top of page

Create Date: 2022/04/01

Last Modified: 2024/02/16

2110px-Kubernetes-icon-color.svg.png

Kubernetes

What is Kubernetes

Kubernetes (K8S) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.The term cloud native refers to an application that was designed to reside in the cloud from the start. Cloud native involves cloud technologies like microservices, container orchestrators, and auto scaling.

Kubernetes Objects
Kubernetes objects

  • Infrastructure Components

 

Kubernetes Cluster​

Control Plane (Master Node)

apiServer

controller manager

scheduler - create and deploy a pod

etcd - e.g. maintain the deployment status

Worker Node

kubelet - run and manage the pods in a node

kube-proxy

Container runtime

It should be a lightweight and portable application such as runC, which developed by OCI - Open Container Initiative. The runC is used in Docker and Podman. The Containerd is another option.  It is a container runtime that manages the lifecycle of a container on a physical or virtual machine (a host). It is a daemon process that creates, starts, stops, and destroys containers. It is also able to pull container images from container registries, mount storage, and enable networking for a container.

pod

it contains one or more running container

  • Workloads

 

​A workload is an application running on Kubernetes. Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods. In Kubernetes, a Pod represents a set of running containers on your cluster.

  • Networking

    • Service​  

      • Service is used to expose an application deployed on a set of pods using a single endpoint. i.e. It maps a fixed IP address to a logical group of pods.

    • Ingress

      • Ingress manages external access to the services in a cluster, typically HTTP/S.

      • Ingress may provide load balancing, SSL termination and name-based virtual hosting.

      • Ingress exposes one or more services to external clients through a single externally reachable IP address.

      • Traffic routing is controlled by rules defined on the Ingress resource.

    • NetPol 

      • Network Policy isolates the network between pods by specifying which pods can connect to each other, and other network endpoints.

    • Endpoint

      • Endpoint defines which pods (or other servers) are exposed through a service.

    • EndpointSlice (default 100 endpoints max up to 1000)

      • ​Kubernetes' EndpointSlice API provides a way to track network endpoints within a Kubernetes cluster. EndpointSlices offer a more scalable and extensible alternative to Endpoints.

  • Storage

    • Persistent Volumes (PV)​ 

      • It is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. . It is a resource in the cluster.

    • Persistent Volume Claim (PVC)

      • ​PVC is a request for storage by a user. It consumes PV resources. Claims can request specific size and access modes (e.g., they can be mounted ReadWriteOnce, ReadOnlyMany or ReadWriteMany, see AccessModes).

    • Storage Classes (SC)

    • A StorageClass provides a way for administrators to describe the "classes" of storage they offer. Different classes might map to quality-of-service levels, or to backup policies, or to arbitrary policies determined by the cluster administrators. 

  • Configuration

    • ConfigMap​s

    • Secrets

  • Security

    • Service Account​

    • Role

    • ClusterRole

    • RoleBinding

    • ClusterRoleBinding 

  • Elastic Scale (vertical scaling and Horizontal scaling)

    • ​Horizontal Pod Autoscaler (HPA)

    • Pod Disruption Budget (PDB)

What is Kubernetes Cluster

Kubernetes cluster consists of at least one control plane, and one or more machines, called worker nodes, that run containerized applications.

What is Control Plane?

The Kubernetes control plane manages clusters and resources such as worker nodes and pods. The control plane receives information such as cluster activity, internal and external requests, and more. Based on these factors, the control plane moves the cluster resources from their current state to the desired state.

What is Worker Node?

Worker nodes within the Kubernetes cluster are used to run containerized applications and handle networking to ensure that traffic between applications across the cluster and from outside of the cluster can be properly facilitated.

What is Service Mesh?

A Kubernetes service mesh works by providing a dedicated infrastructure layer that manages communication between microservices in a Kubernetes cluster. It uses sidecar proxies, a control plane, and a data plane to enable advanced features like observability, security, and traffic management.

​Top 14 Kubernetes Service Meshes

cloud_sec-isito_service_mesh_arch-h.png
What is Ingress Controller ?

