Forem: KALPESH

Networking

KALPESH — Thu, 05 Mar 2026 20:08:09 +0000

🖧 Subnet

Subnet is a smaller chunk of a bigger network, created using a subnet mask or CIDR

(e.g., /27) to split IPs into network and host parts.

It improves efficiency, security, and traffic control
CIDR /27 means you're borrowing 5 bits from the host portion (since 32 - 27 = 5).
That gives you 2⁵ = 32 IP addresses in total.
Out of those, 30 are usable IPs (excluding 1 for network address and 1 for broadcast).

DNS resolver

It stores information about domain names and their corresponding IP addresses in structured records

Handshaking

TCP make 3 ways handshake in order to establish connection.

OSI Layer

Layer 7, 6 & 5 happens in local level. e.g.- Browser

AWS VPC

Essential Linux Commands- 2

KALPESH — Thu, 05 Mar 2026 20:05:02 +0000

Shortcuts:

Reverse Search

Ctrl + R then type the command you want to search then Tab

Commands:

Info of Command

# brief description of command
whatis cat

Real time process info

# Real time process
top

# Wrapper: Graphical Process
htop

# System stat for performance check
vmstat

# Amount of CPU available
nproc

List Process & Hierarchy

# List Process not a Real time
ps

# Detail all process list
ps aux

# No of process(Line No)
ps aux | ln

# Only shows no lines
ps aux | wc -l

# kill process
kill <PID>

# Force process delete
kill -9 <PID>

# Thread dumnp
kill -3 <PID>

# Stop process
kill -STOP <PID>

# Resume Stop process
kill -CONT <PID>

# Prioritize Process (-n [1-20], lower no means high prioritize)
renice -n 10 -p <PID>

# Process Hierarchy
pstree -p

# Port used by Process
lsof -i :8085

Inspect Network Connection

# Get active ports in Use
netstat -tuln

# Network Interface Info
ifconfig

# Network Troubleshoot (Can WireShark tool)
# enX0: Network Interface
sudo tcpdump -i enX0 port 80

# Test Connectivity
ping google.com

# Tarce the path packet to reach destination
traceroute google.com

Disk Space, Size & Memory

# Check Disk Space
df -h

# Size of dir or file
# opt: directory
du -sh opt

# Memory (RAM)
free -h

# List Blob(All type of formats- Raw state) attach to Instance
lsblk

# Format the Blob Storage to linux supperted file system (ext4)
mkfs -t ext4 /dev/xvdf

# Mount it in order to use
mount /dev/xvdf mnt/demo-volume/

Services

Systemd manages services

# Logs of Services
journalctl

# Particular Service
journalctl -u nginx

# Logs of services from Last Boot
journalctl -b

Logs Filter

# Last 10 line of logs
tail -n 10 /var/log/auth.log

# First 10 line of logs
head -n 10 /var/log/auth.log

Alias

alias detail_list='ls -la'

# Want to persist the Alias, add in '~/.bashrc'

Symbolic Link

Soft Link (Like Windows Shortcuts)- It can be broken

# ln: link
# -s: flag for soft link 
# myfile: file you want to crate soft link
# slink: name of soft link file created
ln -s myfile slink

Hard Link (Actual Copy)- Doesn’t break the other one

# ln: link
# myfile: file you want to crate soft link
# hlink: name of hard link file created
ln myfile hlink

Users

# Full setup of User
adduser tim

# Just Add user
useradd tim

# Delete user
userdel tim

# Login into User with sudo privilege
sudo su - tim

# Root user indication
"#"

# Standard user indication
"$"

Groups & Ownership

==================================
# Before you shoud be in root user
==================================
# Create Group
groupadd devops

# Add User into Group- (Adding user:tim into group:devops)
usermod -aG devops tim

# Remove user tim from group devops
deluser tim devops 

# To see how manu group user belong to
id tim

# Change ownership of dir
# change owenership of dir to nexus:nexus(user:group) -R recursive
chown -R nexus:nexus <dir-name>

