Kubernetes Labels - Selectors, Annotations

What this post covers?

In this post we will explore all possible options that can be used for Kubernetes Labels and selectors.

• Adding labels
• Show labels 
• Replace labels
• Deleting labels 

 Adding Labels to Pods

Adding labels while you creating bare pods imperatively using 'kubectl run' command, here I'm using three different images httpd, redis, rabbitmq.

 

kubectl run web --image=httpd:2.4.54-alpine \
  --labels="env=prod,author=pavandeverakonda,component=customer,tier=frontend"
kubectl run db --image=redis:alpine \
 --labels="env=prod,author=pavandeverakonda,component=customer,tier=backend"

kubectl run web2 --image=httpd:2.4.54-alpine \
 --labels="env=dev,author=pavandeverakonda,component=customer,tier=frontend"
kubectl run db2 --image=redis:alpine \
--labels="env=dev,author=pavandeverakonda,component=customer,tier=backend"

kubectl run msg-pod --image=rabbitmq \
 --labels="env=prod,author=ranjan,component=customer,tier=integrat"

#Validate the labels with the pods 
kubectl get po --show-labels

Create Pod along with Labels

Show labels for Kubernetes Objects

To see what all labels associated with a kubernetes object use --show-labels option

# for Pods
 kubectl get pods --show-labels 

# for nodes
kubectl get nodes --show-labels

To filter only the prod environment

 kubectl get pods -l env=prod --show-labels 
 

To get without header use --no-headers=true

 kubectl get pods -l env=dev --show-labels  --no-headers=true
 

To get the count of the dev environemnt pods we can use wc -l to count lines

 kubectl get pods -l env=dev --show-labels  --no-headers=true|wc -l
 

Using --selector option 

 To get how many pods present in the business unit(bu) as finance, here we can use --selector option

 kubectl get pods --selector bu=finance --no-headers=true --show-labels
 

To get the count of the pods in finance bu

 kubectl get pods --selector bu=finance --no-headers=true|wc -l
 

To find all objects are present in the prod environment including Pods, ReplicaSet and any other

kubectl get all --selector env=prod --show-labels  --no-headers=true

To get the count

 kubectl get all --selector env=prod  --no-headers=true|wc -l

To Identify the Pod which is part of the "prod" environment, the "finance" BU and of "frontend" tier?

kubectl get all --selector env=prod,bu=finance,tier=frontend  --no-headers=true

more specific to pods only display

kubectl get pod --selector env=prod,bu=finance,tier=frontend

# Only Pod names
kubectl get pod --selector env=prod,bu=finance,tier=frontend  --no-headers=true  -o NAME

Deleting labels

a. Edit the Kubernetes Object b. Using - operator to remove labels

Using - operator to remove labels

Update pod 'web' by removing a label named 'author' (if that label exists with that pod)

kubectl label pods web author-

Deleting a label from a Pod

You can also remove two or more labels at one go, removing env, tier labesl from the web pod:

kubectl label pods web env- tier- 

Deleting multiple labels from a Pod

Kubernetes Annotations Another intresting fact about Kubernetes Objects, they are like labels but they are just metadata not used in the selectors section.

kubectl annotate pod/web contact="admin@vybhavasolutions"

You can also add more number of annotationsto to your a Kubernetes objects anytime like this:

kubectl annotate pod/web whatsapp="9618715457" email="vybhavatechnologies@gmail.com"

viewing Annotations of kubernetes objects The first option is always using describe kubernetes object, where you could see a section for Annotations is available.

kubectl describe pods web -o yaml |grep -c 3 'annotations'

Keep writing to us for more intresting facts on Kubernetes related errors which you have encountered.

Kubernetes installation on CentOS7 Vagrant boxes Manually

This page is updated in 2022 with new instructions which works for Rocky LInux as well!

As we have seen and had a setup that Docker EE installation on CentOS7. A year ago when I have worked on Kubernetes setup on the Ubuntu Linux that virtualization included all the steps involved in Docker installation to Kubernetes cluster configuration everything automated within Vagrantfile.

Kubernetes Cluster on your Desktop or Laptop or Mac book

In this post, I would like to share the manual steps that work to build a Kubernetes Cluster on CentOS7. We will be using the Docker EE installed nodes to install Kubernetes. So bringing up vagrant boxes the same thing that we had discussed earlier post proceed further.

Step 1: Check the System requirements

We have three nodes: master, node1, node2.

