KUBERNETES

CHEAT SHEET

Cheatsheet: Kubernetes for Operations 1

 Executive Summary
Kubernetes is a leading container management solution. For an organization to deliver
Kubernetes-as-a-Service to every line of business and developer group, operations needs
to architect and manage both the core Kubernetes container orchestration and the
necessary auxiliary solutions — e.g. monitoring, logging, and CI/CD pipeline. This cheat
sheet offers guidance on end-to-end architecture and ongoing management.

What is Kubernetes?
Kubernetes is a container management solution with several logical layers:

Development: agile microservices

development with data and container services

Continuous Delivery / Continuous Integration:

host application on Kubernetes

Kubernetes Service: containerized

application orchestration

as-a-Service Automation:
provisioning, scaling, self-healing

Infrastructure: public cloud,

virtualization, bare metal

Kubernetes differs from the orchestration offered by configuration management

solutions in several ways:

Abstraction Declarative Immutable

Kubernetes abstracts the Kubernetes master decides Different versions of
application orchestration how the hosted application services running on
from the infrastructure is deployed and scaled on Kubernetes are completely
resource and as-a-Service the underlying fabric. new and not swapped out.
automation.

Cheatsheet: Kubernetes for Operations 2

 Kubernetes Solution Design
Considerations

Automated Management True Interoperability Evergreen Cluster

Plan to automate ongoing Pure Kubernetes with Kubernetes is relatively
management of an end-to- stock user interface and new and versions with
end solution — Kubernetes, command line is the critical patches and desired
CI/CD, etc. current industry standard. features are released
frequently.

Kubernetes success relies on conformance and alleviates the burden created by other
solutions’ open-endedness and lack of interoperability from ancillary projects.

Kubernetes Features vs. Community Projects

Kubernetes Features

• Rigorous Testing & Integration

• Stable
• Versioned
• Discoverable
• Included in apiserver
• Include client support
• Included in Kubernetes API & Documentation
• Avoids OpenStack’s open-endedness & prevents snowflakes

FEATURES PROJECTS
EXAMPLES Pod Horizontal Autoscaling, IaaS autoscaling,
ReplicaSet VM orchestration

PART OF KUBERNETES Yes No

VETTED BY KUBERNETES
STAKEHOLDERS Yes No

TESTED AS PART OF
KUBERNETES
Yes No

STANDARD COMMERCIAL
SUPPORT Yes No

VERSION RISK Low High

API CHANGES OR
Low High
DEPRECIATION RISK

Cheatsheet: Kubernetes for Operations 3

 From Developer to Platform: Hosting
Applications on Kubernetes

CONTINUOUS INTEGRATION (CI) CONTINUOUS DEPLOYMENT (CD)

SOURCE CODE DEPLOY, MONITOR,
BUILD AND TEST RELEASE
CONTROL AND LOG

Automatically trigger CI/CD Start automated build and test, Update artifact repository with Deploy applications to container
pipeline based on code check-in. including functional, security and latest successful code artifacts and orchestration and watch with
performance tests. pull newest images. monitoring and logging.

Jenkins

Standard Components of Kubernetes

These are the minimum components required for a Kubernetes cluster:

Master Nodes Worker Nodes

API SERVER KUBELET — AGENT ON EVERY WORKER

• Entry point for cluster • Instantiate pods (group of one or more

• Processes requests and updates etcd containers) using PodSpec and insures
• Performs authentication/authorization all pods are running and healthy
• More: https://goo.gl/KL8WfQ • Interacts with containers - e.g. Docker
• More: https://goo.gl/FEKN43
CONTROLLER MANAGER

• Daemon process that implements the KUBE PROXY — AGENT ON EVERY WORKER

control loops built into Kubernetes — • Network proxy and load balancer for
e.g. rolling deployments Kubernetes Services
• More: https://goo.gl/NJyRP3 • More: https://goo.gl/ph4sAs

SCHEDULER

• Decides where pods should run based

on multiple factors - affinity, available
resources, labels, QoS, etc.
• More: https://goo.gl/nvLDE9

Cheatsheet: Kubernetes for Operations 4

 Standard Add-ons for Kubernetes
These are the Kubernetes add-ons that are required for all but Hello World solutions.

