Professional Documents
Culture Documents
Section 4: Application Life Cycle Management
Section 4: Application Life Cycle Management
Section 4: Application Life Cycle Management
rollout.
◆ k rollout status deployment/<deployment-name> :- to view
rollout status.
◆ k rollout history deployment/<deployment-name> :- to view
rollout history.
○ A new rollout create a new deployment revision.
○ When you make changes to your containers in the deployment and
– “sleep”
– “5000”
Environment variables
– name :
value :
– name :
value :
ConfigMaps in K8s
● When you have a lot of pod definition files it can be difficult to manage
environment data in each file.
○ ConfigMaps can be used to manage environment data centrally.
● A configMaps is used to pass configuration data in form of key-value
pairs.
○ When a pod is created, we inject the configMap into the pod so
. creating configMaps.
◆ imperative way : k create configmap <config-name> --
from-literal=key=value
– --from-literal is used to specify the key-value pair
–
from the command itself.
– --from-file is used to specify the file which contains
the config data. The file has .properties extension.
◆ declarative way :-
– create a definition file.
◆ It 4 properties :-
– apiVersion: v1
– kind: ConfigMap
– metadata
◆ name: <config-name>
– data
◆ key1: value1
◆ key2: value2
– configMapRef:
name: <configMap-name>
– name: <property-name>
valueFrom:
configMapKeyRef:
name: <configMap-name>
key: <property-name>
◆ Injecting it as a volume :-
◆ volumes:
– name: <volume-name>
configMap:
name: <configMap-name>
Kubernetes secrets
keys.
● They are similar to configMaps except that they are stored in an
encoded format.
○ As with configMaps, there are two steps involved in configuring
secrets :
. creating the secret.
◆ imperative way : k create secret generic <secret-name>
--from-literal=key=value
– --from-literal is used to specify the key-value pair
from the command itself.
– --from-file is used to specify the file which contains
the config data. The file has .properties extension.
◆ declarative way :-
– apiVersion: v1
– kind: Secret
– metadata
◆ name: <secret-name>
– data
◆ key1: value1 # value in base64 format
◆ key2: value2 # value in base64 format
– secretRef:
name: <secret-name>
– name: <property-name>
valueFrom:
secretKeyRef:
name: <secret-name>
key: <property-name>
◆ Injecting it as a volume :-
◆ When inject a secret as a volume, each key is created as
file with values stored inside.
◆ volumeMounts:
– name: <volumeMount-name> # same as
volume-name
mountPath: “/opt/foo" # can be any file path
readOnly: true
◆ volumes:
– name: <volume-name>
configMap:
name: <secret-name>
○ Secrets are not encrypted but encoded. So anyone can get the
secrets file decode it with base64 and have your confidential data.
◆ Therefore, do not to put your secret objects to any SCM like
RBAC.
◆ Consider a third party secret store provider such as :-
– AWS
– Azure
– GCP
– Vault Provider
Multi-container pods
● Multi-container pods are pods with more that one containers inside.
● Sometimes there necessary in cases, where a web-app pod needs to
be coupled with a logging agent to collect all logs.
○ A logging container can be created with :-
◆ ports
◆ volumePaths etc.
Init-containers
● These are specialized containers that runs and terminates before app
containers can run in a pod.
● X-tics include :-
○ Init containers are run in sequence according to how they were
can start.
○ If one fails, Kubelet repeatedly restarts it until it runs to completion