Kubernetes Basics

References:

What is Kubernetes?

Open source container orchestration tool.
Helps you manage your containerized applications, e.g. Docker containers.
Able to manage the containers in different environments, e.g. on physical servers, virtual machines, cloud or hybrid environments.

What does Kubernetes solve and offer?

Supports the trend of microservices.
High availability or no downtime
Improves scalability and performance, scaling pods up or down based on load, giving you flexibility.
Reduces complexity of managing lots of containerized applications.
Ease of container to container communication.
Disaster recovery scenarios, back up and restore if infrastructure has issues.

Kubernetes Architecture

Consists of a master node (VM or physical machine) e.g. control plane with connected Worker Nodes.
Each worker node has a kublet process running acting as a primary node agent for that node.
Kublet process enables communication on the cluster between nodes etc, and execute tasks like running application processes.
Each worker node can have multiple containers of different applications running on it.
Deployed container applications can be distributed across the worker nodes depending on the load.
Running at least two master nodes in production running inside of Kubernetes cluster. The second master nodes acts as a backup, allowing the cluster to continue functioning if the primary falls over.

What is running on the Master Node?

Runs multiple necessary K8s processes to help give accessibility to the cluster, track whats happening in the cluster, schedule pod placement and store the current state of the kubernetes cluster.

What are these processes?

API Server acting as an entrypoint to the K8s cluster. The process that different kubernetes clients will talk to:

UI e.g. Kubernetes dashboard.
API for scripts or automating technologies like Ansible.
CLI command line tool.

Controller Manager giving an overview of whats happening on the cluster by tracking the processes, e.g. if a container dies and needs to be restarted.

Scheduler decides on which Node a new Pod should be scheduled, based on work load and available resources on each node.

etcd key value storage, holding the current state of the whole kubernetes cluster at any given time. Storing all the configuration and status data of each node, and each container inside of that node. Backup and restore is made from the etcd snapshots, enabling you to recover the whole cluster state.

Virtual Network enabling communication between all of the (master/worker) nodes, creating one unified machine.

Kubernetes Components

Pod a running environment/layer on top of the container.

Smallest unit in Kubernetes.
Abstraction over container.
Each pod gets its own IP Address (internal to Virtual Network), allowing pods to communicate together.
Pods are ephemeral, e.g. can die easily from app crashes of resource overuse, pods get re-created and assigned new ip address.

Service a permanent/static IP address attached to each Pod.

Lifecylce of Pod and Service are independent.
So when a Pod dies, the Service IP address will remain and you use the IP address of the Service to communicate with the containerized application instead of the Pod which has a dynamic IP address.
Provides port mapping between external and internal services.
Acts as load balancer

Ingress sits on top of the Service, communication to the application hits the Ingress before reaching the Service. Ingress forwards the requests to the Service and provides domain name resolution.

Route traffic into the cluster

ConfigMap an external configuration of your application, with configuration data:

API object used to store non-confidential data in key-value pairs.
URLs of database of other services it uses, can be environment variables.
Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

Secret similar to ConfigMap but used to score confidential data that can be used for configuration e.g. database credentials, certificates. Stored as base64 encoded.

Should be used with third party encryption tools e.g. Azure Key Vault, AWS Parameter Store.
Store a reference to your secrets in Secret e.g. link to secret in key vault, used by application to query and retrieve secret.
Reference Secret in Deployment/Pod using Environment variables or properties file.

Volume attaches physical storage to Pod, enabling you to persist data e.g. db storage to your Pod.

Storage can be local or remote outside of the K8s cluster.
Persists your data to pods even when the pods are recreated.
Kubernetes does not manage data persistence, you will need to manage data backups yourself.

Deployment a blueprint for your applications Pods, specifying the replicas of your pods enabling you to define how the pods scale up or down.

Abstraction of Pods.
YAML template
As a user you work directly with Deployment of your pods instead of the pods themselves.
If a replica of one of your application pods dies, the Service will forward incoming requests to the next

Replica, continuing accessibility of the application to the user.

Databases cannot be replicated via Deployment because of it's state, e.g. data.

StatefulSet used by Database application to provide consistent data, avoiding data inconsistencies.

DB applications like MySQL, mongoDB etc have to be created using StatefulSet instead of Deployment.
Provides pod replication and scaling features just like Deployment.
Assures DB reads/writes are synchronised.
Common practice to host DB outside of Kubernetes cluster and have the DB applications replicate/scale via Deployment inside of the Kubernetes cluster and connect/communicate to DB hosted on a remote location. This is due to the complexity of managing/configuring StatefulSet.

DaemonSet ensures that all Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created. DaemonSet usage examples:

Running a cluster storage, logs collection, node monitoring daemon on every node.