Kube-DNS Kubectl
• Provisioned as a pod and a service on • Official command line for Kubernetes
Kubernetes • Industry standard Kubernetes
• Every service gets a DNS entry in commands start with “Kubectl”
Kubernetes
• Kube-DNS resolves DNS of all services
in the clusters

Metrics Server Web UI (Dashboard)

• Provides API for cluster wide usage • Official GUI of Kubernetes
metrics like CPU and memory • Industry standard GUI for a Kubernetes
utilization clusters
• Feeds the usage graphs in the
Kubernetes Dashboard (GUI) — see
Dashboard image under “Kubernetes
Constructs” section.

Cheatsheet: Kubernetes for Operations 5

 Required for Container Solution
These are the ecosystem components required for any production Kubernetes solution but
not included with Kubernetes.

Infrastructure as-a-Service Automation

(DC/OS)
• Kubernetes can be installed on bare • Required management layer for
metal, public cloud instances or virtual Kubernetes CI/CD, and data services
machines • DC/OS provides intelligent as-a-Service
automation on any infrastructure
• DC/OS features abstraction,
declarative, and immutable
management
Ingress Controller Private Container Registry
• HTTP traffic access control for • Registry for an organization’s standard
Kubernetes services container images
• Interacts with Kubernetes API for state • Require access credentials (from IDM
changes or secrets located in Kubernetes pod)
• Applies ingress rules to service load
balancer
Monitoring Logging & Auditing
• Metrics collected on Kubernetes • Centralized logging for Kubernetes
infrastructure and hosted objects • Typical options: FluentD, Logstash
• Typical options: Prometheus, Sysdig,
Datadog
Network Plugin Secrets Management
• Network overlay for policy and • Holds sensitive information such as
software defined networking passwords, OAuth tokens, and ssh keys
• Network overlays use the Container required for services, developers and
Network Interface (CNI) standard that operations
works with all Kubernetes clusters
Load Balancing Container Runtime
• Software load balancing to each • Specific containers used in Kubernetes
Kubernetes services • Currently Kubernetes supports Docker

Cheatsheet: Kubernetes for Operations 6

 Kubernetes Constructs:

Image via the Kubernetes Dashboard Github: https://github.com/kubernetes/dashboard

Namespaces — Virtual segmentation of Pods — A logical grouping of one or more

single clusters. containers that is managed by Kubernetes
Nodes — Infrastructure fabric of Kubernetes ReplicaSet — continuous loop that ensures
(host of worker and master components) given number of pods are running
Roles — role based access controls for Ingresses — manages external HTTP traffic
Kubernetes cluster to hosted service
Deployments — manages a ReplicaSet, pod Services — a logical layer that provides IP/
definitions/updates and other concepts DNS/etc. persistence to dynamic pods

Cheatsheet: Kubernetes for Operations 7

 Commands
Below is some commands useful for IT professionals getting started with Kubernetes. A full
list of Kubectl commands can be found at the reference documentation https://kubernetes.
io/docs/reference/generated/kubectl/kubectl-commands

kubectl [command] [TYPE] [NAME] [flags]

Kubectl Command Format

Kubernetes abstracts the application Find the version of the Kubectl command
orchestration from the infrastructure line.
resource and as-a-Service automation.
$ kubectl version Find the version of the Kubectl command
line.
$ kubectl API version Print the version of the API Server.
$ kubectl cluster-info IP addresses of master and services.
$ kubectl cluster-info dump List all the namespace used in Kubernetes.
--namespaces
$ kubectl cordon NODE Mark node as unschedulable. Used for
maintenance of cluster.
$ kubectl uncordon NODE Mark node as scheduled. Used after
maintenance.
$ kubectl drain NODE Removes pods from node via graceful
termination for maintenance.
$ kubectl drain NODE --dry- Find the names of the objects that will be
run=true removed
$ kubectl drain NODE Removes pods even if they are not managed
--force=true by controller
$ kubectl taint nodes node1 Taint a node so they can only run dedicated
key=value:NoSchedule workloads or certain pods that need
specialized hardware.
$ kubectl run nginx Start instance of nginx
--image=nginx --port=8080
$ kubectl expose rc nginx
--port=80 --target-port=8080

