Blog

December 7, 2023
in Kubernetes, CKAD
2 min read

Creating and Managing ConfigMaps and Secrets in Kubernetes

Overview

ConfigMaps and Secrets are essential Kubernetes resources for managing configuration data and sensitive information in a containerized environment.

Documentation

Configure a Pod to Use a ConfigMap

ConfigMaps

ConfigMaps store non-sensitive, configuration data in key-value pairs, which can be consumed by Pods.

Creating a ConfigMap

Define a ConfigMap with desired data.

Example

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  database_url: "http://mydb.example.com:3306"
  feature_flag: "true"

Using ConfigMap as Environment Variables

Reference the ConfigMap in a Pod to set environment variables.

Example

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
  - name: app-container
    image: myapp:latest
    env:
    - name: DATABASE_URL
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: database_url
    - name: FEATURE_FLAG
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: feature_flag

Using ConfigMap as Volume Mounts

Mount the entire ConfigMap as a volume.

Example

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
  - name: app-container
    image: myapp:latest
    volumeMounts:
    - name: config-volume
      mountPath: /etc/config
  volumes:
  - name: config-volume
    configMap:
      name: app-config

Secrets

Secrets securely store sensitive data like passwords or tokens.

Creating a Secret

Define a Secret with base64 encoded values.

Example

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  db_password: "c2VjcmV0cGFzc3dvcmQ="  # 'secretPassword' encoded

Using Secrets as Environment Variables

Inject Secrets into a container as environment variables.

Example

apiVersion: v1
kind: Pod
metadata:
  name: secret-app-pod
spec:
  containers:
  - name: secret-app-container
    image: myapp:latest
    env:
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: app-secret
          key: db_password

Using Secrets as Volume Mounts

Mount Secrets as volumes in a container.

Example

apiVersion: v1
kind: Pod
metadata:
  name: secret-app-pod
spec:
  containers:
  - name: secret-app-container
    image: myapp:latest
    volumeMounts:
    - name: secret-volume
      mountPath: /etc/secret
  volumes:
  - name: secret-volume
    secret:
      secretName: app-secret

ConfigMaps and Secrets are fundamental tools in Kubernetes for managing configuration and sensitive data. They provide flexibility and security, enabling seamless integration of environment-specific settings and confidential information into containerized applications.

December 7, 2023
in Kubernetes, CKAD
2 min read

Implementing and Configuring Liveness and Readiness Probes in Kubernetes

Overview

Liveness and readiness probes are crucial for maintaining the health and efficiency of applications in Kubernetes, implemented using HTTP requests or command executions within the container.

Documentation

Configure Liveness, Readiness and Startup Probes.

Implementing HTTP Get Probes

Liveness Probe with HTTP Get

Ensures the nginx container is alive. Restarts the container upon probe failure.
```
livenessProbe:
  httpGet:
    path: /
    port: 80
  initialDelaySeconds: 3
  periodSeconds: 3
```
HTTP Get Probes Documentation.

Readiness Probe with HTTP Get

Assesses if the container is ready to accept traffic.

readinessProbe:
  httpGet:
    path: /
    port: 80
  initialDelaySeconds: 15
  periodSeconds: 5

Readiness Probes Documentation.

Implementing Command-Based Probes

Command-based probes are another method to determine container status:

Liveness Probe with Command

Executes a command inside the container, restarting it upon failure.

livenessProbe:
  exec:
    command:
    - cat
    - /tmp/healthy
  initialDelaySeconds: 15
  periodSeconds: 20

Command Probes Documentation.

Readiness Probe with Command

Checks container readiness through a command execution.

readinessProbe:
  exec:
    command:
    - cat
    - /tmp/ready
  initialDelaySeconds: 5
  periodSeconds: 10

Command Probes Documentation.

Example Pod Configuration

Here's an example of a Pod using both HTTP Get and Command probes:

apiVersion: v1
kind: Pod
metadata:
  name: probe-pod
spec:
  containers:
  - name: nginx-container
    image: nginx:1.20.1
    ports:
    - containerPort: 80
    livenessProbe:
      httpGet:
        path: /
        port: 80
      initialDelaySeconds: 3
      periodSeconds: 3
    readinessProbe:
      exec:
        command:
        - cat
        - /usr/share/nginx/html/index.html
      initialDelaySeconds: 5
      periodSeconds: 10

In this configuration, the nginx container employs an HTTP Get liveness probe and a command-based readiness probe verifying the index.html file's presence.

