Understanding Kubernetes

September 11, 2022

I've been learning about Kubernetes, also known as K8s, an open-source system for automating the deployment, scaling, and management of containerized applications. Below is a summary of important concepts to understand:

Control Plane — This component makes global decisions about the cluster and consists of the following elements:

  1. ETCD: A strongly consistent, distributed key-value store that provides a reliable way to store data accessible by a distributed system or a cluster of machines.
  2. API Server: Facilitates user interaction via REST, UI, or CLI (kubectl).
  3. Scheduler: Handles resource management, assigning pods to worker nodes while complying with resource restrictions and constraints.

Data Plane — Manages resources, networking, and storage so that container workloads can run.

Namespace — Provides a logical separation of Kubernetes objects for scoping access and dividing the cluster. Every resource scope is either namespaced or cluster-wide.

Node — This can be either a virtual or a physical machine. Multiple machines or VMs constitute the backbone compute resources of a cluster. Nodes are managed by the Control Plane and host Pod objects. Their networks are configured by Service objects. Default components include:

  1. Kubelet: A Control Plane agent.
  2. Container Runtime: Responsible for scheduling Pod containers.
  3. Kube Proxy: Acts as a networking proxy within the cluster.

Pod — The most basic deployable objects in Kubernetes, resembling services or microservices. They run one or more containers with shared storage and network resources. Types of containers in a Pod include:

  1. init-container: Runs before the main container, usually to perform setup tasks.
  2. main container: Hosts the application process running in the container.
  3. sidecar: Runs alongside the main container and is loosely coupled to it.

Pods are rarely created directly; they are usually created via controller resources like Deployments, DaemonSets, Jobs, or StatefulSets.

ReplicaSet — Maintains a stable set of replica Pods running at any given time. It is generally not deployed on its own but managed by a Deployment object.

ConfigMap — Used for storing non-confidential key-value configurations. These can be used by Pods as file mounts or environment variables accessible by containers within a Pod.

Role-based Access Control (RBAC) Resources

  1. ServiceAccount: Provides an identity for all the processes running in a Pod.
  2. ClusterRole/Role: Contains rules that represent a set of permissions. These have to be associated with a ServiceAccount via a ClusterRoleBinding/RoleBinding to take effect.
  3. ClusterRoleBinding/RoleBinding: Grants the permissions defined in a ClusterRole/Role to a given ServiceAccount.

Deployment — Acts as a controller for Pods and any objects associated with them, such as ReplicaSets and ConfigMaps. It continuously reconciles the state as declared in the manifest and manages rollouts to ReplicaSets. It can be configured to execute Canary deployments, which come with garbage collection features.

HorizontalPodAutoscaler — Automatically scales workload resources like Deployments or StatefulSets based on metrics like memory and CPU usage. It can also use custom or external metrics for scaling, such as those from Prometheus.

StorageClass — Describes an abstract class of storage with properties like storage type, provider, and reclamation policies. It is used by PersistentVolume.

PersistentVolumeClaim — A user request for storage for a specific resource and privilege level.

PersistentVolume — Represents a piece of storage that can be attached to Pods and has a lifecycle independent of Pods.

Service — Serves as an abstraction for the network exposure of an application running on a set of Pods. It provides load balancing and makes Pods accessible from other Pods within the cluster.

StatefulSet — A controller for managing stateful applications. It maintains a sticky identity for each of its Pods, unlike Deployment resources, and associates each Pod with a unique instance of persistent storage. Deleting or scaling down a StatefulSet does not delete associated volumes.

Job — Suitable for applications that run tasks ending in successful completion. It deploys one or more Pods and retries until a specified number of Pods have terminated, signaling the task's conclusion.

CronJob — Similar to a Kubernetes Job but operates on a set schedule.

Ingress — Guides the cluster’s external traffic to Pods via Services. It requires an Ingress Controller (such as ingress-nginx) to fulfill the Ingress rules and can include features like external load balancing, SSL termination, and name-based virtual hosting within the cluster.

CustomResourceDefinition — Extends Kubernetes resource types by defining custom resource properties and schema.

CustomResource — An instance of a defined custom resource. CustomResources can be subscribed to by a custom controller or an operator and must have an associated CustomResourceDefinition.

These are my notes on learning about Kubernetes. If you are preparing for the CKAD, CKA, or CKS exams, feel free to reach out with any questions. Happy learning!

Profile picture

Software development professional with expertise in application architecture, cloud solutions deployment, and financial products development. Possess a Master's degree in Computer Science and an MBA in Finance. Highly skilled in AWS (Certified Solutions Architect, Developer and SysOps Administrator), GCP (Professional Cloud Architect), Microsoft Azure, Kubernetes(CKA, CKAD, CKS, KCNA), and Scrum(PSM, PSPO) methodologies. Happy to connect