Thank you for your kind words! We're delighted that our playlist has been helpful in your DevOps journey. We appreciate your support and wish you the best in your endeavours! 🙏🎉
Hii, you are doing a fantastic job. such a suitable manner you deliver real-time concepts, my request is that you please create one more video about how to create a user in Kubernetes and attach it to role and rolebinding.
Really want to thank you for this informative tutorial. I was struggling with this topic from past few weeks and finally your explanation did the trick. I really appreciate it. Thanks once again.
Very informative, but I can't able understand Hindi. Please try do playlist in English also that's helpful for many people who don't know Hindi. Thank you.
the SA token you created, will not be applied automatically on the pod you are creating. If you go to the mount path it will still show you the old token which was created by default NS. to apply the new token the SA, you will have to store that token in a secret and then have to pass the secret in the pod.yml only then it will show you the proper SA token.
Hi, Thanks for a great video. There was a mention that the default SA attached, is the reason why pods would communicate with each other. If a new custom SA is attached with some specific permissions, then how will the inter-pod communication access be established?
Thanks for watching! Inter-pod communication in Kubernetes doesn’t rely on the service account; it's managed by the network layer. A custom SA with specific permissions won’t affect basic inter-pod communication.
mam please ek video banado kubeadm say aws ec2 instances par cluster setup krna. Please step by step guide bnado I mean kha kha say cheeza search kara and eksa setup kara sabkuch. Master and worker nodes kesa bnaya etc
GitHub Action workflows can access your cluster using a service account token. You can generate a token with appropriate permissions and securely store it as a GitHub secret. Then, use it within your workflow to authenticate with your Kubernetes cluster.
Aapne jo ye container create kara hai practical mein kya woh ab SA ka use karke cluster mein running pod ki jaankari le sakta hai using kubectl get pods? Like, first, I need to go inside the container using command: kubect exec ... -- bash Now, i am inside the container and now if i run kubectl get pods, will it ahow me list of all pods running within the cluster (beacause it has 3 permissions: get, list and watch)?
In Kubernetes, running the kubectl get pods command inside a container does not provide information about all the pods running within the cluster, even if the Service Account attached to the pod has the necessary permissions. The kubectl command operates at the cluster level and interacts with the Kubernetes API server, which is outside the container's scope. To access cluster-level information, you would need to run the kubectl command from outside the container, typically on the host machine or a separate management node.
hello, Can you please help in understanding TokenReview API (recommended) & OIDC discovery ways of authenticating a service account in your simple easy to understand method :)
Hi mam I have a doubt please help me suppose I want to deploy angular and node app , my angular should always deploy on separate worker node and node js app should deploy on separate worker node , even when k8 provision the new workers nodes for angular and node js app they should be on different nodes how can we achieve this.
Hi! To ensure that your Angular and Node.js apps are deployed on separate worker nodes in Kubernetes, you can use node affinity or node selectors. These features allow you to specify rules for pod placement based on node labels. For example, you can label your worker nodes with different tags, such as "angular" and "nodejs". Then, when defining your deployment or pod configuration, you can use node affinity or node selectors to specify which nodes each app should be scheduled on. By setting the appropriate node affinity or node selectors for your Angular and Node.js deployments, you can ensure that they are always deployed on separate worker nodes, even when Kubernetes provisions new nodes.
Node affinity or node selectors are the appropriate methods to ensure that your Angular and Node.js apps are deployed on separate worker nodes in Kubernetes. Taints and tolerations may not be suitable in this case as they would require explicit tolerations for each pod, leading to wastage of resources if not specified. By using node affinity or node selectors, you can specify rules based on node labels, guaranteeing the desired separation of your apps on different nodes.
Colud you please tell me that application wants to connect to the cluster for creating the resource or to retrive that data…so here my question is that what is the type of application?? I mean application means its prometheus or some other ?
yes any kind of application, like your said prometheus for monitoring, or kubernetes dashboard to manage the cluster from a website, or some ci/cd tool like jenkins which spins up a pod whenever it has to execute a pipeline
Hi Riya. The command you showed in the video to create TOKEN is not working. I have created cluster using eks version 1.25. Expecting your response. Thank you
Hi Riya, One of the interviewer ask me one question that i did not answer, the question was In Kubernates i am having deployment its having 10 PODS running it’s a Payment service and one payment failed and now I need to check log but i do not know in which POD the request that went so how can i check the log of 10 PODS?
