IT AVAILABLE
6 IF PODREQUESTS AVOLUMECAN IT BE
MOUNTED
7 DOESTHEPODTOLERATETHETAINTSOFTHE
NODE
8 DOESTHEPODSPECIFY NODORPOD
AFFINITY
Configuring the Kubernetes Scheduler
Scheduler responsible for assigning pod to node based on resource requirements of the pod
31. POD POD POD POD
SCHEDULER1 SCHEDULER2
r
NODES I 2 3
EXAMPLE
TAINTS REPELWORK MASTERNODE
NOSCHEDUAL
TOLERATIONS
ALLOWYOUTO EXAMPLE DAEMONSETPOD
TOLERATE A KUBEPROXY MUSTRUNON ALL
TAINT NODES
CPU MEMORY
PODMAY NOTBE SCHEDULER
USINGALLREQUESTED
RESOURCEAT AGIVEN POST 8STEPS
TIME
L s
SCHEDULERLOOKS MOSTREQUESTED LEASTREQUESTED
ATTHESUMOF PRIORITY PRIORITY
RESOURCESREQUESTED r
BYEXISTINGPODS CLOUDENVIRONMENTS
WHY YOUAREPAYINGFOR
ALLRESOURCES
It is possible to have 2 schedulers working alongside each other.
Running multiple schedulers for multiple Pods
Scheduling pods with limits and label selectors
32. POD POD POD
POD
NODEI NODEZ NODE3
POD DAEMONSETPOD IF YOUTRY DELETE A DAEMONSET
POD REPLICASETPOD
POD IT WILLSIMPLY RECREATE IT
SCHEDULER POD LEVEL
LOGLEVEL PROBLEMS
EVEN LEVEL
DaemonSets ensure that a single replica of a pod is running on each node at all times
Display Scheduler Events
DaemonSets
33.
34. HIGHLEVEL RESOURCE FOR
DEPLOYMENTS
DEPLOYINGAND UPDATING APPS
REPLICASET REPLICASET
POD POD
POD POD
POD AppV1
POD
Appv2
DEPLOYMENT
KUBECTLAPPLY MODIFY OBJECTS TO EXISTING YAML AND
IF DEPLOYMENT NOT CREATED ALSO CREATE
KUBECTLREPLACE REPLACES OLD WITHNEW ANDOBJECT
MUST EXIST
ROLLING UPDATE PREFERREDWAY SERVICENOTINTERRUPTED
FASTESTWAY
KUBECTL ROLLOUT ROLLBACKPREVIOUS VERSION
Deploying an Application, Rolling Updates and Rollbacks
35. AVOIDING
BAD BLOCKBADVERSION
DECISIONS RELEASE
MIN READY READINESSSECONDS
PROBE
HOWLINGA AND DETERMINES IFNEWLYCREATED
ASPECIFICPODPODSHOULD BE
READY BEFORE
SHOULDRELIEVE
CLIENTREQUESTCONSIDERED
ORNOT
AVAILABLE
PODNOT
DEPLOYMENTv1
MINREADY READINESS pop errors
aRELEASED
SECONDS PROBE ATSSECONDS v
ROLLBACK
MUSTRETURNSUCCESS VERSION
10
I
CHECKEVERY PORT80
SECOND
CONTAINER CONFIGMAP APPCONFIG
PASSINGCONFIGURATION
OPTIONS TOAPP a CONFIGMAP
KEYA OLI
IETCCONFIG VOLUMECONFIG
v
KEYB VOLZENVIRONMENTVARIABLES IETCCERTS
n S SECRET
STOREINCONFIGMAP VOLUMECERTS SECRETAPPSECRET
CREATESECRETANDPASSTO EV POD CERT VOL
9
KEY VOL
MULTIPLECONTAINERS JUSTUPDATE
CANUSESAME NONEEDTO
REBUILDIMAGE
Configuring an App for HA and Scale
36. RECOMMENDED
REPLICADEPLOYMENTS LOSING NODE
SETS HASNO IMPACT
MANAGES REPLICASETS ON APP
PODS AREUNIQUE
9
POD DIES
REPLACEDWITH
SAMEHOSTNAME
AND CONFIG
STATEFULSETS
HEADLESS SERVICE
UNIQUEPODS
VOLUME CLAIM r
CERTAIN TRAFFIC
TO GO TO EACH POD
NEEDSOWNSTORAGE
ASIT IS UNIQUE
ReplicaSets ensure that identically configured pods are running at the desired replica count
Creating a self-healing app
37.
