Forem: ustundagsemih

Kubernetes Deployment & ReplicaSet

ustundagsemih — Tue, 15 Sep 2020 12:14:12 +0000

What is a ReplicaSet?

A ReplicaSet's purpose is to maintain a stable set of replica Pods running at any given time. A ReplicaSet ensures that a specified number of pod replicas are running at any given time. We often don't need to create a ReplicaSet directly. Instead we use Deployment to manage a ReplicaSet. Let's first take a look at how should we create a ReplicaSet.

We will create a ReplicaSet to ensure there is always 3 instances of a nginx container.

Here .spec.selector is a label selector and it is used to identify potential Pods to acquire by the ReplicaSet. In our case it will look for the Pods which have the label tier: frontend.

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: nginx-replicaset
  labels:
    tier: frontend
spec:
  replicas: 2
  selector:
    matchLabels:
      tier: frontend
  template:
    metadata:
      labels:
        tier: frontend
    spec:
      containers:
      - name: my-nginx
        image: nginx

Save this manifest into replicaset.yaml and apply it.

$ kubectl apply -f replicaset.yaml
replicaset.apps/nginx-replicaset created

$ kubectl get replicaset
NAME               DESIRED   CURRENT   READY   AGE
nginx-replicaset   2         2         2       19s

$ kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-replicaset-7db6b   1/1     Running   0          19s
nginx-replicaset-ncz56   1/1     Running   0          19s

We can see that our ReplicaSet has been deployed and there are 2 PODs just as we specified.

To the Deployments!

Now we have seen what is a ReplicaSet and how to create it, it is time to integrate it into a Deployment.

A Deployment provides declarative updates for Pods ReplicaSets.

Let's create a Deployment manifest. Instead of creating the manifest from scratch, we can use kubectl to create a template file for us. With the --dry-run flag, we tell kubectl to not create the resource. This way, we can easily modify the attributes later.

$ kubectl create deployment nginx-deployment --image=nginx --dry-run=client -o yaml > deployment.yaml

 $ kubectl get deploy
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   1/1     1            1           4m9s

$ kubectl get po
NAME                                READY   STATUS        RESTARTS   AGE
nginx-deployment-5969c7f455-j6685   1/1     Running       0          3m39s

After creting the deployment, we can see that only 1 Pod is created. This is because we didn't specify a value for replicas option. We can scale our deployment by editing the yaml file or we can use the imperative way.

$ kubectl scale deploy nginx-deployment --replicas=2
deployment.apps/nginx-deployment scaled

$ kubectl get deploy
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   2/2     2            2           12m

$ kubectl get po
NAME                                READY   STATUS        RESTARTS   AGE
nginx-deployment-5969c7f455-9nrs7   1/1     Running       0          71s
nginx-deployment-5969c7f455-j6685   1/1     Running       0          6m20ss

How to pass variables to a JSON file in Terraform

ustundagsemih — Fri, 04 Sep 2020 07:53:38 +0000

Let's say you are creating an IAM policy with Terraform by using a seperate json file which includes the statement for the policy.

In a typical statement we have 4 values to satisfy. These are Sid, Effect, Action and Resource.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Policy Name",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::mytestbucket"
            ]
        }
    ]
}

How should we dynamically change Resource and Sid values in this statement?

Well, Terraform has a data resource called template_file. With this, we can easily pass parameters dynamically to our statement file.

Demo Time!

First, we need to create a user, policy and bucket. We will then use the bucket ARN in our statement. I am using variables for most of the things in order to have a clean code.

resource "aws_iam_user" "iam-user" {
    name = var.iam_user_name
}

resource "aws_s3_bucket" "s3-bucket" {
    bucket = "mytestbucket"
}

resource "aws_iam_user_policy" "iam-policy" {
    name = var.iam_policy_name
    user = aws_iam_user.iam-user.name
}

Normally we can attach the json policy with the following;

policy = file("/path/to/policy.json")

Since we want to pass parameters to the json file, we will use a data resource called "template_file".

In order to use it, we must rename our json extension to tpl. With this we are stating that we want to use this file as a template.

Now we will modify our template file using interpolation syntax. We will pass parameters for both Sid and Resource.

"Statement": [
    {
        "Sid": "${sid-name}",
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket"
        ],
        "Resource": [
            "${resource-name}"
        ]
    }
]

Back to our main file we will add template_file resource.

data "template_file" "iam-policy-template" {
    template = file("/path/to/policy.tpl")

    vars = {
        sid-name = "Policy for S3 Access"
        resource-name = aws_s3_bucket.sample_bucket.arn
    }
}

Here we specified the vars block and inside we use the variables from the template file. Now we can use this data in our IAM policy resource.

