Kubernetes for Beginners

bansikah

Tandap Noel Bansikah

Posted on May 19, 2024

Kubernetes for Beginners

Table of Contents for Article on Kubernetes

Table of Contents

  1. Introduction to Kubernetes
  2. Kubernetes Architecture
  3. Deploying Applications on Kubernetes
  4. Scaling and Load Balancing
  5. Storage and Persistence
  6. Networking
  7. Security and Access Control
  8. Monitoring and Logging
  9. Troubleshooting and Debugging
  10. Advanced Topics

1. Introduction to Kubernetes

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It was originally developed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF).

Key features of Kubernetes include

  • Containerization: Kubernetes allows you to package your applications into containers, ensuring consistency and portability across different environments.
  • Automated deployment and scaling: Kubernetes automatically deploys and scales containerized applications based on resource utilization and defined policies.
  • Service discovery and load balancing: Kubernetes provides built-in service discovery and load balancing, enabling applications to communicate with each other efficiently.
  • Self-healing: Kubernetes automatically recovers from failures, such as node failures or container crashes, by rescheduling and restarting containers.
  • Rolling updates and rollbacks: Kubernetes supports rolling updates and rollbacks, allowing you to deploy new versions of your applications without downtime.
  • Prerequisites Install kubectl

Example Code:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: my-app:1.0
        ports:
        - containerPort: 8080
Enter fullscreen mode Exit fullscreen mode

2. Kubernetes Architecture

Kubernetes consists of a master node and multiple worker nodes. The master node manages the cluster, while the worker nodes run the containerized applications.

Image description

Another Diagram

Image description

Control Plane Components:

kube-apiserver: Exposes the Kubernetes API, allowing clients to interact with the cluster.
kube-scheduler: Assigns pods to worker nodes based on resource availability and defined policies.
kube-controller-manager: Manages various controllers, such as replication controllers and endpoints controllers.
etcd: A distributed key-value store that stores the cluster's state and configuration.

Data Plane Components

The data plane in Kubernetes is responsible for handling the actual operations of the application, including running containers, networking, and managing the compute resources on the worker nodes. Below are the key components of the Kubernetes data plane:

kubelet

  • The kubelet is an agent that runs on each worker node in the Kubernetes cluster.
  • It is responsible for ensuring that containers are running in a Pod as defined by the Pod specification.
  • The kubelet communicates with the Kubernetes control plane to receive instructions about which Pods to run and monitors the state of those Pods.
  • It also interacts with the container runtime to create, manage, and terminate containers.

kube-proxy

Image description

  • The kube-proxy is a network proxy running on each node in the Kubernetes cluster.
  • It is responsible for maintaining network rules that allow communication between Pods, as well as between external clients and services.
  • It performs load balancing across Pods in a service, ensuring that traffic is distributed evenly.
  • kube-proxy manages the network connectivity for Kubernetes services by using iptables, IPVS, or user-space proxy modes.

Container Runtime

  • The container runtime is the software responsible for running containers on a node.
  • Kubernetes supports multiple container runtimes, such as Docker, containerd, or CRI-O.
  • The container runtime pulls container images from a registry and runs containers in accordance with the Pod specifications.

Understanding Nodes and Pods

Nodes

  • A node is a worker machine in Kubernetes that can be either a physical machine or a virtual machine.
  • Each node runs the kubelet agent, which ensures that the containers are running inside the Pods on that node.
  • Nodes are responsible for providing the compute, memory, and networking resources necessary to run the Pods.

Pods

  • A Pod is the smallest and simplest Kubernetes object.
  • A Pod encapsulates one or more containers that are closely related and need to share the same resources (e.g., network namespace, storage volumes).
  • Each Pod runs on a node and can be scheduled to any available node in the cluster by the Kubernetes scheduler.
  • Pods have their own IP address and can communicate with other Pods, both on the same node and across different nodes, via the network.

Network Flow in Kubernetes

Pod-to-Pod Communication

  • Pods in Kubernetes are assigned unique IP addresses, and they can communicate with each other through their IPs.
  • This communication happens within the same node or across nodes in the cluster.
  • The networking model assumes that every Pod can communicate with every other Pod without NAT (Network Address Translation).