38. PODS ARE EPHEMERAL
POD TERMINATED
STORAGETERMINATED
STORAGE MUST BE INDEPENDENT IF PODMOVES
STORAGEFOLLOWS
STORAGECLASSES
PERSISTENT
VOLUME
PROVISIONING S
RESOURCE IN
CLUSTER
STATIC DYNAMIC
PVCMUST REQUEST
CLUSTERADMIN
A STORAGECLASS
CREATES AND
AVAILABLE FOR
CONSUMPTION
Persistent Volumes
39. VOLUME CAN ONLY
BE MOUNTED USING
ONE ACCESS MODE
AT A TIME
MOUNT CAPABILITY OF
NODE NOT POD
ACCESS
MODES
READWRITEONCE READWRITEMANY
ONLY INODECAN MULTIPLE NODE
MOUNT THEVOLUME CAN MOUNT FOR
FORREADANDWRITE READ I WRITE
READOFLYMANY
MULTIPLE NODE
CAN MOUNT VOLUME
FOR READING
Volume Access Modes
By specifying an access mode with your PV, you allow the volume to be
mounted to one or many nodes, as well as read by one or many
40. O pv STAYS WITH
at PVC pv
DEV a
0
ACTUAL
STORAGE
CLUSTER
ADMIN
POD PVC PV
VOLUMES
1Gt RECLAIMPOLICY
MOUNTPATH RWO RETAIN
U
BOUND
RETAIN DATA
IN VOLUME
COULDALSOBE
RECYCLEORDELETE
DELETECONTENTS
OF VOLUME DELETEUNDERLYING
STORAGE
Persistent Volume Claims (PVC)
PVC allows the application developer to request storage for the
application, without having to know underlying infrastructure.
41. STORAGE OBJECT PVCCANNOT BE
IN USEPROTECTION REMOVEDPREMATURELY
STILLBOUND
inPVC s
POD FINALIZERS PV
y
PVCPROTECTION
3 DELETEPOD n
v I 1 GETS DELETED
PVCDELETED
PROVISIONER PARAMETERRECLAIMPOLICY STORAGE
CLASS
AWSEBS GPI RETAIN
Storage Objects
Volumes that are already in use by a pod are protected against data loss. This means even if you
delete a PVC, you can still access the volume from the pod.
42. EXAMPLE
STORAGECLASS PVC DEPLOYMENT
METADATA STORAGECLASSNAME REPLICA 1 ROLLOUT
FAST FAST IMAGE KUBESERVEv1
100Mt VOLUMEMOUNT lDATA
READWRITEONCE VOLUME VOLUMEDATA
PERSISTENTVOLUMECLAIM
PV
Applications with Persistent Storage
Create storage class object1.
Create PVC object2.
Create deployment3.
Rollout deployment4.
Check pods5.
Create file on mount6.
List contents7.
43.
44. API
SERVER
FIRSTEVALUATES
v PRIVATE KEY
SERVICE NORMALUSER USERSTORE
IE JENKINS ACCOUNT FILE USERIPASS LIST
v
KUBECTLCREATESERVICEACCOUNTJENKINS
ASSIGN10POD IF YOUDONOTUSESPECIFIC
BYPUTTINGIN IT WILL USE DEFAULT
PODMANIFEST
L
CREAAIESOUSNERYKE KUBECTLGETSA VBUSYBOXYAML
v
NAME BUSYBOX
SECRET WILLSHOWDEFAULT 1JENKINS
SPECv
SERVICEACCOUNTNAME JENKINS
HOLDSTHE
ryAMLFORSERVICEACCOUNTPUBLIC A OF a
APISERVERT KUBECTLGETSAJENKINS DYAML
JWTTOKEN v JENKINSSERVER
ADDSK8SCHPLUGINKUB.EC LGETSECRETtNAMLs SHOWSECRET NAME
TOKEN
NOWCAN
THIS IS WHAT REQUEST
CONTROLPODS
WILL BE USED TO AUTH
WITH API SERVER
Service accounts and users
45. USER
0
ACCESSCLUSTERREMOTELY CREATECLUSTERROLEBINDING
MASTER
ADNAN SETCREDENTIALS KUBECTLCONFIG
u SET CREDENTIALS
CERT USERNAME ADNAN
PASSWORD PASSWORD
KUBECTLCONFIG
SET CLUSTERKUBERNETES 2
SERVER_HTTP l l.l.la SETCLUSTER
CERTIFICATE CERT
3
KUBECTL CONFIG c SET USER
SET CREDENTIALS
CONTEXT CAN BE USEDTO CONNECT
TOMULTIPLECLUSTERS
KUBECTLCONFIG SET CONTEXT
