Kubernetes cluster installation.

########### Kubernetes Cluster Setup ######

############ for Master ##############
Step 1: Prepare Hostname, Firewall and SELinux
On your master node, set the hostname and if you don’t have a DNS server, then also update your /etc/hosts file.
# vim /etc/hosts master        worker01        worker02
# Install Kubernetes
# sudo modprobe overlay
# sudo modprobe br_netfilter
# cat  <<EOF | sudo tee /etc/sysctl.d/kube.conf
net/bridge/bridge-nf-call-ip6tables = 1
net/bridge/bridge-nf-call-iptables = 1
net/bridge/bridge-nf-call-arptables = 1

# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

# echo "1"  > /proc/sys/net/ipv4/ip_forward

disable SElinux and update your firewall rules.
#sudo setenforce 0
#sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
# cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
# sudo sysctl --system
# sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# sudo swapoff -a
# yum install -y yum-utils
# yum-config-manager --add-repo
# yum install -y docker-ce docker-ce-cli docker-compose-plugin  kubelet kubectl kubeadm kubernetes-cni
# systemctl enable kubelet
# systemctl enable docker
# service firewalld stop
# systemctl disable firewalld
# rm -f /etc/containerd/config.toml
# systemctl restart containerd
# systemctl enable containerd
# echo -e " master\n192.168.50.11 worker1\n192.168.50.12 worker2" >> /etc/hosts
# kubeadm config images pull
# kubeadm init --apiserver-advertise-address= --pod-network-cidr=
# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# kubectl apply -f
# systemctl status containerd
# systemctl status kubelet

############# for worker01 ####################

on Master  node command :- 
# sudo kubectl label node <worker01>
[root@master ~]# kubectl get nodes
NAME                 STATUS   ROLES           AGE   VERSION   Ready    control-plane   11h   v1.28.2
worker01             Ready    worker          10h   v1.28.2
worker02             Ready    worker          10h   v1.28.2
############# Reset  k8s cluster ############

# kubeadm reset

######### check certificate and tokan #########

How to create a token.

# kubeadm token create

# kubeadm token list

# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \ | openssl rsa -pubin -outform der 2>/dev/null \ | openssl dgst -sha256 -hex \ | awk '{print $2}'

############# Renew Expired Certificates #############

# kubeadm certs check-expiration

# kubeadm certs renew all


What is a pod kubernetes ?

Pods is collection of containers . live together and die together. IP assigned to pod only. All containers in the same pod will communicate to localhost with different ports. Pods are the smallest unit that can be deployed and managed by Kubernetes.
Each Pod has its unique IP Address and ports within the cluster.
Any data saved inside the Pod will disappear without a persistent storage.

Pods create flow diagram :-

2.Pause :

2.Pause : First pause container is created after that the pods is created. Pause container is IP assigned to pods. Pause container that works with pods but will not be visible in pods. The input and output traffic of all the containers running in a pod will go through the Puase container.

3.How many pause container is running on k8s cluster.

# ctr -n c ls 

4.How many pause container is running on woker side.

on woker01

on woker02

5.Pod lifecycle:

# kubectl get pods

      nginxpod       2/2        Running          0               4m25s

NAME           :- Pod name
      READY 2/2   :- <running status of container>/<total of container in pod>
      STATUS        :-  status of pod.
      RESTARTS  :- restart count.
      AGE              :- running status time.

CrashLoopBackOff is a Kubernetes state that indicates a restart loop is happening in a pod. We have to check by describing pod.

6.Container States:

The way Kubernetes maintain Pod phases, it maintains state of each container in the Pod.

Once the scheduler assigns a Pod to a Node, the kubelet starts creating containers for that Pod using a container runtime. There are 3 possible states for the container.

Types of Pod:

i)        Single Container pods.

ii)      Multi Container Pods.

Single Container pods :-

If you need to run a single container in Kubernetes, then you have to create a pod for it which is nothing but Single Container Pod. One or more containers running in single pod and one container as a helper container.

Multi Container pods :-

If you have to run two or more containers in a pod, then the pod created to place these containers is called a Multi Container Pod.

There are three common design patterns for multiple containers into a single pod.

i) Sidecar

ii) Adapter

iii) Ambassador

i) What is Kubernetes Sidecar?

Some great examples are using a sidecar for monitoring and logging and adding an agent for these purposes.

one of the pod will contain primary application while the second pod would contain sidecar container. The main application will write the logs into a log file, and the sidecar container will continuously read this log file and send the output to STDOUT. Now you may configure some logging agent to send these logs to a central log server.