Node-to-Pod Communication

  • Nodes are responsible for routing traffic to Pods.
  • When a request is made to a service, the kube-proxy on the node routes the traffic to one of the Pods that provides the service.
  • This is done using load balancing, ensuring that requests are distributed across all healthy Pods.

External-to-Internal Communication

  • Kubernetes provides mechanisms such as Services and Ingress to allow external clients to communicate with the Pods inside the cluster.
  • A Service provides a stable IP address for a set of Pods and can be exposed externally using NodePort or LoadBalancer.
  • Ingress allows for HTTP/HTTPS routing to services within the cluster.

Example Network Flow:

  1. External Client to Service: An external client makes a request to a service's IP or DNS name.
  2. Ingress/Service: The Ingress or Service resource routes this request to the appropriate Pod.
  3. kube-proxy: The kube-proxy on the node forwards the traffic to a healthy Pod selected via load balancing.
  4. Pod Communication: The selected Pod processes the request and may communicate with other Pods if needed (e.g., database Pods).
  5. Response: The Pod sends the response back to the client through the same network path.

This flow ensures reliable and scalable communication between the components of the application running in the Kubernetes cluster.

Example Code:

# List all Kubernetes components
kubectl get componentstatuses

# View the status of nodes in the cluster
kubectl get nodes
Enter fullscreen mode Exit fullscreen mode

3. Deploying Applications on Kubernetes

To deploy applications on Kubernetes, you need to create Kubernetes manifests, such as Deployment, Service, and Ingress resources.

Pods:

Pods are the smallest unit of deployment in Kubernetes, representing a single instance of an application. They can contain one or more containers that are tightly coupled and share resources.

Example Code:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-container:1.0
    ports:
    - containerPort: 8080
Enter fullscreen mode Exit fullscreen mode

One common case is where you have a main application container and a sidecar container that provides some auxiliary function, such as logging, monitoring, or caching.

Example Case: Pod with Two Containers
In this case, let's assume the Pod has two containers:

Main Application Container: Runs a web application.
Sidecar Logging Container: Runs a log processor that collects logs from the main application and sends them to a logging system like Elasticsearch.
Code Example

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: web-app-container
    image: nginx:1.19
    ports:
    - containerPort: 80
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log/nginx

  - name: log-processor-container
    image: busybox
    command: ['sh', '-c', 'tail -f /var/log/nginx/access.log']
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log/nginx

  volumes:
  - name: shared-logs
    emptyDir: {}
Enter fullscreen mode Exit fullscreen mode

Deployments:

Deployments manage the lifecycle of Pods and provide features like scaling, rolling updates, and rollbacks.

Example Code:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: my-app:1.0
        ports:
        - containerPort: 8080
Enter fullscreen mode Exit fullscreen mode

Services:

Services provide network access to Pods within the cluster. They can be exposed using different types, such as ClusterIP, NodePort, or LoadBalancer.

Example Code:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
Enter fullscreen mode Exit fullscreen mode

Ingress:

Ingress allows external traffic to reach services running in the cluster. It provides a way to configure routing rules and load balancing.

Example Code:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: my-app.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: my-service
          servicePort: 80
Enter fullscreen mode Exit fullscreen mode

4. Scaling and Load Balancing

Kubernetes provides features to scale applications and distribute traffic efficiently.

Horizontal Pod Autoscaling (HPA):

HPA automatically scales the number of Pods based on CPU or custom metrics.

Example Code:

apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: my-app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: my-app
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 50
Enter fullscreen mode Exit fullscreen mode

Cluster Autoscaler:

Cluster Autoscaler automatically scales the number of worker nodes in the cluster based on resource utilization.

Example Code:

To use Cluster Autoscaler, you need to install and configure it separately.

Load Balancing with Services:

Services in Kubernetes provide load balancing by distributing traffic across multiple Pods. By default, Kubernetes uses a round-robin algorithm for load balancing.

Example Code:

See the example code for creating a Service in the previous section.

5. Storage and Persistence

Kubernetes provides various storage options to persist data for applications.

Persistent Volumes (PVs):

PVs are abstract storage resources that can be provisioned by different storage providers, such as local storage, network storage, or cloud storage.

