JUG-Ostfalen: Kubernetes

Transcript

1. Kubernetes Kurze Einführung - Wie fi nde ich Informationen, Fehlersuche

   und alles was mich interessiert! Sandra Warmbrunn

2. Senior DevOps Engineer: Java Web Anwendungen Continuous Integration Cloud Engineering

   DevOps E-Mail: [email protected] Speaker Deck: https://speakerdeck.com/sandraw Sandra Warmbrunn 2 2 Zeichnungen: Sandra Warmbrunn

3. Kubernetes Cluster Cloud Provider API Control Plane cloud-controller-manager etcd kube-api-server

   kube-scheduler kube-controller-manager kubelet kube-proxy Node 1 pod pod pod CRI Aufbau Kubernetes

4. Grundlagen API https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands REST Schnittstelle kube-api-server Control Plane kubectl Rechner/Server

   etc. CLI $ kubectl [command] [TYPE] [NAME] [flags] https://kubernetes.io/docs/reference/using-api/api-concepts/ GET /api/v1/namespaces/test/pods HTTP-Request

5. $ kubectl config view kubecon fi g File - context

   - namespace apiVersion: v1 kind: Config preferences: {} clusters: - cluster: certificate-authority-data: DATA+OMITTED server: https://localhost:8443 name: development
 contexts: - context: cluster: development namespace: ns-backend user: developer name: dev-backend - context: cluster: development namespace: ns-frontend user: developer name: dev-frontend current-context: ““ users: - name: developer user: client-certificate-data: DATA+OMITTED client-key-data: DATA+OMITTED $ kubectl config use-context dev-backend $ kubectl config set-context --current --namespace=ns-network $ kubectl config get-contexts --no-headers | grep '*' | grep -Eo '\S+$'
 ns-network kubecon fi g File use context change current namespace display current namespace $ kubectl config get-contexts
 CURRENT NAME CLUSTER AUTHINFO NAMESPACE * dev-backend development developer ns-network dev-frontend development developer ns-frontend display all contexts

6. API Elemente anzeigen $ kubectl api-resources --namespaced=true API Elemente (Namespace

   gebunden) NAME SHORTNAMES APIVERSION NAMESPACED KIND configmaps cm v1 true ConfigMap events ev v1 true Event persistentvolumeclaims pvc v1 true PersistentVolumeClaim pods po v1 true Pod secrets v1 true Secret services svc v1 true Service deployments deploy apps/v1 true Deployment replicasets rs apps/v1 true ReplicaSet ingresses ing networking.k8s.io/v1 true Ingress

7. $ kubectl api-resources --namespaced=false API Elemente (nicht Namespace gebunden) NAME

   SHORTNAMES APIVERSION NAMESPACED KIND namespaces ns v1 false Namespace nodes no v1 false Node persistentvolumes pv v1 false PersistentVolume apiservices apiregistration.k8s.io/v1 false APIService ingressclasses networking.k8s.io/v1 false IngressClass clusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBinding clusterroles rbac.authorization.k8s.io/v1 false ClusterRole csidrivers storage.k8s.io/v1 false CSIDriver csinodes storage.k8s.io/v1 false CSINode storageclasses sc storage.k8s.io/v1 false StorageClass API Elemente anzeigen

8. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

   get [API-Element] $ kubectl get pod NAME READY STATUS RESTARTS AGE mysql-5c5db9d4f9-s22ds 1/1 Running 0 2m todo-67c8d57c6b-62j6x 1/1 Running 2 (114s ago) 2m todo-67c8d57c6b-mdcv9 1/1 Running 2 (114s ago) 2m $ kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE mysql 1/1 1 1 2m57s todo 2/2 2 2 2m57s $ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE mysql-db ClusterIP 10.99.110.31 <none> 3306/TCP 5m16s todo LoadBalancer 10.110.110.122 <pending> 80:31747/TCP 5m16s

9. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

   get all NAME READY STATUS RESTARTS AGE pod/mysql-5c5db9d4f9-s22ds 1/1 Running 1 (8h ago) 23h pod/todo-67c8d57c6b-62j6x 1/1 Running 6 (10m ago) 23h pod/todo-67c8d57c6b-mdcv9 1/1 Running 6 (10m ago) 23h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/mysql-db ClusterIP 10.99.110.31 <none> 3306/TCP 23h service/todo LoadBalancer 10.110.110.122 localhost 8080:31747/TCP 23h NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/mysql 1/1 1 1 23h deployment.apps/todo 2/2 2 2 23h NAME DESIRED CURRENT READY AGE replicaset.apps/mysql-5c5db9d4f9 1 1 1 23h replicaset.apps/todo-67c8d57c6b 2 2 2 23h

10. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

    describe [API-Element] [NAME] $ kubectl describe pod todo-67c8d57c6b-mdcv9 Name: todo-67c8d57c6b-mdcv9 Namespace: ns-todo Priority: 0 Service Account: default Node: docker-desktop/192.168.65.3 Start Time: Sun, 21 Sep 2025 20:27:13 +0200 Labels: app=todo pod-template-hash=67c8d57c6b Annotations: <none> Status: Running IP: 10.1.0.92 IPs: IP: 10.1.0.92 Controlled By: ReplicaSet/todo-67c8d57c6b Containers: todo: Container ID: docker://08126053fbcc751a3a424db7f4d40cdf884b61d5049cb2f115110a64674c06fd Image: todo:latest Image ID: docker://sha256:a16229465fe01c6b92d065cbac8816c435e9e637b8c1de52e13153955a1ccaeb Port: 8080/TCP Host Port: 0/TCP State: Running Started: Sun, 21 Sep 2025 20:27:35 +0200

11. Welche Möglichkeiten habe ich an Informationen zu kommen? Last State:

    Terminated Reason: Error Exit Code: 1 Started: Sun, 21 Sep 2025 20:27:17 +0200 Finished: Sun, 21 Sep 2025 20:27:19 +0200 Ready: True Restart Count: 2 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mgjlf (ro) Conditions: Type Status PodReadyToStartContainers True Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-mgjlf: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s

12. Welche Möglichkeiten habe ich an Informationen zu kommen? Events: Type

    Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 9m54s default-scheduler Successfully assigned ns-todo/todo-67c8d57c6b-mdcv9 to docker-desktop Warning BackOff 9m47s kubelet Back-off restarting failed container todo in pod todo-67c8d57c6b-mdcv9_ns-todo(fb3d21de-50de-4f57-9827-c1b48ebb0fd4) Normal Pulled 9m32s (x3 over 9m53s) kubelet Container image "todo:latest" already present on machine Normal Created 9m32s (x3 over 9m53s) kubelet Created container: todo Normal Started 9m32s (x3 over 9m53s) kubelet Started container todo

13. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

    events $ kubectl events -w $ kubectl events -w --for=pod/<pod> LAST SEEN TYPE REASON OBJECT MESSAGE 14m Normal SandboxChanged Pod/mysql-5c5db9d4f9-s22ds Pod sandbox changed, it will be killed and re-created. 14m Normal Pulling Pod/mysql-5c5db9d4f9-s22ds Pulling image "mysql" 14m Normal SandboxChanged Pod/todo-67c8d57c6b-62j6x Pod sandbox changed, it will be killed and re-created. 14m Normal SandboxChanged Pod/todo-67c8d57c6b-mdcv9 Pod sandbox changed, it will be killed and re-created. 14m Normal Pulled Pod/mysql-5c5db9d4f9-s22ds Successfully pulled image "mysql" in 1.35s (1.35s including waiting). Image size: 938738271 bytes. 14m Normal Created Pod/mysql-5c5db9d4f9-s22ds Created container: mysql 14m Normal Started Pod/mysql-5c5db9d4f9-s22ds Started container mysql 14m Warning BackOff Pod/todo-67c8d57c6b-62j6x Back-off restarting failed container todo in pod todo-67c8d57c6b-62j6x_ns-todo 14m Warning BackOff Pod/todo-67c8d57c6b-mdcv9 Back-off restarting failed container todo in pod todo-67c8d57c6b- mdcv9_ns-todo14m (x3 over 14m) Normal Pulled Pod/todo-67c8d57c6b-mdcv9 Container image "todo:latest" already present on machine 14m (x3 over 14m) Normal Created Pod/todo-67c8d57c6b-mdcv9 Created container: todo 14m (x3 over 14m) Normal Started Pod/todo-67c8d57c6b-mdcv9 Started container todo 14m (x3 over 14m) Normal Started Pod/todo-67c8d57c6b-62j6x Started container todo 14m (x3 over 14m) Normal Created Pod/todo-67c8d57c6b-62j6x Created container: todo 14m (x3 over 14m) Normal Pulled Pod/todo-67c8d57c6b-62j6x Container image "todo:latest" already present on machine

14. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

    logs <pod> . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v3.5.5) 2025-09-22T18:01:31.628Z INFO 1 --- [todo] [ main] space.uber.oakway.todo.TodoApplication : Starting TodoApplication v0.0.1-S 2025-09-22T18:01:31.630Z INFO 1 --- [todo] [ main] space.uber.oakway.todo.TodoApplication : No active profile set, falling ba 2025-09-22T18:01:31.871Z INFO 1 --- [todo] [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA rep 2025-09-22T18:01:31.895Z INFO 1 --- [todo] [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository s 2025-09-22T18:01:32.072Z INFO 1 --- [todo] [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 8080 2025-09-22T18:01:32.077Z INFO 1 --- [todo] [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2025-09-22T18:01:32.077Z INFO 1 --- [todo] [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache 2025-09-22T18:01:32.117Z INFO 1 --- [todo] [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebA 2025-09-22T18:01:32.118Z INFO 1 --- [todo] [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initi 2025-09-22T18:01:32.247Z INFO 1 --- [todo] [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing Persistence 2025-09-22T18:01:32.263Z INFO 1 --- [todo] [ main] org.hibernate.Version : HHH000412: Hibernate ORM core ver 2025-09-22T18:01:32.274Z INFO 1 --- [todo] [ main] o.h.c.internal.RegionFactoryInitiator : HHH000026: Second-level cache dis 2025-09-22T18:01:32.374Z INFO 1 --- [todo] [ main] o.s.o.j.p.SpringPersistenceUnitInfo : No LoadTimeWeaver setup: ignoring 2025-09-22T18:01:32.405Z INFO 1 --- [todo] [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... 2025-09-22T18:01:32.531Z INFO 1 --- [todo] [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection c 2025-09-22T18:01:32.532Z INFO 1 --- [todo] [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.

15. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

    exec -it <pod> sh $ kubectl exec -it <pod> bash $ kubectl run mycurlpod --image=curlimages/curl -i --tty -- sh $ kubectl exec -i --tty mycurlpod -- sh $ curl todo.ns-todo.svc.cluster.local:8080 $ curl [service-name].[namespace].svc.cluster.local:[port] T erminal

16. Welche Möglichkeiten habe ich an Informationen zu kommen? $ kubectl

    get pod -o yaml <pod> T erminal

17. Welche Informationen kann ich mir ansehen? $ kubectl get secrets

    $ kubectl get secrets project-oauth-client-secret -o yaml $ echo [DATA] | base64 $ echo [DATA] | base64 -d

18. Limits & Resource Verwaltung containers: - name: backend Resources: requests:

    cpu: 100m memory: 512Mi limits: cpu: 600m memory: 1024Mi Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedScheduling 23s default-scheduler 0/42 nodes available: insufficient cpu Fehler: scheduler kann den Pod auf keinen Node laufen lassen, weil nicht genug CPU vorhanden ist. Lösung: Add Node, T erminate nicht benutzte Pods, Check requests und CPU der Nodes

19. Limits & Resource Verwaltung containers: - name: backend Resources: requests:

    cpu: 100m memory: 512Mi limits: cpu: 600m memory: 1024Mi Containers: Last State: Terminated Reason: OOMKilled Ready: False Restart Count: 5 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Killing 32s kubelet Killing container with id ead3fb35: Need to kill Pod Fehler: Pod wurde 5 mal neugestartet, der Grund OOMKilled, d.h. der Container braucht mehr RAM als er als Limit de fi niert hat. Lösung: In der Applikation nach einem Memory Leak schauen, eventuell Limits anpassen.

20. Liveness, Readiness and Startup Probes containers: - name: backend startupProbe:

    initialDelaySeconds: 60 failureThreshold: 30 periodSeconds: 10 httpGet: port: 8081 path: 'health/liveness' containers: - name: backend livenessProbe: timeoutSeconds: 5 periodSeconds: 5 httpGet: port: 8081 path: 'health/liveness’ containers: - name: backend readinessProbe: timeoutSeconds: 10 periodSeconds: 8 httpGet: port: 8081 path: ‚health/readiness’

21. Werkzeuge Fehlersuche $ watch -n | kubectl top [pod] $

    kubectl scale deploy [deployment] --replicas=1 $ kubectl delete pod [pod] $ kubectl get deployments -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR mysql 1/1 1 1 26h mysql mysql app=mysql todo 2/2 2 2 26h todo todo:latest app=todo

22. Ganz wichtig! Keine stateful Anwendungen in Kubernetes!

23. Sinnvolle Dinge die ich machen kann wenn ich viel mit

    Kubernetes arbeiten muss. Cheatsheet Aliases # limits und request kubectl get pods -o custom-columns='NAME:.metadata.name, CPU_REQUEST:.spec.containers[*].resources.requests.cpu, CPU_LIMIT:.spec.containers[*].resources.limits.cpu, MEMORY_REQUEST:.spec.containers[*].resources.requests.memory, MEMORY_LIMIT:.spec.containers[*].resources.limits.memory' # Docker images per Pods kubectl get pods -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image} {", "}{end}{end}' | sort alias k='kubectl' alias kdev='kubectl config set-context --current —namespace=ns-project-dev-general' alias kgdy='kubectl get deployment -o yaml' alias kgp='kubectl get pod' alias kl='kubectl logs' alias kevp='kubectl events -w --for=pod/' alias kex='kubectl exec -it'

24. Vielen Dank fürs Zuhören! 24 Zeichnungen: Sandra Warmbrunn