Conclusion

Effectively utilizing liveness and readiness probes in Kubernetes is vital for ensuring applications run correctly and are prepared for traffic. These probes enable Kubernetes to manage containers based on real-time status, boosting application reliability and availability.

December 7, 2023
in DSA
2 min read

Understanding Linear Search, Largest, and Smallest Elements in an Array in Go

Arrays are fundamental structures in programming, offering efficient ways to store and access sequences of data. In Go, like in many other programming languages, arrays and slices are used extensively. This article explores the implementation of linear search and methods to find the largest and smallest elements in an array in Go.

What is Linear Search?

Linear search is a straightforward method of searching for a value within a list. It sequentially checks each element of the list until a match is found or the whole list has been searched. This method is simple but not particularly efficient, especially for large lists, as it requires, on average, checking through half of the elements in the list.

In Go, a linear search through an array can be implemented as follows:

func (a Array) LinearSearch(target int) int {
    for i := 0; i < a.Len(); i++ {
        if target == a.elements[i] {
            return i // Return the index of the found element
        }
    }
    return -1 // Return -1 if the element is not found
}

This function iterates through all elements of the Array until it finds the target value, returning its index. If the value isn't found, it returns -1.

Finding the Largest Element

To find the largest element in an array, we can iterate through the array, keeping track of the largest value found so far. This method also involves linearly scanning the array, similar to a linear search.

Here's how you might implement it in Go:

func (a Array) Largest() int {
    largest := math.MinInt // Start with the smallest possible integer
    for i := 0; i < a.Len(); i++ {
        if a.elements[i] > largest {
            largest = a.elements[i] // Update largest if a bigger element is found
        }
    }
    return largest
}

This function sets the initial largest value to the smallest possible integer. It then compares each element of the array to find the largest one.

Finding the Smallest Element

Similarly, to find the smallest element in an array, the process is much like finding the largest but in reverse. We keep track of the smallest value encountered as we iterate through the array.

The implementation in Go would look like this:

func (a Array) Lowest() int {
    lowest := math.MaxInt // Start with the largest possible integer
    for i := 0; i < a.Len(); i++ {
        if a.elements[i] < lowest {
            lowest = a.elements[i] // Update lowest if a smaller element is found
        }
    }
    return lowest
}

In this case, the initial value of lowest is set to the largest possible integer. The function then iterates through the array, updating lowest whenever it finds a smaller element.

Conclusion

These methods are essential for many basic operations on arrays in Go. While linear search, finding the largest, and finding the smallest elements are simple, they form the backbone of more complex algorithms and operations. Being well-versed in these basics is crucial for any programmer working with arrays in Go.

December 7, 2023
in Kubernetes, CKAD
1 min read

Performing Rolling Updates in Kubernetes Deployments

Overview

Learn how to perform rolling updates in Kubernetes Deployments, allowing for zero-downtime updates. This guide outlines the steps for updating a Deployment while ensuring continuous service availability.

Note

Before proceeding, ensure you have a basic understanding of Kubernetes Deployments and Services. Visit Kubernetes Documentation for more information.

Steps for a Rolling Update

Rolling updates replace old Pods with new ones, seamlessly updating your application without downtime.

1. Initiate the Rolling Update

Start by updating the Deployment's pod template, typically by changing the image version.

Example:

kubectl set image deployment/my-deployment nginx=nginx:1.16.1

2. Monitor the Rollout

Check the status of the update to ensure it's progressing correctly.

kubectl rollout status deployment/my-deployment

3. Undo the Update if Needed

If problems arise during the update, you can revert to the previous state.

kubectl rollout undo deployment/my-deployment

Tip

Always test updates in a staging environment and monitor the deployment closely during the rollout. Be prepared to rollback if any issues are detected. Performing Rolling Updates in Kubernetes Deployments

Conclusion

Rolling updates in Kubernetes provide a robust mechanism for updating applications without service interruption. By following these steps, you can maintain high availability while deploying new versions or configurations.

