CLOUD NATIVE

CERTIFIED

iii9
Iiiiiiiiiiiiii

iii iii

KUBERNETES
ADMINISTRATOR
ADNAN RASHID
 CLUSTER ARCHITECTURE

ETCD
SCHEDULER
DATA
ASSIGNPOD
POD
TO NODE

Nope nope nope

CLUSTER CONFIG

Y y
MASTER

CONTROLLER
MANAGER
API
f off SERVER
eggs MAINTAIN
CLUSTER
Communication Hub
Iv
NODE REPLICATE
FAILURE COMPONENTS
 API
SERVER

KUBELET KUBE PROXY

r
a
Manages containers APISERVER
on the node ft t 1
NODES KP KP KP KP
N WORKER
NetworkProxy that
NODE runs on each node
Networkrules on nodes

docker
CONTAINER
RUNTIME contained
t rkt

RUNS YOUR
CONTAINERS
 APPLICATION RUNNING ON 1485

MODEL

MASTER 7 POD
KUBELET
2N
KUBE PROXY
DOCKER
L
IMAGE
REGISTRY

API PRIMITIVES
API Server is the only one that cmmunicates with eted
Every single component speak with API Server only not to each other
Objects like pods and services are

declaritiveginints

L
KUBECTL
convertto 050N J YAML
whenmakingRequest FILES

G IT
YAML FILE COMPOSITION

API VERSION clear consistent view

of resources

KIND The kind of object you want to create

Pod
Deployment
Job

METADATA uniquely identify the object

Named 1 j
UD namespace
string

SPEC
container image
volume exposed ports

STATUS State of the object

f
match desired States
SERVICES AND NETWORK PRIMITIVES

SERVICES ALLOW YOU TO DYNAMICALLY

ACCESS A GROUP OF REPLICA PODS

1 t 32767
32767
v v

µ SERVICE
SpoD
POD
n
J
POD

NODE 1 NODE 2

CONSISTENT IP ADDRESS
KUBE PROXY
API
SERVER

SERVICE

1 I
KUBE
KUBE
PROXY PROXY

IPTABLES BEST
IPTABLES

DEST I
POD
POD

NODE 1 NODE 2

KUBE PROXY HANDLES THE TRAFFIC ASSOCIATED

WITH A SERVICE BY CREATING IP TABLE RULES
 RELEASE BINARIES PROVISIONING 31TYPES OF CLUSTERS

Picking the right Solution

vs
c

CLOUD on prem

ALSO

custom
2 Pre Built
Install Manually Mini habe
Configure your Mini shift
own network fabric
VS Micro K8s
Locate the release
binaries Ubuntu on D
Build you own Images Aws Azure GCP
Secure cluster comms

minikube locally on MacOS

using
INSTALLING KUBE MASTER AND NODES

MASTER t WORKERS
DOCKER t G Pct KEY
KUBE
ADD REPOS

UPDATE PACKAGES

Install Docker Kabelet Kubeadm KabecH

Modify bridge adapter settings

MASTER ONLY

Initialise Chester
Make directory for less

Copy habe config

change ownership of corny
Apply flannel CNI
BUILDING HIGHLY AVAILABLE CLUSTER

ALL components can be replicated but only certain

can operate simultaneously
MASTER 3
MASTER 2
MASTER 1

API SERVER

1 SCHED
Ill

a
NODE 1
LOAD BALANCER

9 t T
KUBELET KUBE LET KUBELET
WORKER 3
WORKER 1 WORKER 2
 The controller manager and the scheduler
actively watch the cluster state and take
action when it changes

SCHEDULER CM 0 ARE WE IN
o C
i
I III CHARGE

CLUSTER

FE
Ijqg kEI
l WEIRET
f o 0 1

SCHEDULER CM

Leading to duplicate resources or

corruption HOW DO WE
DECIDE

LEADER
ELECT creates endpoint resource
OPTION L see in scheduler YAML

holderIdentity
 REPLICATING ETCD

TOPOLOGY

I
stacked External
to
1 Kube Cluster
Each Control
Plane node
creates local
eted member
only communicates
API SERVER

rn
E
EID RAFT consensus Algorithm

l ETCD
l t
Requires majority

There be more than half

must
API SERVER
taking place in the state chage
there must be odd number of nodes
CONFIGURING SECURE CLUSTER Communications
mmmm

ALL communication via Https

KubeCTL Kuberretes CLUSTER
API STATE
Translator Provides CRUD
create
reatdupbdalehdeleteeiiitsii.ie
KubeCTL sAPI 1 footed
HTTP SERVER
CREATE A
POST in
POD
ETCD
L t v v
MULTIPLE

