A few Kubernetes pro tips
Feb 29, 2024 · 3 min read
Kubernetes & Minikube
1. CLI tools
kubectl (recommended alias)
alias k='kubectl'
Context management
kubectl config use-context <context>
Useful tools:
kubectx: quickly switch clusterskubens: switch current namespace
2. Minikube (local)
Enable metrics
minikube addons enable metrics-server
Dashboard
minikube dashboard
Ingress (Minikube)
minikube addons enable ingress
Verify:
kubectl -n ingress-nginx get pods,svc
3. Exploration & Debug
Built-in documentation
k explain pod.spec.containers
Useful commands
k get all
k describe <resource> <name>
k logs <pod>
k exec -it <pod> -- sh
4. Core objects
4.1 Pods
- Smallest Kubernetes unit
- Contains one or more containers
- Ephemeral
- Rarely handled directly
k get pods
k get pods -l app=mailpit
4.2 Deployment
Role
- Manage pods
- Ensure high availability
- Rolling updates
Creation
k create deployment mailpit --image=docker.io/axllent/mailpit:v1.14.0
Generate YAML
k create deployment mailpit \
--image=docker.io/axllent/mailpit:v1.14.0 \
--dry-run=client -o yaml > deployment.yaml
Scaling
k scale deployment mailpit --replicas=5
Rollback
k rollout undo deployment mailpit --to-revision=1
History
k rollout history deployment mailpit
4.3 Namespace
List
k get ns
Create
k create ns my-namespace
Usage
k -n my-namespace get pods
All namespaces
k get pods --all-namespaces
4.4 Service
Role
Exposes pods
Main types:
- ClusterIP (internal)
- NodePort
- LoadBalancer
Generation
k expose deployment/mailpit \
--port=8025 \
--dry-run=client -o yaml > service.yaml
List
k get svc
Port-forward
k port-forward service/mailpit 8025:8025
4.5 Ingress
Role
- HTTP/HTTPS reverse proxy
- Routing by domain / path
- TLS
List
k get ingress
4.6 ConfigMap
- Configuration storage
- Not encrypted
4.7 Secret
- Sensitive data
- Base64 encoded (⚠️ not encryption)
apiVersion: v1
kind: Secret
metadata:
name: mailpit-secret
stringData:
MP_UI_AUTH: user:password
Apply
k apply -f secret.yaml
Read
k get secret mailpit-secret -o yaml
4.8 StatefulSet
Usage
- Databases
- Stateful applications
Characteristics
- Stable identity
- Persistent storage
- Ordered deployment
- Not a Deployment equivalent
Apply
k apply -f statefulset.yaml
Restart
k rollout restart statefulset postgres
4.9 Volumes & PVC
Problem
Pods lose their data
Solution
- PersistentVolume (PV)
- PersistentVolumeClaim (PVC)
Example (structure)
kind: PersistentVolumeClaim
5. Healthchecks (Probes)
startupProbe
- Checks startup
- Blocks other probes
livenessProbe
- Checks the app is running
- Restarts if needed
readinessProbe
- Checks if the app can receive traffic
- Removed from service if failing
6. Common operations
Apply a config
k apply -f file.yaml
Delete
k delete -f file.yaml
Delete a resource
k delete pod <pod>
7. Helm
Role
Kubernetes package manager
Create a chart
helm create my-chart
Install
helm install my-app my-chart
Upgrade
helm upgrade my-app my-chart
Diff (helm-diff plugin)
helm diff upgrade my-app my-chart -f values.yaml
Uninstall
helm uninstall my-app
8. Best practices
- Version all YAML files
- Never use
latest - Define
requestsandlimits - Use probes correctly
- Separate environments via namespaces
- Externalize config (ConfigMap / Secret)
- Use Helm or Kustomize to industrialize