December 7, 2023
in Kubernetes, CKAD
1 min read

Certified Kubernetes Application Developer (CKAD) Exam Tasks

Domains & Competencies

Category	Percentage
Application Design and Build	20%
Application Deployment	20%
Application Observability and Maintenance	15%
Application Environment, Configuration and Security	25%
Services and Networking	20%

Application Design and Build

Application Deployment

Application Observability and Maintenance

Application Environment, Configuration, and Security

Services and Networking

December 7, 2023
in Kubernetes, CKAD
2 min read

Accessing and Analyzing Container Logs in Kubernetes

Overview

Accessing and analyzing container logs is a fundamental aspect of Kubernetes application observability and maintenance. Kubernetes provides various tools and commands, like kubectl logs, to retrieve and manage logs effectively.

Documentation

Accessing Container Logs.

Accessing Container Logs

Kubernetes maintains logs for every container in its Pods. These logs are crucial for understanding the behavior of applications and troubleshooting issues.

Using kubectl logs

Retrieve logs from a specific container in a Pod:
```
kubectl logs [POD_NAME] -n [NAMESPACE]
```
Pods with multiple containers, specify the container:
```
kubectl logs [POD_NAME] -n [NAMESPACE] -c [CONTAINER_NAME]
```

Streaming Logs

To continuously stream logs:

kubectl logs -f [POD_NAME] -n [NAMESPACE]

Analyzing Logs

Pattern Recognition: Look for error messages, exceptions, or specific log patterns that indicate problems.
Timestamps: Use timestamps in logs to correlate events and understand the sequence of operations.
Log Aggregation Tools: For a more comprehensive analysis, use log aggregation tools like ELK Stack (Elasticsearch, Logstash, Kibana) or similar.

Retrieving Logs from a Pod

# Retrieve logs from a specific pod in the 'default' namespace
kubectl logs my-app-pod -n default

# Stream logs from a container named 'web-container' in the 'my-app-pod'
kubectl logs -f my-app-pod -n default -c web-container

Conclusion

Effectively accessing and analyzing container logs in Kubernetes is vital for monitoring application health and diagnosing issues. Utilizing kubectl logs and other logging tools helps maintain the operational integrity of applications running in Kubernetes clusters.

December 7, 2023
in Kubernetes, CKAD
2 min read

Using Custom Resources (CRD)

Overview

Custom Resources extend the Kubernetes API. A CustomResourceDefinition (CRD) is used to define these custom resources.

Documentation

Extend the Kubernetes API with CustomResourceDefinitions.

Example CRD

In this example, we define a CronTab resource as described in the Kubernetes documentation.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: crontabs.stable.example.com
spec:
  group: stable.example.com
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                cronSpec:
                  type: string
                image:
                  type: string
                replicas:
                  type: integer
  scope: Namespaced
  names:
    plural: crontabs
    singular: crontab
    kind: CronTab
    shortNames:
    - ct

Steps to Use CRDs

Create the CRD Definition

Define your custom resource in a YAML file using the structure above. Save this file as crontab-crd.yaml.
Apply the CRD

Use kubectl to create the CRD in your cluster:
```
kubectl apply -f crontab-crd.yaml
```

Define a Custom Resource

Once the CRD is applied, you can define custom resources based on it. Example:

apiVersion: "stable.example.com/v1"
kind: CronTab
metadata:
  name: my-new-cron-object
spec:
  cronSpec: "* * * * */5"
  image: my-awesome-cron-image
  replicas: 1

Save this as my-new-cron-object.yaml.

Create the Custom Resource

Apply the custom resource to your cluster:
```
kubectl apply -f my-new-cron-object.yaml
```
Interact with the Custom Resource

Use standard Kubernetes commands to interact with your custom resource: To get the resource:
```
kubectl get crontab
```
To describe the resource:
```
kubectl describe crontab my-new-cron-object
```

Conclusion

Custom Resources in Kubernetes are a powerful way to introduce new API objects tailored to your application's needs, enhancing the flexibility and functionality of your Kubernetes cluster.

