A quick look at the building blocks in simple terms for quick understanding.
Review previous parts of this series for better understanding:
This is third part of the Kubernetes series. In this part I will try to add more insights into the essential parts of Kubernetes. I will add more details on the topics in later in the series or there will separate posts as the topics needs.
Container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. The container runtime is responsible for starting and managing containers.
Kubernetes is a powerful container orchestration system that can manage the deployment and operation of containerized applications across clusters of servers. In addition to coordinating container workloads, Kubernetes provides the infrastructure and tools necessary to maintain reliable network connectivity between your applications and services.
Node is physical or virtual machine. Every cluster must have at least one
Master Node which controls cluster, and one or many
Worker Node that hosts
Cluster is a group of interconnected
Node. Cluster's state is defined
Kubernetes Objects. Cluster's desired state includes what applications or other workloads to run, what container images they use, the number of replicas, what network and disk resources to make available.
Namespace is way to divide cluster resources between users by creating multiple virtual
Clusters in same physical
Cluster. They are used in environments with many users spread across multiple teams, or projects. Namespaces can not be nested inside one another and each Kubernetes resource can only be in one Namespace. Objects in the same Namespace will have the same access control policies by default.
Labels are used to distinguish resources within the same Namespace.
Namespace resources are not themselves in a
Namespace, and low-level resources, such as
PersistentVolumes, are not in any Namespace.
Pod represents a group of one or more
Containers running together and operating closely as a single, monolithic application in a
Node in the
Cluster. Pods are managed entirely as a unit and share resources like environment, volumes and IP space. Pods consist of a main container which serves workload and optionally some helper containers that facilitate closely related tasks. For example, a Pod may have one container running the primary application server and a helper container pulling down files to the shared filesystem when changes are detected in an external repository. Pods are managed by higher level objects by providing template definitions.
Pods together that perform the same function as a single entity. It keeps track of containers in the pods and routes to the containers for internal and external access. A service’s IP address remains stable regardless of changes to the pods it routes to which makes it easy to gain discoverability and can simplify containers designs. By default, services are only available using an internally routable IP address, they can be made available outside of the cluster by choosing one of several strategies.
Kubernetes API is a resource-based (RESTful) programmatic interface provided via HTTP. It supports retrieving, creating, updating, and deleting primary resources via the standard HTTP verbs (POST, PUT, PATCH, DELETE, GET), includes additional subresources for many objects that allow fine grained authorization (such as binding a pod to a node), and can accept and serve those resources in different representations for convenience or efficiency. It also supports efficient change notifications on resources via "watches" and consistent lists to allow other components to effectively cache and synchronize the state of resources. It the communication medium for the end users, different parts of your cluster, and external components with one another. Most Kubernetes API resource types are
Kubernetes Objects, but a smaller number of API resource types are represented by operations.
Controller is a non-terminating loop that regulates the state of a system. It watches the state of the cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state. There are different types of controllers for specific purposes.
Volumeis simply an abstraction of data in the form of file and directory within a Pod. It exists as long as its Pod exists.
Secrets are used to share sensitive information, like SSH keys and passwords, with other
Kubernetes Objects within the same namespace.
Security And Policies
Security in Kubernetes is a big challenge as it is a composed many smaller standalone components. It provides many security mechanisms.
Namespaces can be used for authentication, authorization and access control.
Resource Quotas can be provided to avoid resource cannibalization. And
Network Policies can be setup for proper segmentation and traffic control.
All the components of Kubernetes are interconnected. For the entire system to function efficiently, reliability and securely, networking plays critical role. The basic requirements of a Kubernetes network are:
- all containers can communicate with all other containers without NAT
- all nodes can communicate with all containers (and vice-versa) without NAT
- the IP that a container sees itself as is the same IP that others see it as
Network Address Translation(NAT) is a method of remapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device
Kubernetes includes some internal monitoring tools by default. These resources belong to its resource metrics pipeline, which ensures that the cluster runs as expected. The cAdvisor component collects network usage, memory, and CPU statistics from individual containers and nodes and passes that information to kubelet; kubelet in turn exposes that information via a REST API. The Metrics Server gets this information from the API and then passes it to the kube-aggregator for formatting.
Kubernetes is a large system with many parts functioning as a unit. It has resolved many issues in managing containerized distributed application but before using it in production, it is recommended to understand it very well.
I will share about Kubernetes Service next.