Notice that we are accessing our template's rendered version.

resource "aws_iam_user_policy" "iam-policy" {
    name = var.iam_policy_name
    user = aws_iam_user.iam-policy.name

    policy = data.template_file.iam-policy-template.rendered
}

Kubernetes, Beginning with PODs

ustundagsemih — Wed, 01 Jul 2020 14:10:14 +0000

I am planning to prepare for the CKA exam. Since one of the best methods to learn for me is to write down what I have learned, I decided to write them as blog posts. So let's get started!

post-full-content pre { margin: 0;}

What is a POD?

A Pod is the smallest deployable unit that can be created and managed in Kubernetes. In the official documentation you can find much more theoretical information about Pods. In this post I try to go over practical usage of Pods.

How to create and run a POD?

There are mainly 2 ways of creating Pods in Kubernetes. One of them is using kubectl command. kubectl is a command line tool which lets you control Kubernetes clusters. For more information, please check the documentation

With the command below, we are creating a Pod labeled as nginx and using an image nginx.

$ kubectl run nginx --image nginx
pod/nginx created

If we check what Pods are running in our cluster, we can see that the Pod is running.

$ kubectl get pods
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          2m45s

We can also check the details of the Pod by running describe argument.

$ kubectl describe pod nginx
Name:         nginx
Namespace:    default
Priority:     0
Node:         node01/172.17.0.18
Start Time:   Sun, 28 Jun 2020 17:05:41 +0000
Labels:       run=nginx
Annotations:  <none>
Status:       Running
IP:           10.244.1.3
...
...

In the output, we can see which node is our Pod is running at, which image has been used etc. It also shows events related to the Pod. If there is an error, we could easily see it.

...
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  15m   default-scheduler  Successfully assigned default/nginx to node01
  Normal  Pulling    15m   kubelet, node01    Pulling image "nginx"
  Normal  Pulled     15m   kubelet, node01    Successfully pulled image "nginx"
  Normal  Created    15m   kubelet, node01    Created container nginx
  Normal  Started    15m   kubelet, node01    Started container nginx

Let's delete this Pod and create another one with the second method, by writing yaml files.
To delete a Pod we can simply run the command below.

$ kubectl delete pods nginx
pod "nginx" deleted
$ kubectl get pods
No resources found in default namespace.

Now create a file named as pod.yml and write some yaml.

apiVersion: v1
kind: Pod
metadata:
 name: my-nginx
 labels:
  app: my-first-app
  type: frontend
spec:
 containers:
  - name: nginx-container
    image: nginx123

Here we basically specify what kind of resource we want to create, which is Pod.
With metadata we specify a name for our Pod as well as apply some labels to it. Labels are handy in an environment where you have hundreds of Pods.
With spec section, we specify a name for our container and which image to use.
Now let's create a Pod with our definition file.

$ kubectl apply -f pod.yml
pod/my-nginx created

It successfully created the Pod. Let's check the status of it.

$ kubectl get pods
NAME       READY   STATUS         RESTARTS   AGE
my-nginx   0/1     ErrImagePull   0          58s

In STATUS column we can see that there is an error. Let's describe the Pod to get more information in the events section.

$ kubectl describe pods my-nginx
...
...
Events:
  Type     Reason     Age                  From               Message
  ----     ------     ----                 ----               -------
  Normal   Scheduled  2m47s                default-scheduler  Successfully assigned default/my-nginx to node01
  Normal   Pulling    49s (x4 over 2m22s)  kubelet, node01    Pulling image "nginx123"
  Warning  Failed     48s (x4 over 2m21s)  kubelet, node01    Failed to pull image "nginx123": rpc error: code = Unknown desc = Error response from daemon: pull access denied for nginx123, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     48s (x4 over 2m21s)  kubelet, node01    Error: ErrImagePull
  Normal   BackOff    34s (x6 over 2m20s)  kubelet, node01    Back-off pulling image "nginx123"
  Warning  Failed     23s (x7 over 2m20s)  kubelet, node01    Error: ImagePullBackOff

Here we can see that there is no image named as nginx123. Now let's try to resolve this problem. To solve it, we simply need to edit the definition file with the correct image name and apply it.

spec:
 containers:
  - name: nginx-container
    image: nginx

$ kubectl apply -f pod.yml
pod/my-nginx configured

Now if we check the status, we can see there is no error.

$ kubectl get pods
NAME       READY   STATUS    RESTARTS   AGE
my-nginx   1/1     Running   0          6m47s