Cheatsheet: Kubernetes for Operations 8

 Kubectl Command Format
$ kubectl get RESOURCE Print information on Kubernetes resources
including:

• all
• certificatesigningrequests (aka ‘csr’)
• clusterrolebindings
• clusterroles
• componentstatuses (aka ‘cs’)
• configmaps (aka ‘cm’)
• controllerrevisions
• cronjobs
• customresourcedefinition (aka ‘crd’)
• daemonsets (aka ‘ds’)
• deployments (aka ‘deploy’)
• endpoints (aka ‘ep’)
• events (aka ‘ev’)
• horizontalpodautoscalers (aka ‘hpa’)
• ingresses (aka ‘ing’)
• jobs
• limitranges (aka ‘limits’)
• namespaces (aka ‘ns’)
• networkpolicies (aka ‘netpol’)
• nodes (aka ‘no’)
• persistentvolumeclaims (aka ‘pvc’)
• persistentvolumes (aka ‘pv’)
• poddisruptionbudgets (aka ‘pdb’)
• podpreset
• pods (aka ‘po’)
• podsecuritypolicies (aka ‘psp’)
• podtemplates
• replicasets (aka ‘rs’)
• replicationcontrollers (aka ‘rc’)
• resourcequotas (aka ‘quota’)
• rolebindings
• roles
• secrets
• serviceaccounts (aka ‘sa’)
• services (aka ‘svc’)
• statefulsets (aka ‘sts’)
• storageclasses (aka ‘sc’)
$ kubectl explain RESOURCE Print documentation of resources
$ kubectl scale Scale a ReplicaSet (rs) named foo
--replicas=COUNT rs/foo
Can also scale a Replication Controller, or
StatefulSet

Cheatsheet: Kubernetes for Operations 9

 Kubectl Command Format
$ kubectl rolling-update Perform rolling update
frontend-v1 -f frontend-v2.json
$ kubectl label pods foo Update the labels of resources
GPU=true
$ kubectl delete pod foo Delete foo pods
$ kubectl delete svc foo Delete foo services
$ kubectl create service Create a clusterIP for a service named foo
clusterip foo --tcp=5678:8080
$ kubectl autoscale deployment Autoscale pod foo with a minimum of 2
foo --min=2 --max=10 --cpu- and maximum of 10 replicas when CPU
percent=70 utilization is equal to or greater than 70%

Kubernetes-as-a-Service Anywhere
with DC/OS
Deliver Kubernetes on any infrastructure with push-button
control and automated self-healing.
DC/OS automates the end-to-end management of Kubernetes, developer tools, and Big
Data services so they can be delivered as-a-Service on any infrastructure. DC/OS provides
the management layer organizations need to deliver Kubernetes to developer groups and
lines of business:

Cheatsheet: Kubernetes for Operations 10

 D2iQ Proven Success

D2iQ is leading the enterprise transformation toward distributed computing and hybrid
cloud portability. DC/OS is the premier platform for building, deploying, and elastically
scaling modern, containerized applications and big data without compromise. DC/OS
makes running containers, data services, and microservices easy, across any infrastructure
— datacenter or cloud — without lock-in

Learn More
Ready to see how D2iQ can power Kubernetes in your organization?
Contact sales@d2iQ.com today to get started. From weekly touch-base meetings to
biweekly roadmap calls, customer success managers and solution architects work lockstep
with your technology organization to eliminate the learning curve.

Cheatsheet: Kubernetes for Operations 11