On ALL Nodes:
CPU Cores  2,
RAM size- 2GB Minimum 4GB good
Otherwise, Master node make it 3GB, Slave nodes with 1.5GB also a wise plan if you have limited resources.
Preparing the host mappings for master and worker nodes, Here I'm using sample names you can change as per your project needs.

   
hostnamectl set-hostname master-node
cat << EOF >> /etc/hosts
	10.128.0.27 master-node
	10.128.0.29 node-1 worker-node-1
	10.128.0.30 node-2 worker-node-2
EOF

Setup the firewall rules

 
  # master box run this
  sudo firewall-cmd --zone=public --permanent --add-port={6443,2379,2380,10250,10251,10252}/tcp
  
  # worker box firewall settings 
  sudo firewall-cmd --zone=public --permanent --add-port={10250,10251}/tcp
  
  #for both boxes
  firewall-cmd –reload
  modprobe br_netfilter
  echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
  

Step 2: Why do we need to do swap disable?

All Kubernetes masters and nodes are expected to have swap disabled. This is recommended by Kubernetes community for deployments. If swap is not disabled, kubelet service will not start on the masters and nodes,

 
# check swap available 
free -m
# if exists then run the following commands
swapoff -a # must for gcloud and aws instances
# permanent swap off from fstab
vi /etc/fstab --> comment swap entry

(OR) 
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

 
yum update -y
systemctl disable firewalld
systemctl stop firewalld
vi /etc/selinux/config ---> disabled

Restart all of the boxes

 
init 6

Now install Docker if you have not installed yet! this following will installs Docker-CE.

 
yum install docker -y
systemctl status docker #if it is inactive do the following
systemctl enable docker
systemctl start docker
systemctl start docker # make sure it is active state

Step 4: Add Kubernetes Repo 

This repo setting for CentOS boxes on ANY cloud env will works and same will work on vagrant box as well.

 
vi /etc/yum.repos.d/kubernetes.repo

Enter the following content into the file

 
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

Step 5: Install kubeadm, kubelet, kubectl and start

Now run the following yum installation commands on every node.

 
yum install kubeadm -y #This will includes kubectl, kubelet part of kubeadmin installation

systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet # ensure kubelet is in active state

After starting kubeadm you will get the following:

Kubernetes Installation

output

Let's configure bridge network for Kubernetes

 
vi /etc/sysctl.d/k8s.conf

Enter the following lines

 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

After file saving run the following command in the command shell.

 
sysctl --system

In the Master node execute the following command for Kubernetes Cluster initialization:

 
# NOTE: Please use your host IP address here
# This will do
kubeadm init

#alternatively try
kubeadm init --pod-network-cidr=192.148.0.0/16 --apiserver-advertise-address=192.168.33.100

(OR)

#To ignore preflight checks
kubeadm init --pod-network-cidr=192.148.0.0/16 --apiserver-advertise-address=192.168.33.100 --ignore-preflight-errors=Hostname,SystemVerification,NumCPU

On the Worker / Slave nodes:

 
kubeadm join 192.168.33.100:6443 --token h1ufen.hvs0nr49ua0my7u8 \
    --discovery-token-ca-cert-hash sha256:0bc179854b5c759333360737ff53ca2c4246b61823b033ecbac50593a9c334f6

Kubernetes Worker joining

On the master node do the following:

 
vi /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf

Run the following: source /etc/profile
(OR)

 
 mkdir -p $HOME/.kube
 cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 chown $(id -u):$(id -g) $HOME/.kube/config

Now

flannel network

 
kubectl get nodes # all nodes NotReady state
kubectl get pods --all-namespaces
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

kubectl get pods --all-namespaces
kubectl get nodes

Get the status of the node in the Kubernetes cluster, after all pods Running

Validate with Deployment 

Let us validate the Kubernetes Cluster Ready for deploy web application

Step 1 Let's take nginx image for deployment creation on the Kubernetes cluster

 
 kubectl create deployment mynginx --image=nginx

First Kubernetes deployment : create deployment

Now let's see the description of the above 'mynginx' deployment.

Describe Kubernetes deployment

Scale the 'mynginx' application deployment upto 3

 
 kubectl scale --replicas=3 deployment/mynginx

Scale deployment on Kubernetes Cluster

List of all pods in the Kubernetes cluster

 
 kubectl get po
 kubectl get po -o wide

get the list of pods in Kubernetes

Next step is Create service using 'mynginx' deployment.

 
kubectl create service nodeport mynginx --tcp=8080:80

kubectl get services

Service creation in Kubernetes Cluster

all set to go for checking in the browser
http://192.168.33.110:32286/

As our slave node running on 192.168.33.110 and the node port exposed as 32286.

Here I conclude our Kubernetes cluster working as expected! Please post your comments or suggestions to improve our learnings more useful to many other starters.

Kubernetes Services

 Hello everyone !! In this post, we will discuss the Kubernetes Services, What, and How we can deploy the service on a Kubernetes cluster.

What is Kubernetes Service?

We have Kubernetes services for not to remember the pod IP address, it is more comfortable inter-connecting the pods using service names.

Why we need Kubernetes Services?

