Kubernetes and Docker Notes for 4 Years of Experience

---

### Kubernetes Overview

#### 1. Kubernetes Architecture

- **Master Node**: Manages the cluster, runs API Server, Scheduler, Controller
Manager, etcd.
- **Worker Node**: Runs containers. Key components: Kubelet, Kube Proxy, and the
container runtime.
- **etcd**: A key-value store for storing cluster state and configuration data.
- **Kube API Server**: Entry point for all administrative tasks.
- **Controller Manager**: Ensures the desired state of the system.
- **Kube Scheduler**: Assigns pods to nodes based on resource requirements and
constraints.

#### 2. Pod Lifecycle

- The smallest deployable unit in Kubernetes.
- **Pod Phases**: Pending, Running, Succeeded, Failed, Unknown.
- Multi-container pods and the concept of sidecar containers.
- Pod termination and graceful shutdown with preStop hooks.

#### 3. Deployments and StatefulSets

- **Deployments**: Used for stateless applications; supports rolling updates,
rollbacks, and scaling.
- **StatefulSets**: Used for stateful applications (like databases). Ensures
stable identity and storage.

#### 4. Services and Networking

- **Service Types**: ClusterIP (default), NodePort, LoadBalancer, ExternalName.
- **Ingress**: For managing external access to services, supports load
balancing, SSL termination.
- **Network Policies**: Controls the traffic between pods and other network
endpoints.
- **CNI (Container Network Interface)**: Plugin-based framework to configure
networking.

#### 5. Persistent Storage

- **Persistent Volumes (PVs) and Persistent Volume Claims (PVCs)**: Abstracts
storage from specific nodes.
- **Storage Classes**: Defines different classes of storage (SSD, HDD) with
dynamic provisioning.
- **Dynamic vs Static Provisioning**: Dynamically allocate storage without user
intervention.

#### 6. ConfigMaps and Secrets

- **ConfigMaps**: Store non-confidential data in key-value pairs.
- **Secrets**: Store sensitive information (like passwords, tokens) in an
encrypted format.
- **Usage**: Both ConfigMaps and Secrets can be mounted as environment variables
or volumes.

#### 7. Scaling and Auto-scaling

- **Horizontal Pod Autoscaler (HPA)**: Automatically adjusts the number of pod
replicas based on CPU/memory utilization or custom metrics.
- **Vertical Pod Autoscaler (VPA)**: Automatically adjusts resource requests and
limits of running pods.
 - **Cluster Autoscaler**: Automatically adjusts the size of the cluster by
adding or removing nodes based on the resources required by pods.

#### 8. Namespaces and Resource Management

- **Namespaces**: Isolate resources within the cluster. Useful for multi-
tenancy.
- **Resource Quotas**: Enforce resource usage limits (CPU, memory) across
namespaces.
- **Limit Ranges**: Set default and maximum values for resource requests and
limits.

#### 9. RBAC (Role-Based Access Control)

- **Roles**: Defines permissions within a namespace.
- **ClusterRoles**: Similar to Roles but applicable cluster-wide.
- **ServiceAccounts**: Grants permissions to pods or other Kubernetes resources.

#### 10. Kubernetes Security Best Practices

- **Pod Security Policies**: Control security settings of pods (e.g., running as
non-root, capabilities).
- **Network Policies**: Control which pods can communicate with each other.
- **Secrets Management**: Use Kubernetes Secrets for sensitive data.
- Regular image scanning and runtime security (e.g., Falco).

#### 11. Logging and Monitoring

- **Logging Solutions**: Use tools like Fluentd, ELK (Elasticsearch, Logstash,
Kibana), or Loki for centralized logging.
- **Monitoring**: Use Prometheus for metrics collection and Grafana for
visualization.
- **Probes**: Liveness and Readiness probes to monitor the health of the
application.

#### 12. Kubernetes Operators and CRDs (Custom Resource Definitions)

- **Operators**: Automate the lifecycle of complex applications (e.g.,
databases).
- **Custom Resource Definitions (CRDs)**: Extend the Kubernetes API to create
new types of resources.

