Kubernetes is an open source container orchestration tool to deploy, scale, and manage containerized applications anywhere.
Why Kuberentes?
- Scalability: Easily scale applications horizontally.
- Portability: Run applications consistently across various environments.
- Availability: Ensure high availability with self-healing mechanisms.
- Resource Efficiency: Optimize resource utilization with containerization.
Kubernetes Architecture
A Kubernetes cluster consists of two types of machines (Nodes). Each machine has its own components running on them.
- Control Node/Control Plane
- Managed Node/Data Plane
1) Components of a Control Plane
- kube-apiserver
- etcd
- kube-scheduler
- kube-controller-manager
2) Components of a Data Plane
- kubelet
- kube-proxy
- Container runtime
Workloads in Kubernetes
- Pods: A Kubernetes pod is a collection of one or more containers and is the smallest unit of a Kubernetes application.
- ReplicationController: A ReplicationController ensures that a specified number of pod replicas are running at any one time. In other words, a ReplicationController makes sure that a pod or a homogeneous set of pods is always up and available.
- Replica Set: The purpose of Replica Set is to maintain a stable set of replica Pods running at any given time. As such, it is often used to guarantee the availability of a specified number of identical Pods.
- Deployment: A Kubernetes Deployment is a declarative configuration object used to manage the deployment and scaling of containerized applications. It abstracts the underlying infrastructure and simplifies the process of deploying, updating, and maintaining applications in a Kubernetes cluster.
- StatefulSets: StatefulSet is a higher-level abstraction built on top of ReplicaSets that is designed to manage stateful applications. While ReplicaSets are well-suited for stateless applications, StatefulSets are tailored for applications that require unique network identities and stable storage.
- DaemonSet: DaemonSet is a resource object that ensures a copy of a pod runs on each node within a cluster. Unlike other controllers like Deployments or ReplicaSets, DaemonSets are designed for running system-level daemons or agents on every node.
Networking in Kubernetes
- Services: A Service is a method for exposing a network application that is running as one or more Pods in your cluster.
- ClusterIP: ClusterIP is a type of Service that provides a stable, internal IP address to allow communication between different components within a cluster.
- NodePort: NodePort Service exposes an application running inside a cluster to the external network. It allocates a specific port on each node in the cluster, allowing external access to the service through any node’s IP address and the allocated port.
- LoadBalancer: LoadBalancer automatically provisions an external load balancer if using Managed Cluster provided by Cloud Providers to expose applications to the internet or external network.
- Ingress: Ingress is an API object that manages external access to services within a cluster. It acts as an entry point, enabling the routing of external traffic to different services based on rules defined by the user.
- Egress: Egress refers to controlling the outbound network traffic from pods to external destinations. It involves defining policies and rules to manage which external destinations pods are allowed to communicate with.
Storage management in Kubernetes
Kubernetes provides various mechanisms and abstractions for handling storage requirements of applications running in containers. For storing data in secure way Kubernetes uses volumes. Volumes in Kubernetes provide a way for containers to persist and share data beyond the lifecycle of individual containers.
Kubernetes supports various volume
- Persistent Volumes (PV)
- Persistent Volume Claims (PVC)
- EmptyDir
- HostPath
Features Of Kubernetes
- Auto Scaling: Kubernetes provides the feature of Autoscaling to scale number of pods based on resource usage. It can be achieved using Horizontal Pod Autoscaling (HPA).
- Load Balancing: Load balancing is the process of distributing incoming network traffic across multiple pods to ensure optimal utilization and prevent overload.
- Self-healing Capabilities: The ability of a system to detect, diagnose, and recover from failures automatically without manual intervention.
- Rolling Updates and Rollbacks in Kubernetes: Kubernetes uses deployment strategy where new versions of an application are gradually rolled out, while old versions are gradually retired. It Ensures minimal downtime and user impact during updates.
Cluster Monitoring & logging
- Monitoring: Monitoring involves tracking and analyzing the performance and health of the cluster, applications, and infrastructure components.
Tools for monitor cluster’s applications –
i. Prometheus
ii. Grafana
- Logging: Logging in Kubernetes involves the collection, storage, and analysis of logs generated by applications and infrastructure components within a Kubernetes cluster. Effective logging is essential for troubleshooting, debugging, and gaining insights into the behavior of applications.
Security in Kubernetes
Securing containerized applications and the Kubernetes infrastructure involves various ways.
- Role-Based Access Control (RBAC): Authorization is the process of determining whether a user or system is allowed to perform a specific action within the cluster. This is typically managed through Role-Based Access Control (RBAC). RBAC allows you to define roles.
- Role binding: Role Binding is a mechanism that associates a set of permissions, defined by a Role or ClusterRole, with a user, group, or service account within a specific namespace. It establishes the link between RBAC roles and the entities granted those roles.