Containers/Docker what is?
Docker is a tool that lets you package applications and their dependencies into lightweight, portable containers that can run consistently across different environments.(Think of as a zip file of all required dependencies.) OCI – Open Container Initiative https://github.com/opencontainers/image-spec
What/Why is Kubernetes?
Kubernetes is a system for managing and scaling containerized applications, automating tasks like deployment, scaling, and networking. Declarative, describe what you want and Kubernetes will work continuously to achieve that state. Self healing upon crash states of containers/pods and other resources.
Basic Infrastructure:
Control-Plane – is the brain of the cluster, managing and maintaining the desired state(Can be run in High Availability). Worker nodes – run the workloads, can be labeled with various attributes for scheduling preference. Labels provide classification of nodes to select proper running requirements. Affinity / Anti-Affinity support as well. Example – Disktype: SSD GPU: Enabled
Internal Kubernetes Components:
Kube-Api – Interface for interacting with Control-Plane. Kubescheduler – Assigns pods to run on nodes based on describe heuristics. KubeController – Manages the state of cluster. ETCD – Distributed key-value store, Kubernetes uses to store cluster configuration data / desired state (Cluster Source of Truth). Kubelet – Manages pods on a node, communicates with control plane to receive instructions to manage lifecycle. Kube-Proxy – Component that maintains network rules on nodes/pods and forwards traffic(Exposes services / pods). Container-Runtime – Software layer responsible for running containers.(Example container runtimes: Docker/Continerd/CRI-O). Container Network Interface – Provides inner cluster networking. (Example CNI flannel / calico)
Workload Objects In-scope:
Pods - The smallest deployable units in Kubernetes, representing a single instance of a running process, typically one or more containers. Deployments - Manage the lifecycle of Pods, ensuring the correct number of replicas, handling updates, and scaling Pods as needed. Services - Provide stable networking and access to Pods, abstracting their dynamic nature, and enabling load balancing across Pods. Configmaps - Store configuration data for your applications. Namespaces - Logical partitions within a Kubernetes cluster, used to isolate and organize resources like Pods and Services, often for multi-tenant or environment separation.
Workload Objects out of scope:
StatefulSets - Manage stateful applications with persistent storage. DaemonSets - Ensure a copy of a Pod runs on each node. Jobs - Manage batch or single-run tasks. CronJobs - Schedule jobs to run periodically. Ingress - Manage external HTTP/HTTPS access to services. Secrets - Store sensitive data like passwords or API keys.(Not Secure). Use JIT secrets like Azure Key Vault.
Create Service to expose Die Bot deployment
apiVersion: v1
kind: Service
metadata:
name: diebot
labels:
run: diebot
spec:
ports:
- port: 8080
protocol: TCP
selector:
run: diebot
Create Configmap to mount inside python image
apiVersion: v1
kind: ConfigMap
metadata:
name: die-bot-script
data:
sacrifice-bot.py: |
from bottle import Bottle, request, run
import socket
import threading
import sys
import time
import os
app = Bottle()
hostname = socket.gethostname()
def die():
print("Executing follow-up task...")
time.sleep(2)
os._exit(1)
@app.route('/killme')
def kill_me():
threading.Thread(target=die).start()
return hostname
if __name__ == '__main__':
run(app, host='0.0.0.0', port=8080)
apiVersion: v1
kind: ConfigMap
metadata:
name: bottle-file
data:
bottle.py: |
# CONTENT Bottle
You will also need to create a confimap with bottle as a mountable file, too large to post here. Link to Bottle
Create Deployment that ties pieces together
apiVersion: apps/v1
kind: Deployment
metadata:
name: diebot
spec:
selector:
matchLabels:
run: diebot
replicas: 1
template:
metadata:
labels:
run: diebot
spec:
containers:
- name: diebot
image: python:3.9-slim
command: ["python", "/app/sacrifice-bot.py"]
ports:
- containerPort: 8080
volumeMounts:
- name: app-script
mountPath: /app/sacrifice-bot.py
subPath: sacrifice-bot.py
- name: bottle-file
mountPath: /app/bottle.py
subPath: bottle.py
volumes:
- name: app-script
configMap:
name: die-bot-script
- name: bottle-file
configMap:
name: bottle-file
