Kubernetes: basic resources and concepts
Below are my notes while learning Kubernetes, but I thought those might be useful to other people that are just starting or just need a quick dictionary for K8s concepts and resources. Enjoy!
Master Server Components
Those master components make so called control plane.
- etcd — config store accessible to all cluster nodes
- kube-apiserver — config workloads and org unit; REST + kubectl client
- kube-controller-manager manages controllers, state saved to etcd
- kube-scheduler — assigns workloads to specific nodes
- cloud-controller-manager — bridge to specific cloud provider
Node Server Components
- Node is a server that preforms work.
- Container Runtime is typically Docker, but can be rkt or runc too.
- kubelet is a main contact point for each node with the cluster group. Work is received as manifest.
- kube-proxy lets manage sub-netting and makes services available to other components. Can do primitive load-balancing.
Kubernetes Objects and Workloads
Instead of managing containers directly, users define and interact with instances composed of various primitives provided by the Kubernetes object model.
A pod is the most basic unit. One or more tightly coupled containers are encapsulated into pod. Those share a lifecycle, should be on the same node. They share environment, volumes, IP space.
Each pod gets its own IP address, so it can interact with other pods in the cluster.
Horizontal scaling is discouraged, there are other options.
Users should not manage pods themselves. Rather work with higher level objects that use pods or pod templates as base component.
Replication Controllers and Replication Sets
You’ll manage groups of identical, replicated pods. There are created from pod templates.
Replication controller manages number of pods. If pod or underlying host fails, the controller will start new pod to compensate. Same if number of pods in config changes. Can do rolling updates.
Replication sets are beginning to replace replication controllers, but can’t do rolling updates.
Neither of both you should manage directly.
Deployments are a high level object and the most common workloads to create and manage. Use replication sets and add lifecycle management. Modification is a config change. K8s deals with the rest.
A Deployment chooses which Pods to include by use of the
selector field. In this example the selector mode is
matchLabels, which instructs the Deployment t look for Pods defined with the
app: web label.
- name: apache-container
Stateful sets are used in case of special requirements related to deployment ordering, persistent data, or stable networking. Meant for databases.
Provide a stable networking identifier by creating a unique, number-based name for each pod that will persist even if the pod needs to be moved to another node. Operations are performed according to the numbered ID.
Run a copy of a pod on each node in the cluster (or subnet). Used for pods doing maintenance or services for the nodes. Examples: collection and forwarding logs, aggregating metrics.
Jobs and Cron Jobs
Jobs are for task-based workflow, where it exists when done.
Cron jobs are jobs that are invoked by scheduler.
Other Kubernetes Components
Service acts as a basic internal load balancer and ambassador of pods. Groups logical collection of pods that perform the same function to present them as a single entity.
Service IP address remains stable, so it can be used by internal consumers. Any time you need to provide access to one or more pods to another app you should config a service. For example a set of web servers, or database pods.
It can be made available outside of the cluster using NodePort config, that opens a static port on each node’s external net interface. Alternatively LoadBalancer can be used.
Volumes and Persistent Volumes
Kubernetes Volumes differ from Docker volumes because they exists inside the Pod rather than inside the container.
Volumes allow data to be shared by all containers within a pod and remain available until the pod is terminated. So pods can easily share files. Container failures do not affect files.
Persistent volumes are not tied to pod life cycle. Allow admins to config storage that users can request and claim for the pods they are running. If the pod is kept after pod is done depends on volume reclamation policy. Persistent data can be used to guard against node-based failures and to allocate more storage than available locally.
Namespaces are virtual clusters. Every cluster has at least 3 namespaces: default, kube-system, kube-public.
Labels and Annotations
Label is a semantic tag assigned ot object. These can be selected for when targeting different instances for management or routing.
Annotations are more free-form, less structured data. Not used for selection.
Secrets hold sensitive information such as passwords, TLS certificates, OAuth tokens, and ssh keys.
ConfigMaps are mechanisms used to inject containers with configuration data while keeping containers agnostic of Kubernetes.