Docker Containers and Kubernetes Fundamentals – Full Hands-On Course

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

gee Barrette teaches us Docker containers and kubernetes fundamentals course for beginners ghee is a developer and trainer with more than 25 years of experience he is a Microsoft MVP frequent conference speaker and was the leader of the montreal.net user group for more than 23 years all this is to say he is the perfect person to teach you about Docker and kubernetes [Music] welcome to this Docker containers and kubernetes fundamentals training course my name is gibaret and I'll be your host in your Learning Journey Into The Amazing World of containers I'm a full-time trainer with a developer background and I'm based in Montreal Canada and that's where my strange accent comes from I'm certified on kubernetes and also on terraform Azure AWS and Google Cloud I'm very honored to be a Microsoft MVP in the Azure expertise and a digitalocean navigator you can reach me via the contact page and on Twitter what should you expect from this course you will not become an expert just by taking this course this is an entry-level course that will provide you with a strong containers and kubernetes Foundation and you'll gain enough knowledge to make sound decision at work or in your projects throughout this course you will find lots of Amazon activities to practice what you've learned you will use Docker and kubernetes locally on your PC or Mac so there's no requirement to have an account with a cloud provider are there any prerequisites for this course not really if you're a developer a devops specialist an ID Pro or even a technical manager that's totally fine no previous Docker or kubernetes knowledge is required we will cover a lot of ground you will learn about containers Docker and D Docker registry you learn about the kubernetes objects like pods workloads and services that's a lot of material and the goal here is to get you from zero knowledge to a kubernetes ninja well at least provide you with enough knowledge to Aspire being a kubernetes ninja I want to say a big thank you for learning Docker and kubernetes using this course if you like the course you can help me by making a small donation this is the link to my buy me a coffee page you can of course buy one of my other courses where you'll learn to run containers on different Cloud providers services and use a managed kubernetes cluster in the cloud and finally I wish you all the best in your Learning Journey [Music] let's see how to set up your laptop or PC for this course you need a laptop PC or Mac with either Windows 10 Mac OS or Linux if you have a Mac with an apple silicon most tools should run perfectly I will use Visual Studio code with the docker extension to help build create and run containers vs code is a free IDE that runs on Windows Mac and Linux on Windows and Mac you'll need Docker desktop with kubernetes enabled on Linux refer to the documentation on how to install Docker and kubernetes on your distro you'll need a Docker of account and a few easy to install tools refer to the setup instructions located below this video the lab files are located in a git repo on GitHub simply open this URL in a browser click on the code button if you have git installed on your machine you can type git clone with the link displayed here and if you don't have git simply click on the download zip button to download the code as a zip file [Music] let's talk about the microservices concepts if we head to Wikipedia and take a look at the definition that we find over there it says that it's a variant of the service oriented architecture or SOA a structural style slash architecture and that it arranges in application as a collection of loosely coupled services so instead of a large monolithic system we have multiple smaller pieces in a microservices architecture services are fine-grained meaning that each of them have their own responsibilities and the protocol use are lightweight like an API exposed over HTTP or grpc for example if we look at the monolithic architecture these systems were usually built as one single unit an IDE would group multiple projects and we would compile the whole thing as one single unit they were also deployed as a single unit so we would need to copy everything all the files on on a server and if we had to scale the system we had to spin a new VM and copy deploy the whole system on that VM and same for a third and a Ford server an example of such a monolithic architecture is a treaty application even though the system was clearly separated into layers it was all tightly coupled from the web project we had to make a reference to the business layer project and the whole system would run in the same address space with macro Services we break our big system into smaller parts each with its own responsibility so let's say we have a class that deals with identity in our business layer we can extract that code and place it in its own microservice we can then scale each of these smaller pieces independently from each other there's no strong bound since we expose functionality through an API they can be written by smaller teams and each can use their own programming languages like go PHP C sharp and domain-specific data can be stored in separate databases so the way we would deploy a monolithic system is by deploying everything on a server all the dlls files needed to run the system we had to scale the deploy everything on more servers now let's compare that to microservices well microservices are deployed independently each can scale independently also need to scale back one service no problem so if you have an existing monolithic system how can you transform it into a microservices architecture well you need to break it into small units like the code that dealt with the identity in the in our business layer Martin Fowler author of the patterns of Enterprise application architecture book documented the way to achieve such a transformation using the Strangler pattern let's say our identity code is here in the Legacy system we can place a facade to Route the calls to it migrate the code and have the facade route the calls to the new macro service at some point as we go we will end up with less code in our Legacy system and when democracy and it's done we can get rid of the facade this pattern is very useful and you can learn more about it using the link in this slide and this concludes this lecture on the Marco Services Concepts [Music] let's talk about Marco Services anti-pattern because it's a thought Rosie I know it's kind of strange to talk about what can go wrong right away but I think it's very important first of all it's not some kind of magic pixie dust that you can sprinkle on top of a zigzing system and boom you get a beautiful Marco Services architect system it takes efforts and maturity to achieve this from one monolithic system you'll end up with a bunch of smaller pieces and that can add extra complexity a change to a microservice can have a domino effect and take your system down and what about securing all of these microservices it's also essential to use or introduce new processes in the organization like devops Ci CD and testing but be careful and don't try to implement everything at the same time it's a recipe for disaster take it step by step and make sure you have metrics in place to validate each of these steps and this concludes this lecture on microservices antibatterns [Music] let's talk about the microservices benefits and drawbacks since each microservice runs in its own address space there are less chances that if one of them goes down it takes the whole system down with it a microservice runs on open source Technologies so there's less Fender lock-in since they are smaller in most case they are easier to understand and that makes them faster to deploy and also easier to scale like we saw in the anti-pattern section there are some drawbacks complexity is added over mother's existence to resolve to her complexity issues so make sure your team is well trained and has made some proof of concept and make sure to start small adding one piece at a time testing might appear simpler since there are less functionality in a microservice to test but make sure to test the whole system deployment may appear simpler but one update can impact many Marco services and have a terrible domino effect ready to manage multiple databases calls between macro services will go through apis and this will add a bit of latency to all calls so make sure you test for that this key transition server will appear you'll make a call and it will fail or but try again 50 milliseconds later and it will work so make sure to implement some retry strategies in your code or by using a service mesh instead of one big point of failure you'll end up with multiple ones can your system survive if one microservice goes down and what about security are you okay for all these microservices can see and talk to each other so yes complexity is introduced for solving complexity issues and this concludes this lecture on the macro Services benefits and drawbacks thank you [Music] let's Now understand what is cloud native you may have heard the term Cloud native before but what it is exactly it's a way to architect and build complex systems taking advantage of modern development practices and the use of cloud infrastructure if we head to the cloud native Foundation website and look at the definition we see that it's quite a long one so let's break it into smaller parts Cloud native uses containers service meshes microservices immutable infrastructure and declarative apis we'll cover containers service meshes and macro services and the concept of immutability in this course but not how to build apis immutable infrastructure means that we usually never update something but we replace it with a newer version Loosely coupled systems mean that the functionalities are exposed through apis observable with the use of metrics creation and updates are automated and instead of making changes once every six months we deploy eye impact changes on a freaking basis and finally we use a series of Open Source projects to run our system when the cncf says to use open source projects they are not kidding this cncf landscape graph shows a ton of Open Source projects that you can use but don't worry you don't have to use them all the challenge really is to identify which one to use in the context of what you want and try to achieve and this concludes this lecture on cloud native head to the cncf website for more info [Music] let's go deeper in the cloud native Concepts Cloud native is about Speed and Agility the user wants new features right away without any downtime and the business wants faster release of feature to stay competitive a cloud native application architecture starts with clean code using domain-driven design techniques Markle services and kubernetes this course is all about microservices and kubernetes feel free to explore the concepts of clean code and DDD on your own with Cloud native we need to change mentalities infrastructure becomes immutable and disposable it is provision in minutes and Destroy as fast it is never updated but it's replaced with newer versions traditionally we would care about our virtual machines we would patch the OS update the apps with containers we create newer version with the software updates destroyed the previous running ones and replace them with the newer ones so the containers that you'll run will be more like cattle than pet of course this Cloud native thing is a lot easier when starting a new project a blank page or a green field however it's still possible with Legacy projects I really like the cloud native Foundation trail map because it breaks the journey to Cloud native into smaller measurable objectives you can set your own performance indicator to measure each steps to ensure a smooth Journey so let's take a look at the first steps your team must first learn how to cantonerize your application the developers and the IT Pros must know how to deploy and monitor containers you need to automate deployment through the use of continuous integration and continuous delivery techniques and tools you need to use an orchestrator like kubernetes and maybe deploy your application using L charts then you need to add observability so you can understand what's happening in your kubernetes clusters and be reactive use tools like service meshes to provide more functionalities inside your cluster Implement security through policies and wow these were just the first six steps Now understand that you don't have to implement all of this and especially not at the same time I really like this trail map because it breaks the journey into smaller steps that the management can understand and measure and this concludes this lecture on the cloud native Concepts [Music] let's take a look at the cncf website the website is located at cncf.io and from there you can take a look at the various projects maintained by the cncf information about on how to get certified Community Information like the conferences that the cncf organized each year so let's go back to the projects menu and you'll notice that projects are categorized in three categories sandbox incubating and graduated let's click here on this the second menu here and let's scroll down to the bottom and here you get the information about the meaning of these three categories and basically that's their maturity level sandbox projects are mostly newer projects uh well graduated projects our projects set conservatives Enterprises are more likely to use so let's take a look at the graduated ones we found here kubernetes Helm Jagger so let's click on kubernetes and basically that will show you the the project website let's take a look at the incubating ones here we find Linker D grpc let's click on grpc you can get more information about the grpc all right let's go back to this menu remember the trail map that I mentioned in the previous lecture well here it is cloud native trail map here's the nice diagram you can get more information you can get send that to friends colleagues and here's a link to the landscape diagram here it is it's super huge Let's uh let's click here on kubernetes and here we get very interesting information well you get the repository where the project is uh is stored you get the number of stars and the activity number of commits here you get you get the website address and also the Twitter handle here so you should follow the Twitter feed of the project that you're using so let's close this one let's click here on hell again website uh repository number of stars activity and the Twitter handle and this concludes this look at the cncf website thank you let's now talk about the containers Concepts containers containers containers they are everywhere but what are they exactly a container is a unit of deployment it contains everything needed for the code to run so the compile code the runtime system libraries and this is system tools you take a container push it on a server and it should run of course it can have some external dependencies like a database or a cache but the code deployed in it should run as is so why use containers because it is faster to deploy something small than something big like a complete monolithic system uh they use fewer resources they are smaller and since they are smarter you can fit more on the same server when using cicd techniques they are a lot faster to deploy you can run them anywhere and they are isolated from each other meaning that if one fails it will not take the whole system down with it so what exactly is virtualize let's compare virtual machines with containers a VM runs on some kind of Hardware where an OS is installed the OS hypervisor will let you create a virtual machine where you will install in OS so basically DVM virtualized the hardware and what's happening when a VM starts well you see the BIOS coming up and then the OS boots up and what about the size of that VM let's say we have a Windows Server VM it can take 12 gigabytes of RAM and 500 gigabytes of hard drive space and how long does it take to boot well depending on multiple factors something like 5 to 10 minutes now let's compare that to containers we still have the hardware and the OS of course there's a container runtime installed uh in the OS and containers images are run in memory now compared to a VM a container does not have to boot because it will use the host OS kernel this means that container starts in seconds because they don't have to boot they also use a lot less memory and hard drive space since there's no OS a small container can take a hundred megabyte of hard drive space and run in 64 or 100 megabyte of RAM so VM and containers virtual machine have a larger footprint they are slower to boot ideal for long running tasks container are lightweight they're quick to start they don't have to boot they're portable and they're ideal for short-lived tests because they you can spin one super fast so are containers replacing virtual machines our virtual machines obsolete absolutely no containers are just another tool in your toolbox and you need to find the right use case for them and also for VMS if you're old enough you must remember what the telephone booth is if not well before cell phones we used to make phone calls in these spoons by dropping a dime or a quarter anyways using a telephone boot analogy you can pack more containers on the same server than what's possible with virtual machines containers are made of layers you start with the base OS add customizations and add your applications let's take a deeper look at this screenshot the docker pull command retrieves and download a container image as you can see each layer is downloaded individually notice that each has a unique ID and that for the first ones Docker says that they already exist why is so Docker uses a local cache to store the container's images and if a layer already exists it will not be downloaded again the benefit is that if you pull version 2 of an image Docker will only download the layers not present in its cache one of the goal when creating container images is to create them with the smallest number of layers possible later on we'll see techniques on how to achieve that now can you write on these layers well no except for the top one because it is read right the lower ones are read only another concept is the container registry it's a centralized repository where you deploy the container images you create think Gita but for containers Docker as one called Docker up that provides public and private repositories and all major Cloud providers have container registry services the last container concept is the orchestrator an orchestrator allows us to manage scale monitor the containers that we run on our servers you can install your own or use a managed cluster offered by one of the cloud providers like AWS Azure Google Cloud we will come back to the orchestra Concepts after we have a better knowledge of containers and this concludes this lecture on the containers Concepts [Music] let's Now understand what is docker so what is stalker that may seem like a simple question but there's more to it there's Docker the company and Docker the platform document thinks the Mobi project an open source container runtime that follows the specs from the open container initiative doctors sold its Docker Enterprise division late 2019 to a company called mirantis so if you want to buy Enterprise support or get certified with docker you have to go through morentis Docker provides a container runtime that runs on Mac windows and Linux a command line tool to create and manage a containers a Docker file format for building containers and interestingly Windows lets you create both windows and Linux containers foreign if for some reason Docker doesn't seem to work on your machine try restarting it by using the restart menu from the system icon on Windows or by clicking on the debug icon in Docker desktop on Mac and windows and clicking on restart Docker desktop is very stable but I had some issues when my laptop was coming back from hibernation but that was a long time ago and I haven't had issues for a while and this concludes this lecture on docker [Music] the easiest way to run Docker on your machine is by running Docker desktop it's a free download available on docker.com so you click here on get started and you download the version for your OS so Windows Mac Linux here now if you're running Windows uh check the version of Windows that you're running if you're running Windows 10 version 2004 or a later version you can run what what's called windows subsystem for Linux version 2. so wsl2 basically it allow you to run a Linux distribution right into your Windows installation so Docker desktop can run its container by installing a virtual machine inside hyper-v or if you have wsl2 install it will it will install that virtual machine inside the Linux distribution and everything will be a lot faster so that's the preferred way so just to prove a point here I'm going to launch my hyper-v miniature and as you can see I'm not running any virtual machine so my Docker desktop installation uses wsl2 you'll find a link to this installation guide in the modules notes okay so let's take a look at the docker desktop I'm running Windows as you can see I can see my Docker desktop system tray icon here so for Mac User it'll be at the top of the screen of course I can right click on it and let's select dashboard all right so here I can see a list of um containers that are currently running I can stop them restart them delete them I can see a list of uh images that are installed on my machine here we'll come back to that later on there's a gear icon here that's the setting icon and in the general section here you can see that wsl2 is enabled so that's why Docker desktop doesn't use a Now preview virtual machine it uses the wsl2 to run the VM and there's the kubernetes menu here if I select it I can see that kubernetes is enabled so when you check that Docker desktop will download additional containers to run kubernetes right onto Docker desktop here so very useful there's a bug icon here which is the troubleshoot icon here so if at some point you're issuing Docker commands and the don't work or something's wrong uh running Docker Docker commands you can click here on the restart button here you can see my name here it means that I'm currently logged and if I right click down on the system play icon you can see that I'm currently logged in and I have the option to to sign out so what uh username and password did I use to to log in when you downloaded the uh the docker desktop you could have created a Docker account or a Docker Hub account so that's the same username and password so if you go to up.ducker.com and you logged in well that's the same account that is used here in Dr desktop thank you [Music] let's take a look at your first Docker CLI commands now throughout this course I will introduce you to various commands I will list them in what I call a cheat sheet list like what you find on the slide I will briefly explain what the commands are for and that will be followed by a concrete and Zone demonstration so when you install Docker desktop on on your Mac or PC it also installed the docker CLI tool our first command is Docker info this will display some information about the docker installation on your machine Docker version will display its version and Docker login will log you into a Docker registry by default this login command will log you into Docker Hub the registry from docker and this concludes this lecture on the docker CLI [Music] alright we need to open a new terminal window into Visual Studio code so let's select a terminal new terminal or you can use the shortcut Ctrl shift back tick key all right this will open a terminal window and let's take a look at the commands that we will run they're really basic it's just for testing that our Docker installation is working correctly so let's type Docker info this will give me some information about my current installation what's happening I have 47 containers three stuff 44 running 25 images and so on and so on so information that that is quite useful for debugging purposes I can see that the virtual machine running that running Docker desktop is running as to CPU it has two gigabytes of memory allocated all right sounds good let's uh type now Docker version and this will uh give me some information about the version number of different parts of Docker desktop so again useful for debugging purposes these are not commands that you will run on a day-to-day basis but they're quite useful for troubleshooting the last command is Docker login so I'm just going to type Docker login without any username password see what's happening and well the command says that I am login successfully why is so well if I right click here on my Docker desktop I can see that I'm already logged in so that's why I didn't have to input or type any username password I was already logged in [Music] let's now see how to run containers the docker pull command lets you download an image from a registry Docker run will execute an image in memory as a container if the image is not present in the docker local cache it will be downloaded automatically using run with the Dash D flag will run the container in the background giving you your comment prompt or terminal back the start command will run a container in the stopped state Docker PS will list all the containers currently running and add