SSH Server

# ssh server config- sshd
ls /etc/ssh/sshd_config.d/<50-cloud-init.conf>

File Management

# Overwriting the existing content
echo "Hello" > file.txt

# Appending the content
echo "Hello" >> file.txt

Services

# Re-read all service configuration files from /etc/systemd/system/
sudo systemctl daemon-reload

# Registers your service to start automatically at boot time
sudo systemctl enable myservice

# Starts your service right now
sudo systemctl start myservice

# Check status of your service
sudo systemctl status myservice

Refer Linux Journey

Linux Journey

Python Overview

KALPESH — Thu, 05 Mar 2026 20:03:09 +0000

Python Modules

A file with reusable Python code (functions, classes, variables).
Example: custom .py files or sys, math module

Python Package

A folder with related modules, including an __init__.py file.
Example: numpy or custom module directories.
pip is a tool in Python to install & manage Python packages or libraries from the Python Package Index (PyPI).

Python Virtual Environment

Isolated environment for project-specific dependencies.
Create: python -m venv <env_name>
Activate: source <env_name>/bin/activate

Command Line Args

Python in build sys module

import sys # python inbuild sys module, which is used for command line args

num1 = float(sys.argv[1])

Environment Variables

Env vars used for sensitive data, which we can’t hardcoded:

API keys
passwords
tokens
certificates

Declare Env vars in terminal:

export password=”pass@123”

Code:

import os

pass = os.getenv("password")

File Operation of Windows

Open: open() with modes (r, w, etc.), e.g., open("file.txt", "r").
Read: Use read(), readline(), or readlines() to fetch content.
Write: Use write() or writelines() in modes like w or a.
Close: Use close() or with for auto-closing.

Module

Requests

The requests module in Python simplifies HTTP requests to interact with web servers.

Purpose: Send HTTP methods (GET, POST, etc.) and handle responses via API.
Features: Manage headers, cookies, auth, and work with JSON or text.
Install: pip install requests

import requests  
response = requests.get("https://example.com")  
print(response.status_code)  # Status code  
print(response.text)         # Response body

Boto3

AWS SDK for Python to interact programmatically with AWS services.
Ideal for automating AWS workflows and managing resources efficiently
Building serverless applications with services like Lambda and DynamoDB.

import boto3

# Initialize S3 client
s3 = boto3.client('s3')

# Upload a file to S3
s3.upload_file('local_file.txt', 'my-bucket', 'remote_file.txt')

Flask

It’s a lightweight web framework in Python used to build web applications with added functionality.

Decorators:

It’s a special function in Python used to modify the behaviour of another function.
It written above function with @ symbol.

from flask import Flask

app = Flask(__name__)

@app.route("/greet")  # Flask decorator that connects a URL('/greet') route to a function
def greet():
    return "Greetings from Flask!"

if __name__ == "__main__":
    app.run()

Constructor

It’s special method in a class that runs automatically when you create an object.

__init__()

# __name__ special build-in variable
__name__ = __main__ # Runs code only when file is executed directly

Pytest

Tool/framework for testing
Basic Structure

my_project/
│
├── app.py              # Your actual code
├── test_app.py         # Your test file (MUST start with "test_")

pytest -v — Verbose output
pytest -s — Show print statements

Assert Statements

They check if a condition is True. If True, test passes ✅

Fixtures

A fixture in pytest is a reusable piece of setup code that prepares data or resources for your tests.

Conftest

Special file where you define fixtures that are automatically available to ALL test files in that directory and sub directories. No imports needed!

Mocking

Create fake versions of external dependencies (APIs, databases, files) so tests run fast, reliably.

Terraform Scenario Qus

KALPESH — Thu, 05 Mar 2026 19:58:48 +0000

Scenario 1 : Terraform Migration of AWS Resource

Step 1: Import Resource Configuration

Import Block: Add the import block in main.tf to specify the EC2 resource ID and target resource name:
```
import {
  id = "instance ID"
  to = aws_instance.example
}
```
Generate Resource Configuration: Run the command to fetch the resource configuration:
```
terraform plan -generate-config-out=generated_resources.tf
```
Copy Code: Copy the generated resource block from generated_resources.tf to main.tf.
Cleanup: Delete generated_resources.tf as it is no longer needed.

Step 2: Import Resource into Statefile

Run the import command to bring the resource into Terraform state:
```
terraform import aws_instance.example <instance ID>
```
Result: The resource data is imported into the Terraform state file, ensuring the state matches the actual resource.