Example Code:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: my-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"
Enter fullscreen mode Exit fullscreen mode

Persistent Volume Claims (PVCs):

PVCs are requests for storage resources, allowing applications to consume PVs without knowing their specific details.

Example Code:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
Enter fullscreen mode Exit fullscreen mode

StatefulSets:

StatefulSets are used for managing stateful applications, such as databases or message queues. They ensure that Pods maintain a unique identity and persistent storage.

Example Code:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: my-stateful-set
spec:
  serviceName: "my-service"
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: my-app:1.0
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: my-volume
          mountPath: /data
  volumeClaimTemplates:
  - metadata:
      name: my-volume
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi
Enter fullscreen mode Exit fullscreen mode

6. Networking

Kubernetes provides various networking options to enable communication between Pods and external services.

Networking models in Kubernetes:

Container-to-Container Networking: Kubernetes provides a flat network for Pods, allowing them to communicate directly with each other using IP addresses.
Pod-to-Service Networking: Kubernetes provides a virtual IP address for each Service, enabling Pods to communicate with each other using the Service's IP address.
External-to-Service Networking: Kubernetes provides a way to expose Services to external traffic using different networking options, such as NodePort, LoadBalancer, or Ingress.

Example Code:

See the example code for creating a Service in the previous section.

Service Discovery and DNS:

Kubernetes provides built-in service discovery using DNS. Services can be accessed using their DNS names, which are automatically created by Kubernetes.

Example Code:

# Access a Service using its DNS name
kubectl run -it --rm --restart=Never --image=alpine dns-test -- nslookup my-service
Enter fullscreen mode Exit fullscreen mode

Network policies:

Network policies allow you to control the traffic flow between Pods and Services based on defined rules.

Example Code:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: my-network-policy
spec:
  podSelector:
    matchLabels:
      app: my-app
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: my-app
    ports:
    - protocol: TCP
      port: 80
Enter fullscreen mode Exit fullscreen mode

7. Security and Access Control

Kubernetes provides various security features to protect your cluster and applications.

Role-Based Access Control (RBAC):

RBAC allows you to define fine-grained access control policies for Kubernetes resources.

Example Code:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: my-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: my-role-binding
subjects:
- kind: User
  name: my-user
  apiGroup: ""
roleRef:
  kind: Role
  name: my-role
  apiGroup: ""
Enter fullscreen mode Exit fullscreen mode

Secrets:

Secrets allow you to store sensitive information, such as passwords, API keys, or certificates, in Kubernetes.

Example Code:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: bXktYXBw
  password: cGFzc3dvcmQx
Enter fullscreen mode Exit fullscreen mode

Network policies:

See the example code for creating a NetworkPolicy in the previous section.

8. Monitoring and Logging

Kubernetes provides various monitoring and logging solutions to help you observe and troubleshoot your cluster and applications.

Kubernetes Metrics:

Kubernetes provides built-in metrics, such as CPU and memory usage, for Pods and Nodes. You can use tools like Prometheus and Grafana to collect and visualize these metrics.

Example Code:
View CPU and memory usage for all Pods

kubectl top pods
Enter fullscreen mode Exit fullscreen mode

View CPU and memory usage for a specific Pod

kubectl top pod my-pod
Enter fullscreen mode Exit fullscreen mode

Prometheus and Grafana:

Prometheus is an open-source monitoring and alerting system, while Grafana is a visualization tool for time series data. You can use these tools to collect and visualize metrics from your Kubernetes cluster.

Example Code:

To install Prometheus and Grafana, you can use Helm, a package manager for Kubernetes.
Add the Prometheus Helm repository

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
Enter fullscreen mode Exit fullscreen mode

Install Prometheus

helm install prometheus prometheus-community/prometheus
Enter fullscreen mode Exit fullscreen mode

Add the Grafana Helm repository

helm repo add grafana https://grafana.github.io/helm-charts
Enter fullscreen mode Exit fullscreen mode

Install Grafana

helm install grafana grafana/grafana
Enter fullscreen mode Exit fullscreen mode


bash
Logging with Elasticsearch and Kibana:

Elasticsearch is a distributed search and analytics engine, while Kibana is a visualization tool for Elasticsearch. You can use these tools to collect and analyze logs from your Kubernetes cluster.