You can start by listing all the pods of your payment service deployment using the command kubectl get pods. Once you have the list of pods, you can narrow down the problematic one by checking their logs using kubectl logs . This will help you identify the pod that processed the payment request. To investigate the reason for the failure, you can examine the logs for any error messages or exceptions that might provide insights into what went wrong.
@@DevOpsPro still he need to check logs in all the 10 pods. 10 pods are running of payment-service which is stateless, the fault request can be served by any 1 from the 10 pod, how developer will identify the faulty request is served by which pod, I am assuming no log monitoring is set up
Please help us with your valuable feedback - forms.gle/E9r3xvTxnLPKz9Hw9
Your playlist is undeniably essential in helping us to get a DevOps job.🤩🤩🤩🤩
Once again, we express gratitude for your diligent efforts. 😇
Thank you for your kind words! We're delighted that our playlist has been helpful in your DevOps journey. We appreciate your support and wish you the best in your endeavours! 🙏🎉
hello mam thanks for this knowledgably video
These visual representations you use in your videos make understanding of the complex topics much easier..Awesome job 👌👌👌
Thanks a lot samiksha😊
The process to explain each topic is brilliant...
Expecting more valuable videos from you in future,
Thanks
Thank you for your kind words! More valuable content is on the way. Thanks for your support!
Very detailed and crystal clear explanation. I highly appreciate your support. Thanks
Such a coincidance that I Iwas trying to search about SA yesterday in this channel and voila! its here!!!
Hii,
you are doing a fantastic job. such a suitable manner you deliver real-time concepts, my request is that you please create one more video about how to create a user in Kubernetes and attach it to role and rolebinding.
I'm glad you're finding my videos helpful. I'll add it to my list of video ideas.
Mam ap bahot hi accha padati ho
It's very helpful to us
Please ap EKS by terraform bhi padado
Itana easy koi nahi batayega
Very helpful easy to understand ❤thnx for wonderful content.. Please make more video mam
Will all perfection 🙏
Superb
Great explanation with examples 🫡
Thanks
Awesome, madam ! Thank you 👍
Really want to thank you for this informative tutorial. I was struggling with this topic from past few weeks and finally your explanation did the trick. I really appreciate it. Thanks once again.
Glad it helped! 🙌
Beautifully explained !
Excellent!!
Great video and we'll explained
Thanks! 👍
awesome job and you explained everything so well.
Glad it was helpful!
Very informative.....
Glad it was helpful!
Your videos are really amazing❤. Thanks for wonderful content.
Appreciate her efforts and teaching
very nice
Very informative, but I can't able understand Hindi.
Please try do playlist in English also that's helpful for many people who don't know Hindi.
Thank you.
We will upload English playlist on DevOps Pro English Channel very soon. Keep watching!
Great Explanation
Aap Jenkins Per Bhi Bana do
Yes
the SA token you created, will not be applied automatically on the pod you are creating. If you go to the mount path it will still show you the old token which was created by default NS. to apply the new token the SA, you will have to store that token in a secret and then have to pass the secret in the pod.yml only then it will show you the proper SA token.
Service mesh and helm ka full vidoe banao ..theory and practical
Helm series is already there, will definitely make videos on service mesh. Keep watching!
Hi, Thanks for a great video. There was a mention that the default SA attached, is the reason why pods would communicate with each other.
If a new custom SA is attached with some specific permissions, then how will the inter-pod communication access be established?
Thanks for watching! Inter-pod communication in Kubernetes doesn’t rely on the service account; it's managed by the network layer. A custom SA with specific permissions won’t affect basic inter-pod communication.
mam please ek video banado kubeadm say aws ec2 instances par cluster setup krna. Please step by step guide bnado I mean kha kha say cheeza search kara and eksa setup kara sabkuch. Master and worker nodes kesa bnaya etc
We already have a video on it. Please go and check :)
Agar github action workflow ko cluster main acess dena hotu service account token kistarha use karsaktay hain
GitHub Action workflows can access your cluster using a service account token. You can generate a token with appropriate permissions and securely store it as a GitHub secret. Then, use it within your workflow to authenticate with your Kubernetes cluster.