PLUGINS
Authentication Authorisation Admission validation
g
FAD
skip
calls to v

determine v create
Can this modify
request User perform
this action detete

L
HTTP CERTIFICATE
HEADER
ROLES AND Access

RBAC is used to prevent unauthorised users

from modifying the cluster state

i
O
Role ACTION
f fiddling
7 or more

Wahoo
an
fat RESOURCE
can
be done

ROLE ROLE BINDING NAMESPACE RESOURCE

CLUSTERROLE CLUSTERROLEBINDING

CLUSTER LEVEL
RESOURCES
 SERVICE ACCOUNT

service c Identity of App

POD c
Account running in POD API
r
Harlrunl
seer not
If'IEN c
Authentication
an

Namespace 1 Namespace 2
POD
POD POD poD
L
SERVICE
ACCOUNT X
Only use service
SERVICE
ACCOUNT

Accontin same
namespace
 RUNNING END TO END TESTS ON CLUSTER

Performance Example
and Why
Response of
Tests
Application
KubeTest
Poor Cluster Deployments can run
Performance Pods can run
Pods can be
directly accessed
Logs can be collected
Commands run from pod
Services can provide access

Nodes are healthy

Pods are health
MANAGING CLUSTER

Kube adm
UPGRADING Kube CEL
5
CLUSTER

Operating System
upgrades

Get pods
Use Deployment Drain Node
OR replica sets Un cordon
put back to
Service

BACK UP cluster
AND state eyed
RESTORE v

Clu ER save
externally
POD AND NODE NETWORKING

Networking within a node

10.244 1.2 10 244 I 3

PODI POD 2
ETHO ETH
t t
VETHZAA VE14808

Bridge I
10.244 l 1 24
NODE 1

Networking Outside of the Node

10.244 1.2
10244 2.3
POD 1 veth
In POD 2
reef
Bridge echo eth0 Bridge
NODE7 17231.4 gg NODE2 172 31.34 149

NETWORK
 CONTAINER NETWORK INTERFACE

10.244 1.2
10244 2.3
POD 1 ve th
I
v een c
Pop 2
tho c ethno Bridge
Bridge e
cµI
NODE I 172 31 43.91 NODE2 172 31 34 149

NETWORK

CNI is a network
Overlay
Allows building tunnel betweennodes
Sits on top of existing networks
Encapsulates Packet HEADER DATA TRAILER

changes SRC 31DST f ADD 1

How
CNI There is a mapping associated in user space
DO
THIS
all podip address's to node IP when reach other
Program
node de encapsulate packet and give
tybridge
5
Example CNI L

Mt Appears Local to Node

1 to
calico Flannel
 SERVICE NETWORKING

APISERVER
SERVICE
10.109.185.62

10.244 i z
KUBEPROXY
f KUBEPROXY lo244 2.3
POD 1 ve th
v een c POD 2
p I e 40
I p
Bridge TABLES ethno TABLES
Bridge
1 f
NODE7 172 31 43 91 NODE2 172 31.34 149

NETWORK
Pods come and
go
How does clusterkeep track

services
Provides virtual interface Auto assigned to pods
behind interface

Example cluster IP Auto created on

services clustercreation

Takes care of internal

routing
No matter where moves
other pods know how to
communicate to it
INGRESS RULES AND LOAD BALANCERS

LOAD Balancer service Talks to 1 node

at a time

Redirect
J cannot split
like a
traffic
load balacer
clients talk
traffic to to LB to access
does not have
affindest application only accessible external p
internally
LOAD c 7 External IP address for every service
BALANEER
NODE7 NODEZ

POD1 31732 pop2

p
31732µg
SERVICE

INGRESS

app example.com app2 Service POD POD

INGRESS app example.com app2 Service Pop Pop

web examplecom Service POD POD

Access multiple Services with Single IP Address

 CLUSTER DNS

EVERY SERVICE DEFINED IN THE CLUSTER IS ASSIGNED A DNS NAME

SERVICE
NAME NAMESPACE BASE DOMAIN NAME
i I
JENKINS DEFAULT SVC CLUSTER LOCAL

50 to O l DEFAULT POD CLUSTER LOCAL

POD
T'T
IP NAMESPACE BASE DOMAIN NAME

A PODS DNS SEARCH WILL INCLUDE THE PODS OWN NAMESPACE AND
THE CLUSTERS DEFAULT DOMAIN
CONFIGURING THE KUBERNETES SCHEDULER