# cat sidecar-pod.yaml

apiVersion: v1

kind: Pod


  name: sidecar-pod



  - name: log

    emptyDir: {}


  - image: busybox

    name: application

    command: ['sh', '-c', 'while true; do echo Today Date and Time is $(date) INFO Hello world..! >> /var/log/myapp.log && sleep 5; done']


    - name: log

      mountPath: /var/log

  - name: sidecar

    image: busybox

    command: ['sh', '-c', 'tail -fn+1 /var/log/myapp.log']


    - name: log

      mountPath: /var/log

# kubectl apply -f sidecar-pod.yaml

# kubectl get pods

How many container available in pods.

# kubectl get pod -o=",INIT-CONTAINERS:.spec.initContainers[*].name,CONTAINERS:.spec.containers[*].name"

kubectl get pods <pods_name> -o jsonpath='{.spec.containers[*].name}'

# kubectl logs -f sidecar-pod -c sidecar 

ii) What is Adapter in kubernetes.

For example, you’re running multiple applications within separate containers, but every application has a different way of outputting log files.

Now, you have a centralized logging system that accepts logs in a particular format only. What can you do in such a situation? Well, you can either change the source code of each application to output a standard log format or use an adapter to standardize the logs before sending it to your central server. That’s where the adapter pattern comes in.

use case

let’s consider that an application that outputs logs in a particular format, that we want to change to something standard.

# vim adaptor.yaml

apiVersion: v1

kind: Pod


  name: adapter-pod


    app: adapter-app



  - name: logs

    emptyDir: {}


  - name: app-container

    image: alpine

    command: ["/bin/sh"]

    args: ["-c", "while true; do date >> /var/log/app.log; sleep 2;done"]


    - name: logs

      mountPath: /var/log

  - name: log-adapter

    image: alpine

    command: ["/bin/sh"]

    args: ["-c", "tail -f /var/log/app.log|sed -e 's/^/Date /' > /var/log/out.log"]


    - name: logs

      mountPath: /var/log                      

In the manifest, we have an app-container that outputs a stream of dates to a log file. The log-adapter container adds a Date prefix in front. Yes, it’s a very rudimentary example, but enough to get how the adapter works.

# kubectl apply -f adaptor.yaml

# kubectl get pods

# kubectl exec -it adapter-pod -c app-container /bin/sh

# ps -elf | grep "date"

# cd  /var/log 

# cat app.log

# kubectl exec -it adapter-pod -c log-adapter /bin/sh

iii) What is Ambassador ?

If you look carefully in the manifest YAML, you will find there are three containers. The app-container-poller continuously calls http://localhost:81 and sends the content to /usr/share/nginx/html/index.html.

The app-container-server runs nginx and listens on port 80 to handle external requests. Both these containers share a common mountPath. That is similar to the sidecar approach.

There is an ambassador-container running within the pod that listens on localhost:81 and proxies the connection to, so when we curl the app-container-server endpoint on port 80, we get a response from

# cat ambassador.yaml
apiVersion: v1

kind: Pod


  name: ambassador-pod


    app: ambassador-app



  - name: shared

    emptyDir: {}


  - name: app-container-poller

    image: yauritux/busybox-curl

    command: ["/bin/sh"]

    args: ["-c", "while true; do curl > /usr/share/nginx/html/index.html; sleep 10; done"]


    - name: shared

      mountPath: /usr/share/nginx/html

  - name: app-container-server

    image: nginx


      - containerPort: 80


    - name: shared

      mountPath: /usr/share/nginx/html

  - name: ambassador-container

    image: bharamicrosystems/nginx-forward-proxy


      - containerPort: 81

How to check container name in pods

# kubectl describe pods <pods_name>

How to check particular container log from pods.

# kubectl logs <pod_name> <container_name>

# kubectl get pods

# kubectl port-forward ambassador-pod 80:80

# curl localhost

Init Containers:

In Kubernetes, an init container is the one that starts and executes before other containers in the same Pod. Used to perform small tasks. If the task is completed after that container will exit.
specialized containers that run before app containers in a Pod. Init containers can contain utilities or setup scripts not present in an app image. You can specify init containers in the Pod specification alongside the containers array (which describes app containers).

The init-container pod will clone from the git web-content directory and the code will be downloaded. The logical name of the web-content directory is web-content-dir, after that the nginx pod will mount from the web-content-dir directory.

# cat init-container-pod.yaml

apiVersion: v1

kind: Pod


  name: init-container-demo



  - name: nginx

    image: nginx:alpine


    - containerPort: 80


    - name: web-content-dir

      mountPath: /usr/share/nginx/html


  - name: helper

    image: alpine/git


    - git

    - clone


    - /web-content/


    - name: web-content-dir

      mountPath: "/web-content"


  - name: web-content-dir

    emptyDir: {}

# kubectl describe pods init-container-demo

# kubectl apply -f  init-container-pod.yaml

# kubectl get pods -w

# kubectl get pod -o=",INIT-CONTAINERS:.spec.initContainername,CONTAINERS:.spec.containers[*].name"

Worker node side image download :- nginx pods delete hota hai to nginx image remove nhi hoti hai.