Scenario 2 : Terraform Drift Detection

Terraform doesn't automatically detect manual changes made directly in the AWS cloud.

Solution 1: Use a Cron Job to Refresh Terraform State

Set up a cron job to periodically run terraform refresh, which updates the Terraform state with the latest changes in the cloud.

Solution 2: Use Audit Logs or Event Notifications

Audit Logs: Enable AWS CloudTrail to log and monitor all changes.
AWS Lambda/Notification: Use AWS Lambda functions or event notifications to alert or trigger Terraform updates when manual changes happen by IAM users.

AWS Strategies

KALPESH — Thu, 05 Mar 2026 19:54:23 +0000

AWS Cloud Migration

1- Preparation stage

Verify if the application follows a microservices architecture.
If not, refactor the monolithic application into a microservices architecture.

2- Planning Stage

Break down the microservices migration into phases based on their criticality for cloud migration.

Most used Migration Strategies:

Rehost (Lift and Shift): Move applications to the cloud with minimal changes, focusing on quick deployment.
Replatform: Optimize specific components for cloud use without significant code changes.
Refactor/Rearchitect: Redesign the application, e.g., transforming a monolithic architecture into microservices.
Relocate: Shift services, e.g., from Kubernetes to OpenShift or EKS.

Least Used Migration Strategies:

Retain: Keep certain applications on-premise.
Retire: Shutdown unused applications.
Repurchase: Replace with a cloud-based solution.

3- Migrate Stage

Conducted in phases, working concurrently with the monitor stage.

4- Monitor Stage

Runs alongside the migrate stage to ensure smooth transitions.

5- Optimize Stage

Enhance efficiency, refine processes, and implement improvements for better performance.

AWS Cost Optimization

1. AWS Resource Groups & Tag Editor

Use Tag Editor to track resources and identify those incurring charges.

2. Set Budgets in AWS Billing

Create Budgets to get alerts when spending hits thresholds.
Schedule budget reports for proactive cost management.

3. Reduce Console Access/UI, Use IaC

Use Terraform or similar tools for automated resource management.

4. Apply Least Privilege Access

Limit permissions to essential roles to prevent unnecessary resource usage.

5. Automate with AWS Lambda

Use a Lambda function triggered by cron jobs, AWS CLI, or CloudWatch events.
Write Python scripts to identify stale or unused resources based on specific conditions.
Define actions for stale resources:

1. Notify: Use SNS (Simple Notification Service) to send an email alert about stale resources.



Cleanup: Automatically delete stale resources using APIs.

Request AWS Support for Unexpected Charges

Contact AWS Support for waivers on unexpected charges.

AWS ELB (Elastic Load Balancer)

KALPESH — Thu, 05 Mar 2026 19:51:17 +0000

ELB distributes incoming network traffic across multiple servers.
Primary purpose:
- Optimize resource use
- Enhance application performance
- Ensure high availability by preventing any single server from becoming overwhelmed with too many requests.

OSI Model

3 Types of ELB

ELB Type	Protocols	Use Cases	Cost Aspect
Application Load Balancer (ALB) - Layer 7	HTTP/HTTPS	Web apps, microservices, content & path-based routing	Costlier
Network Load Balancer (NLB) - Layer 4	TCP/UDP/TLS	Low-latency apps, millions of requests/sec, static IP	Moderate
Gateway Load Balancer (GWLB) - Layer 3	IP Protocol	Network appliances, firewalls, security monitoring	Less costlier than ALB and NLB

Load Balancer vs API Gateway vs Kubernetes Ingress (Reverse Proxy)

Feature	Load Balancer	API Gateway	Kubernetes Ingress (Reverse Proxy)
Primary Purpose	Distributes traffic for high availability	Manages, secures, and scales APIs	Routes external traffic to internal services in Kubernetes
Layer of Operation	Layer 4 or Layer 7	Layer 7	Layer 7
Key Features	Traffic distribution, fault tolerance	Authentication, rate limiting, monitoring	URL rewriting, SSL termination, routing
Use Case	High-traffic web applications (e.g., Amazon)	Microservices architectures (e.g., Netflix)	Containerized apps in Kubernetes (e.g., GitHub)