#### 13. Helm Charts

- **Helm**: Kubernetes package manager to deploy applications in a consistent
and reproducible way.
- Create, share, and version-control application deployments using Helm charts.

#### 14. CI/CD with Kubernetes

- **Jenkins-X**: Jenkins for Kubernetes-native CI/CD pipelines.
- **GitLab CI/CD**: Automatically deploy applications to Kubernetes clusters
using pipelines.

#### 15. Kubernetes Troubleshooting

- Common commands: `kubectl describe`, `kubectl logs`, `kubectl exec`.
- Diagnose pod crash loops, resource allocation issues, and networking problems.

---

### Docker Overview

#### 1. Docker Architecture

- **Docker Engine**: The core of Docker, which consists of a server (daemon) and
a client (CLI).
- **Containers**: Lightweight, portable, and isolated processes.
 - **Images**: Read-only templates used to create containers. Built from
Dockerfiles.
- **Docker Hub**: A public registry to store and share Docker images.
- **Docker Compose**: Tool to define and run multi-container Docker applications
using `docker-compose.yml`.

#### 2. Dockerfile Basics

- **FROM**: Specifies the base image.
- **COPY/ADD**: Copies files into the image.
- **RUN**: Executes commands to install dependencies or set up the environment.
- **CMD/ENTRYPOINT**: Defines the default command to run when a container
starts.
- **EXPOSE**: Informs Docker which port the container will listen on.
- **WORKDIR**: Sets the working directory inside the container.
- **ENV**: Sets environment variables inside the container.

#### 3. Building and Running Docker Containers

- **docker build**: Builds an image from a Dockerfile.
- **docker run**: Runs a container based on an image.
- **docker ps**: Lists running containers.
- **docker logs**: View logs from a running container.
- **docker exec**: Execute commands inside a running container.

#### 4. Containerization Best Practices

- Minimize image size by using lightweight base images (`alpine`).
- Use multi-stage builds for efficient image creation.
- Avoid hard-coding configuration into Docker images; use environment variables
instead.
- Tag images properly with versioning for better traceability.

#### 5. Docker Networking

- **Bridge Network**: Default network mode where containers can communicate with
each other.
- **Host Network**: Containers use the host's network stack.
- **Overlay Network**: Multi-host networking used in Docker Swarm.
- **docker network create**: Create custom networks for container communication.

#### 6. Docker Volumes

- **Volumes**: The preferred method for persisting data in Docker containers.
- **Bind Mounts**: Mount directories from the host into a container.
- **docker volume create**: Create a volume that can be used by containers.
- **docker run -v**: Mount a volume or bind mount into a container.

#### 7. Docker Compose

- **docker-compose.yml**: Defines multi-container applications.
- **docker-compose up/down**: Start or stop multi-container applications.
- **docker-compose logs**: View logs from all containers in the application.
- **docker-compose scale**: Scale containers in the application.

#### 8. Docker Swarm

- Native clustering and orchestration solution by Docker.
- Use `docker swarm init` to initiate a Docker Swarm manager.
- Use `docker service` commands to manage services and replicas.

#### 9. CI/CD with Docker

- Use Docker in CI/CD pipelines to build, test, and deploy containers.
- **Jenkins**: Build Docker images in pipelines and push to registries.
- **GitLab CI**: Use `.gitlab-ci.yml` to define Docker-based jobs in a CI/CD
pipeline.
#### 10. Security Best Practices for Docker
- Use official images from trusted sources.
- Scan images for vulnerabilities using tools like `Trivy`.
- Run containers with the least privileges (`--user` flag).
- Keep Docker daemon and images up to date.

---

### Key Differences Between Docker and Kubernetes

- **Docker**: Focuses on containerization and running containers on a single
machine.
- **Kubernetes**: Orchestrates and manages multiple containers across a cluster of
machines, offering scaling, service discovery, networking, and self-healing
capabilities.

---