# ctr -n  c ls

# kubectl get pods -o wide

# curl -l

Ephemeral Containers :-

Ephemeral Containers are a feature in Kubernetes that allows users to run diagnostic or debugging containers within an existing Pod for a short duration. These containers are temporary and serve the purpose of troubleshooting, inspecting, or debugging issues within the context of a running Pod.

Diagnostic and Debugging Tools:

Same Network Namespace:

Same Storage Volumes:

No Impact on Application Containers:

Access to Pod Namespace:

# kubectl alpha debug -it <pod-name> --image=<debugger-image:tag>

Static Pods in Kubernetes :-

Static pods in Kubernetes are created and managed directly by the kubelet service on a node, without the need for a Kubernetes API server or scheduler. Kubelet can only create and manage static pods.

For example, kubeadm uses static pods to bring up Kubernetes control plane components like api-server, and controller-manager as static pods on the Master Node.

some pods running in the kube-system namespace are static pods on the master node.

Kubelet config file path :-

# vim /var/lib/kubelet/config.yaml

Static pods path :-

 These yaml files are running as a static pods.

# ls -ltr  /etc/kubernetes/manifests/

Creating a static pods on master node :-

# vim static_pods.yaml

apiVersion: v1

kind: Pod


  name: static-web


    role: myrole



  - name: web

    image: nginx


      - name: web

        containerPort: 80

        protocol: TCP

# cp -rvf    static_pods.yaml  /etc/kubernetes/manifests

# kubectl  get  pods

When deleting static_pods.yaml file static pods are removed.

# rm -rf /etc/kubernetes/manifests/static_pods.yaml

# kubectl  get  pods

On worker node :-

# cp -rvf    static_pods.yaml  /etc/kubernetes/manifests

# kubectl  get  pods

# kubectl describe pods static-web-worker01

 command :-

# kubectl run <pod_name>  --image=<image_name>

# kubectl get pods   (show all pods)

# kubectl run nginx --image=nginx

# kubectl describe pods <pods_name> (describe for pods)

# kubectl get pods --show-labels

# kubectl get pods -w (watch command)

# kubectl get po -o wide (which node, pod is working)

# kubectl delete pod <pod_name>

# kubectl delete pods --all (delete all pods)

# kubectl get pods <pod_name> (How many container are running in pod.)

# kubectl edit pod <pod_name>   (edit pod file update and changes.)

# kubectl explain pod --recursive | less  (help for create yaml file)

# kubectl get pods --all-namespaces

Kubernetes system namespaces use :- kube-system

New Pods default namespaces use :- default

#  kubectl get pods   -n  <namespaces>   (show pods only namespace)

# kubectl explain pod ( help for yaml file parami)

# kubectl  exec  <pod_name>  -c <container_name> -it bash (login container)

# kubectl describe pods nginx (check debug pods and containers)

# kubectl logs nginxpod -c rediscontainer (check logs for container)

# kubectl exec <pod_name> date  (execute date command)

# kubectl exec <pod_name> -c <container-name> date  (execute date command in single container)

# kubectl   logs  <pod_name>   (check logs for pods)

# kubectl   logs  -f   <pods_name>  -c  <container_name>  (check logs for container)   


# kubectl get pod -o=",INIT-CONTAINERS:.spec.initContainers[*].name,CONTAINERS:.spec.containers[*].name" (check container in pods)

# kubectl get pods <pods_name> -o jsonpath='{.spec.containers[*].name}' (check container in pods)

# kubectl exec -it <pods_name> -c <container_name> -- cat /etc/hostname (check hostname container)

# kubectl exec -it <pods_name> -c <container_name> -- ifconfig eth0 (check ip container)


Check yaml file (create and apply is same command)

# kubectl create -f first_pod.yaml --dry-run=client

# kubectl apply -f first_pod.yaml --dry-run=client

How to create yaml file ?

# kubectl explain pods

# kubectl explain pod --recursive | less


Example for help create pod yaml file

# kubectl run nginx --dry-run=client --image=nginx -o yaml


Pause container

Pause container is IP assigned to pods.


Single pods

Single pods contain a single container.


Multi pods

run two or more containers in a pod is called multi pods.


Side car pods

sidecar for monitoring and logging and adding an agent for these purposes.


Adapter pods

centralized logging system that accepts logs in a particular format only.


Ambassador pods

Ambassador is a Kubernetes-native API Gateway built on Envoy Proxy. Managed entirely via Kubernetes Custom Resource Definitions, Ambassador provides powerful capabilities for traffic management, authentication, and observability.
Proxy database connection


Staic pods

Static pods are managed directly by the kubelet on a specific node and are not part of the Kubernetes control plane.


Init container

Init containers are containers that run and complete before the main application containers start.


Ephemeral Contaoners

Ephemeral Containers are a feature in Kubernetes that allows users to run diagnostic or debugging containers within an existing Pod for a short duration.