SCHEDULER RESPONSIBLE FOR ASSIGNING DOD TO NODE

BASED ON RESOURCE REQUIREMENTS OF THE DOD

WHY
HOWEVER
RULES ARE
PLACED BY CANCREATE V WORKERNODES
DEFAULT OWN SAMENODE HAVEDIFFERENT
TO DISKS
SAVEMONEY

DOES THE NODE HAVE ADEQUATE HARDWARE

RESOURCES
SCHEDULER
2 IS THE NODE RUNNING OUT OF RESOURCES

3 DOES THE POD REQUEST A SPECIFIC NODE

4 DOES THE NODE HAVE A MATCHING LABEL

5 IF POD REQUESTS A PORT IS IT AVAILABLE

6 If POD REQUESTS A VOLUME CAN IT BE MOUNTED

7 DOES THE POD TOLERATE THETAINTS OFTHEROPE

8 DOES THE POD SPECIFY NODE Of POD AFFINITY

 RUNNING MULTIPLE SCHEDULERS
FOR MULTIPLE PODS

It is possibleto have 2 schedulers working alongside each other

PODS PODS PODS PODS

1 t
Scheduler 1 Scheduler 2

t t t
Nodes I 2 3

SHEDULING PODS WITH LIMITS AND LABEL SELECTORS

EXAMPLE
TAINTS REPEL WORK MASTER NODE
NO SCHEDUAL

TOLERATIONS
27 ftp.Y n EfIFIEEoxyc mIsF7IunsEInF
NODES
CPUMEMORY SCHEDUALER
PODMAYNOTBE
POST
I
USINGALLREQUESTED
RESOURCE AT AGIVEN
8 STEPS
ftteffEEsurnloafks
RESOURCESREQUESTED
Time
I
BYEXISTINGPODS MOST REQUESTED LEAST REQUESTED
PRIORITY PRIORITY
r

Why c CLOUD ENVIRONMENTS

YOU ARE PAYINGFOR
All RESOURCES
DAEMONSETS

DaemonSets ensure that a single replica of a pod is running on

eachnode at all times

POD POD POD

POD

NODEI NODEZ NODE3

POD DAEMONSET POD

If you try delete a daemonset
POD REDUCASETPOD pod it will simply recreateit

DISPLAY SCHEDULER EVENTS

POD LEVEL
SCHEDULER
G LEVEL
L PROBLEMS

1
EVENT LEVEL
DEPLOYING AN APPLICATION ROLLING UPDATES AND ROLLBACKS

DEPLOYMENTS HIGH LEVEL RESOURCE FOR

DEPLOYING AND UPDATING APPS

REPLICASET REPLICASET

POD POD

POD POD

POD App
POD Appv2

DEPLOYMENT

KUBECTL APPLY MODIFY OBJECTS TO EXISTING YAML31

IF DEPLOYMENT NOT CREATED ALSO
CREATE
KUBECTL REPLACE REPLACES OLDWITHNEW ANDOBJECT MUST

EXIST

ROLLING UPDATE PREFERRED WAY SERVICE NOT INTERRUPTED

FASTEST WAY

KUBECTL ROLLOUT ROLL BACK PREVIOUS VERSION

 CONFIGURING AN APP FOR HA AND SCALE

AVOIDING
BAD BLOCKBADVERSION
VERSIONS RELEASE

READINESS
MINREADY PROBE
SECONDS

i 1
HOWLONG A DETERMINES
NEWLY CREATED IF ASPECIFIC
PODSHOULD
PODSHOULD BE RELIEVE
READY BEFORE CLIENTREQUEST
CONSIDERED ORNOT
AVAILABLE

Deploymentv1 Min ready readiness PodErrors POD NOT

Seconds Probe at 5 seconds RELEASED
musttretun
I
10 success
checkevery Rollback
7 Second version

port80

POD configmap
configMapiappconfig

PASSING CONFIGURATION OPTIONS To APP ff.ge keya van

CONTAINER
keys valz
etc config secret
ENVIRONMENT WARBLES letclcerts volume
Ceres
Secretappsecree
N N
cot vai
STORE IN CONFIG MAP
key ual
CREATESECRET PASS To EV
I JUST UPDATE NO NEED TO REBUILD
IMAGE