the dash a flag to also lists all the stopped ones Docker stop will stop a container running but the container will still be in memory we will see how to remove them from memory in a few minutes Dr kill will well kill a container that might be stuck in memory you usually don't use this comment but it's useful to know Docker image and spec will give you some information about an image very useful for debugging purposes so you may notice that we have two parameters here one is called image name and the second one container name so what's the difference the image name is the name of the image as you find it in the container registry and the container name is the name of the running container so you run an image using its name and then interact with it using the running instance name the Run come in as an optional flag call dash dash name that lets you specify your name if you don't specify one Docker will Auto generate one for you you can set limits on the memory and the CPU that the container can use when using the Run command so how do you run a container using the docker run command you specify the image name as found in the container registry you specify a name for the running instance and with the published flag you map a port from your local OS to the port that the container is listening to you can list the running containers using Docker PS notice how we stop the container by using the running name and not by using the image name then we remove it from memory using the remove or RM command containers are not black boxes you can attach a shell to your terminal and run commands that will execute right inside the running container by using the dash it switch and the name of the program you want to run a Windows container well you can run Powershell using the docker container exact command you can attach to a running container here's a screenshot showing the docker run command and notice the terminal problem changing when attached to a container so how do we clean up things the remove command lets you remove a container from memory but first it must be in the stop state for the command to work here's the remove command getting a list of the stopped container and removing them all the images that you pull will be cached locally you can get a list of these images using the docker images command use the remove image or RMI command to delete an image from your machine after a while you may end up with a bunch of images to do some spring cleanup I use the system prune command this will delete all the image currently not in use so be careful using this command and this concludes this lecture on the docker CLI [Music] let's now run our first container we'll run an engine X web server so something pretty basic that'll be perfect for this this lab all right let's open a terminal so terminal new terminal or Ctrl shift back tick perfect so we'll run disk command so let's take a look at the command first so I'm going to run a Docker run and let's go at the end of the command this will be the image that will run so an nginx image we'll give it a name so the name will be web server that will be the name of the running instance will map local All Sport 8082d or that the container is listening to so port 80. n d 4G decimal so we can get our Command Prompt or terminal prompt back so let's run this ha something interesting is happening unable to find image nginx latest and you see that the docker as pull all the different layers locally here so now if I issue a Docker PS it will list the containers that are currently running so I have uh three containers running so the kubernetes dashboard and the metric server here so don't uh look at these let's focus on this one so this is the containers it is that we just launched the nginx image here it started 30 seconds ago we can see that the port 8080 local levels is mapped to the port 80 here and the name is web server so let's launch a web browser and let's type localhost 8080 the container is actually running fantastic all right so we can get a list of the images installed on your machine here by using Docker images so I have a bunch I may have a lot more than you but let's focus on the last one here uh nginx the tag is latest image ID and this is the uh the size all right fantastic let's try to connect to uh to it so we'll issue a Docker container exact we'll give it the the name so the running instance and the program we want to run so look at the The Prompt now root at some some ID so the ID is the actual container ID so I'm logged in as root on that container so now I can issue some some commands so let's do in the last let's thy fell less been to see what's in there so different commands so I'm connected to to that running container that's pretty uh pretty cool so I can issue commands look at the logs if any and do some troubleshooting so this is super useful for debugging purposes uh we'll use that a lot in the various steps that we'll do together all right let's get out of there by typing exit all right you can just clear my screen here so our container is running how do we stop it we use the docker stop command but look at the the parameter that we use the name of the container that we use we use the running instance name not the name of the image so that's pretty important here Docker stop web server all right but the container is still in memory if I do a doctor PS it's not listed anymore as you're running container but if if I type darker es Dash a ha for all I can see that my my container is still in memory here so I need to remove it from uh from memory so we'll use the docker RM and the name of the running instance so RM for remove and now the container is no longer in memory awesome now the container is still well the image that was used to create the container is still on my machine so if I type darker images you see it's still it's still here so that takes 133 megabyte of this space if I want to get rid of that I use the RMI so remove image command and the name this time of the image not the name of the running instance because none are running right now and you see all the layers have been deleted [Music] let's now see how we can build containers Docker build that you create an image using a Docker file if you run the command in the same folder where the docker file is located simply use a DOT as the file name if the file is located in a different folder specify the location using the F flag the tag command let you assign a name to an image this tagging has two parts a name and a tag the tag is usually used to specify the version number so what is a Docker file well it's a text file listing the steps to build an image here's the simplest Docker file I can imagine two lines the from command specified the base image when building new images you always start from something already existing in this case an image with the nginx web server using the Alpine version and then the copy command copies everything from the current folder to a folder inside the container using the build command we create a new image specifying the docker file remember to use the dot when the file is located in the same folder here's another one this time a little bit more complex it is used to create an image running a node.js app let's take a look at it the from command specify the base image using the Run command we run the package manager inside the container to install node.js next we copy all the local files into a folder named SRC inside the container we use the Run command to do an npm install we then had some metadata in this case we tell the container to listen on port 8080 and finally we tell the container what to run when starting so as you see this Docker file contains the stats needed to run our node.js app we saw what tagging was a moment ago let's explore this again using the docker tag command we name an image using a name and optionally a tag if you don't specify a repository name it will default to Docker Hub later on we'll see how to push images to different repositories and we'll have to specify the Ripple's Journey name when tagging our images and this concludes this lecture on how to create Docker images [Music] let's see how can Visual Studio code help us build and run containers so what is visual studio code and why talk about this tool in this course well it's a text and code editor it's free and open source it runs on Windows Mac and Linux and you can download it for free using this link so you will work a lot with text files creating Docker files and later on Docker compose and yaml files a tool like vs code will help you because you can install plugins that will make your life easier using a different text editor no problem in vs code you can install plugins by clicking on the extension icon in the left menu then you search for Docker and install the extension from Microsoft the extension lets you add Docker files to your projects using the command palette open it using the view menu or type Ctrl shift p type Docker add and select add Docker files to workspace the extension will ask you a few questions and we'll create the docker files for you vs code has a built-in terminal where you can type commands or you can run commands using the command palette here's another example when running a container and when using the command palette there's no magic there the extension will simply issue a command in the terminal but sometimes it's a great way to learn creating Docker files is okay but what I like the most is the UI provided by the extension helping me manage my container so if you click on the docker icon you can see the images installed on your computer and you can even see the containers currently running right click on an image to manage it same thing for the containers currently running very very very useful and this concludes this lecture on vs code thank you let's now use Visual Studio code to containerize a node.js express application so I already installed the docker extension in Visual Studio code but let's take a look at it so if I click here on extensions and let's search for docker here it is that's the one from Microsoft almost 6 million install at the time of recording so that's the one all right so let's go back to our files so I have my node.js application here if I click here on package.json [Music] the name of my application is my Express app so that'll be important in a few seconds all right so let's first add the docker file to our project so we'll use the tooling provided by the extension to do that we'll go to the view menu command palette or you can use the shortcut Ctrl shift p right and we'll type Docker add and there are two options here Docker files or Docker compose files so we haven't looked at the docker compost file so let's select the first one Docker files the extension hack is asking us about the application platform so it's a node.js application but it can generate Docker files for net python Java C plus plus go and Ruby apps so let's select node.js all right and next next it's asking us where is the package.js file so here it is it set the root of my application so I'll select this one the port that the application is uh listening to 3000 perfect and do I need the optional Docker compost file no not at this time all right so the extension quickly added a the docker file and also the docker ignore file and also a folder for vs code so let's take a look at the docker ignore basically it's a list of files not to deploy in our container and the docker file has been created for me to use a node base image it copies everything into the Container the image and expose port a portrait 3000 perfect so let's now build this image so we'll go back to the command palette view command palette Ctrl shift p and this time we'll search for Docker build all right here it is Docker images build image all right so I just issue uh the command and look look at what's happening the extension is not a black box uh issuing some crazy or strange uh commands in the background it's just issuing a a Docker Bill command here and remember a few seconds ago I mentioned that the name of the application in the package.json file is is important well that's the name of our uh of our application here so the extension use it to generate the name for my image all right it's just a Docker Bill command nothing fancy but using this extension is a great way to learn about some uh some commands that you may want to use at a later time from the terminal prompt okay terminal will be reused by test press any key to close it let's press any key all right the image has been built let's run it now so view command palette okay Doctor run so we'll use the first one and uh there's a list of my images and here is my Express app perfect run that select image that's the latest the tag latest perfect and look at what's happening Docker run sport 3000 to the port that the container listening to so nothing fancy here is uh it's a comments that you can type yourself but uh the extension to that are for you so if I start my browser local ocean I go to Port 3000 there it is so that worked perfect let's now close this let's now use the UI provided by the extension so in the left menu let's click on the docker icon here and from there you have a list of the running containers the images and the different Registries that you connected to all right so here's our Express hat my Express apply it is and it's running name the instance name is called magical underscore Direct uh why is so well when we issued a Docker run command using the command palette the extension didn't provide a name so uh one was generated automatically by by docker so from there I can view the logs attach shell inspect open in a browser so if I select that there it is that's my app listening on Port 3000 uh I can stop it restart it remove it so let's uh let's remove it here so are you sure you want to remove container yes it's not in memory anymore it's not running anymore but if I look at the list of the images that I have here it is my Express app so I can right click on it and I have a few options I can run it inspect it pull push tag and even delete it so let's let's run run it okay and you see at the top my Express app and look at the name gifted underscore El beckyan because if you look if you uh inspect the docker command that was issued by the extension there's no name provided so Docker generated one for us all right so let's close this we can stop or remove it from memory and if we no longer need the image we can just remove it here are you sure you want to remove the image blah blah blah okay let's remove it and it's gone so what's happening in the background is that the extension is simply issuing a Docker remove image RMI to to remove the image from from this so nothing nothing really fancy the extension it's not a black box that is issuing some strange commands it's just regular and Docker commands but I really like the the UI provided here and so instead of uh typing uh okay let's uh let's try this let's um let's clear this and let's type Docker images here's a list of my all my images but here I have a nice UI listing all the the same images here so sometimes it's it's easier having a little UI to help you accomplish some tasks other times it's easier issuing the commands from the terminal or the command prompt so it's up to you you can use the UI or The Terminal thank you [Music] let's talk about data persistence containers are ephemers and stateless so you don't usually store data in them of course you can write data in a container but if you destroy one or if it crashes any data stored in it will be lost so it's okay to write some log files or scrap data that you don't want to keep as long as you understand that you will lose these files at some point in time to purchase data you need to store it outside the container in what we call a volume a value Maps an external folder or even a cloud storage service to a local folder inside your container so your app sees a volume just like any regular folder the OS in this diagram represent the server or the virtual machine where the container is running as you can see a local folder is mapped to the VM file system so they are stored in a volume where survive a container restart or crash there's still a chance that we can lose the data if the VM crashes so later on we'll see how we can use some type of external storage provided by the cloud provider but first thing first in the next lecture you'll see how to create a volume that maps to a VM file system and this concludes this structure on data persistence [Music] um let's see how to create volumes here's a cheat sheet listing the docker commands for managing volumes Docker create volume will create a new volume LS will list all the volumes volume and spec will get you information about a volume remove will delete a volume destroying all the files storing it and volume prune will delete all the volumes currently not mounted or not in use so be super careful careful using this command alright you first need to create a volume using the docker volume create command then when you run a container you need to use the V switch or to volume a parameter specifying the volume name a column and the name of a local folder that folder will be a logical folder in your code so your code will see just like any regular folder if you use the inspect command you'll see The Logical folder location in DVM instead of using a volume you can specify a local folder this is great for testing purposes let's say you started developing your service and that you want to test on your Dev machine if your code can read and write some files correctly you can use this kind of mapping but don't use that in production using the inspect command you can see the local folder path and this concludes this lecture on volumes [Music] a software system data outside of a running container so to do that we'll use a value so I'll open a terminal and we'll use the docker volume create and the name of the volume so this will create a volume perfect let's Now list the volumes on my machine so there's a few here the first four were created earlier this is the volume that we just created now let's run a ninja next image and let's attach a or Mappy a local folder to that volume so we'll use Docker run Dash D for detach we'll name our instance fault test with the Dash D for volume we'll use the volume name that we created earlier and map that to a folder called ATP on our nginx image all right to that okay excellent so that worked now let's connect to our running instance so Docker exec Dash it the name of the instance and it will run bash here perfect let's first do an LS to see if we see the app folder there it is so that's that folder is mapped to the volume so anything that we store or write in that folder will be written externally outside of the container so that will persist all right uh just for fun instead of doing a cat Let's uh install Nano inside the running instance so I'll do first in apt-get update remember this is uh this is running inside the the container and we'll install Nano app get the install Nano which is a small editor perfect LCD into the app folder in open Nano so Nano and we'll create a file called text test.txt hello volume [Music] all right and we'll use Ctrl o to write to to disk Ctrl o enter and control X to exit Nano perfect if I do an LS here I should see my file there it is test.txt so let's exit the running instance and what we'll do will stop the running instance and we'll remove it from memory stop it here and we will remove it from memory with our m okay so now the container or the instance is gone if we would have stored some data inside that container it would it would be lost at this point but we use a volume so the data was stored externally so let's try to create a second instance same thing using the same volume and let's exec to it perfect let's see what is in the app folder here is our file so let's do cat test.txt just to prove hello volume that work let's exit here this proved that by using a volume your data persists a container restart or crash here the data is still there until I remove the volume so if I issue a Docker volume removed and the name of the the volume you see doesn't work why the error says that the volume is in news interesting so I need to stop any container instance that is that is running and remove it from memory before deleting or removing a volume let's try uh again term Docker volume RM for remove by volume and this time it worked now another thing I want to show you let me create it again perfect and let's switch to the docker UI here if I click Docker here there's a section that list of the different volumes here so my vowel is listed here so here I can inspect I cannot look at the files but I can I can manage it so I can click here on remove that will delete the volume are you sure yes [Music] let's now see the yaml concepts yaml stands for yaml ain't markup language it's a way to serialize data so that it's readable by human beings it's the file format used by Docker compose and kubernetes here's the sample yaml file for a key value pair you specify the key a column data space and a value don't forget the space it's mandatory here are some nested values you specify child values using two space indentation and quotes are not needed for string values here's a list again the child elements are indented with two spaces and there's a space after the dash this is what we call the block style there's also a flow style that looks like Json so you may be tempted to use it if you're familiar with Jason but don't I never saw any sample or any documentation using this flow Style since it's easy to forget a space and you can spend quite some time figuring out why your yaml file doesn't work you can use tools like this linter available on yamlin.com it will parse your yaml and flag any errors very useful and this concludes this lecture on the yaml concepts [Music] let's now take a look at the docker compose Concepts let's say that your app is composed of multiple containers you run the front-end container using a Docker run command Docker run again for the backend container and again for the redis cache container so you end up issuing multiple Docker run commands to run your app would it be nice if you could deploy your app using one single command well that's the docker compost go to Define and run multi-containers application using a single yaml file there's a compost plugin that extends the docker CLI and let you run those Docker compose files these specifications are available here if you look at Docker compose before you may have seen that sometimes the commands are using an iPhone so Docker Dash compose and sometimes they do not why is this at the dockercon conference in 2022 Docker announced the general availability of couples version 2. okay this means that there was a V1 before and the V1 command line tool was installed separately from the docker CLI it was built using python so you needed to have python installed to run compost V1 and the syntax was Docker Dash compose couples V2 is a drop in replacement meaning that all the V1 commands are working as expected it's installed as the docker CLI plugin automatically by Docker desktop to use it you type Docker space compose no hyphen needed here it's written in go so no need to have python installed to run the command in summary it's simply a faster version of the docker compose tool shipped as a Docker plugin instead of a python application here's a Docker compose file there are three containers defined in it web API 1 web API 2 and API Gateway the name that you use here defined the network or host name for that container the code running inside your container can use these hostname to communicate between each container for each of them you specify the image to run you set the internal and external Port the container will listen on note that the API version is now optional so it's okay to skip it you may ask yourself should I use darker compose or not Docker compose is perfect for small workloads that don't require a full orchestrator like kubernetes it's perfect When developing and testing locally before deploying to kubernetes Some Cloud providers offer services that support Docker compose like app service on Azure and ECS on AWS and of course you can simply use a virtual machine or a VPS virtual private server with the digitalocean or linued and this concludes this lecture on the docker compost Concepts thank you LaSalle used Docker compose here's a cheat sheet listing some of the docker compose commands Docker composed build lets you build the containers as defined in your Docker compose yaml file if the file is located in another folder you can use the optional Dash F per meter and specify the files location start we'll start all the containers as defined in your yaml file step will stop them but they'll remain in memory up we'll do a build followed by a start this is super Endy use the Dash D parameter to run the command in the background and take back your terminal prompt PS will list what's running remove our RM we'll remove the containers currently from memory down we'll do a stop followed by a remove again this is super ND logs will display the logs for a container and you can open a session inside a container by running Docker compose exec the container name and the program to run the docker compose file is located inside a folder and if you run Docker compose up this will launch your application if you try to run a Docker compose up a second time from the same folder nothing will happen because the application is currently