An ingress controller acts as a reverse proxy and load balancer. It implements a Kubernetes Ingress. The ingress controller adds a layer of abstraction to traffic routing, accepting traffic from outside the Kubernetes platform and load balancing it to Pods running inside the platform.

Outside of the need for secure communication between microservices, you need a way to interact with frontend apps. The typical way is with a load balancer that’s connected to a Service. You can also use a NodePort, but in the cloud world, you’ll mostly see load balancers being used. Here’s the problem; cloud load balancers are expensive literally and figuratively. You have to pay money for each cloud load balancer that you have. Having a few applications may not be a big deal, but what about if you have 50 or 100? Not to mention that you have to manage all of those cloud load balancers. If a Kubernetes Service disconnects from the load balancer for whatever reason, it’s your job to go in and fix it. With Kubernetes Ingress Controllers, the management and cost nightmare is abstracted from you.

An Ingress Controller allows you to have:

  • One load balancer

  • Multiple applications (Kubernetes Services) pointing to it

You can create one load balancer and have every Kubernetes Service point to it. Then, you can access each Kubernetes Service on a different path.

Here are seven ingress controllers for Kubernetes:

  • Emissary Ingress Controllers. 

  • NGINX Ingress Controllers.

  • HAProxy Ingress Controllers.

  • Envoy Ingress Controllers. 

  • Traefik Ingress Controllers. 

  • F5 Container Ingress.

  • Contour Ingress Controllers.

  • Istio (istio gateway)

What is Manifest ?

A Kubernetes Manifest file is a YAML or JSON file that describes the desired state of a Kubernetes object. These objects can include deployment, replica set, service, and more. Manifest files define the specifications of the object, such as its metadata, properties, and desired state.

Required fields

apiVersion 

Which version of the Kubernetes API you're using to create this object.

kind 

What kind of object you want to create. 

 

11 Types of Objects in Kubernetes

  •         1. Pods

  •         2. Deployment

  •         3. ReplicaSets

  •         4. StatefulSet

  •         5. DaemonSets

  •         6. PersistentVolume

  •         7. Service

  •         8. Namespaces

  •         9-10. ConfigMaps & Secrets

  •         11. Job

metadata 

Data that helps uniquely identify the object, including a name string, UID , and optional namespace.

spec

What state you desire for the object.

Example

k8-Job.png
Kubectl

kubectl controls the Kubernetes cluster manager.

Frequency use command

Visualise k8s cluster and Monitoring its performance

Prometheus and Grafana are two of the most popular open-source monitoring tools for Kubernetes. Learning how to integrate them using Helm will give you the ability to easily monitor your Kubernetes cluster and troubleshoot problems. You can also gain a deeper understanding of your cluster's health and performance.

Prometheus 

Grafana 

Setup and configuration source code:

https://github.com/marcel-dempers/docker-development-youtube-series/blob/master/monitoring/prometheus/kubernetes/readme.md

CRD - Custom Resource Definition 

When you create a new CustomResourceDefinition (CRD), the Kubernetes API Server creates a new RESTful resource path for each version you specify. The custom resource created from a CRD object can be either namespaced or cluster-scoped, as specified in the CRD's spec.scope field.

Example - Create a Corn Job api server endpoint 

https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#:~:text=When%20you%20create%20a%20new,the%20CRD%27s%20spec.scope%20field.

Statefulset and Operator 

StatefulSets are Kubernetes objects for running stateful applications in your cluster. They provide stable Pod identifiers, sticky storage, and automated rolling updates that let you predict the replicas that'll be affected by scaling operations. Example, databases. This is useful for managing applications that need persistent storage or a stable, unique network identity. StatefulSet is the workload API object used to manage stateful applications. Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Container Network Interface (CNI) 

Container Network Interface (CNI) plays a crucial role in managing networking capabilities within Kubernetes clusters. As an essential component of the Kubernetes ecosystem, CNI enables seamless communication and connectivity between containers and external networks.

Reference

1. Architecture

Describe the item and include any relevant details. Click to edit the text.

2 / Ingress

Describe the item and include any relevant details. Click to edit the text.

3 / Helm

Describe the item and include any relevant details. Click to edit the text.

3 / Kubectl frequency use commands

Describe the item and include any relevant details. Click to edit the text.

bottom of page