MULTIPLE
CONTAINERS
CAN USE
SAME
 CREATING A SELF HEALING App

Replicasets ensure that a identically configured pods

are
running at the desired replica count

Recommended

REPLICA
Deployments
t SETS Loosing node
manage replicasets
has no impact
and no need to on App
manipulate a replicaset
y
stateful
Volume Claim
I Setsy
Pods are unique
Headless Service
t
1 uniquepods
I Poddies to
Needs own storage to certain traffic 10
as it is unique Replaced with
go to each pod
same hostname
and config
PERSISTENT VOLUMES

Pod terminated
Pods are ephemeral 1
Storage terminated

Storage must be independent If pod moves

to
StoraGe follows

µ
PERSISTENT Storage
classes
VOLUME
Resovce in
cluster
Provisioning
1
static Dynamic
Pvc must
cluster admin request a storage class
creates and
avail for
consumption
 VOLUME ACCESS MODES

By specifying your PV
an access mode with

you allow the volume to be mounted to one

or many nodes as well as read by one or
may

Mount capability of
Access
node NOT pod
MODES
Volume can only be
READWRITEONCE mounted using one
t access mode at a time
off'Idgettaffydeevw
ffee
Rea NYMAN
1 ReasWRITE'MANY
Multiple node can 1
Mount volume for Multiple node or
reading
Mount for
RIN
 PESISTENT VOLUME CLAIMS PVC

PVC allows the application developer to request storage

for the application without having to know underlying infra

L
STAYS WITH
0 pv
pvc Pv

DEV
T
O
s IEEE.IE
CLUSTER
ADMIN

POD prc PV

volumes IGT ReclaimPolicy

to
movie Path RWO
Retain

B
RETAIN
DATA
L IN
Could alsobe VOLUME
recycle or delete
deletes
contentof delete underlying
volume storage
 STORAGE OBJECTS

Volumes that are already in use by a pod are

protected against data loss This means even if you
delete a PVC you co still access volume from POD

STORAGE OBJECT IN USE PVC cannot be

PROTECTION removedprematurely

STILL BOUND

a
Pvc
Finalizes
POD PvcProtection
pv

Deletepod
prcatelaed gets deleted

Provisioner Parameter reclaimPolicy

storage
Class
awstebsgptzpefa.tn
APPLICATIONS WITH PERSISTENT STORAGE

Example

Storage class PVC DEPLOYMENT

g
STORAGECLASSNAME Replica 1
Metadata Fast Image v1
Kubeserve ROLLOUT
FAST 100mi
ReadWriteOnce
VolumeMounts data
Volume volume data
Volumeclaim

Isis
PV

create
storageclass object
create Pvc object
create deployment
Rollout deployment
clean pods
create file on mane

List contents
SERVICE ACCOUNTS AND USERS

API
SERVER
4
FIRSTEVALUATES

PRIVATEKEY
SERVICE NORMAL USER 1 USER STORE
ACCOUNT FILE USERPASSLIST
I E JENKINS
f
v

ACCOUNTJENKINS
KuBECTLCREATESERVICE ASSIGN To POD IF YOUDO NOT USE
BYPUTTING IN SPECIFIC
POD MANIFEST WILLUSE DEFAULT
CREATESSERVICEAcc KUBECTLGETSA
SECRET I
WILLSHOWDEFACT BusyBoxYAML
HOLDSTHE 1 JENKINS
PUBLICCHOE NAME BUSYBOY
APISERVER u YAML for SERVICEAcc
SPEC
JWTTOKEN KUBECTLGETSAJENKINS
04AM service NAMEJENKINS
Account

t
SECRET1NAMEc
KuBECTLGET SHOWSECRET NAME
f
THIS IS WHATREQUEST WILL JENKINS SERVER
BE USEDTOAUTHWITH API ADD KSS CLI PWGIN
SERVER t TOKEN
NOWCAN CONTROL
CREATE CLUSTER
0 ACCESSCLUSTERREMOTELY ROLEBINDING PODS
USER MASTER
ADNAN
t
CERT
SETIREDEN
irn lstt.is IEnnnEoIaEn'anEIpSEE.IEaYIoYo

ES
KuBECTcconfectSETcwstekkuber.NET SET CUSTER
server Herrc i i i i certificatecent
KuBECTL CONFIGSET CREDENTIALS 2 SET USER

CONTEXT CAN BE USEDTo CONNECT ToMULTIPLE

CLUSTERS
u
KUBECTL CONFIG SET CONTEXT KUBERNETES USE CONTEXT
CUSTERKoBERNETES USER NAMESPACE

KOBECTL GET NODES C AS PER NORMAL

CLUSTER AUTHENTICATION AND AUTHORISATION

AUTHENTICATION AUTHORISATION

1
Firststepinrecieving what can RBACRULES
they do
request who ffodm.at
t
4 RESOURCES OR
2 Groups

ROLES
i l
Whatcan be ROLE BINDINGS
performedonwhich
CLUSTERROLES 1
CLUSTERROLEBINDINGS
resource r
Whocando it