running if you want to run a second instance of your application it was impossible with Docker compose V1 but with V2 you can use a project name to launch a second instance of your application from the same folder here's the cheat sheet for some of the new commands Docker compose dash dash project Dash name followed by a project name this will run a then sense of the application as a project the shortcut is much shorter to type Dash p instead of that Dash project Dash name you can list the project currently running by using compose LS CP will allow you to copy files from the containers so this is super ND to retrieve let's say log files and you can copy files to The Container so from your machine your desktop or laptop to The Container by using Docker compose CP The Source pad the container ID and the destination path here's an example imagine that the docker compost file is located in the same folder where you run these commands you simply use the up command to build and run the containers and to take them down simply use the down command and this concludes the structure on Docker compose [Music] in this lab we will deploy a Docker compose application let's take a look at our Docker compose.yaml file we have one section called services and under that section we Define two Services the first one is called Web Dash Fe F4 front end it's a python application and instead of using an image from Docker up will be building that image using the build parameter the dot means that the docker file is at the same level as the docker compose file so here it is it's a simple python application just one file app.pi and requirement.txt that we're copying on that base image it will be listening on Port 5000 and this is our second service it's the redis cache and this time we'll be using an image from Docker up all right let's open eight terminal and let's build the image using Docker compose build perfect my image was build now I can launch the application using Docker compose up and Dash D for detach now I could have skipped the build step because up does a build first and then a start so it's super ND so let's use Docker couples up and my application is up and running I can test it if I go to local OS 5000 you visited me one time and do a few refreshes five time perfect okay I can list the running containers using Docker compose PS I can also use Docker PS since it will list the docker container currently running and I can look at the logs for my front-end service using Docker compose logs Dash F and the name of the service and if I move that a little bit and it F5 a few times you see new entries are logged perfect that works let's do a Ctrl C to terminate the log streaming and we'll use Docker compose LS to list the currently running projects I have one project running it's called l09-04 Docker compose well basically when I use Docker compost up I didn't specify a project name so Docker compose use the folder name as the project name now let's try to create a second instance of our application if we use Docker compose up Dash D again well Docker compose tell me that the application is running so it will not start a new version we can try to deploy our second version using a project name so Docker compose Dash p for project name we'll name it test up Dash D let's see what will happen starting oops we have an error here hmm bind for local OS 5000 failed Port is already allocated of course are my local old sport 5000 is in use right now so what I need to do I need to change that Port here the localhost port I'll use 5001 save the file and use the same command Docker compose Dash B project name test up Dash D and this time it worked awesome let's open our browser and let's go to Port 5001 yes that worked a few refreshes 10 times let's go back to Port 5000 the first instance 15 times all right so let's do a Docker compose LS again to list our projects now we have two projects the first one that we deploy without specifying a project name and the second one with the project name test let's delete our for instance by using Docker compose down so I didn't specify a project name Docker compose use the folder name as the project name now if I do the docker composer list I should have only one project running yes it's test now I can delete that one using Docker compost specifying the project name and down let's list the projects again Docker composer less nothing running PS listening the containers nothing and why not try Docker PS nothing in memory [Music] in this lab we will deploy a Docker compose sample application that is composed of three services a web front-end build with react nodejs backend and the Maria DB database let's take a look at our Docker compose file this is a more complex than what we saw so far so let's try to break it into smaller pieces here we have the definition of our tree services if we start from the left we have the back-end service top right the database DB and the front end now if you look at the DB service you can see that we're referencing an image that will pull from Docker hub and the other two Services we're using the build parameter this means that we will build these two images looking at the backend service we can see that we specify build and context contacts with the value of backend backend is actually a subfolder where the docker file is located next we're defining two networks public and private we can see that our front-end service is using the public network the backend service is using public and private and the database service the DB service use only the private Network front end being in the public network cannot communicate directly with the DB service but backend being in both public and private can communicate with both DB and front-end services we're defining also two named volumes back in dash modules and DB Dash data and we can see highlighted in yellow that our DB service is using DB data and our backend service is using back-end modules highlighted in yellow we also see that we're using other volumes these volumes are scoped at the service level and are not shared between services to create an instance of our Docker composed application we simply use Docker couples app and to bring it down Docker compose down in Visual Studio code let's take a look at the docker compose file so it's called compose.yaml here we have our services section Network section where we Define two networks the name volumes back-end modules and DB data and secrets that we haven't seen yet where we're defining one key value pair so the key is DB password and we get the secret from a file the file is located in the folder called DB and it gets the value from a file called password.txt if we open the DB folder here's the file with the value the secret and that will be injected when we run Docker compose up okay let's go back to the services section and here we have our backend DB and front-end Services let's take a look at backend we're using the build a directive and we are setting the context to backend it points to this folder called backend here and the docker file is located inside that backend folder with the application same thing with the front-end service build context front-end and we're getting the docker file and the application from the front-end folder and what about the DB service well we're using an image that will pull from Docker hub okay let's build our two images we'll open a terminal and run Docker compose build our images were billed perfect now let's run the application by using Docker compose up Dash D ER perfect the application is this thing on Port 3000 so let's open a browser and type local OS 3000 is our react application it's working awesome we can list the containers that are currently running by using Docker compose PS we should have three backend DB front end awesome let's take a look at the logs from the back-end service Docker compose logs Dash F backend and these are the logs for our backend service awesome we can type Ctrl C to stop the log streaming and we can take our application down by using Docker compose down this will stop and remove the containers from memory do we have something else in memory we should not perfect and even if I type doctor PS there's nothing however the volumes are still there when you do a doctor compose down it will remove the containers from memory but will not remove the volumes so if I open the docker desktop application and I click on volumes here I can see that I have a few well three volumes that were created a few minutes ago so I need to delete them manually I can select them right here and click on delete or I can do the same thing by clicking on the docker icon in vs code locating the volumes here and delete them find it easier to do that in Docker desktop because we see when the volumes were created so I'm pretty sure that these three are the ones that I need to delete I'll click on the delete button and confirm thank you [Music] let's take a look at some of the compose file features it's a good practice to set limits on the resources that your container will use in this example I light it in yellow we tell Docker to start the container with a quarter of a CPU and 20 megabytes of RAM the green section is the limits that we are allowing in this case half of a CPU and 150 megabytes of RAM to set an environment variable that will be injected in the running instance simply set the key value pair in the environment section those values can be overridden at the common line using the dash e per meter you can reference an environment variable using the daughter curly bracket syntax this way you can set the variable on your machine or server and use it directly in the compose file you can place the values in a file that you will name dot EnV located in the same folder as the compose file the compost command will automatically read the values from that file by default all containers specify in a compose file will see each other using their service names here we have two Services web and DB the code running in the web service can communicate with the second one using DB as the hostname and vice versa the web container is visible from outside of the docker network using the port number configured in the left portion of the ports value web is listening inside the docker Network on Port 80. DB can reach web on Port 80. finally DB only exposes one port number that's the internal port web can reach DB using Port 5432 but DB is not visible from outside the docker Network if you have a compose application with multiple containers you can restrict who sees who by configuring networks in this example we're defining two Networks front end and back end proxy can see app because both are part of the front-end Network however proxy does not cdb because it's not part of the backend Network when using multiple containers you may want to start some of them first and wait until they are running before starting the other ones a typical use case is a database that you want to run before sorting the main application doing so is easy using the depends on parameter where you simply specify what is the service name that the service is dependent on in this example app depends on DB so compost will first start DB and when DB is running compose will then start app you can declare volumes in the volumes section these are called named volumes and they can be used by all these services that you are declaring in the compose file to use a volume from a service map it to a local folder using the volume name colon and the virtual path inside the container optionally you can make the mapping read-only by appending colon Ro to the mapping you can also create a mapping without using a named volume this mapping can't be shared across services it's also a good practice to set a restart policy let's say that you deploy your couple's app in a VM and at some point you need to install some OS batches and you need to restart or reboot the server what will happen to your compost app well if you don't specify a restart policy the one by default is no meaning that compose will not restart the containers if they were shut down by reboot you can set the policy to always this way compose restarts the containers until their removal on failure resource a container if the exact code indicates an error and lastly unless stop does a restart unless you stop or remove the containers and this concludes this look at some of the docker compose features [Music] let's now talk about container registries so what is the container registry it's a central repository for container images you build an image locally then you push and store the binary the different layers 2D Repository they can be private or public the default one is Docker hub Microsoft AWS and Google each offer container Registries as service the benefit of using a repository from your cloud provider is that the images are located near your app so no apps over the internet to retrieve the images so let's say we want to retrieve an image from Docker up we issue a Docker pull command and Docker downloads the images layers and store them in its local cache and this concludes this lecture on container registries [Music] let's see how to push and pull images to Docker up make sure you are logged in with your Docker user account to be sure simply type Docker login without a username and password Docker will tell you that you're already logged in if not enter your Docker username and password you need to tag an image with the repository name by default it's your username if you have created some organization in Docker hub prefix it to the name of the image in this example I want to push this image to my Kates Academy organization then use the push command and don't forget to specify the organization name it's part of the image name to retrieve the image we use the pull command with the image full name on Docker up public images are available for download to anyone if you don't want to share them you need to create a private Repository later on we will create one using our cloud provider and this concludes this lecture on Docker up [Music] let's now push our first image to Docker hub first thing first let's make sure that we can log in into Docker Hub so if you head to up.docker.com make sure you can log in also if I right click here on my Docker desktop icon I can see that I'm logged in perfect we will containerize a node.js Express application so we'll first add the docker file we'll use the tooling so view command palette if you can type Docker add and Docker files to workspace this is a node.js application the package.json file is located at the real so that's the correct one it's listening on power 3000 and we don't want Docker compose files perfect now we need to build the image so let me open a terminal perfect and we need to issue a Docker build command with the Dash D for tag parameter but notice here we need to prefix the uh the name of the image with our registry name if I select this I need to prefix that with my name here the name of my registry let me run that the image was built successfully now I need to use the push command to push that image onto Docker Hub again I'll select this and let's replace the registry name with mine use your home and see what's happening here Docker is pushing each layer to my Docker app account here all right no errors things went fine let's go back here I'm gonna refresh this page and here it is here's my um uh image here my Express image so I can click on this I can edit the um the information I can see that I have my tag is V1 right I can get more information here I can here click on public view so by default the repositories on Docker Hub are public anyone can download and view and download your images this is the view for someone who would look at my image so with the pull command Docker pull let me go back here I can see the tags and so on and so on and if at some point you want to delete this you go into the settings tab here you scroll down and you can delete that repository here all right let's go back now let's try to pull that image to our computer here the first thing uh I will try to do is remove it from my computer let me type this RMI so remove image the image has gone completely so now let's try to pull it from uh from Docker uh okay Perfect Pull complete my image is is back here now you see that I use the V1 tag here to to tag my image with the with the version number so let's try to build a version 2 of that image let me copy that and again let's replace this part this placeholder with my registry name image has been built so let's now push it two Docker uh same thing as we did before but this time we're pushing version two okay let's go back here let's go back to my Express or the general tab look here I have V1 and V2 if I click here on tags I can see when the image was was pushed tags and people can download V1 or V2 if I want to remove my images I use the RMI command so remove image I'll remove V1 and also I remove V2 and on Docker up if I no longer need this Repository I click here settings scroll down a little bit click on delete Repository and I need to enter the name of my repo just to make sure and click on delete and now it's gone [Music] time to introduce kubernetes so kubernetes or also known as Kates so the letter K followed by the number eight so eight letters and then the number s and it's pronounced Kate's so kubernetes is a project that was created at Google version one came in July 2015. it was the third generation of container scheduler from Google previous projects were Borg and Omega and Google donated the kubernetes to the cncf so now the development is supervised by the cncf is currently the leading container orchestration tool it's designed as a Loosely coupled collection of components for deploying managing and scaling containers it's vendor neutral so it's not attached to a single company and it runs on all Club providers and there's a huge community ecosystem around kubernetes so what kubernetes can do service Discovery load balancing it can bridge to the cloud providers storage services can provide rollout rollbacks capabilities and can monitor the health of the containers can manage configuration and secrets and the same API is available either in a on-premising solution or in every cloud provider so what can't kubernetes do it can deploy or build your code and it does not provide application Level services like databases service buses caches here's a quick look at the kubernetes architecture this diagram was taken from the kubernetes documentation we'll take a closer look at each component but for now let's just say that it's composed of a master node also called the control plane so that's the portion to the left and the control plane runs the kubernetes services and controllers and you have the worker nodes these node runs the containers that you'll deploy in the cluster so a container will run in a pod a pod runs in a node and all the nodes form a cluster and this concludes this intro to kubernetes [Music] let's see how you can run kubernetes locally so do you need to install a kubernetes cluster in the cloud or ask your it Department to install one in your Enterprise so you can test locally absolutely not there are many ways that you can run kubernetes on a desktop or laptop Docker desktop lets you run kubernetes macrocates from the makers of Ubuntu and minicube also let you run kubernetes altree requires that virtualization is enabled kind runs over Docker desktop and offer extra functionalities Docker desktop is limited to OneNote but it's usually not a problem Marco Cates kind and minicube can emulate multiple worker nodes on Windows Docker desktop lets you run both Linux and windows containers and you can't create and run Windows containers on Mac and Linux it runs on hyper-v or Windows subsystem for Linux so if you have Windows 10 version 2004 or later it's the recommended way to run Docker desktop if fiber-v is enabled on your laptop or desktop you can't run another hypervisor at the same time and mini Cube used by default virtual box but it can also run on hyper-v you can install Docker desktop on Windows using App review and it will create a virtual machine named Docker desktop VM when you take the enable kubernetes checkbox in Docker desktop it will download additional containers to run kubernetes using Windows 10 version 2004 or later and if you have wsl2 installed you can tick the use the wsl2 base engine and Docker desktop will create its VM inside the Linux distro you install on your Windows machine note that this is the recommended way to run Docker desktop on Mac Docker desktop use the hyperkit lightweight hypervisor to run its VM mini cube is another popular option it does not require a Docker desktop it runs on Linux Mac in Windows and it requires an appervisor like a virtualbox here we can see mini Cube running on a Mac and its virtual machine in virtualbox if you need to install mini Cube on Windows but don't want to install virtualbox you can run minicube on hyper-v you need to create a network switch and start minicube with some extra parameters kind stands for kubernetes in Docker because it runs on top of Docker desktop kind lets you emulate multiple control planes and multiple worker nodes this is useful if you need to test node affinity and this concludes the sector on how to run kubernetes locally [Music] and this will be a super quick lab just to validate that our kubernetes installation is working locally so here I'm on Windows and I'm using Docker desktop and I installed kubernetes with Docker desktop in the system tray I can right click on the docker desktop icon on a Mac you can do that from the top of the the screen and I will select dashboard and from there we're going to click here on the gear icon the settings icon and I'm using wsl2 to run Docker desktop so that's the recommended way and here if I click on kubernetes uh enable kubernetes is checks so kubernetes is installed but is it running correctly let's find out let me go back here let's open a terminal and let's run uh this command uh Cube CTL cluster info that should give us a little information about what's running so kubernetes Master it as in green yay it's working so it's running at this address and Cube DNS is running at this address so by running qctl cluster info you get some information about the kubernetes installation and itself [Music] let's see how you can use the kubernetes CLI the kubernetes API server is a service running on the master node it exposes a rest API that is the only point of communication for kubernetes clusters you define the desired state in yaml files and let's say you want to run a x number of instances of a container in the cluster using the kubernetes CLI you then send that desired state to the cluster via the rest API other applications like a web dashboard can also communicate with the rest API to display the cluster state Cube CTL is the kubernetes CLI and it runs on Mac Linux and windows and you pick your choice of pronunciation cue control Cube cuddle Cube CDL doesn't matter it communicates with the API server and its connection information is stored in a config file under the dot Cube folder let's now see what a context is it's a group of access parameters that let you connect to a kubernetes cluster it contains the cluster name a user and a namespace the current context is the cluster that kubernetes commands will run against let's say that you can connect to three clusters cluster a cluster B and cluster C when you set the default context to Cluster B then all the cube CTL commands that you you will run will run against cluster B here's a cheat sheet for context commands Cube CDL config current context will get you the current context get context will list all of them Cube CL config use contacts and the context name Will Set the current contacts and delete contacts with the context name we'll delete the context from the config file there's a large ecosystem of free open source kubernetes tools that you can use Cube CTX is a good example it's a shortcut for the Cube's DL config use context command you simply type Cube CTX followed by the context name to quickly switch contacts it runs on Windows Mac and Linux very useful and this concludes the structure on the kubernetes CLI and the concept of context [Music] a context contains connection formation to a kubernetes cluster and you can have one or more than one context set on your machine it's super important to know how to figure out in which context you're currently in and how to change context so first thing first let's figure out in what context we're currently in I'm going to use cubectl config current context and this will print the name of the context we're currently in I'm currently in the docker desktop contact means that whenever I type Cube CTL commands it'll be applied to that kubernetes cluster all right I can have more than one context configure on my machine or on any machine or server to list them we use Cube CTL config get Dash context and here we can see that I have two contacts set on my machine Docker desktop which is the current context because it has that star in the current column and I have a second one called demo then one is a cluster that I created in the cloud what if I want to change from Docker desktop to demo okay let's use cubectl config use Dash context and the context name demo and now if I print again the current context there it is demo so whenever I'll be typing Cube CTL command DZ yaml files this command will be sent to My Demo cluster somewhere in the cloud a cool tool is Cube CTX because it allows you to well instead of