**********
Kubernetes
**********

* Deployment → ReplicaSet → Pods → Containers
* 1 IP address per pod

Pods
====

Read
----

.. code:: shell

 kubectl \
 get pods \
 -n my-namespace

Execute
-------

.. code:: shell

 kubectl \
 run my-pod \
 --image my-image \
 --restart Never \
 -n my-namespace

Write
-----

.. code:: shell

 kubectl edit \
 pod my-pod \
 -n my-namespace

.. code:: shell

 kubectl delete \
 pod my-pod \
 -n my-namespace \
 --grace-period 0

Deployments
===========

Read
----

.. code:: shell

 kubectl get \
 deploy my-deployment \
 -n my-namespace \
 -o wide

.. code:: shell

 kubectl get \
 deployments \
 -n my-namespace

Execute
-------

.. code:: shell

 kubectl create \
 deploy my-deployment \
 --image my-image \
 -n my-namespace

.. code:: yaml

 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: my-deployment
 spec:
   replicas: 2
   template:
     metadata:
       labels:
         app: my-app
     spec:
       containers:
       - name: my-container
         image: my-image

Write
-----

.. code:: shell

 kubectl \
 set image \
 deployment/my-deployment \
 my-app=my-app:1.0.1 \
 -n my-namespace

.. code:: shell

 kubectl \
 delete deploy my-deployment \
 -n my-namespace

Scale
-----

.. code:: shell

 kubectl \
 scale deploy my-deployment \
 --replicas 3 \
 -n my-namespace

Services
========

* ClusterIP (internal)
* ExternalName (internal alias for external DNS)
* LoadBalancer (external dedicated IP) [if available]
* NodePort (exposed via node)

Read
----

.. code:: shell

 kubectl \
 get services \
 -n my-namespace

.. code:: shell

 kubectl \
 get service my-service \
 -n my-namespace

Write
-----

.. code:: shell

 kubectl \
 expose deployment my-deployment \
 --type LoadBalancer \
 --name my-load-balancer \
 --target-port 8080 \
 -n my-namespace

.. code:: shell

 kubectl \
 delete service my-service \
 -n my-namespace

.. code:: shell

 kubectl \
 edit service my-service \
 -n my-namespace

.. warning::

 ClusterIP is immutable!

NameSpaces
==========

Special:
* default
* kube-node-lease
* kube-public
* kube-system

Outside:
* Nodes
* Pod Security Policies
* Persistent Volumes

.. code:: shell

 kubectl api-resources \
 --namespaced false

Read
----

.. code:: shell

 kubectl \
 get namespaces

Write
-----

.. code:: shell

 kubectl \
 create ns my-namespace

.. code:: shell

 kubectl \
 delete ns my-namespace

Jobs
====

* one-time
* sequential
* parallel

CronJob → Job → Pods

Read
----

.. code:: shell

 kubectl \
 get jobs \
 -n my-namespace

Write
-----

.. code:: shell

 kubectl \
 create job my-job \
 --image my-image \
 -n my-namespace

.. code:: shell

 kubectl \
 create job my-job \
 --from cronjob/my-cronjob \
 -n my-namespace

.. code:: shell

 kubectl \
 apply -f file.yaml \
 -n my-namespace

.. code:: yaml

 apiVersion: batch/v1
 kind: Job
 metadata:
   name: my-job
 spec:
   activeDeadlineSeconds: 60
   backoffLimit: 4
   completions: 1
   parallelism: 1
   template:
     spec:
       containers:
       - name: my-container
         image: my-image
       restartPolicy: OnFailure

.. code:: shell

 kubectl \
 delete job my-job \
 -n my-namespace

.. code:: shell

 kubectl \
 delete job my-job \
 cascade=false \
 -n my-namespace