ROLE Binding ROLE Binding ROLE Binding

NAMESPACE 1 NAMESPACE
2 NAMESPACE 3

CUSTER KUBERNETES
auster
BELYEA ROLE L CLUSTER

ROLE CAN BIND 70 MULTIPLE

CREATE CREATE gfandE CREATE USERSERVICEAcc Group
NAMESPACE ROLE C ROLE
BINDING
1
LIST SERVICES
WHAT
FROM WEB
ACTIONS
NAMESPACE
NOTWHO

CREATE CLUSTER POD

CLUSTER CLUSTER ROLE
ROLE ROLE BINDING Yifffffnmer If.FI pAT
µ LEVEL
VIEWPERSISTANT
VOLUMES
CONFIGURING NETWORK POLICIES

Network policies useselectors to apply rules to

pods for communicationthroughout the cluster

port3128

POD appWEB POD

APP DB

port4269

How
NETWORK CANAL CREATENETWORK CREATE
PLUGIN PLUGIN POLICY DEPLOYMENT
U
DENY ALLNET 1
EXPOSE
kind NetworkPolicy DEPLOYMENT
NameDenyALL
Blank i Akinherit Selector
pod f
policyType Ingress
Try ACCESS TIMEOYT

CREATENETWORK LABEL
POLICY PODS
f
podselector Allow comms
matchLabels between pods
appdb and specified
ingress
port
matchLabels
L
app web
port
port 4269
CREATING TLS CERTIFICATES

The CA is used to generate a TLS certificate

and authenticate with the API server

API
POD SERVER
war

VARIRUN SECRETS KuBERNETES101serviceaccount

CREATE NEW CERTIFICATE SIGNING REQUEST

C
CERT CSR
1
CERTIFICATE SIGNING
OBJECT CREATE KINDCERTIFICATESIGNINGREQUEST
NAME CSRPODWEB
REQUEST 641tr d in
catserveronBase

VIEW CSR KUBECTL DESCRIBECSRCSRPODWEB

APPROVE CSR ISSUED

 SECURE IMAGES

PRIVATEREGISTRY DOCKER HUB

POD

µ POD
Aws
CONTAINER 0
RUNTIME D AZURE
POD
E
GOOGLE
POD

CONTROLLING VULNERABILITIES CLAIM SCANNING

IMAGES THAT
GO INTO
PRODUCTION SOMETHING ON IT
CAUSE NODE CRASH

LOGIN TO PRIVATE REGISTRY

TAG DOCKER IMAGE
PUSH TO PRIVATE REGISTRY

How
eats
KUBERNETES
CREATE DOCKERREGISTRY
TEENIE MODIFY
SECRET TYPE SERVICE POD
docker server AcuasT to
docker username
docker password
1
Kubectlpatch
PRIVATEREGISTRY
IMAGE
DEFINING SECURITY CONTEXT

LIMIT ACCESS TO CERTAIN

OBJECTS ATTHEPODAND
runAsUser
CONTAINER LEVELTHIS WILL
ALLOWIMAGESTO REMAINSTABLE POD
fsGroup
N POD
runASNonRoot
CONTAINER 0
RUNTIME D privileged
POD
E
add SYS TIME
POD

kind pod
image alpine Run pod as
securitycontext 405
MASUser 405

CanAlso put runASNonRoot

Ability to run as privileged privileged true

CONTAINER LEVEL

ABILITY TO LOCK SETTING ADD SecurityContext

DOWN KERNEL CAPABILITIES add
LEVELFEATURES ON pop LEVEL SYS TIME
ON CONTAINER NET ADMIN

rem

IEjE
searing.ge
SECURING PERSISTENT KEY VALUE STORE

SECRETS ALLOWYOU TO EXPOSE ENTRIESAS FILES

IN A VOLUME KEEPING THIS DATA
SECURE IS CRITICAL TO CLUSTER SECURITY

DATA MUST
LIVE BEYOND SECRETS KEY VALUE PAIR
LIFE OF POD 1
PASS AS ENV VAR NOT BEST
0K PRACTICE
EXPOSE AS FILES 1
IN VOLUME MAY BE
OUTPUTTO
GFILES
POD
CONTAINER
FILESYSTEM

variantsecrets
lkobernetes.io
eserviceaccontsl DEFAULT defaulttokenSecret
SECRET g ca crt
namespace
token