using Cube CDL config blah blah blah blah blah basically it's a shortcut if I simply type a cube CTX that will print the context that I've configured on my machine so demo is green means that it's the current context and I can quickly change context using cubectx and the context name Docker desktop you know a little bit less keystroke to talk about anyway it's a fun too foreign context let's say uh you you your cluster has a long funky name and you want to rename it to make uh more sense you can use the cube CTL config rename contacts all name new name so let's try to rename our demo cluster here demo let's say it's on Azure so Azure demo okay let's use the cube CTX to print the contacts and there it is azure demo where is that context information stored it's stored locally on your machine so I'm on Windows let's see where it is it's on the C drive users your username under dot Cube deduct Cube folder and there it is config so if I right click on it and select opening with code we can see that it's a yaml file and it contains two entries here two clusters one is the Azure one and the second one is the Docker desktop one and this is the different context that I have that have so here is my Docker desktop context and here is my demo context well the cluster name is still demo but I renamed the context name to Azure Dash demo there it is all right let's go back here and let's say that I've deleted my cluster in the cloud I don't need it anymore I want to get rid of the contacts information I can use cubectl config delete contacts and the context name so let's try this Azure demo deleted context Azure demo from the config file so let's take a look here and you see that now I have only one contacts and here's the current context in this line here but let take a look here at the Clusters list My Demo cluster is still there right so it's not deleted automatically what you can do is simply edit that config file and remove the section no longer needed [Music] let's talk about the declarative and the imperative ways to create resources in kubernetes there are two ways that you can use when you want to create resources in kubernetes the declarative way and the imperative way using the imperative way you use cubectl to issue a series of command to create resources in the cluster this is great for learning testing and troubleshooting using the declarative way you define the resources needed in yaml files and use cubectl to send the content of these file as the desired state to the cluster so instead of a series of command this is reproducible and you can even store these yaml files in a source control system here we can see a series of command to create resources that's the imperative way you can create a pod using the Run command create a deployment or service using the create command using the declarative way you would use a yaml file to define the resource and then send the content of that file to the cluster to create these resources so what's a yaml file well it's a text file that contains properties that Define the resource it has some required properties like the API version the object kind that defines the type of object you want to create we'll take a look at these later on you can use the cube CTL create command to send the information to the kubernetes cluster we will take a deeper look at yaml files in the future lectures but right now you may be wondering do you need to type all that yaml manually the answer of course is no one way to get the correct syntax is to copy one from the official kubernetes documentation at kubernetes at IO slash Docs you then search for the object you want to create and click on the copy icon another way is to use templates offered with an editor like Visual Studio code let's say you create a new yaml file then you type control space and select the template to generate the Manifest that you can edit neat you can also use the kubernetes CLI to generate the ammo add dash dash dry run equals client and dash o for output specifying the yaml to Output the yaml to the console you can even send the output to a file using the greater than sign and a file name and this concludes this overview of the imperative and declarative ways to create resources in kubernetes [Music] let's deploy an nginx container using both the imperative way and the declarative way using the imperative way uh we're gonna type command called cubectl create I'm going to create a deployment I'm going to name our deployment my nginx1 I'm going to specify a parameter called image where we will specify the image we want to run this will create a deployment and we can Cube CTL get a list of the deployments using Cube CTL get deploy and there it is now the second way is the declarative way instead of typing a command with all the parameters at the common line we're going to specify a yaml file where all the configuration options are stored cubectl create Dash f for file and the name of the file so let's run this okay it was created let's again type Cube CTL get deploy get both our deployments and we if we take a look at the yaml file well it's a yaml file the type deployment it has the my nginx2 name it has a bunch of parameters that will come back to that a little bit later but basically all the configuration parameters are stored in that yaml file what's cool with that concept is that it's you can put these files quite easily in a source control system all right uh let's do a little bit of a cleanup let's delete our deployment Cube CTL delete deployment my nginx one okay and I'm gonna use a the same command but using a shortcut this time Cube CTL delete instead of deployment and the name of our deployment okay and if I type again Cube CTL get deploy there's no deployments currently my namespace [Music] let's take a look at namespaces so what is a namespace it's a kubernetes resource that allow you to group other resources let's say you need to deploy your application in multiple environments like Dev test and prod well you can create a namespace for each of these environments they are like logical folders in which you group resources kubernetes creates the default namespace called well default objects in one namespace can access objects in different in a different one the kubernetes internal DNS assigned Network names to some resources deleting a namespace will delete all these child objects this is super useful when doing tests create a namespace in the morning create resources under that namespace during the day and at the end of the day simply delete that namespace this command lists all the namespaces existing in a cluster we'll take a look at this command in more detail okay first you create a namespace this yaml file Define a namespace called prod then you use that namespace when you create other resources in the metadata section you set the namespace key to the name of the namespace you want this resource to be created in so namespace colon prod you can assign Network policies and limit the resources that you can create in a namespace using the resource quota object here's a cheat sheet for the namespace commands so cubesatel get namespace list all the namespaces and if you don't want to type namespace each time you can use a shortcut an S so Cube CTL get an S is the same thing as cubectl get namespace you can set the current context to use a namespace in the next commands that you'll type by using cubectl config set contacts current with which will use the current context and then the namespace is called the name space that you want to use so the next command that you'll type will be under that namespace cubectl create NS and the name of the namespace so you create a namespace you delete it using cubectl delete in s and the namespace name and you can also list all the pods or the objects from another namespace so Cube CTL get parts or any objects and then you pass the flag dash dash all- namespaces that will list all the objects in all the different things spaces and this concludes this look at namespaces [Music] let's see how to list and switch between name spaces you can get a list of the namespaces using the cube CTL get namespaces command let me copy this and these are the namespaces currently created on my machine on my kubernetes cluster so default the cube node Cube public Cube system I can also use the shortcut for namespaces which is just few letters which is a lot faster to type and it will give you the exact same result here let me get a list of the pods running Cube CTL get parts no resources found in default namespace that I'm currently my contacts is using the namespace called default right and there's no pods running in there so what if I want to list the pods that are in the cube system namespace well I can use the same command qctl get pass specifying the namespace switch and specifying the name of the namespace let me copy this and there are many parts running here here I can use also the the shortcut so instead of typing dash dash namespace equal I can just use the shortcut dash n so only one dash here two dashes here and the name of the namespace so let's try this and it works perfect now what if I want to change from the default namespace or the namespace called default to a namespace called Cube system right and then apply all my commands to so all the objects will be created in that namespace well I can do that by using the cube CDL config set contacts dash dash current so here we're modifying the context and passing a switch called namespace and the name of the namespace we want to change so we want to change instead of being the default namespace all the time we want to be in the cube system okay and yeah let's see if uh if we run Cube City I'll get passed if we would get some pods of course because we're currently in that Cube system namespace okay now let's change back to the default namespace and let's get a list of the parts there should be none perfect okay so this is how you uh you change namespaces perfect of course we can create new namespaces by using the cube CTL uh create NS for short for namespace and a namespace name so hello okay uh Cube CTL get NS and my name space here was created seven seconds ago and I can delete a namespace using cubectl delete NS and the namespace name that and hello now a bit of a warning here uh if you have resources under that namespace these resources the buzz the containers whatever running will also be deleted so use this command with caution foreign take a couple of seconds okay let's get the name spaces and our hello namespace is gone [Music] let's now look at the masternode in nowadays the physical or virtual machine a group of nodes formed a cluster the masternode is also called the control plane the kubernetes services and controller are located on the control plane they are also called The Master components and you usually don't run your application containers on the masternode the key value data Store where the state of the cluster is stored the API server is the only component that communicates with its CD let's start with the API server it exposes a res interface and client tools like the kubernetes CLI communicates through that recipe it saves the state in a CD and all client interacts with the API server never directly with the data store hcd is the data store for storing the cluster state it's not a database but a key Value Store is the single source of truths inside kubernetes the cube control manager is the controller of controllers its job is to run the other kubernetes controllers the cloud control manager job is to interact with the cloud providers a check if nodes were created or deleted uh Route traffic create or delete load balancers and interact with the cloud providers storage services the cube scheduler watches for paths that are not created yet and selects a node for them to run on it checks for various rules and then assign the Pod creation to a node finally you can install various add-ons on the masternode these add-ons provide additional functionalities in your kubernetes cluster and this concludes this look at the masternode [Music] let's take a look at the worker nodes a node is a physical or visual machine a group of nodes forms a cluster there's a special node called the masternode sometimes called the control plane where the kubernetes services are installed the nodes running the containers are called the worker nodes when a worker node is added to the cluster some kubernetes services are installed automatically the container runtime the cubelet and the Q proxy these are Services necessary to run pods and they are managed by the master components on the masternode the cubelet manages the pod's life cycle and ensure that the containers described in the Pod specifications are running and are healthy the Q proxy is a network proxy that manages Network rules on nodes all Network traffic go through the cube proxy on each node you will find a container runtime kubernetes supports several container runtimes that implements the kubernetes container runtime interface specification or CRI one thing to note is that for kubernetes version previous to 1.19 the Mobi container runtime was installed and was receiving the container runtime interface call through a shim because it did not fully implemented the specifications this is not ideal as it added an extra step starting with kubernetes version 1.19 Mobi is no longer installed oh wait a minute Moby not installed that means that my Docker containers will no longer run if the docker container runtime is not installed right well the short answer is that your Docker images will run as is nothing to change its business as usual what change is that what you can do inside the cluster since the docker runtime is no longer installed you no longer can access the docker engine and issue Docker commands directly inside a node you'll have to use another tool called crease CTL but again that's if you SSH into a node and run commands directly on that note something that you don't do usually alright a node pool is a group of virtual machines all with the same size a cluster can have many node pools and each node pool can host virtual Machines of different sizes let's say that we have two node pools in our cluster the first one consists of VM without gpus and the second one with chip use remember that Docker desktop is limited to one node so basically you run the master components and all the application containers on the same node and this concludes this look at the worker nodes [Music] so let's get some information about our nodes I'm going to run a cube CTL get nodes and since I'm running on Docker desktop locally here I have only one node name is Docker desktop status is ready roll is master here's the revision the version number and it was installed 72 days ago all right I can get more information about the uh the node uh since I only have one node I can skip the node name per meter and here's a bunch of information the name the row some labels creation date um what else what else what else what else uh the capacity to CPUs uh number of PODS maximum number of parts that I can run 110 the architecture the OS Linux architecture AMD the pods running and the CPU request CPU the Miss memory so all useful information when uh you need to troubleshoot and debug so that's pretty uh pretty interesting now I'm using a locally Docker desktop so I'm limited to one node Let's uh switch should to um My Demo cluster uh running in the cloud so let's do the same thing Cube CTL get notes I have more notes now so I have a cluster in in the cloud running three nodes in a node tool so one two three status ready agent and the version of kubernetes that is running that's interesting let me grab cubicity of the scrap node and let's uh let's say use this one so I can get the same information that I I was getting earlier but this one is running uh in the cloud that's the name role agent agent pool the different labels annotation number CPUs memory System Info it's running Ubuntu Linux AMD 64. uh what else will end the different parts that are running on this uh node [Music] let's take a look at parts so what are pots a pod is the smallest unit of work in kubernetes it encapsulate an application container and represent a unit of deployment paths can run one or more containers inside a pod containers shame the same IP address space and volumes and they communicate with each other using local laws that's inside the pod s are ephemeral deploying a pod is in atomic operation so it succeeds or not if a pod crashes it is replaced by a brand new one with a shiny new IP address you don't update the Pod that is currently running you create an updated version deleting the first one and deploying the new one you scale by adding more pods not more containers inside a pod I use this analogy in a previous lecture pods are like cattle there are ephemeras and you just replace them a note can run many pods and a part can run one or more containers if a pod runs multiple containers there's usually one that is the main worker where your application logic is located and the other ones are helper containers that provide services to the main worker we will come back to this concept in another lecture and this concludes this look at pods [Music] let's take a look at the Pod life cycle we'll start with the creation life cycle so when you issue a cube CTL create command to deploy a pod in your cluster the CLI sends the information to the API server and that information will be written into a CD the scheduler will wash for this type of the information look at the notes and find one where to schedule the Pod and write that information of course in a CD the cubelet running on the Node will watch for that information and issue a command to create an instance of the container inside a pod and finally the status will be written in a CD one thing to notice is that each time an operation is taking place inside the cluster the state is written in its CD so SCD is the single source of Truth in the cluster all right so let's take a look at the deletion life cycle now when you issue a cube City delete command to delete a pod from your cluster the CLI sends deformation of course to the API server that information will be written in SCD and notice that the grace period of 30 seconds will be will be added so the cubelet picks that information and sends a terminate signal to the container if the container hangs it is killed after the 32nd grace period and finally the state is stored in a CD The Path State will give you a high level summary of Where the Pod is in its life cycle pending mean that the Pod is scheduled for creation but is not created yet if you run out of resources in your cluster kubernetes may not be able to create new paths and if this happens the parts will be in the pending state running means that the part is currently running succeeded means that the code exited without any errors fail means that the code inside the the Pod exited with the non-zero status so some kind of error occurred unknown means that kubernetes can communicate with the pod and finally crash loop back off oh I love this in his state name so krashu backup means that the Pod started then crash kubernetes started it again and then the Pod crashed again so kubernetes say okay hold on I'm stopping here so we'll take a look uh in the official letter of where to look for these states and this concludes this look at the bud life cycles [Music] let's see how to define and run pods to define a pod the declarative way you create a yaml file specifying but as the kind that's the type of resource you want to create you specify an image location in this case the nginx image will be pulled from Docker up that's the default container registry you set the port that the container will listen on you can add labels they are used to identify describe and group related sets of objects and resources you can set environment variables directly here might not be the best idea to place configuration values in a later lecture we'll see how we can externalize that by the use of a config map object you can even specify a command to run when the container starts if you have created a yaml file with your pod definition you use cubectlcreate-f specifying the yaml file location and name and this will create your pod the declarative way now if you don't have a yellow file and you just want to run a pod the imperative way you use qctl run you specify a name for your running pod Dash Dash image the image name you can specify a program to run in this case it's sh and dash C you can specify a parameter that you want to pass to the program qctl get parts will list all the pods that are currently running Dash o wide will get you the same formation but uh with a few columns more cubicity Of The Scribe part and the Pod name will show the pad information you can use qctl get part with the Pod name Dash offer output uh in yaml format and you can pipe that to a file name so this is pretty cool because it will extract the Pod definition in yaml and save it to a file so if in case you lost that yaml file that was used to create a pod well you can recreate it quite easily qctl exec Dash it specifying the Pod name and the program to run will get you inside that part in the interactive mode you delete a pod using cubectl delete Dash F specifying the yaml file or if you don't have the yaml file simply use cubectl delete pod and the path name that will result in the same as the previous command and this concludes this look at how to define and run pods [Music] in this lab we will run our first pods we'll start by using the imperative way we'll use the cube CTL run command specifying the image that we want to run in our case we want to run an nginx web server and we'll specify a name to the running instance my nginx let's run this pod my nginx created let's get a list of the running pods by using the cube CTL get pods command I have one pod running my nginx ready one of ones that is running it was created 11 seconds ago let's try to get more information by adding the dash o y per meter it's the same command but we'll get a little bit more information like the IP address of the Pod and the node where the Pod is currently running awesome if you want more information we'll use the cube CTL describe command with the type of object and the name of the running instance so cubectl describe the type pod and the name my nginx all right tons of cool information here the name of the object my internet the namespace where it's running uh the node where it's running start time any labels annotation the IP address information about the container any volumes restarts that happen and any volumes here and at the end we get the list of events that happened when the Pod was created it was first scheduled and then the image was pulled and then the image was successfully pulled and created and then started the cube CDL describe command should be the first thing you try when doing some troubleshooting here you will likely have some very useful information uh in case a pod doesn't start maybe the image is not available maybe the image didn't start correctly also Cube CDL describe command that's very very useful let's now delete our pod by using the qctl delete the object type pod and the name of the Running part should get my command line back in a few seconds all right let's now run a second pod this time a busy box image Cube CTL run the image busy box and the name of the running instance my box but we're adding extra parameters here Dash it dash dash the program we want to run this will open a session inside our running pod and look at the command prompt it's changed to a pound sign this means that now I can type commands that are running inside the pod LS for listing the folders and files I can run a base64 command here I can encode a string here and that happened inside the running container inside the Pod pretty cool to stop the session simply type exit and the this ends the session okay let's do a little bit of cleanup um in the busy box case uh it takes up to 30 seconds to uh to delete so we have two options here we can run the cube CTL delete the object type and the running AdSense and to get back our Command Prompt right away we can use the dash dash weight equal false per meter or if we simply want to kill the Pod brutally we use dash dash force and with a grace period of zero seconds let's run this and this will kill the Pod brutally all right let's now create a pod the declarative Way by using a yaml file we have a yaml file here called myhab.yamo the kind is a pod we give it a name my app dashboard a few labels the image we want to run any limits here four degree sources in CPU and memory the port that the container is listening to and some environment variable we're defining an environment variable called dbcon that will have a value of my connection string here awesome let's use the qctl create Dash F4 file and the name of our yaml file pod my app.pod created perfect let's run the qcl get pods command to get a list of our paths it's running perfect we can also describe our pod again same information that we saw earlier right the default names the namespace and here look we have our environment variable and the same events that we saw earlier previously we used the cube CTL run command with the dash it parameter to open a session to our BusyBox container now what is the Pod is currently running well we can use the cube CTL exec command with the same it per meter here we specify the Pod name and the program we want to run that will open a session to a part that is currently running okay let's output the dbcon