We will get to know once we deploy the following different kinds of Kubernetes services on your Kubernetes cluster.

Types of Kubernetes Services

• NodePort
• ClusterIP
• Headless 
• Loadbalancer

Kubernetes Service types

NodePort

The node port will be a port enabled on a Node per microservice application. 

Let's have pod defination in myapp.yaml

apiVersion: v1
kind: Pod
metadata:
    name: myapp-pod
    labels:
        app: myapp
spec:
    containers:
        - name: nginx-containers
          image: nginx

Create the myapp pod using the above defination.

Example nodeport.yaml file

apiVersion: v1
kind: Service
metadata:
  name: appservice
spec:
  type : NodePort
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30008
  selector:
    app: myapp

kubectl create -f nodeport.yaml
kubctl get services
kubectl describe service appservice

ClusterIP 

- Headless services such as database services which are needed to be exposed to internal Kubernetes services like web application service.

apiVersion: v1
kind: Service
metadata:
  name: app-service
spec:
  ports:
    - port: 80
      protocol: TCP
  selector:
    app: app-server
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-server
  labels:
    app: app-server
spec:
  selector:
    matchLabels:
      app: app-server
  template:
    metadata:
      labels:
        app: app-server
    spec:
      containers:
      - name: web-server
        image: nginx
        ports:
        - containerPort: 80

Load balancer

You can configure a LoadBalancer on any of the Cloud provider. GCP, AWS OCI etc. 

Here in the below we will consider the example of LoadBalancer using AWS cloud ELB

apiVersion: v1
kind: Service
metadata:
  name: lb-service
  labels:
    app: lb-service
spec:
  type: NodePort
  ports:
  - port: 80
  selector:
    app: frontend

Now we have the frontend-deployment.yml file as :

apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: frontend
  minReadySecond: 30
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
        maxUnavailable: 0
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
      - name: frontend-container
        image: nginx

Reference:

1. ExternalName service Stackoverflow Question

Kubernetes cluster configuration in a Virtualbox with vagrant

Thanks to Rajkumar who had developed the Vagrantfile and published in the github on Kubernetes cluster configuration in a Virtualbox with vagrant. For those who don't know about Vagrant it is a tool that will be used for virtualization into a different level and more powerful way of using your system resources to run multiple operating virtual boxes in your Laptop/Desktop systems.

You just need to follow the simple steps which I had done in my experiment:

Prerequisites for Kubernetes Cluster Creation

1. Download latest Vagrant
2. Download latest version of Oracle VirtualBox

System resources requirements on VirtualBox

• 2 GB for each node
• 2 cores CPUs for each node

Here I have don this expeiment on my Windows 7 laptop. You could do same on any Windows higher version as well. Total 3 VMs will be created under a group named as - "Kubernetes Cluster" as defined in Vagrantfile.