API Gateway

API Gateway vs Load Balancer

Example: E-commerce Platform

Load Balancer: Distributes traffic across multiple API Gateway instances.
API Gateway: Manages and secures APIs for product catalog, user authentication, and payment processing.
Kubernetes Ingress: Routes traffic to backend services like inventory management, order processing, and recommendation engines.
Backend Services: Reside in a private subnet and handle the core business logic.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

AWS Services- 2

KALPESH — Thu, 05 Mar 2026 19:49:21 +0000

S3 Buckets

S3 buckets are containers for storing objects (files) in Amazon S3.
Amazon S3 (Simple Storage Service) is a scalable, secure cloud storage solution from AWS

Benefits of S3 Buckets

Durability and Availability: High durability and availability for data.
Scalability: Store and retrieve unlimited data without capacity concerns.
Security: Features like encryption, access control, and audit logging.
Performance: Optimized for high performance in data operations.
Cost-Effective: Flexible pricing models based on usage.

Uploading and Managing Objects in S3 Buckets

Methods of Uploading: Objects can be uploaded via the AWS Management Console, AWS CLI, SDKs, or direct HTTP uploads, each with a unique key for retrieval.
Object Metadata: Includes content type, cache control, encryption settings, and custom attributes.
Versioning: Retain multiple versions of an object.
File Formats and Encryption: Supports various file formats and server-side encryption options (SSE-S3, SSE-KMS, SSE-C).
Lifecycle Management: Define rules for transitioning storage classes or automatic deletions to optimize costs.
Multipart Uploads: Enhances performance for large objects by allowing parallel uploads and resumable transfers.
S3 Batch Operations: Facilitates bulk actions on datasets, such as copying, tagging, or restoring archived data.

Advanced S3 Bucket Features

Storage Classes: Offers various storage classes for different use cases.
Replication: Enables automatic replication across buckets for disaster recovery or low-latency access.
Event Notifications: Configure triggers for actions like AWS Lambda functions or messaging with Amazon SQS/SNS on object events.

Security and Compliance in S3 Buckets

Security Considerations: Ensure proper configuration of bucket policies, access controls.
Data Encryption: Utilize server-side encryption for data at rest and SSL/TLS for data in transit.
Access Logging: Activate logging to record request histories and monitor for unauthorized activities.

S3 Bucket Management and Administration

Bucket Policies: Manage access permissions with JSON-format policies.
IAM Roles:
- Use IAM roles for temporary credentials and fine-grained control.
- IAM user policies can override settings in S3 bucket policies
APIs and SDKs: Programmatically interact with S3 using AWS SDKs or APIs.
Monitoring with CloudWatch: Monitor S3 metrics and set alarms for specific events.

Troubleshooting and Error Handling

Common Errors: Address access denied, bucket not found, and quota exceeded issues by checking permissions and configurations.
Debugging Access Issues: Utilize AWS CloudTrail and access logs to resolve permission-related problems.
Data Consistency:
- Use versioning
- Use S3 notifications for recovery
- Use Cross-Region Replication for disaster recovery.

Secret Management on AWS

AWS KMS (Key Management Service): Encryption and management of cryptographic keys Securely.
AWS System Manager: Storing non-sensitive configuration data.
AWS Secrets Manager: Storing sensitive data securely & automatically rotate secrets and manage access through IAM.
HashiCorp Vault: It’s a open source platform, designed for hybrid environments with robust features, unlike aws focus.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

AWS VPC: Virtual Private Cloud

KALPESH — Thu, 05 Mar 2026 19:45:11 +0000

VPC is a virtual network that you create in the cloud. It allows you to have your own private section of the internet. Within this VPC, you can create and manage various resources, such as servers, databases, and storage.

VPC components

Virtual private clouds (VPC)

VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets.

Subnets

Subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.

IP addressing

You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets.

Security Group

Security group acts as a virtual firewall for instances within a VPC. It controls inbound and outbound traffic at the instance level.
Security groups allow you to define rules that permit or restrict traffic based on protocols, ports, and IP addresses.

Network Access Control List (NACL)

Network Access Control List is a stateless firewall that controls inbound and outbound traffic at the subnet level. It operates at the IP address level and can allow or deny traffic based on rules that you define.

Network Address Translation (NAT)

Service that allows private IP networks to use the internet by translating private IP addresses to public IP addresses.