environment variable my connection string awesome that worked let's exit or stop our session and this time we'll use the qctl delete command specifying our yaml file to delete our pod [Music] let's take a look at init containers let's say that your app has a dependency on something can be a database an API or some config files you want to initialize or validate that these exist before launching the app but you don't want to clutter your main logic with this type of infrastructure code so what do you do you can use an init container that lets you initialize a pod before an application container runs let's say that for the app container to run it requires a series of configuration files in the Pod definition you define a container that will run first this is the init container upon completion kubernetes will start the app container this is a great pattern for applications that have dependencies the init container job can be as simple as validating that a service or a database is up and running this keeps the infrastructure code out of the main logic init containers always run to completion you can have more than one and each bus complete successfully before the next ones starts if it fails the cubelet repeatedly restarts it until it succeeds unless it's restart policy is set to never probe are not supported as ended containers run to completion in this bad definition file we have the main application located in the containers section in green and the init containers in the init container section in yellow as you can see here we have two init containers they both watch for services to be up and running so the first one we will run to completion then the second one and finally kubernetes will start the app container and this concludes this look at init containers [Music] in this lab we will use an init container to modify the home page of an nginx container let's take a look at our yaml file it's manifest for a pod um we have two sections here containers and any containers let's first take a look at init containers we will use a BusyBox image and we'll run this command wget and will it that website right here and that website it's the ohm of the first website the home page of the first website is pretty simple just a few lines of HTML all right and we will save that HTML into a file called index.html into a volume called work directory and the nginx image will map that value and we'll serve that index.html page as its default web page so basically we're initializing our nginx container by using an init container here awesome let's open a terminal and let's deploy our application Cube CTL apply Dash F the name of our yellow file let's wait till the nginx image is up so if I do a doctor PS yet my nginx container is a oh let's uh open a session right into that nginx container and let's try to hit the default web page curl localhost and yep that worked we're serving the default uh web page of the CERN website here pretty cool let's type exit and let's do our cleanup cubesatel delete and our yellow file [Music] let's now look at selectors when defining kubernetes resources you can use labels these labels allow you to identify describe and group related set of objects or resources they are simply key value pairs that you define yourself in this part definition we see two labels app with the with a value of my app and type with a value of front end note that the app and type keys are not something defined by kubernetes they are defined by you for your application okay but what does labels have to do with selectors well selectors use labels to filter or select objects here we see a selector in this pod definition the selector type is node selector and the key value pair is this type equals super fast okay but how does that work here we have a path definition with the node selector set to this type equals super fast we're telling kubernetes that we want to run this bar on the Node that has a label set to this type equals super fast note a does have such label so kubernetes will schedule the Pod creation on that note the simplest way to picture what selectors do is by comparing them with a SQL query it would be something like select star from nodes where this type equals super fast and this concludes this look at the selectors concept [Music] in this lab we will test the selector concept we have two yaml files here the first one it contains the definition of a pod we will run an nginx web server listening on Port 80. and for the sector concept what is enter is is this section the label section so we have two labels defined here app set to my app type set to front dash n let's take a look at the second yaml file that's the service of name my service it's listening on Port 80 and targeting or redirecting the traffic to Port 80 that the Pod is listing on and let's look at this section selector app my app type front dash n so these are the same labels that we Define right here in our pod definition all right Let's test this concept I'll open a terminal and it will first deploy r by using cubesatel apply Dash F and the name of the yaml file foreign let's now deploy the service Cube CDL apply Dash f myservice.yaml all right how do we know that the service is connected to the Pod how do we know that the selection was successfully made to find that let's get the Pod IP address by using qcdl get pod Dash o wide and let's look at the IP address here 10.1.9.31 all right let's run this command cubectl get EP EB is short for endpoint and here's the name of our service my service so let's run this all right you see D in the endpoints column 10.1.9.31 that's the same IP address let's now try to port forward to that service okay we get an immediate result here and let's uh go to localhost port 8080 and that worked perfect let's go back here to our terminal and let's type Ctrl C to stop the port forward now let's try to break things a little bit we'll open the my app.yaml file and let's change the one of the labels so uh app will set it to my app to control s let's save that file and let's redeploy the file again the Pod again by using cubectl apply Dash F and the name of the yaml file all right let's check the endpoint again is it still working huh look at the endpoint colon none and if we try to pour forward again there's no immediate results so that doesn't work so disproved that both labels must match here the selector here boat labels must match the labels in in the Pod definition so that the selection can work all right let's type Ctrl C to stop this and let's do our little cleanup by deleting the service and then the pod thank you let's take a look at multi-container pods we sign a previous lecture that pass can run one or more containers that there's always a main worker and that the other containers are providing services to that main worker like saving data to a database and writing log files there are scenarios while multi-container Parts make sense and they are well documented in a series of patterns we will take a look at some of them in the next few slides with these sidecar pattern the helper container provides extra functionalities to the main worker let's say that our app writes some log files inside the pod the sidecar can copy these log files to some purchasing storage offered by the cloud provider this way the application code located inside the main worker is not cluttered with infrastructure code that code is located in the helper container and if you move from one cloud provider to another one well you simply replace or update that L per code this keeps your application code super clean our next pattern is the adapter let's say that our main worker outputs some complex monitoring information that the monitoring surface of our cloud provider cannot understand the adapter role would be to connect to the main worker simplify the data for the monitoring service again the code specific to the cloud provider service is located inside the helper container the Ambassador pattern is another type of the men of the middle role let's say that our application code needs to write to some nosql database but the code has no clue on how to do that no problem you can send that data to the Ambassador that in turn will write the data to the nosql data store the code specific to the data store service is located inside the helper container if you're curious about these patterns I suggest you get a copy of the design distributed systems book the other is Brennan Burns Brendan worked at the Google where he co-created kubernetes he now works at Microsoft so how can you define multi-container paths well if you remember the lecture about yellow files you see that the container sections is actually a list this means that you can Define multiple containers are added in yellow you see container number one and in green container number two and when you create a pod both containers will be created at the same time pretty cool here's a quick cheat sheet for multi-container parts so after you created your yaml file you simply use cubectlcreate-f specifying the yaml file name so same thing as creating a single container pod if you want to exec into one of the container you simply use Cube CTL exec Dash it the part name and specifying Dash C and the container name this way you can jump into one of the containers running inside the pod you get the logs for a container using cubectl logs the Pod name Dash C the container name and this concludes this look at multi-container pods let's take a look at some networking Concepts kubernetes is what we call a flat Network as a result most resources inside a cluster can see each other all containers within a pod can communicate with each other all pods can communicate with each other all nodes can communicate with all pods and all nodes paws are giving an ephemeral IP address while services are giving a persistent IP so this is quite important we'll come back to that later let's illustrate the cluster Network in blue here each pod gets an IP address and the containers inside a pod share the same address space the containers inside the same pod share the same IP address but each must be assigned a different port number they can communicate inside the Pod using localhost and the port number they can also share the shared volumes what about communication between pods can the container on the right talk to The Container inside the pod on the left using localhost no they can't they need to go through a service that will front the network traffic for the pod for external access to the cluster traffic goes through a load balancer service offered by the cloud provider in future lectures we'll look at different type of services that we can use in kubernetes and this concludes this quick look at networking Concepts thank you let's create a multi-container pod using a yaml file let's take a look at the yaml file so the kind is part the name will be two dash containers and in the container section we're defining two containers so the first one we'll use the nginx image and we'll name it my nginx and that web server will listen on Port 80. and we're defining a second container using the BusyBox image and we'll name it my box this one will listen on Port 81. and for the BusyBox container to stay up and running we need to tell it to to stay up by issuing a sleep command so it'll stay for an hour what we'll try to achieve is open a session on the BusyBox container and try to hit the nginx container so the the default web page served by the nginx container all right let's try to create our pod here using a cube CTL create and the name of our yaml file okay pad two dash containers created so let's try to see uh if they're running all right two out of two because we have two uh containers running in that pod status running 10 seconds uh the IP address so there's one IP address assigned to the to the pub and denote okay let's try to get a little bit more information by using the cube Ctrl describe pod and the name of the pod let's scroll up a little bit so the name is two containers then space is the default one the node where it's running uh the containers so the first one is my nginx which using a the nginx image we have information about the limits that we set earlier in the ml file my box using a BusyBox image listing on Port 81 right there's a that sleep command so useful information here and also look at the events now so earlier when we add only one container inside a pod we would get just one set of events for polling and creating the container now we have two first one is the Pod was scheduled and the second one here is on the second land line um the nginx image was in the polling state it was Paul created started and then the busy box container was pulled and created okay perfect now let's try to open a session inside our BusyBox container so we'll use Cube CTL exec Dash it okay here's the trick now we need to specify the Pod name and then the container name that we want to to connect to and then the the program that we want to run that's the trick when you have multiple containers you need to specify the Pod name and then the container name all right let's try to do that oh looks good at last yeah it worked okay now we'll use wget to try to hit that default page serve ID nginx web server wget with the this flag and we'll call localhost all right welcome to nginx so that word now Outpost for a couple of seconds and why I'm gonna ask you why did that work why calling localhost worked so that work because let's go back to our yaml file the nginx container is listening on Port 80. right we don't have to specify a import number here if the nginx container would have listened to something different we would have to specify Here Local O's colon and the port number all right let's try to exit this perfect let's now delete our pod using Cube CTL delete and the name of the ml file and by using the force and grease grace period equals zero flag that will kill both containers immediately perfect [Music] this is a super short lecture just to introduce you to the concept of a workload so a workload is an application running on kubernetes all containers running in a kubernetes cluster must run in a workload the Pod is the atomic workload it represents a set of running containers and all workloads will create pods the replica set and the deployment will provide extra functionalities on top of the pod like the ability to Define how many instances of a part we want the stateful set and the Daemon set are specialized workloads and finally the job and crunch up offer tasks that run to completion these are short-lived tasks we will see each of these workloads in detail in the following lectures and this concludes this super short lecture on the workload concept [Music] let's take a look at replica set the replica set primary job is to manage d-pad replicas making sure that the desired number of instances are running this provides the self-e-link capabilities in kubernetes while you can create replica set the recommended workload is the deployment now welcome back to that in a moment so let's say that you want three instances of a pod to run at all time you create a replica set and specify that you want three replicas if for some reason one bird crashes kubernetes will replace it automatically without any human intervention I'm pretty cool eh let's see how to define a Rebecca set by starting with a pod we take the Pod definition except for the API version and kind and we place these values in the template section of the replica set the final result is a replica set yaml file so basically in the section highlighted in green you will find values specific to replica set and under the template section the values that Define the Pod you want to run here you set the desired number of instances with the replicas property again while you can create replica sets the recommended workload to use is the deployment because it provides extra functionalities on top of the replica set so why bother and learn about replica sets well in the deployment lecture you'll see that when you create a deployment that will also create a replica set in the background that's why it's important to learn about the replica sets functionalities here's a cheat sheet for replicasets command you create one using cubectl apply Dash F and the yabl file you get a list of the replicases by using cubectl get RS you get some information about the replica set by using Cube CTL describe RS and the replica set name you delete one using Cube CTL delete if you have the yaml file you specify Dash F and the yaml file name or if you don't have the yaml file simply by using the replica set name using cubectl delete RS and the replica set name and this concludes this look at Olympic assets [Music] let's create three instance of energy next container using the replica set template so let's take a look at our yaml file the type of object we want to create is the replica set this will be the name of the replica set rs-example we want three replicas running uh at the same time and uh we want three replicas of this containers uh name will be nginx and the image nginx uh colon Alpine so it's a smaller version and we Define the resources and also the ports that each is listening on all right let's try to uh create that so Cube CTL apply or create Dash F and the name of our EML file okay we'll pick a set created let's take a look at our running pods and have three pods running okay and look at the names that were um that were assigned to the each of these spots RS Dash example and then is some kind of a unique number here each one must have a different or unique name so each one is ready running and look here each one has a different IP address perfect so let's take a look at our replica sets that we've created so Cube CDL get RS so there's one rs-example um three desired three current three ready everything is green everything's okay Let's uh now describe our replica set so Cube CTL describe RS for replica set and the name of our replica set so let me paste that right let's scroll up a little bit so the name is RS example uh it's running in the default namespace um any labels or annotations are listed here number of replicas that we set so three current three desired and the the current part the status S3 running and zero failed to The Container information so nginx we want to run the nginx Alpine image the sync on Port 80 the limits and so on and this these are the events that were raised here so each pod was successfully created here all right so last thing we need to delete what created using qctl delete Dash F and the name of the EML file thank you let's take a look at deployments we'll start by comparing pods and deployments Buzz don't self-heal meaning that if a pod dies kubernetes will not replace it automatically using a pod definition only one instance can be created and you can't update and roll back pods deployment can a deployment manages a single part template so you create one for each microservice you want to run when creating a deployment this will also create a replica set in the background but while you can see it you don't interact with the replica set directly you let the deployment manage that for you to summarize the replica set provides the self-ealing and scaling functionalities while the deployment provides updates and rollback functionalities let's take a look at the deployment definition you define the desired number of instances with the replicas property this will be used by the underlying replica set you set the number of iteration you need to keep using the revision history limit property and you set the update strategy in the strategy section you can set the strategy type to a rolling update this way kubernetes will cycle when updating the pods the other strategy is recreate kubernetes will take all existing pods down before creating the new ones we'll have a dedicated lecture on this topic later on like a replica set we start with a pod definition and we start the metadata section in the template section of the deployment the final deployment definition looks like this highlighted in green we see the properties specific to the deployment and in yellow the ones defining the Pod we want to run here's a cheat sheet for deployments command so if you don't want to use a yaml file you can create a deployment using the imperative way so you use Cube CTL create deploy you specify a name then with the image property you you specify the image replicas the number of replicas you want to run and you can specify also other properties like the port number that the paths will listen on if you have a yaml file well you simply use Cube CTL apply Dash F and the yaml file you get a list of the deployments using cubectl get deploy and you get the deployment info using cubectl describe deploy and the deployment name since a deployment will create also a replica set you can get the list of the replica set using cubectl get RS and you delete a deployment by using a EML file so Cube CTL delete Dash F the name of the yaml file or if you don't have it simply use Cube CTL delete deploy and the deployment name and this concludes this look at deployments thank you [Music] let's use the deployment template to create three instances of an nginx container so let's take a look at the EML file this time we want to use the deployment Kai type of object we want to create is the deployment we name it deploy example we want three instances three replicas and we want to keep three versions three replica sets versions in the history in site kubernetes I know if you scroll down a little bit we see that we want to run an nginx uh the Alpine version because it's a little bit smaller and we name it nginx we set some resource limits and each pod will listen on Port 80. all right quite similar to the replica set template that we saw earlier except maybe for uh this parameter here all right now let's create our deployment using cubesatel apply or create Dash F deploy example and let's get a list of the pods that are currently running Cube CTL getbots Dash o wide and yes we have three parts three lines here so look at the names uh given to each bot so deploy example that's the name of the deployment object the the name of the deployment object Dash something unique so to make sure that each part has a unique thing kubernetes as a random number like this only one container is running inside each bot uh it's in running State each pod gets its own IP address so that's perfect okay let's now try to describe our pods so we can use the cube CDL describe pod and deploy example name but we just saw that the the names work a little bit different let's see if this works yep it worked it worked because uh the name is share across uh these three parts and so we get information about each one of these let's say I just need the information about that particular part I can use that name uh the unique name also so instead of deploy example I'm gonna use the full name and there it is f uh the information about that pod just that button all right let's now get some information about the deployment currently uh inside my cluster so cubesatel get deploy I have only one deploy Dash example three out of three ready up to date available so everything's uh looking good and I can describe my deployment using cubectl describe the name of the the type of the object and then its name all right so let's go a little bit we have the name the namespace where it's running any labels annotations number of replicas three desired three updated three total three available perfect strategies rolling update okay because we haven't set a running update strategy that's the default one we'll come back to that uh later on the path template nginx Alpine listening on Port 80. right and the events here all right since a deployment will automatically create a replica set let's take a look at the replica set that was created so Cube CTL get RS and for sure we have one replica set that was created by the deployment if we desired three current we're ready everything looks okay and we can also describe our Republic asset since we have only one we can uh use Cube CTL describe RS or we can use its full name we copy that and here I have the replica set description and finally we need to do a little bit of cleanup we delete our deployment using Cube CTL delete and with the name of the yaml file thank you let's take a look at demon sits the demon set is a specialized workload its role is to ensure that an instance of a pod is running on all nodes the paths are scheduled by the scheduler controller and run by the demon controller as nodes are added to the cluster the pods are added to them typical views are running some kind of helper service like a log collection or some kind of monitoring well let's illustrate that in this cluster we have two nodes and the demon workload ensures that an instance of a pod is running on each one of these nodes so you define a demon set in a yellow file you can specify that you don't want to schedule a pod on the master node by using a toleration same thing if you want to run the part on specific node pools here's a cheat sheet for the demon sets command so you create a demon set using a yaml file with the cube CTL apply Dash F command you get a list of demon set using Cube CDL get DS you get some information about the running demon set using cubectl describe DS and the name of the demon set and when you want to delete a demon set you either use a yaml file using cubectl delete Dash F and the name of the yaml file or the name of the running Daemon set by using Cube CTL delete DS and the demon set name and this conclude this