KUBERNETES CLUSTER KUBERNETES
USER NAMESPACE
n
4
USECONTEXT
KUBECTL GET NODES ASPER NORMAL
5
Service accounts and users
46. AUTHENTICATION AUTHORISATION
WHATCAN
FIRSTSTEPIN THEYDO RBACRULES
RELIEVINGREQUEST
v 4 RESOURCES
WHO POD OR 2GROUPS WHOCAN
HUMAN DO IT
WHATCANBE
u u
PERFORMEDON
ROLESAND ROLEBINDINGS
WHICHRESOURCE
CLUSTERROLES
AND
CLUSTERROLEBINDINGS
ROLE ROLE
ROLE
BYNOLING
ROLE BINDING ROLE BINDIFG
NAMESPACE 1 NAMESPACE 2 NAMESPACES
CLUSTER
cluster
KUBERNETES
ROLE
ROLE L CLUSTERBINDING
ROLE REFERENCESINGLE CANBINDTO
CREATE CREATE ROLE CREATE MULTIPLEUSER
NAMESPACE ROLE ROLEBINDING SERVICEACCOUNTS
ANDGROUPS
LISTSERVICES WHAT
FROMWEB ACTIONS
NAMESPACE NOTWHO
CLUSTERROLE
POD
CREATE CLUSTERROLE v
CLUSTER BINDING CURLFROM ACCESS AT
ROLE CONTAINER CLUSTER
LEVEL
VIEWPERSISTANT
VOLUMES
Cluster Authemtication and Authorisation
47. PORT3128
POD APPWEB POD APPDB
PORT4269
HOW
NETWORK CANAL CREATENETWORK CREATE
PLUGIN PLUGIN POLICY DEPLOYMENT
v u
DENY ALLNET EXPOSE
DEPLOYMENT
KINDNETWORKPOLICY
9
NAMEDENYALL
TRYACCESS TIMEOUT
BLANKALLINHERIT PODSELECTOR 3
POLICYTYPEINGRESS
CREATENETWORK LABEL
POLICY PODS
PODSELECTOR
MATCHLABELS
ALLOWCOMMSAPPDB
BETWEENPODS
INGRESS ANDSPECIFIED
MATCHLABELS PORT
APPWEB on
PORT
PORT4269
Network policies use selectors to copy rules to pods for communication throughout the cluster
Configuring Network
49. DOCKERHUBPRIVATEREGISTRY
POD
N AWS
CONTAINER 0
POD
D AZURE
RUNTIME POD
E
GCP
POD
CONTROLLING VULNERABILITIES CLAIR SCANNING
IMAGES THAT
GO INTO
PRODUCTION SOMETHING ON IT CAUSE NODECRASH
LOGIN TO PRIVATE REGISTRY
TAG DOCKER IMAGE
PUSH TO PRIVATE REGISTRY
HOW
I
USE FOR IMAGE PULLS
KUBERNETES DOCKER MODIFY
CREATE REGISTRY TYPE SERVICE POD
SECRET ACCOUNTS
DOCKER SERVER v
DOCKER USERNAME PRIVATEREGISTRY
DOCKER PASSWORD IMAGE
KUBECTIPATCH
Secure Images
50. LIMITACCESS TOCERTAIN
OBJECTS ATTHEPODAND
CONTAINERLEVELTHISWILL
ALLOWIMAGESTOREMAINSTABLE RUNASUSER
POD FSGROUP
N
POD RUNASNONROOT
CONTAINER
0
RUNTIME D POD PRIVILEGED
E
POD
ADDSYS TIME
KINDPOD
IMAGEALPINE
SECURITYCONTEXT RUNPODAS 405
RUNASUSER405
CANALSOPUT'RUNASROOT
ABILITYTORUNAS PRIVILEGED PRIVILEGEDTRUE
CONTAINER LEVEL
ABILITY TO LOCK
DOWN KERNEL SETTING ADD SECURITYCONTEXT
LEVELFEATURES CAPABILITIES ADD
ONCONTAINER ONPODLEVEL SYS TIME
REMOVE
NET ADMIN
SECURITYCONTEXT
DROP
CHOWN
Defining Security Context
51. DATA MUST
LIVE BEYOND SECRETS KEY VALVE PAIR
LIFEOFPOD v
PASS AS ENVVAR NOTBEST
OR PRACTICE
EXPOSE AS FILES
IN VOLUME MAYBE
OUTPUTTO
LOGFILES
CONTAINER POD
FILESYSTEM
VARRUNSECRETS
KUBERNETES.IO
DEFAULT DEFAULTTOKENSECRET
SERVICEACCOUNTS
SECRET PACE
TOKEN
HTTPS TO WEBSITE
GENERATE
a KEY
CERTIFICATE EFFET SECRET MOUPNoj.IN POD
v
COMBINED IN MEMORY FILE
FILEST SYSTEM
USE v
SECRET SECRETNOT
WRITTEN TO
DISK
Securing persistent key/value store
Secrets allow you to expose entries as files in a volume
keeping this data secure is crucial to cluster security
52.