HTTPS 10WEBSITE

GENERATE
CERTIFICATE
FELT SECRET MOUNT IN POD
FILE 4 POD
COMBINED IN MEMORY FILE
FILES SYSTEM
1
SECRET SECRET NOT
WRITTEN To
DISK
MONITORING THE CLUSTER COMPONENTS

THEMETRICSERVER ALLOWS YOU TO COLLECT CPU AND MEMORY

DATA FROMTHE NODES ANDPODS IN YOUR CLUSTER

NODE METRICS
N POD CPU cores oeil
CONTAINER 0 MEMORY

RUNTIME D
E POD PODMETRICS
Cpu MEMORY

INSTALL KUBECTLTop NODE S CPUImemory forALLTHE NODES

METRIC
SERVER KUBECTLTOPPOD Chelmemory for Ace THE PODS

KOBECTL TopPOP Au NAMESPACES AccNamespace

KUBECTL TopPOD N KUBESYSTEM KUBESYSTEMNAMESPACE

KUBECTL Top Grove CONTEXT CONTAINERS poos CONTAINERS

MONITORING THE APPS RUNNING WITHIN A CLUSTER

LIVENESS AND READINESS PROBE

READINESS
CONTAINER CONTAINER
PROBE LWENESS
PROBE
N
POD pop
AREYouALIVE
AREYOU READY similar To
FORREQUESTS LIVENESS PROBE

1 HTTPGET 2 3 TYPES
I EXEC
IF FAILS IT IS
REMOVED
NORMAL
v v
FAILED
TCPSOCKET
1
f
CHECKS
RESPONSE OPENTCP
4 t CONNECTION EXIT
RESTART CODE
START To PORT
NORMALCY CONTAINER
MANAGING CLUSTER COMPONENT LOGS

USE KOBECTL LOGS

APP LOGSTOCONTAINERSTREAMED To STDOUT
AND
SYSTEM UNDERSTAND WHAT IS HAPPENING INSIDE CLUSTER
LOGS
DEBUGGING
1 LOGS ACCUMULATE OVERTIME

IF MANY MICROSERVICE WHICHLOGS ARE WHICH

V
LOG DIRECTORY IVARILOGICONTAINERS
T
ACCUMULATES LOGS

POD POD
LOGGING AGENT
APP CONTAINER

1 1 LOGGING AGENT
LOG LOG
CONTAINER CONTAINER

I 2 LOG FILE C
LOG

HAVE SIDECAR CONTAINER TO DO LOGGING SO YOU CAN

ACCESS SPECIFIC LOGS
ABLE TO ROTATE LOGS USING OTHER TOOLING NO NATIVE
TROUBLESHOOTING APPLICATION FAILURE

PODIYAML

ABILITYTOWRITE KIND POD

TERMINATIONMESSAGE NAME PODI
IMAGEBUSYBOX KUBECTL
TOSPECIFICFILEON
CONTAINER
COMMAND DESCRIBE
1
TERMINATIONMESSAGE
PATH WILL SHOW
ERROR MESSAGE

Only particular fields can be changed i e

Image
To change other fields of failured
pgd Kubectl
getpomenz
exportconfiguration 0yaml export
to
modify yamliechangememory request

Discovery
Erry AppCommErr

APPLICATION
ImagePullErr CrashLoopBackorfErr
FAILURES
t FailedMountErr
RbacErr
L
f
Pending
I ROUBLESHOOT FAILURES

Kubernetes c
CONTOL API server down
software
fault PLANE
Loose storage attached to
controlplane
Kobelet serfice
crash v
Independent eted
could crash
View theevents from controlplanecomponents check status of Kobelet service
View logs for control planepods Disable swap

checkstatus of dockerservice check firewalld service

View Kobe config
ViewKubelet
viewed JournalCHlogs

9g f
WORKER
y
generate new token
view status
TROUBLESHOOTING
Getdeceived into
I pingnode
IPaddress of Shinto node
node

Accesspods
directly Lookupservice viaDNS
q y
check
iptable
rules NETWORK DNSresolveconf
file
Endpointsof
tkubernetes
service
CNIPlugin service
 THANKYOU FOR READING

PLEASE LIKE AND SHARE FOR MORE

LATEST NOTES AVAILABLE ON

INSTAGRAM s adnans techie studies

ADNAN
pas A