Docker K8s

docker

docker run -d and ctrl p, q
docker attach and docker exec
docker folder: /var/lib/docker
docker view entrypint / cmd: docker inspect <image>
view docker usage of various system resource: docker system df --verbose
docker compose recreate docker-compose up --force-recreate --build -d
get docker container user name: docker inspect $(docker ps -q) --format ' '

remote docker

since 19.03, it is easier to just use context
dockerd -H allow daemon to listen on additional port
- /etc/docker/daemon.json
docker -H connects to specify daemon
- export DOCKER_HOST=

context

docker context redirect docker operation to remote environment
- docker context create term2 --docker "host=ssh://$TGT_HOST"
- docker -c <name> use this context for this command
docker info can be useful to diagnose remote problem

layers

master
- API server
- controller manager
- scheduler
node
- docker
- kubelet
- kube-proxy
pods
container

commands

cluster-info
get: list of basics
describe: detail information
explain: property of yaml
- apiVersion: API group + version
- kind
- metadata
- spec
- status
run
- --generator: run/v1, run=pod/v1
create
apply
delete:
- --cascade=false

debug oriented

exec <node> -- <cmd>
- --stdin --tty: get terminal
logs
- --previous
port-forward

selector

label: used to select object
- --overwrite
- --show-labels
- -l label selector
annotate: used to help field iteration
- up to 256 KB in size
namespace: divide resource into non-overlapping group
- resource can have duplicated name in ns
- ns can be used for access control
  - network connection is still possible depending on configuration
- RFC1035: ns cannot dot in its name
- --namespace: select ns
- metadata.namespace

alias kcd='kubectl config set-context $(kubectl config current-context) --namespace '

service

Expose the pods as a usable endpoint.

expose
spec.sessionAffinity: ClientIP
service ip and port is known via
- environment variable
- kube-dns: <service>.<ns>.<cluster domain name>
endpoints:
- select nodes
- or use fixed port -> external service
NodePost / LoadBalancer
- balance upon pods by default
- balance upon nodes when externalTrafficPolicy is set
Ingest: work on the http level
- support cookie based affinity

Schedule

scale
ReplicationController: spec.nodeSelector
ReplicaSet: spec.selector.matchLabels / matchExpressions
- In / NotIn / Exists / DoesNotExist
DaemonSet: pod per node
Job: run a definite task
- spec.restartPolicy
- spec.completions
- spec.parallelism
CronJob: cron
- schedule
- startingDeadlineSeconds

storage

EmptyDir / GitRepo / etc
- attach a volume directly
PersistentVolume / PersistentVolumeClaim
- op will create a volume based on cluster hardware
- dev will claim the volume for usage
StorageClass
- dynamic volume creation
ConfigMap
- as environment variable
- as volume -> will update as ConfigMap
  - only works as a full volume
Secret
- generic / docker-registry / tls
downwardAPI: used to connect to api server in pods

probe

liveness: used by kubelet to check if pod is alive
- http Get
- TCP socket
- exec return code
readiness
- similar to liveness
- only show up in service if pass readiness
exit code: 128 + external signal number

update

manually
rolling-update
- works from client not master
deployment rollout
- will create rs and then pods
- status, history, --record
- undo, pause, resume
- minReadySeconds

edit: modify text file
patch: edit individual properties
apply: apply change from yaml file. create if not exist
replace: replace object with ones from yaml file. error if not exist
set image: replace image in a pods / services

cluster level

node pv

security

https://jtreminio.com/blog/running-docker-containers-as-current-host-user/ https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/