[K8s] Basic concept notes

Main components

• Each Node (machine) includes a kubelet and many Pods
• Kubelets communicate with the Control Plane (actually a special node) and the corresponding Pods inside the Node
• Control Plane can be split into multiple machines
• Each Pod serves as an application and has many containers which are tightly coupled
• Containers inside the same Pod share the same networking resource

• kube-apiserver: Exposes the Kubernetes API
• etcd: Key value store
• kube-scheduler: Schedule Nodes to run Pods
• kube-controller-manager: Many components deal with monitoring, task running, and account access control

History of container runtime

• From the oldest method (top) to newest approach (bottom)
• CRI is an interface designed for kubelet to manipulate containers
• Any CRI-compliant container runtime can do the job: Docker Engine, containerd, CRI-O, …
• OCI runtime: runC, runhcs, …

K8s entity concepts

• A Deployment checks on the health of your Pod and restarts the Pod’s container if it terminates. Deployments are the recommended way to manage the creation and scaling of Pods
• Deployment configuration file works very similar to docker-compose.yml
• Deployment controller automatically search for a suitable node where an instance of the application could be run
• If the Node hosting an instance goes down or is deleted, the Deployment controller replaces the instance with an instance on another Node in the cluster
• A Service is an exposed Deployment, which encapsulates a set of Pods called ReplicaSet
• Secrets and ConfigMap are extra resources we can mount into containers
• Volumes types:
  • emptyDir: Storage lives with a Pod
  • hostPath: Storage lives with a Node
  • NFS and other cloud provider type
• Storage
  • Storage Classes: Templates to create volumes
  • Persistent Volume Claims: Create (or use existing) PV by specifying SC, size, read/write type etc. We can then attach a PVC into a Pod config
  • Persistent Volumes: Either created manually (static) or automatically (dynamic) when no any PV match the claim
• Resource
  • Request: minimum requirement
  • Quota: maximum limit

Common tools

• cri-o: A container runtime
• kubelet: Starts pods and containers
• kubectl: The command line util to talk to your cluster.

• kubeadm: The command to bootstrap the cluster (control planes etc.)
• minikube: A tool to quickly setup a single-node cluster inside a VM
• Kops: Setup AWS clusters easily

Networking

• Each Node has its own node IP (as normal machines) which is mainly accessed by the control plane node
• Each Pod has its own IP, where the Node will forward the request to
• Pods inside each Node, or across Nodes, can see each other using Pod IPs, but not recommended to do so. Exposing the endpoint as a service is preferred
• Containers inside the same Pod can refer to each other using localhost:port, this is like running up docker-compose inside a “pod machine”, but the container network is configured as host
• Services have Cluster IPs and domain name, for intra-cluster access
• Port definitions:
  • port: For intra-cluster access
  • nodePort: Exposed port on the Node
  • targetPort: Container port
• Ingress along with ingress controller act like an Nginx load balancer. The DNS record should point to this load balancer IP to serve services across multiple Nodes