A few Kubernetes pro tips

Feb 29, 2024 · 3 min read

Kubernetes & Minikube

1. CLI tools

alias k='kubectl'

Context management

kubectl config use-context <context>

Useful tools:

  • kubectx: quickly switch clusters
  • kubens: switch current namespace

2. Minikube (local)

Enable metrics

minikube addons enable metrics-server

Dashboard

minikube dashboard

Ingress (Minikube)

minikube addons enable ingress

Verify:

kubectl -n ingress-nginx get pods,svc

3. Exploration & Debug

Built-in documentation

k explain pod.spec.containers

Useful commands

k get all
k describe <resource> <name>
k logs <pod>
k exec -it <pod> -- sh

4. Core objects

4.1 Pods

  • Smallest Kubernetes unit
  • Contains one or more containers
  • Ephemeral
  • Rarely handled directly
k get pods
k get pods -l app=mailpit

4.2 Deployment

Role

  • Manage pods
  • Ensure high availability
  • Rolling updates

Creation

k create deployment mailpit --image=docker.io/axllent/mailpit:v1.14.0

Generate YAML

k create deployment mailpit \
  --image=docker.io/axllent/mailpit:v1.14.0 \
  --dry-run=client -o yaml > deployment.yaml

Scaling

k scale deployment mailpit --replicas=5

Rollback

k rollout undo deployment mailpit --to-revision=1

History

k rollout history deployment mailpit

4.3 Namespace

List

k get ns

Create

k create ns my-namespace

Usage

k -n my-namespace get pods

All namespaces

k get pods --all-namespaces

4.4 Service

Role

Exposes pods

Main types:

  • ClusterIP (internal)
  • NodePort
  • LoadBalancer

Generation

k expose deployment/mailpit \
  --port=8025 \
  --dry-run=client -o yaml > service.yaml

List

k get svc

Port-forward

k port-forward service/mailpit 8025:8025

4.5 Ingress

Role

  • HTTP/HTTPS reverse proxy
  • Routing by domain / path
  • TLS

List

k get ingress

4.6 ConfigMap

  • Configuration storage
  • Not encrypted

4.7 Secret

  • Sensitive data
  • Base64 encoded (⚠️ not encryption)
apiVersion: v1
kind: Secret
metadata:
  name: mailpit-secret
stringData:
  MP_UI_AUTH: user:password

Apply

k apply -f secret.yaml

Read

k get secret mailpit-secret -o yaml

4.8 StatefulSet

Usage

  • Databases
  • Stateful applications

Characteristics

  • Stable identity
  • Persistent storage
  • Ordered deployment
  • Not a Deployment equivalent

Apply

k apply -f statefulset.yaml

Restart

k rollout restart statefulset postgres

4.9 Volumes & PVC

Problem

Pods lose their data

Solution

  • PersistentVolume (PV)
  • PersistentVolumeClaim (PVC)

Example (structure)

kind: PersistentVolumeClaim

5. Healthchecks (Probes)

startupProbe

  • Checks startup
  • Blocks other probes

livenessProbe

  • Checks the app is running
  • Restarts if needed

readinessProbe

  • Checks if the app can receive traffic
  • Removed from service if failing

6. Common operations

Apply a config

k apply -f file.yaml

Delete

k delete -f file.yaml

Delete a resource

k delete pod <pod>

7. Helm

Role

Kubernetes package manager

Create a chart

helm create my-chart

Install

helm install my-app my-chart

Upgrade

helm upgrade my-app my-chart

Diff (helm-diff plugin)

helm diff upgrade my-app my-chart -f values.yaml

Uninstall

helm uninstall my-app

8. Best practices

  • Version all YAML files
  • Never use latest
  • Define requests and limits
  • Use probes correctly
  • Separate environments via namespaces
  • Externalize config (ConfigMap / Secret)
  • Use Helm or Kustomize to industrialize