Kubernetes - An Overview at High-Level

vinothmohan

Vinoth Mohan

Posted on March 7, 2022

Kubernetes - An Overview at High-Level

What Is Kubernetes?

Kubernetes is popularly known as K8s is a production-grade open-source container orchestration tool developed by Google to help you manage the containerized/dockerized applications supporting multiple deployment environments like On-premise, cloud, or virtual machines.

Why is it popular and powerful ?

Kubernetes can speed up the development process by making easy, automated deployments, updates (rolling-update) and by managing our apps and services with almost zero downtime. It also provides self-healing. Kubernetes can detect and restart services when a process crashes inside the container.Its is highly performant,scalable and provides reliable infrastructure to support data recovery with ease.

Architecture Of Kubernetes

Kubernetes Architecture

The most basic architecture of k8s has two major Nodes.

  • Control plane
  • Worker Nodes

Control plane

The master node is also known as a control plane that is responsible to manage worker nodes efficiently. User enters commands and configuration files from control plane. It controls all cluster.

Master Node Processes:

  • kube-apiserver : It exposes the Kubernetes API. The API server is the front end for the Kubernetes control plane.

  • kube-controller-manager : Control plane component that runs controller processes.
    Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. Some types of these controllers are:

    • Node controller: Responsible for noticing and responding when nodes go down.
    • Job controller: Watches for Job objects that represent one-off tasks, then creates Pods to run those tasks to completion.
    • Endpoints controller: Populates the Endpoints object (that is, joins Services & Pods).
    • Service Account & Token controllers: Create default accounts and API access tokens for new namespaces.
  • kube-scheduler: Control plane component that watches for newly created Pods with no assigned node, and selects a node for them to run on.

    Factors taken into account for scheduling decisions include:

    • individual and collective resource requirements,
    • hardware/software/policy constraints,
    • affinity and anti-affinity specifications,
    • data locality,
    • inter-workload interference,
    • deadlines.
  • etcd: Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data (meta data, objects, etc.).
  • Cloud Controller Manager : It embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster. The cloud-controller-manager only runs controllers that are specific to your cloud provider. The following controllers can have cloud provider dependencies:
    • Node controller: For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding
    • Route controller: For setting up routes in the underlying cloud infrastructure
    • Service controller: For creating, updating and deleting cloud provider load balancers.

Worker Node

Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment.

  • Kubelet: An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod. The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy.

  • Kube-proxy: It is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.

    • It maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
    • It uses the operating system packet filtering layer if there is one and it's available. Otherwise, kube-proxy forwards the traffic itself.
  • Container Runtime: The container runtime is the software that is responsible for running containers.
    • Kubernetes supports several container runtimes: Docker, containerd, CRI-O, and any implementation of the Kubernetes CRI (Container Runtime Interface)"

Components of K8s:

Pods:

A pod is a smallest and simplest unit that you create or deploy in k8s, which is an abstraction of the container application.A single pod has usually one, or multiple containers, and their shared resources.

Deployments

Deployments are best used for stateless applications. Pods managed by deployment workload are treated as independent and disposable.

If a pod encounters disruption, Kubernetes removes it and then recreates it.

DaemonSets

Daemonsets ensures that every node in the cluster runs a copy of the pod.

For use cases where you're collecting logs or monitoring node performance, this daemon-like workload works best.

ReplicaSets

A ReplicaSet's purpose is to run a specified number of pods at any given time.

StatefulSets

Like a Deployment , a StatefulSet manages Pods, are best used when your application needs to maintain its identity and store data.

An application would be something like Zookeeper - an application that requires a database for storage.

Jobs

Jobs launch one or more pods and ensure that a specified number of them successfully terminate.

Jobs are best used to run a finite task to completion as opposed to managing an ongoing desired application state.

CronJobs

CronJobs are similar to jobs. CronJobs, however, runs to completion on a cron-based schedule.

Services

An abstract way to expose an application running on a set of Pods as a network service.
With Kubernetes you don't need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

Type of services

  • ClusterIP. Exposes a service which is only accessible from within the cluster.
  • NodePort. Exposes a service via a static port on each nodeโ€™s IP.
  • LoadBalancer. Exposes the service via the cloud providerโ€™s load balancer.
  • ExternalName. Maps a service to a predefined externalName field by returning a value for the CNAME record.

Service

Kubernetes Ingress

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Ingress Controller

In order for the Ingress resource to work, the cluster must have an ingress controller running.

Some third-party ingress controller:

  • Istio Ingress is an Istio based ingress controller.
  • The NGINX Ingress Controller for Kubernetes works with the NGINX webserver (as a proxy).
  • The Traefik Kubernetes Ingress provider is an ingress controller for the Traefik proxy.

Secrets

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

ConfigMap

A ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

A ConfigMap separates your configurations from your Pod and components, which helps keep your workloads portable. This makes their configurations easier to change and manage, and prevents hardcoding configuration data to Pod specifications.

Persistent Volumes

As we know data stored in container is ephermal. So we need persistant volume to preserve data across container restart.

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes.

Persistant Volume Claim

A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes

Advanced

Some advanced topics you can explore which helps you become better kubernetes adminstrator.

  • Liveness and Readiness Probe
  • Requests and Limits
  • Resource Quotas
  • Auto Scaling
  • RBAC Authorization

These are some basic topics which help you getting started in kubernetes. In order to get hands-on in kubernetes, You can easily set up Minikube or Amazon EKS cluster using eksctl.

Thats it!! See you ๐Ÿ˜

๐Ÿ’– ๐Ÿ’ช ๐Ÿ™… ๐Ÿšฉ
vinothmohan
Vinoth Mohan

Posted on March 7, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

ยฉ TheLazy.dev

About