Routing

Route tables to determine where network traffic from your subnet or gateway is directed.

Gateways and endpoints

Gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet.
VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.

Peering connections

Use a VPC peering connection to route traffic between the resources in two VPCs.

Transit gateways

Transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN connections, and AWS Direct Connect connections.

VPC Flow Logs

A flow log captures information about the IP traffic going to and from network interfaces in your VPC.

VPN connections

Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).

Bastion Host in VPC

An Instance acts as a secure gateway to control access to a private network from an external network
It resides in a public subnet within the VPC, acting as an intermediary between external traffic and the private network.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

AWS CLI Basics: A Beginner’s Tutorial

KALPESH — Thu, 05 Mar 2026 19:41:17 +0000

Install AWS CLI

Download and Install it from the official AWS CLI installation guide.

Run aws configure

$ aws configure

aws configure --profile myprofile
AWS Access Key ID [None]: YOUR_ACCESS_KEY_ID
AWS Secret Access Key [None]: YOUR_SECRET_ACCESS_KEY
Default region name [None]: us-west-2
Default output format [None]: json

Verify Configuration

aws configure list

Configuration Files

AWS configure command stores your credentials & configuration settings in two files located in the ~/.aws directory:

~/.aws/credentials: Stores your AWS access key ID and secret access.
key.~/.aws/config: Stores your default region and output format.

Remove Credentials from Configuration File

Manually remove the credentials from the configuration file

Open the ~/.aws/credentials file (on Unix-based systems) or C:\Users\USERNAME.aws\credentials (on Windows).
Delete the [default] section or any other named profile section that contains your credentials.

Unset Environment Variables

If you have set your AWS credentials using environment variables, you can unset them:

unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN

Delete AWS CLI Cache

rm -rf ~/.aws/cli/cache

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

SonarQube Installation on EC2

KALPESH — Thu, 05 Mar 2026 19:39:40 +0000

Install SonarQube in the /opt directory on Ubuntu, follow these steps:

Update Package List and Install Dependencies:

sudo apt update -y
sudo apt install openjdk-11-jdk wget unzip

Download SonarQube: Visit the SonarQube download page to get the latest version URL or use the command below for a specific version. For example:
```
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.6.1.62043.zip
```

Extract the Downloaded File:

sudo unzip sonarqube-9.6.1.62043.zip -d /opt

Create a SonarQube User (Optional but recommended for security):

sudo useradd --system --home /opt/sonarqube --shell /bin/false sonarqube

Change Ownership of the SonarQube Directory:

sudo chown -R sonarqube:sonarqube /opt/sonarqube-9.6.1.62043

Configure SonarQube: Edit the sonar.properties file to set up SonarQube (e.g., database configuration, web server ports, user & passwd):
```
sudo vi /opt/sonarqube-9.6.1.62043/conf/sonar.properties
```

Create a Systemd Service File: Create a service file for SonarQube to manage it as a systemd service:

sudo vi /etc/systemd/system/sonarqube.service

Add the following content:

[Unit]
Description=SonarQube
After=syslog.target network.target

[Service]
Type=forking
User=sonarqube
Group=sonarqube
ExecStart=/opt/sonarqube-9.6.1.62043/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube-9.6.1.62043/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=8192
Restart=always

[Install]
WantedBy=multi-user.target

Reload Systemd and Start SonarQube:

bashCopy codesudo systemctl daemon-reload
sudo systemctl start sonarqube
sudo systemctl enable sonarqube

Access SonarQube at http://<public IP>:9000

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

Introduction to GitOps: Argo CD & Argo Image Updater

KALPESH — Thu, 05 Mar 2026 19:35:29 +0000

GitOps uses Git as the single source of truth to deliver applications and infrastructure

GitOps Principle

Argo CD resides in K8s cluster, which is k8s controller

Desired state must expressed declaratively
Desired state must stored in way to enforcing immutability & versioning
Software agent (controller= argoCD)automatically pulled desired declarative state from source
Software agent (controller= argoCD) continuously reconciled actual & desired state

Advantages of GitOps

security
versioning
Auto Upgrade
Auto Healing from any unwanted changes
Continuous reconcile