look at demon sets [Music] let's run a BusyBox image as a demon set to ensure that we have one instance of that container running on each node in our cluster so let's take a look at the yaml file all right the kind is demon set we give it a name demon set Dash example and the container that we'll run is a busy box and here in the Toleration section we specify that we don't want to schedule a demon set on a node role that is mastered so we don't want to to run that demon said that the Busy box uh on the control plane on the masternode all right Let's uh deploy our demon sets so here I'm I'll be deploying that demand set on a cluster in the cloud that has three nodes because if I would try to do that on Docker desktop with just one note won't be interesting so let's try to do that doesn't matter what cloud provider I'm using right now okay uh let's uh get a a cube City I'll get parts we'll come back to uh the rest just after that so here I have three uh Parts demon example with a unique name here let's uh add the dash oh wide a flag Let's uh examine the node column so you can see that each pod is running on a unique node so 0 3 and 4 here and this selector is interesting because it if you have multiple objects you can basically filter out or just select what you want so here selector says the app uh equals the demon set example that's the name of our object here so that word one instance of our busy box is running on each node let me add a fourth node all right so my note count is now four let's go back to visual studio code and let's rerun uh the get paths command and for sure I have a Ford instance of my BusyBox container running as a demon set on the new note without me doing anything it was deployed automatically because I selected the demon set object type now we simply need to delete that demon set using a cube CTL delete [Music] let's take a look at stateful sets let's say that you run a database inside your kubernetes cluster traffic gets higher and you need to scale that database so you create more instances the main one can read and write while the other instances are in read-only mode and use replicas of the main database this is a complex scenario to implement the stateful set role is to help you solve this complex problem for parts that need to maintain state and unlike a deployment a stateful set maintains a sticky identity with a persistent identifier for each of the pods and if a part dies it will be replaced by another one using the same identifier the stateful set will create the parts in sequence and delete them in reverse order typical use are for Network related services that maintain some State and also for databases each pod gets a unique identifier using the stateful set name plus the sequence number and if one dies it is replaced by a new one but with the same identifier the pot creation is done in a ordered way meaning that the first one will be created then the second one and so on and when they are deleted they are deleted in the reverse order note that the persistent volumes are not automatically deleted foreign set you need to use a needless service you define one by setting the cluster IP value to none the stateful set will then refer to the atlas service and you define cloud storage in the volume claim templates section let's represent this slide as you can see only the first spot lets you read and write so how can you reach it if you want to write to the database well you use the pad network name in this case the instance name my SQL Dash zero plus the service name so dot MySQL when reading simply use the service name this will load balance the calls across all instances a bit of warning here containers are stateless by default and stateful sets are offering a solution for a stateful scenario but a lot of work has to be done on top of that a better approach might be to use the cloud provider database Services instead of trying to fit a stateful scenario inside your kubernetes cluster lastly deleting a sitful set will not delete the PVCs you have to do this manually here's a cheat sheet for stateful set commands so you create one using the cube CTL apply Dash F and the yaml file you get a list of set full sets using cubectl get STS you describe one using cubectl describe SCS and the set for set name and you delete a simple set using the delete command either using a yaml file or the name of the stateful set and this concludes this look at stateful sets [Music] let's now create a stateful set let's take a look at the state we'll set that EML file there are two parts in this CML file the first part is the creation of the Headless service the the kindest service but the trick here is to set cluster IP To None like this this will create an endless service all right second part is to create our stateful set so the kind set will set give it a name nginx Dash SCS and here we're referencing our Atlas service here so the name of our Atlas service assigned to the service name property we want three replicas right of a nginx image and we're creating a claim on a search class name called Azure file so the cloud provider here is not important that will work on any cloud provider so I already have a search class name called Azure file we'll use the read write once access mode and we'll use when when gigabyte of storage and we'll Mount this to a folder in VAR www all right so let's create our Seattle set here Cube CTL apply Dash if stateful set Dot yaml and quickly let's do a cube CTL get but a white and here you can see that the first instance is running the second one is running the third one is pending so each instance will be created in a sequence so the first one zero the second one one the third one two you can see by the age of each instances so 19 seconds 14 and 9 seconds they are created in a sequence and deleted in a reverse order also here we can see that um there's an IP address assigned to each of these let's take a look at the PVCs we should have a PVC for each of these instances and yes SCS 0 1 and 2. so uh we can do a mapping one to one here so for uh scs0 we have a PVC call also scs0 to prove that let's uh describe the second one let's say so Q the L describe paths and the number two and let's see what the PVC is assigned what claim is assigned so here the volume claim name scs-2 awesome okay what we'll do we'll create a file in the in that instance the instance number two and we'll delete the the Pod the Pod will be recreated automatically and we'll see if the file still exists we'll also modify the default web page served by nginx and see how we can reach that that file the default web page from another instance so let's open a session on the nginx CS2 perfect Let's uh CD in VAR are volume and let's uh simply type Echo and pipe that to a file called echo.txt I do it LS my file is there get Hello dot txt yeah perfect okay first step creating that file uh Second Step modifying the default web page let's CD into the user chair nginx HTML folder and let's do an LS here so here's the default page served by nginx index.html we will brutally replace that file by using cat and piping that to the file name and typing hello enter Ctrl D on Windows to save the file the file is there if I simply do a cat index.html yeah okay the file has been brutally replaced okay we'll close our session on this instance so scs2 let's close our ins our session and let's open a session on the instance zero okay awesome let's try to it that default HTML page but on the instance number two so nginx as CS2 so to do that we'll need to use the web the web address nginx scs2 so that's the name of the instance dot the name of the atlas service and that word would only the hard name word no you need a combination of boat the instance name and the atlas service also all right let's exit our session here okay let's try to delete uh the uh instance number two okay let's do a q that's CTL get but we have a new instance uh that was created uh seven seconds ago but the uh the name of the instance is still the same so instead of a random number here by using a stateful set this will ensure that the names will be the same okay so let's open a session on the instance number two let's LS far and here's our file awesome let's do our cleanup so we'll delete the stateful set and we need to manually delete dpvcs because simply deleting this table set will not delete the PVCs so let's do that [Music] let's take a look at jobs are for short-lived task workloads you start a job it executes and succeeds or fails so job don't say memory they don't wait for traffic a job creates one or more pod and ensures that a specific number of them successfully terminate the job tracks the successful part completions and then marks the job as complete when the desired number of completion is reached when using multiple Parts the job will create them one after the other they can also run in parallel this is a job definition you define how many paths you want to run at the same time you can set a deadline if needed and the number of completions to reach to Mark the job as complete and you should set the restart policy to never so here's a cheat sheet for the jobs command you create a job the imperative way using Cube CTL create job the job name and the image name using the declarative way with a yaml file you use cubectl apply Dash F into the yaml file name you list the jobs by using cubectl GitHub you get some information by using cubectl describe job and the job that is currently running and you delete jobs with either a yaml file using cubectl delete Dash F or with the job name Cube CTL delete job and the job name and this concludes this look at jobs thank you in this lab we'll create a simple job so let's take a look at the chub yaml file so the kind is chopped so that's the type of object we're creating uh the name we're giving it hello and what we will run is a busy box container and when the container starts it will Echo uh hello front the job perfect something sip simple Let's uh run this Cube CTL apply with the name of our yaml file perfect the job was created okay let's get a list of the jobs there's one hello completion one so it ran and duration was two seconds okay let's do a cube CDL describe job since we have only one job that will do the work if not we can type the job name hello and uh but but let's take a look at name hello namespace default annotation and so on and so on it ran One Time One succeeded so that's our container successfully create and complete it perfect now we can get a list of the pods using cubectl get that and this is uh the Pod that was created to run the job it's still there you see the status completed but it's still there so we can get to to examine the log in case something went wrong so we can do Cube CTL logs and the name of the part here hello from the job that worked so let's do our cleanup let's delete the job is deleted do we have any uh Parts left none any chops left none perfect [Music] let's take a look at crunch apps a crunch up is a workload that runs jobs on a schedule it's an extension of the job that we saw in the previous lecture the schedule is defined using a crown like syntax in UTC and you can get more information about the crown syntax in this Wikipedia page here's a crunch out definition you set the scheduled parameter to a cron schedule so how do you know if a crunch up ran successfully well you need to look at the job history by default the last three successful jobs and the last fill job are kept the paths will be in a stop State and you'll be able to look at their logs foreign if you don't want to keep any history you can set the successful job history limit to zero so here's a cheat sheet for the crown job commands you can create one using the imperative way and if you have a yellow file you use the cube CTL apply Dash F and the name of the yaml file you can get the list of decron jobs currently running using cubectl get the CJ you can get some information with the cube CDL describe CJ and you delete the crunch up using its CML file using Cube CTL delete Dash F and the yaml file name and if you don't have the yellow file name you can delete it using cubectl delete CJ and the crunch up that is currently running and this concludes this look at run jobs [Music] so let's create a crunch up we'll take a look at the yellow file kind is the crunch up I'm going to name it hello Cron and we will give it a schedule only Stars which means that it will run every 60 seconds every minute that's the default and we're going to run a busy box image and we it will Echo this string okay so let's create our job using cubectl apply and we can get a list of the crown jobs using cubectl get print jobs okay so here we have the name the schedule if it's suspended it's if it's active the last last time it ran and we can get some information using cubectl describe run job and we pass the its name hello Dash Cron here this is super useful for troubleshooting the name the default name space it runs on in the default namespace we have the schedule here how many jobs does it keep in its history how many failed job is kept also the the command that will run oh you can get a list of the pods okay uh one per Ran So elocron with a unique uh value here so it has uh completed I'm gonna pause um to let it run a few times all right uh the job ran three times well it the last one is still uh running uh container creating Let me refresh that so it's completed okay now we can get the logs by using cubectl logs and then the job name dpod name so hello from the crown chart so by default the last three run of the job are kept in the history and you can configure that in the yaml file let's delete our crunch up here perfect and if again we type Cube CTL get pads uh all the parts in in the history basically are also deleted when you delete the crunch up [Music] let's take a look at rolling updates in a previous lecture we saw that using deployments you can set the number of paths instances using the replicas parameter and set a number of previous iterations of the deployment to keep in kubernetes we also saw that there are two update strategies running a date and recreate recreate is quite simple kubernetes will shut down all the running paths and create new ones after that running update will cycle through updating parts all right let's illustrate that using recreate all previous paths are deleted and the New Path will be created after that this means that there might be a small period of time where your microservice might not be responsive using the routing of this strategy a pod is deleted and replaced by a new one then the next one and so on there are two values that you can set to help you with this process Max search will tell kubernetes how many parts can be created over the desired number of pods let's say that you you want three instances in total setting Max search to 1 will allow creation of one additional pod on top of these three desired ones and this while the rolling update is running Max unavailable is the opposite is the maximum number of pulse that can be unavailable during the update process note that if you don't specify an update strategy in the deployment manifest communities will use a default strategy of running update with Max Surge and Max unavailable both set to 25 percent so let's say that we want three instances of a bot and we set max search and Max unavailable to 1. we're telling kubernetes that it's okay to create one additional part on top of the three desired one and that's it's okay to have one part less than the three desired one when done the previous replica set is kept you set how many you want to keep with the revision history limit property here's a cheat sheet for running updates you create of course your deployment using cubectl apply Dash F and the name of your yaml file you get the progress of the update using cubectl rollout status you get the history of the deployment using cubectl rollout history deployment and the deployment name you can roll back a deployment using qctl rollout undo and the deployment name that will roll back to the previous version or if you want to roll back to a specific revision number you add the two dash revision parameter and this concludes this look at running updates [Music] in this lab we will create a deployment and later on update it to a new version using a rolling update so let's take a look at the yaml file the kind of object we're using easy deployment call Lo Dash dab we want three replicas and we're using a rolling update strategy here and setting a Max search to 1 and Max unavailable to one we will deploy a container called Lo Dash app yeah hello app and uh that'll be version one and later on we will update it to version 2. okay so let's create our deployment here okay we can get a the deployment status by using Cube CTL rollout status and the deployment name uh the deployment was successfully rolled out let's take a look at our pods running okay so I have three instances perfect yellow depth uh three times excellent let's describe the uh the deployment so Cube CDL describe uh deploy and the deployment name and let's try to find if we can get some information about the strategy yeah here it is rolling update strategy Max unavailable oh wow the strategy type is right here uh rolling update running update strategy Max and available One Max search to one so you can get that information that we set earlier in the yml files okay let's now see if we have a replica set here's our replica set and let's Now update our yaml file and change the version of Hello app to version 2. so just update to 2 and save the file and we will use cubesatel apply and with the same yaml file now what I'm going to do how I'm using right now A K9s it's a terminal dashboard in a terminal sorry and to get the visual view of what's what will happen basically so right now I have three parts in green these are the ones that are deployed let's apply our new deployment I'm going to switch quickly to K9s and you can see oh it happens so fast but is you saw that the the new pods were were created and the old ones were uh were shut down all right here I can have a a deployment status everything's fine if not we would have uh some information if the deployment would take longer we would have some information printed here okay how many uh replica sets do we have we have two uh the the current one so that's the current one and the previous one by default uh three uh versions are kept uh in history we can get the deployment history by using cubectl rollout history and the deployment name okay version one for version two okay we're at version two and um we want to downgrade basically our roll back to the previous version so you can do that by using Cube CTL rollout undo and the deployment name so by default it will roll back to the previous version or if you have multiple versions and you know what version you want to roll back to you can specify the flag to revision and the revision number as we see here foreign let's do this one well either one will do the same thing okay let me switch to K9s and see what's happening oh the other one the the older while the version two is uh terminating new version is created and we can get a deployment status here everything successfully wrote okay Let's uh now take a look at our replica sets so we still have two right the current one is now the the first one that we uh that we deployed all right and we can do our cleanup by deleting the deployment using the yaml file [Music] let's take a look at blue green deployments so let's say that version 2 of our macro service contains some breaking changes like a different database schema what do you do using the rolling update strategy you'll have both version 1 and version 2 of your app running at the same time that might not work at all so using the blue green deployment pattern that might help solve that problem blue identify what's in production and green identify a new version currently deployed but not yet in production notice that the pulse label contains the version number when ready simply update the service definition to point to the new version and now green is now in production so green becomes blue and blue becomes green oh great this means that this pattern is solving the new database schema problem well not entirely you may still have to deal with some downtime while you update your database and also another drawback is that since both version of the macro services will be up and running at the same time you need to have enough free resources in your cluster to make this possible and this concludes this look at the blue green deployments pattern [Music] in this lab we'll create a blue green deployment we have three yaml files here so let's take a look at the lodep V1 it's a deployment we want three replicas of a container of a an image called Hello app 1.0 and here we're setting a label of app lov1 now let's take a look at the second one it's basically the same thing so deployment three replicas but it will use version 2 of our hello App application and we're setting the this label Here app to lov2 all right let's take a look at our cluster IP manifest file so it kind of service and here's the selector app hello V1 we will deploy that and later on we will change the cluster IP manifest to point to the newer version okay so let's deploy version one of our pods and let's also deploy our cluster IP service so let's take a look at the list of the paths currently running there are three pods and also there should be uh if I type Cube City I'll get SVC one cluster IP as we see front that's the one I just deployed perfect so let's do a quick port forward to uh to connect to our cluster IP service so we'll port forward uh the port 8080 that the cluster IP is listening to to localhost 8080. here cubesatel port forward service the name of our service 8080 28080 and let's hit local OS on port 8080 here okay so here hello world version 1.0 excellent day okay let's now deploy version two so uh right in my phenomenal I'll hit Ctrl C on my windows keyboard to break that and uh gain my terminal back perfect let's deploy version two okay and let's get a list of our pods currently running should be six so I have both versions uh in memory at the same time okay so that's one of the drawback of this uh this technique this blue green deployment technique okay let's now it did the cluster IP manifest file so we're we will change the selector to select app on Lo V2 let's save the file and let's update our cluster IP service by using cubectl apply and the name of the yaml file yes okay Let's uh port forward again right let's hit that local OS again and there you go V2 it worked let's do a little bit of her clean up uh let's delete our first deployment our second deployment and also decluster IP service you can select the three lines at the same time [Music] let's take a look at the concept of service in kubernetes first what problem do Services try to solve well if the pod in green need to reach the pod in purple you need to use its IP address the problem is that pass yet ephemeral IP addresses if the part in purple dies well you replace it and the new one will have a different IP address so we need a way to make these calls between pods a lot more robust so back to the service what exactly is the service well it's a kubernetes object that you define in a yaml file but on my pods that have ephemeral IP addresses Services get durable IP addresses and also they get DNS names they serve as ways to access Parts they're kind of a middleman and the target pods using selectors here we have four pods and a service the service select the pods that have the Zone label equals to prod and the version label equal to one the first part satisfies the selector the second one also but not the third one and not the last one so only the first two are selected so let's say we have two instances of a pod and we place a service in front of them if another part needs to reach these ones it will go through the surface and then the service will load balance the request to the instances in kubernetes we can use these Services the cluster IP the node port and the load balancer note that the cluster IP is the default service we will look at them in more details in the next lectures and this concludes this quick look at the concept of services in kubernetes [Music] let's take a look at the cluster IP so what is a cluster IP well it's the default service in kubernetes its visibility is cluster internal this means that it's not possible to use a cluster IP service to reach a macro service from the internet from outside the cluster in the cluster IP definition you can set two different ports Port is the port that the service will listen on and Target Port is the port that deselected pods are listening on so the cluster IP will route incoming traffic to that board in this CML file the service listens on Port 80 and Route the traffic to Port 8080. traffic is load balanced across the selected paths so when do you use a cluster IP service well to provide a durable way to communicate with pods but from inside the cluster so let's illustrate this here we have a cluster IP service fronting three instances of a pod it's impossible to reach it from outside the cluster but it's okay it's visible from inside the cluster this cluster IP will listen on Port ad and select the paths using these two labels since the selected pods are listening on port 8080 the service Target Port must also be set to 8080. this way the parts in green that want to communicate with the ones in purple well they go through the cluster IP service on Port 80 and the