Documentation

Custom Resources Defination

December 7, 2023
in Kubernetes, CKAD
1 min read

Debugging Common Issues in a Kubernetes Application

Overview

Debugging Kubernetes applications requires understanding various CLI tools for effective troubleshooting. This guide covers the essential commands and techniques.

Key Documentation

Additional details can be found in Kubernetes documentation on Troubleshooting Applications and Application Introspection and Debugging.

Essential CLI Tools for Debugging

Checks the status of all Pods in a Namespace.

  kubectl get pods

Provides detailed information about Kubernetes objects.

  kubectl describe <resource> <resource-name>

Retrieves container logs for diagnosing issues.

  kubectl logs <pod-name>

Additional Tips

If initial investigations do not reveal the problem, consider checking cluster-level logs for more comprehensive insights.

Conclusion

Familiarity with these Kubernetes CLI tools is crucial for efficient debugging and maintaining applications. Regular practice will enhance your troubleshooting capabilities.

December 7, 2023
in Kubernetes, CKAD, CKS
2 min read

Understanding Kubernetes Authentication and Authorization

Overview

Kubernetes authentication and authorization are critical for securing access to the Kubernetes API and ensuring that users and services have the correct permissions to perform actions.

Documentation

Kubernetes Authentication and Authorization.

Authentication Methods

Normal Users: Usually authenticate using client certificates. They are typically managed by an external, independent service.
ServiceAccounts: Use tokens for authentication, which are automatically managed by Kubernetes.

Authorization with RBAC

Role-Based Access Control (RBAC) is used in Kubernetes to manage authorization. It involves defining roles and binding them to users or ServiceAccounts.

Roles and ClusterRoles

A Role defines a set of permissions within a specific namespace.

A ClusterRole defines permissions that are applicable across the entire cluster.
RoleBindings and ClusterRoleBindings

A RoleBinding grants the permissions defined in a Role to a user or set of users within a specific namespace.

A ClusterRoleBinding grants the permissions defined in a ClusterRole across the entire cluster.

Steps to Configure RBAC for Kubernetes Auth

Define Roles or ClusterRoles

Create a Role or ClusterRole to specify permissions.

Example for a Role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "watch", "list"]

Bind Roles to Users/ServiceAccounts

Use a RoleBinding or ClusterRoleBinding to grant these permissions to users or ServiceAccounts.

Example for a RoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
subjects:
  - kind: User
    name: jane
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Apply the Configuration

Use kubectl apply to create these roles and bindings in the Kubernetes cluster.
Verify Permissions

Verify that the users or ServiceAccounts have the appropriate permissions as defined by the roles and bindings.

Conclusion

Understanding and correctly implementing Kubernetes authentication and authorization are essential for maintaining the security and proper functioning of a Kubernetes cluster. RBAC provides a flexible and powerful way to control access to resources in Kubernetes, allowing administrators to precisely define and manage who can do what within the cluster.

December 7, 2023
in Kubernetes, CKAD, CKA, CKS
1 min read

Apply SecurityContexts to Enforce Security Policies in Pods

Overview

SecurityContexts in Kubernetes allow you to enforce security policies in Pods. They enable you to control permissions, privilege levels, and other security settings for Pods and their containers.

Documentation

Configure a Security Context for a Pod or Container.

Security Context

Here's an example of a Pod with a defined SecurityContext, as found in the Kubernetes documentation:

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    fsGroup: 2000
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: ["sh", "-c", "sleep 1h"]
    securityContext:
      runAsUser: 2000
      capabilities:
        add: ["NET_ADMIN", "SYS_TIME"]
      readOnlyRootFilesystem: true

Steps to Apply SecurityContexts

Define the SecurityContext

Include the SecurityContext in your Pod YAML file, as shown in the example.
Apply the SecurityContext

Save the YAML file with a name like security-context-demo.yaml. Deploy it to your cluster using kubectl apply -f security-context-demo.yaml.
Verify Security Settings

Confirm the enforcement of security settings by inspecting the running Pod: Use commands like kubectl exec to examine process permissions and filesystem access.

Conclusion

SecurityContexts are essential for maintaining security in Kubernetes Pods. They provide granular control over security aspects such as user identity, privilege levels, and filesystem access, thus enhancing the overall security posture of Kubernetes applications.