This is Some random notes taken while studying for the certificate

  1. we CANNOT edit specifications of an existing POD other than the below.

    so we will need to kill the pod and recreate it with the new values

  2. kubectl explain pod —recursive

    this command will explain the try of object provided it you want to sneak and see how to pass specific values feel free to change pod with any type of object pod, deployment, etc..

  3. kubectl run att --image=nginx --labels="app=att,type=serv”

    creates a pod named att with the image NGINX and labels app=att and type=serv

  4. to make PVC attached to PV they need to match accessModes and storage if PVC requests ≤ any of the PV available then it will claim this PV and extends it’s storage capacity.

  5. if claim is attached to a pod then you can’t delete it until the pod is deleted the claim will be hanging in terminate state.

  6. Released status on the PV means that this PV is released from a claim and it is available to be taken this behaviour is okay if you set the policy on the PV to Retain.

  7. default storage class is a static provisioner for storage.

  8. PVC always in PENDING state until it is used by POD

  9. kube environment configuration are stored in /etc/kubernetes/manifests/

  10. useful aliases

    # short alias to set/show context/namespace (only works for bash and bash-compatible shells, current context to be set before using kn to set namespace)
    alias kx='f() { [ "$1" ] && kubectl config use-context $1 || kubectl config current-context ; } ; f'
    alias kn='f() { [ "$1" ] && kubectl config set-context --current --namespace $1 || kubectl config view --minify | grep namespace | cut -d" " -f6 ; } ; f'
    
  11. kubectl describe role kube-proxy -n kube-system to inspect kubeproxy role in the kube-system namespace

  12. to check namespaces and not namespaced objects run kubectl api-resources —namespaced=true also can get the short names for resources

  13. to start using curl from a pod inside the same cluster

    kubectl run curl --image=radial/busyboxplus:curl -i --tty then run your curl

  14. generate secret certificate to be stored inside the secret tls object

    # Create a public private key pair
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /d/tmp/nginx.key -out /d/tmp/nginx.crt -subj "/CN=my-nginx/O=my-nginx"
    
    # Convert the keys to base64 encoding
    cat /d/tmp/nginx.crt | base64
    cat /d/tmp/nginx.key | base64
    
  15. services in the same namespace can be accessed using the service namespace but if some pods need to access service inside another namespace internal DNS will look like this one

    service-name . namespace . service . cluster-domain

    db-service . dev . svc . cluster.local

  16. every namespace contain service account attached to it this is by default mounted as volume to any pod created to this namespace

  17. service accounts are used by apps like (prometheus, grafana, jenkines, etc) user is used by humans usually to perform actions to the cluster.