service route the traffic to Port 8080. so let's say you have multiple Marco Services uh you place a cluster IP in front of each of them because a cluster IP service IP address is durable while the pods ones are ephemeral here's a cheat sheet for cluster IP so the first two commands are imperative commands let's say you already have a pod running and you want to expose it using a cluster ID so you would use Cube CTL expose Oh short for path the Pod name specifying the the port and the Target Port and you can also give a name to your to your service if you have a deployment you can also use Cube CTL expose deploy the deployment name specifying the port and the target board so both commands are imperative commands if you have a yaml file you would use Cube CTL apply Dash F and specifying the EML file name you can get a list of the services running using cubectl get SVC I get a little bit more information specifying uh the flag Dash o and wide you can also describe the service using a cube CTL describe SVC and the service name and you can delete the cluster IP service using the yaml file with the cube CTL delete Dash F and the name of the yaml file or cubectl delete SVC and the name of the service and this concludes this look at the clusterity [Music] in this lab we will deploy an nginx container front it with a cluster IP service and then deploy a BusyBox container open a session on that BusyBox container and try to hit the web page served by the nginx container but through the cluster IP service all right let's take a look at our yaml file we'll start with the deployment one kind is a deployment we want three instances of the Pod and we will run the nginx image the Alpine version and it will list it on Port 80. now we're setting two labels here and the cluster IP service will you will select uh the pods using these two labels so app example environment prod all right let's take a look at our cluster IP kind service it's gonna listen on port 8080 and it will redirect the traffic to Port 80 on the nginx containers all right the selector is here so app example environment broad so that will select our pods uh in our deployment perfect so let's try to do that first let's uh deploy the service and let's deploy the nginx containers let's also deploy the busy box and we can take a look at this it's a kind of pod the name is my box and uh it'll run a busy box image okay so now let's get a list of our Bots currently running we should add four one two three four so the first three ones are the deployment the nginx images and the fourth one is the BusyBox all right let's try to connect to the BusyBox container open a session by using cubectl exec my box Dash it and the name of program we want to run perfect at work by type LS yep okay let's try to use the service to reach the nginx pods so wget and HTTP SVC example colon 880 so let's try to run that and see if it works okay that worked why did it work so what is that name here if we go back to the cluster IP definition that's the name of our service and it's listening on Port 8080. the service name Colin d uh the port that is listening on and that's it we can now exit our session on our busy box and we can delete our resources the cluster IP the deployment and the pod thank you [Music] let's take a look at the note Port service what is a note port a noteboard extends the cluster IP service and provides extra functionalities its visibility is internal like a cluster IP but also external to the cluster you can set a third port using the note Port property this is the port that the service will listen on outside the cluster note that the port must be in a range between 30 000 and 32 767. and if you don't specify a note Port value well kubernetes will assign one randomly you then set the port and the Target Port Properties like you do with a cluster IP this sounds like a good way to expose our macro services to external traffic but this range between 30 000 and 32 767 it's kind of annoying because you can't set it to let's say port 80. and One requirement for using note ports is that nodes must have public IP addresses to access your service simply specify any node Port IP address plus the note port and the traffic will be routed to the right note Port service inside the cluster the way it works is that you set the pods and the service just like you did before with the cluster IP but this time you also specify a port number in the note Port property external communication uses the node IP address and the port set with the node Port property internal communication uses the port set in the port property just like a cluster IP now let's take a look at our note Port cheat sheet if you already have a pod running in your cluster and you want to expose it using a note Port service simply use the cube CTL expose bow the Pod name specifying the port and the Target Port and the note Port as the type now you may wonder where do you specify the note port number well you can't there's no properties letting you set know that value between 30 000 and 32 767. so communities will assign one randomly for you same thing for a deployment let's say you have a deployment already running in your cluster and you want to expose it using a note Port you use cubectl expose deploy the deployment name Port Target Port type which is note port and you can specify your name also you can define a node port in a yaml file and deploy it using cubesatel apply Dash F the name of the yaml file you list the services using cubectl get SVC get more info adding Dash o wide he can describe your service using cubesatel describe SVC and the service name if you have a yaml file you can delete it using the that file using cubectl delete Dash F the name of the yaml file or you can delete your service using its name with qctl delete SVC and the service name and this concludes this look at the note Port service [Music] in this lab we will expose a deployment using a note Port service we have two yable files let's take a look at them the first one is for the deployment we will deploy an engine X image the Alpine version listening on Port 80. and we will need to replicas perfect let's take a look at the noteboard yaml file kind is service and the type is noteboard and the selector will select our deployment and here we set our node Port 32 410 okay now let's open a terminal and we'll start by the deployment cubesatel apply and our yaml file next our service Cube CTL apply noteboard.yaml awesome let's make sure that our pods are running Cube CTL getbots Dash o wide awesome two parts two instance of our nginx container all right now since we're using Docker desktop the docker desktop node is mapped to local OS to reach the note Port service we need to use local OS plus the note port let's try that local Post 32 410 and it worked awesome Now when using a cloud provider you would need to get a node IP address instead of using the Local Host you would get that IP address by using cubectl get nodes Dash o wide and here in the external IP address colon you would find the external IP address of the node awesome let's do our cleanup let's delete our note port and our deployment [Music] let's take a look at the concept of surfaces in kubernetes what problem do Services try to solve well if the pad in green need to reach the purple one it needs to use its IP address the problem is that pods are ephemeral if the purple one dies you need to replace it and the new one will have a different IP address we need a way to make these calls between pods more robust so what exactly is a service a service is a kubernetes object that you define in a yaml manifest unlike parts that have ephemeral IP addresses Services gets durable IP addresses and a DNS name they serve as a way to access paths and they target pods using selectors here we have four pods and a service the surface selects the paths that have the Zone label equals to prod and the version label equals to V1 the first part satisfies the selector the second one also but not the third one and the last one only the first two are selected let's say that we have two instances of a pod and we place a service in front of them if another part needs to reach these parts it will go through the service and the surface will load balance the requests to these instances in kubernetes we can use these services D cluster IP the note Port the load balancer and the Ingress the cluster IP is the default service its visibility is internal only the note Port can expose a pod outside the cluster the load balancer and the Ingress are similar Services they let you expose applications outside of the cluster one operates at D layer 4 and the other at layer 7. L4 L7 what's that download balancer operates at the layer 4. that's the TCP transport level so that's very low in the transport stack it means that the load balancer can do simple operations like round robin routing the Ingress operates at the higher level in the transport stack think of protocols like HTTP or SMTP it's more intelligent so you can configure complex routing rules okay no worries if this sounds complex for now simply remember that an Ingress is like a load balancer but more intelligent and this concludes this look at the concept of services [Music] in this lab we will create a load balancer service but you may be may be asking yourself we're not using a cloud provider right now how can that work well Docker desktop is helping us it will emulate the load balancer service so we can test our load balancer locally awesome let's take a look at the application it's a simple deployment we want to replicas two instances of an nginx image super simple and the the load balancer yaml file kind is service the type is load balancer it will listen on port 8080 and redirect traffic to the Pod that is listening on Port 80. all right all right so let's open a terminal okay and let's deploy the app and the load balancer perfect let's make sure that our pod are running by using Cube CDL getbots yes I have two uh my coupons are here perfect now to get the IP address of the load balancer we use Cube CTL get SVC Dash o wide foreign S as the IP address using a cloud provider load balancer service you would find here instead of local OS the public IP address of the load balancer so let's test this open a browser and type localhost 8080 and that works we reach our nginx pod awesome let's do our cleanup let's delete our load balancer and our application [Music] this is an introduction to the persistent Concepts in kubernetes we saw this slide earlier containers are ephemeris and stateless and any data stored in them is deleted when the container is destroyed so we need to find a way to store data outside the containers if you want to keep that data so volumes let containers store data into external storage systems these are storage services offered by the cloud providers Defenders create plugins according to a specification called the container storage interface and there are two ways to use storage in the cloud the static way and the dynamic way we have separate lectures on these later on all right the cloud providers create plugins to expose their storage Services as persistent volumes and storage class these two are kubernetes objects next we will look at the static and dynamic ways [Music] let's see how to use the static way persistent volumes or PV and persistent volume claims are PVCs are two kubernetes objects that lets you define and use external storage a purchasing volume represents a storage resource that is available cluster wide and is provisioned by the cluster administrator you then use a persistent volume claim to claim the persistent volume a part will then use the PVC to mount a local folder PVCs can be used by multiple parts and inside the parts all the containers are sharing the same volume there are many persistent volumes plugins available some are offered by the cloud providers the one highlighted in yellow called hostpath is a special one it's a plugin available with kubernetes that allow you to do local testing and it's not mapped to a cloud provider storage service it will not work in a multi-node cluster but it's super useful for local testing here's the main drawback of persistent volumes let's say that the cluster admin provision 100 gigabytes of storage and that the Pod only requires a small portion of this storage let's say just one gigabyte of that 100 gigabytes in total so just one gigabyte well too bad for the other pods because the volume is used exclusively by the Pod who has the claim on it this can be a waste of precious resources and we will see how storage class get around this problem in the next lecture okay in the meantime let's focus on the PV and the PVC you first select the cloud provider storage service you want to use then you create a persistent volume and set the required capacity let's say here 10 gigabytes you then create a PVC so a claim that refers to the persistent value and finally you use the PVC from your pod and mount a local folder on it there's an inputs and property that you must be aware of it's the reclaim policy set a delete all data will be lost when the claim on the volume is released and this is the default value so be aware of this if you want to keep your files when the PVC is released you have to set the reclaim policy to retain again the default value is delete so be careful and be aware of this there are three access modes possible using read write mini the volume can be mounted as read write by many parts using read-only mini the volume can be mounted read-only by many parts and finally with read write once the volume can be mounted as real read write Sorry by one single path and the other parts will be in read-only mode this might be useful if you have a main worker that writes data and the other pods simply read the data you define a person in volumes using the purchasing volume kind and you specify the capacity the access mode and the reclaim policy in the spec section in this example the ospad plugin is used to access local storage remember to only use hostpat for local testing and refer to the storage provider documentation and on how to create a persistent volume specific for their storage service you then Define a claim so a persistent value claim making sure that the access mode match the one set in the processing value in this case the claim is for 8 gigabytes out of the possible 10 gigabytes set on the persistent volume this means that no one can claim the remaining two gigabytes until the claim is released in the volume section of your pod definition simply refer to the PVC and mount a local folder on it a persistent volume can have these states available meaning that the resource is free and not currently in use bound the volume is bound to a claim so it's in use it's not available anymore release the claim has been deleted but the resource is not yet reclaimed by the cluster and finally failed well something's wrong here's a cheat sheet for the PV and PVC commands using a yaml file you can create either a PV or PVC by using cubectl apply Dash F and the name of the yaml file you get the install persistent volume using cubecti Cube CTL getpv the claims using cubectl get PVC you can describe them cubectl describe PV or PVC with their name you can delete them using their yaml file cubicle delete F and the name of the yaml file or by using their name so Cube CTL delete PV and the PV name or the PVC name and this concludes this section as the static way next we'll take a look at the dynamic way [Music] in this lab we will create a persistent volume a persistent volume claim and use a pod to mount a local folder on that storage we will create that in Docker desktop locally using the host path plugin all right so let's first take a look at the persistent volume yaml file the kind is purchasing value we give it a name pv001 and a storage capacity 10 megabyte access mode read write once and we set the processing volume reclaim policy to retain and use that host Pat plugin here and to map to a folder in the docker desktop virtual machine to data here all right let's take a look at the PVC kind persistent volume claim we give it the name my claim read write access mode must be the same as the PV persistent volume so let's double check read write once on the PV read write once on the PVC awesome we request 10 megabytes of storage so we record the full capacity we could have chosen a lesser value if you want all right let's take a look at the Pod now so it's uh the kind of pod it's a busy box and uh we make a reference to the claim here in the volumes section we give it a name and we reference the persistent volume claim called my claim this guy here okay and we use that name mypd and we mount it to a local folder called demo we should see magically appear a folder called demo inside our BusyBox container okay let's deploy our persistent volume right percent in volume pv01 created awesome let's look at the PV qctl getpv name pv001 capacity 10 megabyte read write once reclaim policy to retain it's available it's not claimed uh awesome so let's now deploy the claim the PVC persistent volume claim my claim created awesome Cube CTL get PVC my claim it's bound to the volume called pv001 capacity 10 megabytes read write once and let's again take a look at the PV to see if something has changed yep it's now bound the status is bound to the claim called my claim running in the default name space awesome so let's now uh deploy our pod okay my PC box was created let's connect to it using Cube CTL exec the name of the instance so the Pod Dash it and the program you want to run so let's do NLS and see if we see a demo folder and there it is we have our demo folder Let's uh CD into that folder and let's create a a file inside cat and we'll pipe that to uh lo.txt let's type hello world world uh if I can type Ctrl D to exit and save the file Let's do an LS to see if the file was created perfect okay let's exit this session and now let's delete the pod let's delete the part by using cubectl delete Dash F pod and since the busy box takes uh 30 seconds to shut down we will force it to do it right away we don't want to wait okay Let's uh deploy it again well Cube CTL rctl get the pods no resource awesome it's really dead Let's uh deploy it again okay Let's uh open a session CD demo LS all right and let's get that file hello a car cat cat nut car hello world awesome it worked Let's uh exit our session let's now do our cleanup we'll delete our bud and then we will delete the PVC right and then the PV so you can't delete the PV before the PVC well you can issue the command but the the command will be in kind of a weight State uh until uh the PVC has been released [Music] let's continue our journey into persistence by looking at the dynamic way so here's a new object the storage class and the search class represent a storage resource that is available cluster wide and is provisioned by the cluster administrator you don't have to set a capacity and it eliminates the need for the admin to pre-provision a persistent value now compared with processing volumes where once a claim has been made the remaining capacity becomes unavailable well the storage class can support many claims many persistent volume claims so you first select the cloud provider storage service that you want to use you create a storage class so here no need to specify a capacity then you create a PVC the claim that refers to the storage class and now you specify the required capacity and finally you use the PVC in your pod and mount a local folder like a persistent volume there's an important property that you must be aware of it's the reclaim policy set at delete all data will be lost when the claim is released and it's the default value also like the persistent volume so be aware if you want to keep your files when the PVC is released you have to set the reclaim policy to retain again the default value is delete again three access modes possible and they are set using the PVC not the storage class read write mini the volume can be mounted as read write by many pods read only mini the volume can be mounted read-only by many pods and lastly read write once the volume can be mounted as read write by a single part and the other parts will be in read-only mode useful if you have a main worker that writes data and the other pods simply read the data so you first start defining a storage class specifying the cloud provider driver with the provisioner property and additional settings in the parameters section so refer to the source provider documentation on how to create a specific storage class further storage service you then Define a PVC specifying an access mode and the source capacity required in this claim uh the claim is for 5 gigabytes but more PVCs can be created over that storage class then simply refer to the PVC in your path definition and map a local folder on it in summary the main benefits of a storage class versus a purchasing volume is that with a storage class you don't have to define a capacity and multiple Claims can be made here's a cheat sheet for storage class at Men's so you create your storage class using a yaml file using Cube CTL apply Dash F and your the name of your yaml file you get a list of your storage classes or PVCs using get the SC for search class and get PVC you get the search as information by using cubectl described as C and the class name you delete your search class and PVC using cubectl delete Dash F and the yaml file name or you delete your search class using delete SC and the class name or delete PVC and the PVC name and this concludes this section about persistence using the dynamic way [Music] let's see how to store configuration values using config Maps in a previous lecture we saw that it was possible to place configuration values directly in the environment section of a pod definition but what if we need to change that value well we have to edit the Manifest and redeploy the container also usually it's not a best practice to tie an object with its configuration so how can we externalize these values the config map object allow you to decouple and externalize configuration values the key value pairs are then injected in the containers as environment variables they can be created from yaml files a series of text files or even folders containing files they are static meaning that if you change the value the containers that refer to these values have to be restarted to get these refresh values using a yaml file you define a config map and place the key value pairs in the data section you can even specify multi-line values using the pipe character in the EnV section environment section of the container definition you define an environment variable and by using value from an config map key ref you reference the config back name and the key as defined in the config map so in the config map key ref section name refers to the config map name and key refers to a key in the config map earlier I mentioned that this is a static process meaning that the values are injected when kubernetes starts the container this means that if you make a change to a config map value inside the container the original values stay the same until you restart the container to get around this you can map a volume on a config map Yes you heard it right mounting a volume this solves the static issue and updates are reflected in containers each key value pair is seen as a file in the mounted directory so we start with a config map then use a volume to mount it to a local folder inside our pod our container the result is that all key value pairs are now scenes as file the name of the file being the key and the value being inserted in the file while this sounds cool it also means that you'll have to refactor your code so instead of reading environment variables you'll have to read files so is it worth it you'll have to figure out that by yourself here's the config Maps cheat sheet so if you're adventurous you can create a config map from the command line that's the imperative Way by using Cube CTL create config map you give it a name and with the from Dash literal parameter you specify the key value pairs so you can specify multiple key value pairs of the same line or you can use a good old yaml file and use cubectl apply Dash F and the name of your yaml file you can create a config map using cubectl Create CM specify your name and specifying a the name of a text file containing multiple key value pairs also you can create a config maps from a folder so if you have multiple files inside your folders you can create a config map from that you can get a list of the config maps by using cubectl getcm you can output the config map in a yaml file by using cubectl get CM the name of the config map and the dash o parameter with the yaml and you can pipe that to to a file name of course you delete a config map by using its yaml file using cubectl delete Dash F and the name of the yaml file and this concludes this uh look at config Maps [Music] in this app we're going to create a config map and use a pod that will reference a value stored in that config map let's take a look at the config map so the kind is config map we have a name cm-example and in the data section we have two key value pairs date as set to Michigan and City and our board all right so let's now take a look at our pod tiny spot uh it's a busy box and here in the environment section we declare in environment variable that we will call City and we are getting the value from a config map key ref right and we specified the name of the config map so cm-example that's the name of the