53. NODEMETRICS
N POD CPUCCORETUTIL
CONTAINER
0
MEMORY
RUNTIME
D
E
POD POD METRICS
CPU MEMORY
INSTALL KUBEC.TL OPNODEsCPUMEMORYFORALLTHENODES
METRIC
SERVER KUBECTLTOPPOD CPUMEMORY FORALLTHE PODS
KUBECTLTOPPOD ALLNAMESPACE ALLNAMESPACE
KUBEC.TL 0PP0D NkUBESYSTEM KUBE SYSTEMNAMESPACE
KUBECTLTOPGROUP CONTEXT CONTAINERS POD CONTAINERS
The metric server allows you to collect CPU and memory data from the nodes and pods in your cluster
Monitoring the cluster components
54. USE
KUBECTL
APP LOGSTOCONTAINER STREAMED TO STDOUTS LOGS
AND
SYSTEM UNDERSTANDWHAT ISHAPPENINGINSIDECLUSTER
LOGS
DEBUGGING
LOGS ACCUMULATE OVER TIME
IF MANY MICROSERVICE WHICHLOGS ARE WHICH
V
LOGDIRECTORY VAR LOG CONTAINERS
ACCUMULATES LOGS
POD POD
LOGGINGAGENT
APPCONTAINER
v v
LOG LOG LOGGING AGENT
CONTAINER CONTAINER
I 2 LOGFILE
LOG
HAVESIDECARCONTAINERTO DO LOGGINGSOYOUCAN
ACCESS SPECIFIC LOGS
ABLETO ROTATE LOGSUSINGOTHERTOOLING NO NATIVE
Managing cluster component logs
55.
56. PODIYAML
KINDPOD
ABILITYTOWRITE NAMEP0D1
TERMINATION IMAGEBUSYBOX
MESSAGE 10SPECIFIC COMMAND y KUBECTL
FILEONCONTAINER DESCRIBE
TERMINATION v
MESSAGEPATH WILLSHOW
ERRORMESSAGE
ONLY PARTICULAR FIELDSCAN BECHANGED 1 E IMAGE
TO CHANGEOTHERFIELDSOF FAILED POD
EXPORTCONFIGURATION
I
MODIFY'AMLI E CHANGE MEMORYREQUEST
DISCOVERYERRr
APPCOMMERR
IMAGEPULLERR
APPLICATION
FAILURE
CRASHLOOPBACKOFFERR
FAILEDMOUNTERR
PENDING
RBACERR
Troubleshooting Application Failure
57. KUBERNETES API SERVERDOWN
SOFTWARE CONTROL
FAULT
PLANE
LOSE STORAGE ATTACHED
TO CONTROL PLANE
KUBELETSERVICE
CRASH v
INDEPENDENT
ETCD COULD
CRASH
VIEWTHEEVENTSFROMCONTROLPLANECOMPONENTS CHECKSTATUSOFKUBELET
SERVICE
VIEWLOGSFORCONTROL PLANE PODS
DISABLESWAP
CHECKSTATUS OF DOCKER SERVICE
CHECKFIREWALLDSERVICE
VIEWKUBELET VIEW KUBECONFIGVIEWSYSLOG JOURNAL LOGS
EVENTS a
GENERATENEWTOKEN
WORKER VIEWSTATUS
TROUBLESHOOTING
GET DETAILED INFO
PINGNODE
IPADDRESS SHINTONODE
OFNODE
ACCESSPODSDIRECTLY LOOKUPSERVICEVIADNS
r a
CHECKIPTABLERULES
NETWORK DNSRESONE CONF
ENDPOINTSOF v
SERVICE v KUBERNETES
CNIPLUGIN SERVICE
Troubleshoot failures