Argo CD Installation methods

manifest yaml
helm chart
operator

ArgoCD Architecture

Application controller: Reconciling the desired state of applications with the actual state
Repo server: Interactions with Git repositories, fetching and tracking changes
API server: Acts as the interface for Argo CD, handling requests from users and other components
Dex: An identity and access management server used to authenticate and authorize users
Redis: An in-memory data store used for caching and session management

Argo Image Updater

Argo Image Updater resides in K8s cluster, which is k8s controller

Scans for new images in CI: It continuously checks for new versions of the container images in registry(GitHub) which is used in applications.
Updates deployments(manifests) in CD: If there's a new version available, it updates the deployment(manifests).
Argo CD applies changes: Argo CD then applies these changes to your Kubernetes cluster with help of deployment(manifests) as single source of truth.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊

Kubernetes Overview

KALPESH — Thu, 05 Mar 2026 19:33:56 +0000

Kubernetes is Orchestration system for automating software deployment, scaling, and management.

Problem that Kubernetes solving

Single Host

K8 work as clusters which has a group of computing nodes, that run containerized applications
Auto Scaling

K8 use HPA(horizontal pod auto scaling) feature to accommodate the load
Auto Healing

K8 fixes the damaged by creating new container with help of K8 control plane
Enterprise Level

Solve Enterprise level problem like: orchestration, firewall, etc.

K8s Cluster Architecture

Data Plane (worker nodes)

Container Runtime

In order run container application like docker, we need container runtime:
- dockershim
- containerd
- CRI-O
Pod
- Pod is smallest unit in K8s act as wrapper for containers. It represents a single instance of a running process in cluster.
- Provide declarative way (YAML)
- Can run more than 1 container in a pod
CRI(Container Runtime Interface)

It's a API that allow kubelet to communicate with different container runtimes.
kubelet

Responsible for pods monitoring, deletion, creation.
kube-proxy

Responsible for pods networking, IP, load balancing.

Control Plane (master nodes)

kube-api-server

API server act as central management hub of control plane.

It expose K8s API to external world, which enables communication b/w different components of the control plane and the worker nodes.
scheduler

Responsible for assigning newly created pods to nodes.

Ensuring that workloads are evenly distributed and that pods are placed on nodes that meet their resource and other requirements.
etcd

It's a key-value data storage. It is responsible for storing all the cluster's state and configuration data. Act as Back-up of K8s cluster
Controller Manager

It responsible for managing & maintaining desired state of cluster

It runs a set of controllers that perform various cluster management tasks.
Cloud Controller Manager (CCM)

Responsible for managing cloud-specific resources and interacting with the cloud provider's API.

K8s Namespace

Namespace is logical isolation of resources, n/w, policies, rbac.

KOPS (Kubernetes Operations)

KOPS an open-source tool that simplifies the creation, management, & upgrading of K8s clusters on cloud providers such as AWS, GCE, and Azure.

K8s Installation & Commands

Installation of kubectl

kubectl is command-line for K8s

For further assistance refer: kubectl documentation

Download the latest release with the command:

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

Install kubectl

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

Installation of minikube (local K8s cluster)

For further assistance refer: minikube documentation

Installation

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64

Start minikube

# minikube function
# VM -> single node K8s cluster

minikube start

kubectl Commands

get k8s clusters, filter with region

kubectl config get-contexts | grep ap-south-1

selecting k8s cluster

kubectl config use-context <user-name>@< k8scluster name>

checking current k8s cluster

kubectl config current-context

get no. of nodes

kubectl get nodes

create pod

kubectl create -f pod.yml

get no. of pods

kubectl get pods

# More details of pods
kubectl get pods -o wide

delete pods

kubectl delete pod nginx

detail info about pods

kubectl describe pod nginx

debug pods

kubectl logs nginx

K8s Pods

pod.yml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

K8s Deployment

deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3  # Replica-set ensure auto-healing by Controller
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx  # Label for pods
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

K8s Service

A K8s Service provides:

Load balancing
Service (network) discovery using labels and selectors
External exposure to world

                          |---------------------------------------------|
+-------------------+     | +----------------+      +-----------------+ |    +-----------+      +-----------+
|    Service        | --->| | Deployment     |--->  |   ReplicaSet    | |--> |    Pod    | ---> | Container |
| (Load Balancer)   |     | |                |      |                 | |    |           |      |           |
+-------------------+     | +----------------+      +-----------------+ |    +-----------+      +-----------+
                          |---------------------------------------------|