config map and the key is City so here that's the key right there okay again environment section we Define a new environment variable that we will call City we get the value from config map key ref specifying the name of the config map and the key awesome let's create our config map okay Cube CDL gets cm to get information about our config map so CM example two data okay that doesn't give us much information well about the data itself so let's do a cube Studio describe config map CM example okay we have the name the namespace where it is any labels annotations and here we have uh the data section City and Airport State Michigan and if for some reason you want to Output that as a yamo uh Cube CDL get config map the name of the config map Dash o output in yaml uh to recreate the config map using this let's now deploy the pod or BusyBox perfect let's open a session Cube CDL exec my box Dash it and the program you want to run and let's display the city environment variable let's Echo that Echo dollar sign City and there it is an arbor so that worked foreign exit and we can do a little bit of cleanup we can delete our config map and we can delete our busy box spot [Music] let's see how to use the secrets object in kubernetes you will find many times of Secrets types the default one is the OPAC type and it is very similar to the config Maps object that we saw in the previous lecture you can also store credentials to connect to private container registries authentication secrets and even certificates in this lecture we will focus on the OPEC Secret like config Maps secrets are used to store configuration values so they are somewhat identical to config Maps except that these store values as base64 encoded strings and it's important to understand that base64 is a way to encode strings and it is not an encryption algorithm this means that Secrets stored in kubernetes can be decoded quite easily yeah great since these secrets are Noah very secret should you use them well the answer depends on the type of information you want to store it might be okay to store a connection to a database but it might not be for something more sensitive you can protect Secrets using role-based access control policies are back or you can store them elsewhere all Cloud providers offered ways to store secrets in Seeker Vault services that you can retrieve firm kubernetes you can also use a third party tool like the very popular Vault product from archicup just be aware that the kubernetes default secret the OPEC one is not encrypted by default in kubernetes so you can define a secret in a manifest and use a base64 encoded strings as the values or use the command line where you can use plain text strings easier in the path definition you simply get the secret value using the secret key ref section this is very similar to config Maps and again similar to config maps you can mount a volume on top of Secrets here's the container registry secret and you can Define it using a yaml file or with the CLI next in the path definition you reference the credentials in the image pull Secrets section here's a cheat sheet for Secrets commands so you can create a secret the imperative way at the common line if you want using cubesdl Create secret generic and then the secret name and you pass the key value pairs with the from Dash literal per meter you can of course create one using a yaml file so cubesdl apply Dash F and the name of the yaml file you can get a list of the secrets using cubectl gets secrets you can output the secret to a yaml file by using cubectl get Secrets the secret name and the dash o yaml parameter and you can pipe that to a a file you can delete the secret using a yaml file or using the secret name using cubectl delete secrets and with the secret name and this concludes this look at secrets [Music] in this lab we'll create a secret and from a pod we will reference secret and use them as environment variable let's take a look at our secrets at yaml file the type or the kind is secret we give it a name secrets and in the data section we have key value pairs so username to some value and password to some value notice that the values but must be base64 encoded you cannot put a non-encoded string here how do you do that on Windows base64 the the tool is not installed by default so you can use these two websites basics of foreign code.org decode.org or you can install base64 using chocolati as shoko installed base64 on macro Linux well it's already installed so you simply do something like that you Echo your string and you pipe that to base 64. and that will encode the string and let me copy that and to decode Echo uh the encoder string and you pipe that again to base64 Dash D for decode and voila all right from the Pod now let's take a look at our pod yaml definition kindness part it's a busy box and here in the environment variable we're creating two environment variable the first one is called username and it gets its value from a secret key ref and the name references the secret name here and the value well the key is one of these two so username or password Here a case key reference here the username from the secrets Secret and second one is password a the environment variable is called password and we get the value from the secrets secret and the key is password awesome let's create the secret all right let's get a list of the secrets here's our secret if it has two data it was created six seconds ago we can describe it cubicity of describe the object type and then it name and here what do we have the name namespace and well we don't see the secret just the the keys here and what if we use Cube CTL get secrets and output that to demo the secret data password say uh doing a describe would not allow us to see the values but using get secret and outputting that to a yaml will allow us to retrieve the actual values okay let's now deploy our busy box right let's open a session and let's Echo uh username D username and the password whoops Echo uh password my password so that that works the uh the values the secrets are decoded when they're injected into into the pods let's exit that and let's delete our secret and let's delete our busy box [Music] let's talk about observability if you deploy a container using a deployment and it crashes kubernetes will create a brand new instance of the pod this works because kubernetes monitors the infrastructure but what about your application if your app crashes well kubernetes will look at the Pod health and see that it's still running so from the infrastructure point of view everything is working fine your bud is still up and running but your code inside the Pod has crashed would it be nice if kubernetes could monitor the application health well you can achieve this by configuring probes the startup probe informs a kubernetes that the container has started and it's now okay to send traffic to it the Readiness probe enforced kubernetes that the container is now ready to accept traffic let's say that when your app starts it needs to execute a series of steps like getting some configuration values from a database creating some files and so on and so on and let's say that this startup sequence takes around 30 seconds so even if your container is up and running your code is not ready to accept traffic so using a Readiness probe you tell kubernetes to wait 30 seconds before starting to send traffic lastly the liveness probes tell kubernetes if your app is still running and if not kubernetes will kill the Pod and replace it with a brand new one here's a part definition with the three possible probes the starter probe tell kubernetes to wait for 10 seconds before making an HTTP call to a page called health the failure threshold tells kubernetes to try three times the Readiness probe tell kubernetes to wait initially five seconds before probing and making a TCP call on port 8080 and then check every 10 seconds the liveness probe tell kubernetes to wait initially for 15 seconds before probing by making a TCP call on port 8080 and then check every 20 seconds note that the Readiness probe will run during the whole pod life cycle but will these two Conflict at some point yes and no they will run simultaneously but a fail probe will result in different actions from kubernetes failing a Readiness probe will tell kubernetes to stop sending traffic to the pod but the Pod is still alive right while failing a liveness probe will tell kubernetes to restart the pod how does kubernetes probe the containers the cubelet will do the probing using the method you configure with exec action kubernetes will run a command inside a container with TCP socket action kubernetes check if a TCP socket port is open and with HTTP get action kubernetes perform nhdp get here's an exec action you're telling kubernetes to run a cat command on a file called healthy in the TMP folder here's a TCP socket action you're telling kubernetes to check if there's an open socket on port 8080 and finally an HTTP get action you're telling kubernetes to do an HTTP get on the Health page on Port 8080. and this concludes this look at observability [Music] in this lab we will set a liveness probe so let's take a look at our yaml file we will deploy a pod that we'll call liveness Dash example is going to be a PC box and this is where we're setting the probe type is liveness Pro we're asking to do an exacto so to run a command inside our container and the command is cat and the parameter is that file so under the TMP folder the file is called healthy no extension basically we're asking kubernetes to run that command if that command is successful if the file exists well the probe is successful if the file doesn't exist the probe will fail okay uh initial delay seconds we're asking kubernetes to wait for five seconds before starting to probe and then period seconds to five we're asking kubernetes to probe every five seconds the last parameter is failure threshold set to two basically we're telling kubernetes that the liveness probe will fail when two probes will fail now for uh the purpose of this lab we will set something a little bit funky uh just so we're able to do this test we're um we're running a command when the container starts uh it's dutch and basically this will create that healthy file and then we're telling the container to wait for 15 seconds and then to delete that file right and just a little trick too so we'll be able to to quickly see the effect of the lavenous probe okay Let's uh deploy our pod and let's quickly do a cube CTL describe pod all right successfully pull the image the container was created okay so let's do that again a few times and we'll see what happens just rerun the command out liveness profile cat can't open okay two times over five seconds and now kubernetes is killing the Pod awesome and uh is still killing so you see that here the the Pod was in an unhealthy State here so now it's in the killing mode oh and then uh kubernetes is pulling again the BusyBox image and starting a new one right and then it's on LT again and the process starts uh starts again all right let's do our cleanup let's delete our pod and we'll force it you don't want to wait for it to end perfect [Music] let's take a look at some dashboards while it's fine to use a terminal to get a view of your cluster You may wish to use a graphical user interface instead luckily there are many options available we will take a look at these three popular and free options the kubernetes dashboard the lens desktop application and K9s a dashboard that runs in the terminal let's start with the kubernetes dashboard it's a web UI that you can install as an add-on inside your cluster it's not installed by default by Docker desktop and also by most Cloud providers the rule of thumb is if you don't need it don't install it a because it runs inside the cluster so you need to find a way to expose it over the internet and B well because of that it's a known Vector of attack that being said the kubernetes dashboard that you see the various resources deployed inside your cluster simply select the type in the left menu and you can also edit them by clicking on the edit icon and you can edit the yaml file and click on update to change the Manifest file lens is a IDE that runs locally on Mac windows and Linux so you need to install it on your OS on top of viewing the resources and editing the yaml Manifest you can also use a built-in editor and also a built-in terminal lens is maintained by mirantis and you can download it from this URL here's the overview dashboard that lets you see a resource count like the kubernetes dashboard you can select a resource click on the edit button and it did the Manifest directly in lens you can also type commands using the built-in terminal K9s is a cool text dashboard that runs in a terminal and you can install it on Windows Mac and Linux it might sound strange to run the dashboard in a terminal but this makes a lot of sense Kina NS is super light starts in an instant and gives you a clean view of all your resources you can get the information about the cluster the resources and you can take a or make a series of action like deleting a resource viewing the logs here we have a list of the pods currently running in the default namespace want to view the services that are currently running simply type colon and type SVC to list the objects type foreign pressing s while a part is selected will open a shell you can also set a port forward by typing shift f you can even see the part logs I really like this K9s dashboard in a terminal and use it all the time and this concludes this look at the kubernetes dashboards thank you [Music] in this lab we'll take a look at Lens so lens is a free dashboard that you can install on Windows Mac and Linux here's the URL k8s lenss.dev let's take a look at the website from there you can install it it runs on Mac windows and Linux so you can download the setup files here or if you're using a security on Windows you can use shoko install lens or Brew on Mac and Brew install cast lens all right I've already launched a lens here and by default it should take you to your Docker desktop cluster if not or if you want to select another cluster click on the hamburger menu to the left and select add cluster Lance will look at the cube config file and you'll be able to select your clusters from that drop down list so here I have my demo cluster in the cloud so I can select that and click on ADD cluster I can be connected to multiple clusters here's my Docker desktop here's my demo so let me switch back to dockerdist up here okay so first thing first uh let's deploy something on our cluster here I have a yaml file it's a deployment we'll have three replicas of an image called Hello app okay nothing fancy here let's deploy this all right and let me switch back to uh lens here now let's click here on workloads and overview so we should see three parts running here one deployment and one replica set I can either from the top menu select path or from this workload menu select paths here and the other type of objects here so here are my three parts I have one deployment and one replica set if I click on an object I get more information labels annotations and so on and so on so something that you would have at the terminal at the common line by typing Cube CTL describe uh replica set or deployment or pod and the object name here but here is presented in a nice UI all right let's take a look at our pods here okay let's see what we can do let's say we want to delete this one so I can select it like this and from the Ellis menu to the right I can open that and select remove right or I can remove it right there okay let's do that remove item hello yep remove it and since it's a deployment uh kubernetes will create a new One automatically pretty cool uh let's uh take a look at the logs we can see the logs from there we can open a shell so at last a pretty cool front directly from that UI if I click on edit well I can edit the Manifest file and click on Save and close that will update that object let me cancel that close close this there's a built-in terminal so by default you have a small icon here called terminal if you click on it if you click on this open button that will open the terminal so I can type command Cube C Cube CTL get the pods right you can try to delete an object directly here so let me copy this object name Cube CTL delete uh and let's paste that we should see right right away we see uh something happening uh at the top of the screen all right uh what's cool is that if you have more than one cluster you can switch between these clusters so here let me uh just to prove it clear and the qctl uh get the nodes okay on Docker desktop I have only one node let me select My Demo cluster my terminology open it there's no deployment yet but let's just do a cube CTL get nodes and for sure I have three nodes in this in this cluster that's pretty cool just by selecting the cluster I can switch and I have a terminal that is in the right context pretty cool so I just scratched the surface there's a lot more information that we can get like a configuration the config Maps the secrets what the network services that are installed here I have a cluster IP service storage so the persistent volume claims persistent volume storage classes so here in my cluster in the cloud I have four search classes defined for me the namespaces and so on and so on all the information that you would get from the command line using cubectl you get the same information but from a nice UI so once you're done exploring don't forget to delete your deployment thank you [Music] in this lab we will use K9s a super great dashboard running inside a terminal so you can get more information about the K9s at the website k9scli.io here's the website nice logo and you can look at the documentation and the how to install K9s from that website if you're on Windows you can install it using chocolaty so Chico install K9s on Mac OS Brew install K9s and on Linux take a look at the documentation all right Let's uh first deploy something in our clusters here in our yaml file I have a simple deployment with three replicas of a simple container or image called Hello app nothing fancy here let's deploy that uh right away okay and let's open a terminal or come in line comment prom whatever you name it and let me type K9s all right let me stretch that a little bit well it's super cool it's a dashboard running inside the terminal it's super light and it gives you tons of functionality so here I have my deployment so I'm in the default namespace you can look at my my deployment I can enter on an object I get more information type Escape go back I have information about my cluster uh I can issue some some commands so Ctrl D I can delete a a pod let me do that let me kill that poor part here uh are you sure yes see you have feedback visual feedback of of uh what's happening the Pod that I deleted was kill was in the terminating State and the new one was uh created uh right away I can yeah it D to describe the resource escape to uh to go back Ctrl K to kill I just deleted one but I can do a Ctrl k there we go I can see the log so let's let's switch to the second one type l and I can look at the uh the logs I can open a shell also by typing here the S letter doing the less right you can type exit go back I can uh even configure a port forward pretty cool here I can look at the yaml file also let me type Escape here we have the parts that are listed but if I type Colin I can change that let's say let me type deploy so here's my deployment now if I type e I will edit the deployment and let's change the number of senses or replicas from three to four and let's close that right and now I have four out of four so let's uh I'll type Colin again and type but here are my four pods super interesting it's a free tool it's super light it's super fast and I always have one open so I can see visually what's happening uh inside my cluster when I'm issuing some some commands let's go back uh to uh our page here our Visual Studio code and let's simply delete our deployment and let me switch back right away here and they're gone pretty cool too [Music] let's see how to scale pods the horizontal pad to scalar is a kubernetes feature that allows you to scale the number of Parts up and down it uses the metric server to gather the pods utilization pods app must have requests and limits defined the HPA checks the metric server every 30 seconds and scale the number of PODS according to the minimum and maximum number of replicas defined to prevent racing conditions the HPA Waits some period of time after a scaling event by default this delay on scale-up events is 3 minutes and the delay on scaled down events is 5 minutes in this part definition you specify the CPU and memory requests and limits the request is what's allocated at first and the limit is what you allow the part to burst to in this example the Pod will start with 64 megabyte of ram but can burst up to 128 megabyte if needed you configure the HPA using a manifest specifying the deployment you want to scale the Min and max number of replicas and the metric you want the HPA to scale on in this case we tell the HPA to kick in when the average CPU utilization is above 50 percent here's the cheat sheet for the HPA commands so you can create one using the imperative way using cubectl autoscale deployment the name and the metric and replicas number you can create one using the yaml file you can get the autoscaler status by using cubectl get HPA and the HPA name and of course you can delete the HPA using the yaml file or cube CTL delete HPA with its name foreign this lecture about scaling pods [Music] in this lab we will use the horizontal particle scalar to scale a pod for the HP it worked it needs some data some metrics coming from the metric server and by default it's not installed by Docker desktop just make sure I'll open the terminal and what we'll do we'll get a list of the parts running in the cube system namespace Accord DNS at CD Cube API server proxy provisioner no nothing that looks like metric server okay to install it you need to run this yaml file coming from this git repo on kubernetes-6 special integers group and Metric server but you need to make a small modification to to it let's take a look at the components that yaml file need to do you need to edit it if you download it directly from the git repo and you locate the deployment section there it is deployment and what you need to do is add this parameter a cubelet dash insecure-tls if not the metric server will not run on Docker desktop all right let's deploy our metric server cubectl apply Dash F components Dot yaml awesome what we can do we can run again Cube City I'll get pod in the cube system namespace aha metrics server there it is it might take a few a couple of minutes for the metric server to start running now that the metric server is running let's take a look at our deployment uh it's a deployment and what we'll deploy is a web server called HPA Dash example uh listening on Port 80. so it's a simple web server that will return a web page nothing fancy what we'll do uh will also deploy a busy box and from that busy box will it that web server uh in a loop and that should generate some traffic awesome let's deploy our web server let's get a list of the pods running in the default namespace awesome it's running let's enable our Auto scaler so Cube CTL Auto scale a deployment called HP Dash deployment and a metric called CPU percent and we want a minimum of one instance and a maximum of four okay let's validate that we have an HPA Cube CTL get HPA that will list all the hpas running on my cluster there's only one awesome let's now deploy our busy box and let's connect or open a session on that busy box perfect and here's our endless loop that will uh it the web server that should generate some traffic okay let's take a look at our K9s I have my deployment here my HPA deployment and my busy box and area we have three instances of our deployment right now awesome so the HPA worked and now what I can do is start the loop by hitting Ctrl C and I'll type exit to exit my busy box and from there I can delete my HPA but be careful when you do that I'll delete my HP here if we take a look at the deployments there's still three nothing will scale that down since the HP uh has been deleted let's delete our busy box and let's delete our deployment that should delete all three instances take a look here yep all three are terminating and optionally you can delete the metric server by using cubectl delete and the components.yaml file here [Music] we are at the end of this Docker containers and kubernetes fundamental scores congratulations you are now an official kubernetes Ninja [Applause] the next steps for you would be to deploy containers in the cloud using services from a cloud provider these courses will teach you how to do that on Google cloud and Azure and also on smaller Cloud providers like Linux and digitalocean the best part is that each offer free credit usage when creating new accounts this way you can create a managed kubernetes service in the cloud without breaking the bank if you enjoyed the course you can help me by making a small donation this is the link to my buy me a coffee page I want to say a big thank you for learning Docker and kubernetes using my course and I wish you all the best

Info

Channel: freeCodeCamp.org

Views: 617,328

Rating: undefined out of 5

Keywords:

Id: kTp5xUtcalw

Channel Id: undefined

Length: 356min 36sec (21396 seconds)

Published: Wed Oct 12 2022