Infrastructure as a Code: Vagrantfile 

	# -*- mode: ruby -*-
	# vi: set ft=ruby :
	#Vagrant::DEFAULT_SERVER_URL.replace('https://vagrantcloud.com')
	servers = [
	{
	:name => "k8s-master",
	:type => "master",
	:box => "ubuntu/xenial64",
	:box_version => "20180831.0.0",
	:enp0s8 => "192.168.33.10",
	:mem => "2048",
	:cpu => "2"
	},
	{
	:name => "k8s-slave-1",
	:type => "node",
	:box => "ubuntu/xenial64",
	:box_version => "20180831.0.0",
	:enp0s8 => "192.168.33.11",
	:mem => "2048",
	:cpu => "2"
	},
	{
	:name => "k8s-slave-2",
	:type => "node",
	:box => "ubuntu/xenial64",
	:box_version => "20180831.0.0",
	:enp0s8 => "192.168.33.12",
	:mem => "2048",
	:cpu => "2"
	}
	]
	# This script to install k8s using kubeadm will get executed after a box is provisioned
	$configureBox = <<-SCRIPT
	# install docker v17.03
	# reason for not using docker provision is that it always installs latest version of the docker, but kubeadm requires 17.03 or older
	apt-get update
	apt-get install -y apt-transport-https ca-certificates curl software-properties-common
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
	add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
	apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
	# run docker commands as vagrant user (sudo not required)
	usermod -aG docker vagrant
	# install kubeadm
	apt-get install -y apt-transport-https curl
	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
	cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
	deb http://apt.kubernetes.io/ kubernetes-xenial main
	EOF
	apt-get update
	apt-get install -y kubelet kubeadm kubectl
	apt-mark hold kubelet kubeadm kubectl
	# kubelet requires swap off
	swapoff -a
	# keep swap off after reboot
	sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
	# ip of this box
	IP_ADDR=`ifconfig enp0s8 | grep Mask | awk '{print $2}'| cut -f2 -d:`
	# set node-ip
	sudo sed -i "/^[^#]*KUBELET_EXTRA_ARGS=/c\KUBELET_EXTRA_ARGS=--node-ip=$IP_ADDR" /etc/default/kubelet
	sudo systemctl restart kubelet
	SCRIPT
	$configureMaster = <<-SCRIPT
	echo "This is master"
	# ip of this box
	IP_ADDR=`ifconfig enp0s8 | grep Mask | awk '{print $2}'| cut -f2 -d:`
	# install k8s master
	HOST_NAME=$(hostname -s)
	kubeadm init --apiserver-advertise-address=$IP_ADDR --apiserver-cert-extra-sans=$IP_ADDR --node-name $HOST_NAME --pod-network-cidr=172.16.0.0/16
	#copying credentials to regular user - vagrant
	sudo --user=vagrant mkdir -p /home/vagrant/.kube
	cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config
	chown $(id -u vagrant):$(id -g vagrant) /home/vagrant/.kube/config
	# install Calico pod network addon
	export KUBECONFIG=/etc/kubernetes/admin.conf
	kubectl apply -f https://raw.githubusercontent.com/ecomm-integration-ballerina/kubernetes-cluster/master/calico/rbac-kdd.yaml
	kubectl apply -f https://raw.githubusercontent.com/ecomm-integration-ballerina/kubernetes-cluster/master/calico/calico.yaml
	kubeadm token create --print-join-command >> /etc/kubeadm_join_cmd.sh
	chmod +x /etc/kubeadm_join_cmd.sh
	# required for setting up password less ssh between guest VMs
	sudo sed -i "/^[^#]*PasswordAuthentication[[:space:]]no/c\PasswordAuthentication yes" /etc/ssh/sshd_config
	sudo service sshd restart
	SCRIPT
	$configureNode = <<-SCRIPT
	echo "This is worker"
	apt-get install -y sshpass
	sshpass -p "vagrant" scp -o StrictHostKeyChecking=no vagrant@192.168.33.10:/etc/kubeadm_join_cmd.sh .
	sh ./kubeadm_join_cmd.sh
	SCRIPT
	Vagrant.configure("2") do |config|
	servers.each do |opts|
	config.vm.define opts[:name] do |config|
	config.vm.box = opts[:box]
	config.vm.box_version = opts[:box_version]
	config.vm.hostname = opts[:name]
	config.vm.network :private_network, ip: opts[:enp0s8]
	config.vm.provider "virtualbox" do |v|
	v.name = opts[:name]
	v.customize ["modifyvm", :id, "--groups", "/Kubernetes Cluster"]
	v.customize ["modifyvm", :id, "--memory", opts[:mem]]
	v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
	end
	# we cannot use this because we can't install the docker version we want - https://github.com/hashicorp/vagrant/issues/4871
	#config.vm.provision "docker"
	config.vm.provision "shell", inline: $configureBox
	if opts[:type] == "master"
	config.vm.provision "shell", inline: $configureMaster
	else
	config.vm.provision "shell", inline: $configureNode
	end
	end
	end
	end

view raw Kubernetes Cluster with Vagrantfile hosted with ❤ by GitHub

The Vagrantfile will be composed with the Ruby array that creates k8s-head and k8s-node1, k8s-node2 definitions. Once the Ubuntu Xenial boxes provisioned custom shell scripts are used for boot time execution.

• Both Master, Slave nodes common tasks are executed with the Shell provisioning inline options.
• Install Docker CE 17.03
• Added vagrant user to docker group to run docker commands as vagrant user (without using sudo for each not required)
• Install the kubelet kubeadm kubectlk
• kubelet requires swap off

You can do all the setups required to run the following in the sequence : 

• k8s-master node runs on 192.168.33.10
• k8s-slave1 node runs on 192.168.33.11
• k8s-slave2 node runs on 192.168.33.12

Bootstrap Setup

Master node will be required the following steps

Slave node will be running and after bootup only runs inline joining the kubernetes cluster with a script generated in the master. node.

Executing the setup

vagrant up

check the VM are created as expected

vagrant status

Vagrant status of kuberenetes cluster

Check that all are in running state, if not you need to check the log file that is generated in the same path where Vagrantfile exists.

Connect with your PuTTY to k8s-master that is running on 192.168.33.10 IP address.

Check the versions of kubeadm, kubectl, and kubelet

  kubectl version
  kubeadm version
  # Better format output
  kubectl version -o yaml
  kubeadm version -o yaml
  

Kubeadm, kubectl, kubelet versions

Check the nodes list

kubectl get nodes

kubectl get nodes output

Note: Make sure that your Windows firewall disabled to run the Vagrant on your Windows laptop.

You might be more interested to explore and know about the latest Docker 19 Community Edition learning experiments on Ubuntu 19.04

References:

1. Kubernetes Cluster on GitHub