Example Code:

To install Elasticsearch and Kibana, you can use Helm, a package manager for Kubernetes.
Add the Elastic Helm repository

helm repo add elastic https://helm.elastic.co/helm

Install Elasticsearch

helm install elasticsearch elastic/elasticsearch

Install Kibana
helm install kibana elastic/kibana

9. Troubleshooting and Debugging

Kubernetes provides various tools and techniques to troubleshoot and debug your applications.

Common issues and solutions:

Pods are not running: Check the Pod's status using kubectl describe pod my-pod and look for any errors or warnings.
Services are not accessible: Check the Service's status using kubectl describe service my-service and ensure that the correct ports and targetPort are configured.
Resource limits and requests: Ensure that your Pods have appropriate resource limits and requests defined to prevent resource contention.

kubectl commands for debugging:

kubectl get pods: List all Pods in the current namespace.
kubectl describe pod my-pod: View detailed information about a specific Pod.
kubectl logs my-pod: View the logs of a specific Pod.
kubectl exec -it my-pod -- sh: Execute a shell inside a specific Pod.
kubectl apply -f my-manifest.yaml: Apply a Kubernetes manifest file.
kubectl delete -f my-manifest.yaml: Delete a Kubernetes manifest file.
Enter fullscreen mode Exit fullscreen mode

Kubernetes events:

Kubernetes events provide insights into the lifecycle of objects in the cluster. You can use the kubectl get events command to view events and identify potential issues.

Example Code:
View Kubernetes events

kubectl get events
Enter fullscreen mode Exit fullscreen mode

10. Advanced Topics

StatefulSets and Stateful Applications: Learn how to manage stateful applications, such as databases or message queues, in Kubernetes.
DaemonSets: Learn how to run a single instance of a Pod on each node in the cluster, such as a monitoring agent or log collector.
Taints and Tolerations: Learn how to schedule Pods to specific nodes based on their taints and tolerations.
Custom Resource Definitions (CRDs): Learn how to extend Kubernetes by defining custom resources and controllers.
Operators: Learn how to build and manage applications using Operators, which automate the management of complex stateful applications.

Conclusion

Kubernetes is a powerful and versatile container orchestration platform that provides a foundation for building and managing scalable and resilient applications. In this article, we have explored various aspects of Kubernetes, including its architecture, deployment, scaling, storage, networking, security, monitoring, troubleshooting, and advanced topics.

By understanding the concepts and best practices outlined in this guide, you can effectively leverage Kubernetes to build and manage containerized applications. As you continue to explore Kubernetes, remember to stay updated with the latest features, best practices, and community resources.

If you have any specific questions or need further assistance, feel free to reach out to the Kubernetes community or consult the official documentation and also post your comments in the comments section for any challenges.

Also, feel free to custumize and change the port numbers to suit your preferred port, you can use simple images like nginx and so on.

Happy containerizing and orchestrating!

References
Also check this please it has very good examples
https://andreipope.github.io/tutorials/create-a-cluster-with-multipass-and-k3s.html

Kubernetes Documentation: https://kubernetes.io/docs/home/
Kubernetes Tutorials: https://kubernetes.io/docs/tutorials/
Kubernetes Community: https://kubernetes.io/community/
Prometheus: https://prometheus.io/
Grafana: https://grafana.com/
Elasticsearch: https://www.elastic.co/elasticsearch/
Kibana: https://www.elastic.co/kibana
Helm: https://helm.sh/
Prometheus Helm Chart: https://github.com/prometheus-community/helm-charts/tree/main/prometheus
Grafana Helm Chart: https://github.com/grafana/helm-charts/tree/main/grafana
Elasticsearch Helm Chart: https://github.com/elastic/helm-charts/tree/main/elasticsearch
Kibana Helm Chart: https://github.com/elastic/helm-charts/tree/main/kibana
RBAC: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Network Policies: https://kubernetes.io/docs/concepts/services-networking/network-policies/
StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
DaemonSets: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
Taints and Tolerations: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
Custom Resource Definitions (CRDs): https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/
Operators: https://kubernetes.io/docs/concepts/extend-kubernetes/operator/

💖 💪 🙅 🚩
bansikah
Tandap Noel Bansikah

Posted on May 19, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Kubernetes for Beginners
beginners Kubernetes for Beginners

May 19, 2024