add k8s

technology/tools/kubernetes.md

@@ -0,0 +1,343 @@
+---
+obj: concept
+website: https://kubernetes.io
+---
+
+# Kubernetes
+
+## Overview
+
+Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers into logical units called **Pods**, which run on **Nodes** in a cluster. A simple solution to get up and running is [k3s](k3s.md).
+
+You can manage k8s clusters via `kubectl`. Most things are defined via yaml manifest files decleratively. You can throw these into your cluster with `kubectl apply -f FILE`.
+
+## Resources
+
+### Namespace
+
+Logical separation of resources within a cluster.
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: example-namespace
+```
+
+### Pod
+
+The smallest deployable unit in Kubernetes.
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: full-example-pod
+  namespace: example-namespace
+  labels:
+    app: web
+    tier: frontend
+  annotations:
+    description: "A full-featured pod example for demonstration purposes"
+spec:
+  restartPolicy: Always
+
+  # Init container (runs before main containers)
+  initContainers:
+    - name: init-permissions
+      image: busybox
+      command: ["sh", "-c", "chmod 777 /mnt/data"]
+      volumeMounts:
+        - name: data-volume
+          mountPath: /mnt/data
+
+  containers:
+    - name: main-app
+      image: nginx:1.25
+      imagePullPolicy: IfNotPresent
+      ports:
+        - containerPort: 80
+          name: http
+      env:
+        # Environment
+        - name: ENVIRONMENT
+          value: production
+        
+        # Env from ConfigMap
+        - name: CONFIG_TIMEOUT
+          valueFrom:
+            configMapKeyRef:
+              name: example-config
+              key: TIMEOUT
+        
+        # Env from Secret
+        - name: SECRET_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: example-secret
+              key: password
+      volumeMounts:
+        - name: data-volume
+          mountPath: /usr/share/nginx/html
+        - name: config-volume
+          mountPath: /etc/config
+          readOnly: true
+      resources:
+        limits:
+          cpu: "500m"
+          memory: "256Mi"
+        requests:
+          cpu: "250m"
+          memory: "128Mi"
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 80
+        initialDelaySeconds: 10
+        periodSeconds: 10
+      readinessProbe:
+        httpGet:
+          path: /
+          port: 80
+        initialDelaySeconds: 5
+        periodSeconds: 5
+      lifecycle:
+        preStop:
+          exec:
+            command: ["sh", "-c", "echo stopping..."]
+
+    - name: sidecar-logger
+      image: busybox
+      args: ["sh", "-c", "tail -f /var/log/app.log"]
+      volumeMounts:
+        - name: log-volume
+          mountPath: /var/log
+
+  # Volumes
+  volumes:
+    # ConfigMap - inject config files
+    - name: config-volume
+      configMap:
+        name: example-config
+        items:
+          - key: config.json
+            path: config.json
+
+    # Secret - inject sensitive data
+    - name: secret-volume
+      secret:
+        secretName: example-secret
+        items:
+          - key: password
+            path: password.txt
+
+    # EmptyDir - ephemeral shared storage between containers
+    - name: log-volume
+      emptyDir:
+        medium: ""
+        sizeLimit: 500Mi
+
+    # HostPath - access host node's filesystem (example: logs)
+    - name: host-logs
+      hostPath:
+        path: /var/log
+        type: Directory
+```
+
+### Deployment
+
+Ensures a specified number of identical Pods are running and up-to-date. Supports rolling updates and rollbacks.
+
+```yml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: example-deployment
+  namespace: example-namespace
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: example
+  template:
+    metadata:
+      labels:
+        app: example
+    spec:
+      containers:
+        - name: web
+          image: nginx:alpine
+          ports:
+            - containerPort: 80
+```
+
+### StatefulSet
+
+Like a Deployment, but for workloads requiring stable network IDs, persistent storage, and ordered startup/shutdown.
+
+```yml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: example-statefulset
+  namespace: example-namespace
+spec:
+  serviceName: "example"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: stateful-app
+  template:
+    metadata:
+      labels:
+        app: stateful-app
+    spec:
+      containers:
+        - name: web
+          image: nginx:alpine
+          volumeMounts:
+            - name: data
+              mountPath: /usr/share/nginx/html
+```
+
+### DaemonSet
+
+Ensures a copy of a Pod runs on all (or some) Nodes in the cluster. Ideal for log collectors or system-level agents.
+
+```yml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: example-daemonset
+  namespace: example-namespace
+spec:
+  selector:
+    matchLabels:
+      name: ds-app
+  template:
+    metadata:
+      labels:
+        name: ds-app
+    spec:
+      containers:
+        - name: node-monitor
+          image: busybox
+          args: ["sh", "-c", "while true; do echo hello; sleep 10; done"]
+```
+
+### Job
+
+Runs a Pod (or multiple) to completion. Used for batch processing or one-off tasks.
+
+```yml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: example-job
+  namespace: example-namespace
+spec:
+  template:
+    spec:
+      containers:
+        - name: pi
+          image: perl
+          command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+      restartPolicy: Never
+  backoffLimit: 4
+```
+
+### CronJob
+
+Schedules Jobs to run periodically, similar to [UNIX cron](../linux/cron.md).
+
+```yml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: example-cronjob
+  namespace: example-namespace
+spec:
+  schedule: "*/5 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: hello
+              image: busybox
+              args: ["echo", "Hello from the CronJob"]
+          restartPolicy: OnFailure
+```
+
+> Note: You can quickly run CronJobs as a job with: `kubectl create job --from=cronjob.batch/my_cron_job new_job`
+
+### Service
+
+Defines a stable network endpoint to access a set of Pods. Supports different types like `ClusterIP`, `NodePort`, and `LoadBalancer`.
+
+```yml
+apiVersion: v1
+kind: Service
+metadata:
+  name: example-service
+  namespace: example-namespace
+spec:
+  selector:
+    app: example
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: ClusterIP
+```
+
+### ConfigMap
+
+Injects configuration data (as key-value pairs) into Pods, keeping config decoupled from code.
+
+```yml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: example-config
+  namespace: example-namespace
+data:
+  APP_ENV: production
+  TIMEOUT: "30"
+```
+
+Usage in a Pod:
+
+```yml
+envFrom:
+  - configMapRef:
+      name: example-config
+```
+
+### Secret
+
+Similar to ConfigMap, but for sensitive data like passwords, tokens, or keys.
+If you want encryption on rest for your manifests, look at [sops](../tools/sops.md).
+
+```yml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: example-secret
+  namespace: example-namespace
+type: Opaque
+data:
+  username: YWRtaW4=   # base64 of 'admin'
+  password: cGFzc3dvcmQ=   # base64 of 'password'
+```
+
+Usage in a Pod:
+
+```yml
+env:
+  - name: USERNAME
+    valueFrom:
+      secretKeyRef:
+        name: example-secret
+        key: username
+```