Understanding Kubernetes

September 10, 2022

I was learning about Kubernetes, also known as K8s, which is an open-source system for automating the deployment, scaling, and management of containerized applications. Below is a summary of important concepts to understand:

Control Plane — It makes global decisions about the cluster and consists of the below components:

  1. ETCD: strongly consistent, distributed key-value store that provides a reliable way to store data that needs to be accessed by a distributed system or cluster of machines.
  2. API Server: User interaction via rest, UI or CLI (kubectl)
  3. Scheduler: Handling resource management for pod assignment to worker nodes while complying with resource restrictions and constraints.

Data Plane — Management of resources, networking and storage so container workloads can run.

Namespace — Logical separation of Kubernetes objects for scoping access and dividing cluster. Every resource scope is either namespaced or cluster-wide.

Node — It can be a virtual or physical machine. Multiple machines/VMs shape the backbone compute resources of a cluster. It is managed by Control Plane. It hosts Pod objects Network configured by Service objects. Default Components are:

  1. Kubelet: Control Plane agent
  2. Container Runtime: Scheduling Pod containers
  3. Kube Proxy: Networking proxy for within cluster

Pod — Most basic deployable objects in Kubernetes. It resembles a service/microservice. Running one or more containers with shared storage and network resources. Container types in a pod:

  1. init-container: Runs before main container usually does setup for main container
  2. main container: Application process running in the container
  3. sidecar: Runs side-by-side to main container loosely coupled

Rarely created directly (usually via controller resources like deployment, daemonset, job or statefulset)

ReplicaSet — Maintain a stable set of replica Pods running at any given time. It is usually not deployed on its own. Deployment object manages it. It is recommended to be used as part of a Deployment object.

ConfigMap — Used for storing non-confidential key-value configuration. It can be used by pods as file mounted or environment variables accessible by container in a pod.

Role-based Access Control (RBAC) Resources

  1. ServiceAccount: Provides an identity for all the processes that are running in a Pod.
  2. ClusterRole/Role: Contains rules that represent a set of permissions Has to be associated with a 3. ServiceAccount via a ClusterRoleBinding/RoleBinding to take effect. Namespaced and cluster-wide as per the name.
  3. ClusterRoleBinding/RoleBinding — grants the permissions defined in a ClusterRole/Role to the holder of a given ServiceAccount. Namespaced and cluster-wide as per name

Deployment — Controller for pod and anything associated with a pod such as ReplicaSet and ConfigMaps. It continuously reconciles the state declared as per manifest. Manages rollout to ReplicaSet. It can be configured to do a Canary deployment. The rollout comes with garbage collection.

HorizontalPodAutoscaler — Automatically scales workload resources such as a Deployment or StatefulSet. Scaling based on metrics (e.g. memory, CPU). It can use custom/external metrics for scaling (e.g. from Prometheus). HorizontalPodAutoscaler can be used for each service to address a level of scaling during high/low resource consumption by workloads.

StorageClass — It describes an abstract class of storage with properties such as storage type, what provides it, how to reclaim/recycle. Used by PersistentVolume.

PersistentVolumeClaim — Request for storage by a user for a specific resource and privilege

PersistentVolume — Piece of Storage attachable to Pods. Independent lifecycle to Pods. Storage resources could be on hosted Node or CSP-based storage based on StorageClass

Service — Abstraction of network exposure of an application running on a set of Pods. Load balancing traffic between Pods. Making pods available to be reached from other pods within the cluster

StatefulSet — Controller for managing stateful applications. It maintains a sticky identity for each of the Pods it manages, unlike Deployment resources. Associates unique instance of a Persistent Storage to each pod. Deleting or scaling down StatefulSet does NOT delete volumes associated

Job — For applications running a task with termination lifecycle as successful completion. Deploys one or more Pods. Retries until a specified number of Pods terminate concluding the task

CronJob — Similar to a Kubernetes Job but with a schedule to run on

Ingress — A routing guide for cluster’s external traffic to Pods via Services. Requires an Ingress Controller (such as ingress-nginx) to fulfil the Ingress. Can have external load balancing. Can do SSL termination. Name-based virtual hosting within the cluster (e.g. associate foo.bar.com for traffics to a Service)

CustomResourceDefinition — Extends the Kubernetes resource types by defining custom resource properties and schema

CustomResource — An instance of a defined custom resource. It can be subscribed to by a custom controller (or an operator). It must have a CustomResourceDefinition.

These are my notes when learning about Kubernetes. If you are preparing for CKAD, CKA or CKS exam, let me know if you got any questions. Happy learning.


Profile picture

Experience in software development, application architecture, and deploying cloud solutions for enterprise customers. Strong hands-on skills with a Master's degree in Computer Science and business acumen with a master of business administration (MBA) in Finance. Certified in Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Kubernetes (CKA, CKAD, CKS, KCNA) and Scrum (PSM, PSPO) with experience in building banking products from scratch. Connect on Linkedin

© 2022, @victorleungtw