Aapne jo ye container create kara hai practical mein kya woh ab SA ka use karke cluster mein running pod ki jaankari le sakta hai using kubectl get pods?
Like, first, I need to go inside the container using command: kubect exec ... -- bash
Now, i am inside the container and now if i run kubectl get pods, will it ahow me list of all pods running within the cluster (beacause it has 3 permissions: get, list and watch)?
In Kubernetes, running the kubectl get pods command inside a container does not provide information about all the pods running within the cluster, even if the Service Account attached to the pod has the necessary permissions. The kubectl command operates at the cluster level and interacts with the Kubernetes API server, which is outside the container's scope. To access cluster-level information, you would need to run the kubectl command from outside the container, typically on the host machine or a separate management node.
@@DevOpsPro Thank you for the clarification. Can we expect a part-2 on Service Account where we can actually have practical of using Service Account?
hello, Can you please help in understanding TokenReview API (recommended) & OIDC discovery ways of authenticating a service account in your simple easy to understand method :)
Absolutely! I'll create a video on TokenReview API and OIDC discovery for service account authentication. Stay tuned for the upcoming tutorial!
Kindly help me with ETCD backup and restore
Complete ci/cd video??
Hi mam I have a doubt please help me suppose I want to deploy angular and node app , my angular should always deploy on separate worker node and node js app should deploy on separate worker node , even when k8 provision the new workers nodes for angular and node js app they should be on different nodes how can we achieve this.
Hi! To ensure that your Angular and Node.js apps are deployed on separate worker nodes in Kubernetes, you can use node affinity or node selectors. These features allow you to specify rules for pod placement based on node labels.
For example, you can label your worker nodes with different tags, such as "angular" and "nodejs". Then, when defining your deployment or pod configuration, you can use node affinity or node selectors to specify which nodes each app should be scheduled on.
By setting the appropriate node affinity or node selectors for your Angular and Node.js deployments, you can ensure that they are always deployed on separate worker nodes, even when Kubernetes provisions new nodes.
@@DevOpsPro we can use taint & toleartions too right for this condition?
Node affinity or node selectors are the appropriate methods to ensure that your Angular and Node.js apps are deployed on separate worker nodes in Kubernetes. Taints and tolerations may not be suitable in this case as they would require explicit tolerations for each pod, leading to wastage of resources if not specified. By using node affinity or node selectors, you can specify rules based on node labels, guaranteeing the desired separation of your apps on different nodes.
Can you help me to understand why we use sa
Service Accounts (SA) in Kubernetes are used to authenticate pods with the API server, control their permissions, and enhance cluster security.
@@DevOpsPro Thanku
Colud you please tell me that application wants to connect to the cluster for creating the resource or to retrive that data…so here my question is that what is the type of application?? I mean application means its prometheus or some other ?
yes any kind of application, like your said prometheus for monitoring, or kubernetes dashboard to manage the cluster from a website, or some ci/cd tool like jenkins which spins up a pod whenever it has to execute a pipeline
Hi Riya. The command you showed in the video to create TOKEN is not working. I have created cluster using eks version 1.25. Expecting your response. Thank you
Can you please share the error message?
I also got the same error, upgrade kubectl It will work
Hi Riya, One of the interviewer ask me one question that i did not answer, the question was In Kubernates i am having deployment its having 10 PODS running it’s a Payment service and one payment failed and now I need to check log but i do not know in which POD the request that went so how can i check the log of 10 PODS?
You can start by listing all the pods of your payment service deployment using the command kubectl get pods. Once you have the list of pods, you can narrow down the problematic one by checking their logs using kubectl logs . This will help you identify the pod that processed the payment request. To investigate the reason for the failure, you can examine the logs for any error messages or exceptions that might provide insights into what went wrong.
@@DevOpsPro understood Thanks for the response 😊
@@DevOpsPro still he need to check logs in all the 10 pods. 10 pods are running of payment-service which is stateless, the fault request can be served by any 1 from the 10 pod, how developer will identify the faulty request is served by which pod, I am assuming no log monitoring is set up
better to teach in English as well
There are thousands of videos in English go and check there...
Most of the people's understand better in hindi so don't misguide her.