Online practical course from the
**8 years of IT infrastructure management experience
Online practical course –
active openings require K8s knowledge
of world corporations use K8s
enters the TOP-growing highly demanded skills
The REBRAIN practical course is based on the Fevlake agency’s experience
The program is for:
- Introduction. Basic concepts. Practical use of CLI
- Architecture. Architecture review
- Architecture. Work units/models/assemblies
- Architecture. ETCD
- Resources and Manifests. Practice and options of use
- Working with DNS and the network in Kubernetes. Relation between components
- Linking up external resources and storage systems
- Learning and providing the application secrets safety
- The setup of Authentication and Authorization between components
- KaaS vs Self-hosted. Comparison and practice
- Helm. Detailed analysis of Charts components
- Helm. Creating your chart from scratch
- Monitoring and Logging. What to pay attention to and how to use
- Workload. Migrating the project to Kubernetes
Kubeconfig is the configuration file that stores the configuration of access to the k8s cluster. By default, this configuration file is located at $HOME/.kube/config, however you can indicate the kubectl command the path to the configuration file using the --kubeconfig flag.
After starting the kubernetes cluster, minikube will automatically create this configuration file with root access to the cluster. However, if you serve several clusters, you can combine their configuration files into one and utilize the use context command to switch between clusters, access to which is described in your kubeconfig.
To easily operate with multiple clusters, you can redefine the context name of your cluster.
- Accessing to multiple clusters
If a lot of people use the cluster, then they need to be grouped and separated somehow. For example, by teams or projects. For this, and also for solving many other tasks, Kubernetes has got an abstraction of namespaces. Conventionally, you can imagine namespace as a part of a cluster dedicated to certain people or processes.
You can create various objects such as Pod, Deployment, Service, etc inside the namespace. The name must be unique within the namespace, but can be repeated in other namespaces. By default, two namespaces are created: kube-system and default. Kube-system contains the cluster system components, and default contains objects without a namespace. kubectl connects to namespace default by default.
Namespaces are a central part of many Kubernetes cluster features. As part of namespace, you can organize security policies such as RBAC and PSP (we will discuss this later), namespaces themselves can be limited by resources and much more. The basic approach in the organization of namespaces is to organize environments according to their purpose - for example, prod environments in the corresponding namespace, which has the maximum number of resources allocated; dev/stage are environments limited by resource limits with their own access and security policies, dynamically created namespaces for testing individual decisions in their branches, etc.
- kubernetes namespaces
- Create three separate namespaces: dev/prod/test.
- Modify the deployment from the previous task for the gocalc application to deploy the application to the three created namespaces.
- Apply the changes to the cluster.
- Print the information about running pods in each of the created namespaces in the console (save the command and output).
- In your response, provide a modified deployment and saved command and output in the console from the previous paragraph.
One of the easiest ways to work with kubernetes is through the web panel. The web interface allows not only to monitor the state of the cluster, but also to create new resources in it, as well as edit their YAML/JSON structure. You can also configure authorization to access the panel or SSO. It also has an option to read pod logs or run webshell in a container.
minikube contains the already configured dashboard; you can access it with the minikube dashboard command.
When connected, some options may not be available to you, because the access granted to you directly depends on what rights your user has (according to the RBAC rules, which will be discussed later); if you are only allowed to read the logs, then you won’t be able to call commands.
This solution, taking into account all the available options, allows you to provide access to the resources of your cluster to people who don’t have a working machine environment for working with the cluster, or don’t want to configure it at all: you only need logs and an access to the container’s console to run one-time tasks. But there is another limitation that we stumbled ourselves, but would like to warn you in advance: if you need to enter characters other than English (for example, Cyrillic) in webshell, then, unfortunately, this option will not work for you. They just won't work.
It is interesting to note that Dashboard hardly has alternatives in terms of the number of features; only cloud providers try to exclude this component by creating their management solutions (for example, Google can do the same as Dashboard with its web console, but it also works with multiple clusters at the same time).
- Web UI (Dashboard) (official docs)
- kubernetes/dashboard (github)
- The Ultimate Guide to the Kubernetes Dashboard: How to Install, Access, Authenticate and Add Heapster Metrics
Launch Kubernetes Dashboard in your cluster (save the commands and output). Connect to it through a proxy (save the commands, output and screenshot in the browser). Write an Ingress manifest to connect to the Dashboard with the DNS record created through nip.io. Apply the manifest and open the dashboard in your browser (save the commands, output and screenshot in the browser). In your response, send the written manifest, saved commands, outputs and links to Image Sharing.