[태그:] summary

Kubernetes overview

What is Kubernetes?

Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.

Popular container orchestration system

Why Kubernetes?

  • Automatic binpacking (Managing container)
  • Horizontal scaling
  • Automated rollouts and rollbacks
  • Self-healing
  • Service discovery and load balancing
  • Secret and configuration management

Ref: Kubernetes & helm 활용

kubernetes component

  • Master Components
  • Node Components
  • Addons

Master Components

Master components provide the cluster’s control plane

kube-apiserver

Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane.

etcd

Consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data.

kube-scheduler

Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on.

kube-controller-manager

Component on the master that runs controllers.

  • Node Controller: Responsible for noticing and responding when nodes go down.
  • Replication Controller: Responsible for maintaining the correct number of pods for every replication controller object in the system.
  • Endpoints Controller: Populates the Endpoints object (that is, joins Services & Pods).
  • Service Account & Token Controllers: Create default accounts and API access tokens for new namespaces.

cloud-controller-manager

cloud-controller-manager runs controllers that interact with the underlying cloud providers. (etc. AWS, GCP, AZURE …)

Kube api server image

Node component

kubelet

kubernetes agent on each node

check pod state(running and healthy)

kubelet is not container. -> binary file

kube-proxy

Maintaining network rules on the host and performing connection forwarding.

Container Runtime

Docker, rkt, runc, any OCI runtime-spec implementation.

Addon

Dns

Containers started by Kubernetes automatically include this DNS server in their DNS searches.

Web UI (Dashboard)

Kubernetes Architecture

kubrnetes architecture – 1
kubernetes architecture – 2

Kubernetes API

The Kubernetes API also serves as the foundation for the declarative configuration schema for the system.
The kubectl command-line tool can be used to create, update, delete, and get API objects.

OpenAPI and Swagger definitions

/openapi/v2

To make it easier to eliminate fields or restructure resource representations, Kubernetes supports multiple API versions, each at a different API path, such as /api/v1 or /apis/extensions/v1beta1.

API groups

  1. The core group, often referred to as the legacy group, is at the REST path /api/v1 and uses apiVersion: v1.
  2. The named groups are at REST path /apis/$GROUP_NAME/$VERSION, and use apiVersion: $GROUP_NAME/$VERSION (e.g. apiVersion: batch/v1)
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: dreg.be/tkwon/nginx-test:latest
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerPort: 80

API versioning

The Kubernetes API – Kubernetes

Just Only need remember this one.

Use api beta and stable

Kubernetes Object Management

The kubectl command-line tool

kubectl run nginx --image nginx

or

kubectl create deployment nginx --image nginx

or more important object

kubectl apply -f nginx.yaml

Pod

  • A Pod is the basic building block of Kubernetes
  • the smallest and simplest unit
  • Represents a unit of deployment
  • Pods that run a single container.
  • Pods that run multiple containers that need to work together.

Example for multiple containers in the Pod

The specific instances in which your containers are tightly coupled.

Multi Pod structure

Pod detail

Pods provide two kinds of shared resources for their constituent containers: networking and storage.

Containers inside a Pod can communicate with one another using localhost

Pods and Controllers

A Controller can create and manage multiple Pods

  • Deployment
  • StatefulSet
  • DaemonSet

Controllers

Deployment

To provides Declarative updates for Pods and ReplicaSets

deployment, replica set and pod

deployment yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80

Statefulset

The workload API object used to manage stateful applications

To provides guarantees about the ordering and uniqueness of these Pods.

Using Statefulset

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

Limitations

Deleting and/or scaling a StatefulSet down will not delete the volumes associated with the StatefulSet.

Pod Identity

StatefulSet Pods have a unique identity
The identity sticks to the Pod, regardless of which node it’s (re)scheduled on.

$(statefulset name)-$(ordinal). The example above will create three Pods named web-0,web-1,web-2

DaemonSet

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod.

ex> Node exporter for prometheus

Services and Network

Service

Expose Pods and can make commnunication between Pods.

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9376

my-service.my-namespace.svc.cluster.local

  • ClusterIP
  • NodePort
  • LoadBalancer
  • Match ELB on AWS
  • ExternalName

Ingress

Similar wih Service, but
Service is kind of L4 network
Ingress is kind of L7 network.

Service map to AWS ELB,
Ingress map to AWS ALB

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80

Storage

  • Volumes
  • Persistent Volumes
  • PersistentVolumeClaim
  • Storage Classes

Configuration

  • Secrets
  • ConfigMap

Kubernetes Pod Network

Pod network

I think network is so importance to understand kubernetes.
You should check below references to understand it.

Network references:
understanding-kubernetes-networking-pods
Container Networking From Scratch
About Linux network namespace