Type of service

Types of services:

ClusterIP: Access within cluster network
NodePort: Access through outside cluster: organization, VPC, or nodes
LoadBalancer: Public access from outside

service.yml

apiVersion: v1
kind: Service
metadata:
  name: my-loadbalancer-service
spec:
  type: LoadBalancer
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80        # Service port
      targetPort: 8080  # Pod port

Kubeshark

Tool that provides real-time visibility into K8s clusters API traffic

K8s Ingress

K8s Ingress addresses the following enterprise challenges:

Security
Advance Load balancing (various types)

Ingress Controller

Watches for Ingress resources & enforces these rules by updating its underlying load balancer or proxy configuration.

Common Ingress Controller:

NGINX
HAProxy

Ingress Resource

Defines the routing rules

Type of Load Balancing:

Host: Directs traffic based on the hostname.
Paths: Directs traffic based on URL paths.
TLS: HTTPS traffic with SSL certificates.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

K8s RBAC (Role based access control)

RBAC is flexible method for managing access control in various systems, OS, databases, and applications, which improve security & ensure compliance

RBAC is general access control manager, unlike AWS IAM which is cloud specific.

Service Account: Provides an identity for processes running in a pod
Role: Defines a set of permissions
Role Binding: Associates role with service account (or user/group)

K8s CRD, CR & Custom Controller

CRD (Custom Resource Definition)

CRD is a way to extend the Kubernetes API to create your own custom resources.
It allows you to define new types of resources that Kubernetes can manage, beyond the built-in types like Pods, Services, and Deployments.

CR (Custom Resource)

Custom Resource is an instance/new type of resource of a Custom Resource Definition.
Once a CRD is defined and applied to the cluster, you can create, read, update, and delete instances of that custom resource.

Custom Controller

A custom controller is a piece of software that watches for changes to custom resources (or other Kubernetes resources)
Reconcile the current state of the cluster with the desired state specified by those resources.

K8s ConfigMaps & Secrets

Solves ENV variable problems:

Decoupling Configuration from Code
Dynamic Updates
Reusability Across Multiple Pods

ConfigMaps

ConfigMaps are used to store non-confidential configuration data in key-value pairs.

Secrets

Secrets are used to store sensitive data, such as passwords, OAuth tokens, and SSH keys & encrypted at rest
Use RBAC to get least access privilege.

Dynamic Configuration: `ConfigMaps/Secrets as Volume`

configmap.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: example-config
data:
  database_url: "mongodb://localhost:27017"
  feature_flag: "true"

deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: example-app
  template:
    metadata:
      labels:
        app: example-app
    spec:
      containers:
      - name: example-container
        image: example-image
        envFrom:
        - configMapRef:
            name: example-config
        volumeMounts:                   # Mounting Volume to Deploy -> POD
        - name: config-volume
          mountPath: /etc/config
      volumes:                          # ConfigMaps as Volume
      - name: config-volume
        configMap:
          name: example-config

K8s Operators & Helm

Both tools that help manage K8s complex (stateful) applications

K8s Operator

Manage tasks with minimal or no restarts
Automate operational tasks:

* Upgrades

* Backups

* Failover

* Scaling

Functions as a controller that extends K8s capabilities by using Custom Resource Definitions

Helm

May trigger restarts during deployments/upgrades
Package manager for Kubernetes that simplifies the deployment process by using charts, which are collections of YAML files describing a set of K8s resources.
Helm help with:

* Defining, Installing, and Upgrading Applications: Standardizes and simplifies application lifecycle management.


Customizing Deployments: Enables environment-specific configurations through value overrides.
Release Management: Tracks application releases for rollbacks or updates.
Versioning: Manages versioned manifest files for repeatable deployments.
Sharing Charts: Facilitates reuse and collaboration across teams or organizations.

K8s Monitoring: PROMETHEUS & GRAFANA

PROMETHEUS

Monitors and alerts cloud-native environments by collecting metrics from applications and infrastructure

GRAFANA

Allows users to visualize and monitor data through dashboards and charts, using Prometheus.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