Code-Memo

Orchestration (Kubernetes)

Introduction to Kubernetes

a. Overview:

• Kubernetes: Often abbreviated as K8s, Kubernetes is an open-source system originally developed by Google and now maintained by the Cloud Native Computing Foundation (CNCF). It orchestrates containerized applications across clusters of machines, offering features like automated deployment, scaling, and management.

b. Key Components:

• Master Node: The control plane responsible for managing the Kubernetes cluster. It includes components such as the API server, controller manager, scheduler, and etcd (a distributed key-value store).
• Worker Nodes: Nodes that run the application containers. Each worker node contains components such as the kubelet (agent managing containers), kube-proxy (network proxy), and container runtime (e.g., Docker, containerd).

Kubernetes Architecture

a. Control Plane:

• API Server: Serves as the entry point for all API requests and manages communication between components. It validates and processes RESTful requests, including deployment and management of resources.
• Scheduler: Assigns newly created pods to available nodes based on resource availability and other constraints.
• Controller Manager: Ensures that the desired state of the cluster matches the actual state. Controllers include replication controllers, deployment controllers, and others.
• etcd: A distributed key-value store used to store all cluster data, including configuration and state.

b. Nodes:

• Kubelet: An agent running on each worker node that ensures containers are running as expected. It communicates with the master node to report status and receive instructions.
• Kube-Proxy: Handles network routing and load balancing for services, maintaining network rules on nodes.
• Container Runtime: Manages the lifecycle of containers on the node (e.g., Docker, containerd).

Main Kubernetes Concepts

a. Pods:

• Definition: The smallest and simplest Kubernetes object, representing a single instance of a running process in the cluster. Pods can host one or more containers that share storage and network resources.
• Lifecycle: Pods are transient and can be created, deleted, or replicated based on workload requirements.

b. Services:

• Definition: Abstracts and exposes a set of pods as a network service. It provides a stable IP address and DNS name for accessing pods.
• Types: ClusterIP (default, internal access), NodePort (external access on a static port), LoadBalancer (external access through a cloud provider’s load balancer), and ExternalName (maps service to an external DNS name).

c. Deployments:

• Definition: Manages the deployment and scaling of applications. It maintains a specified number of pod replicas and updates them in a controlled manner.
• Features: Supports rolling updates and rollbacks, ensuring that application updates are deployed smoothly without downtime.

d. ReplicaSets:

• Definition: Ensures a specified number of pod replicas are running at any given time. ReplicaSets are primarily used by Deployments to maintain the desired number of replicas.

e. StatefulSets:

• Definition: Manages stateful applications that require unique network identifiers, stable storage, and ordered deployment. It ensures that each pod has a persistent identity and storage.

f. ConfigMaps and Secrets:

• ConfigMaps: Store configuration data in key-value pairs. They are used to decouple configuration from application code.
• Secrets: Store sensitive information such as passwords, OAuth tokens, and SSH keys. They provide a secure way to handle confidential data.

g. Namespaces:

• Definition: Provide a way to divide cluster resources between multiple users or teams. Namespaces help in organizing and managing resources more effectively.

Kubernetes Deployment Strategies

a. Rolling Updates:

• Definition: Updates applications gradually by replacing old pods with new ones without downtime. Kubernetes ensures that the desired number of pods are always running during the update.

b. Blue-Green Deployments:

• Definition: Deploys new versions of an application alongside the old version (blue) and switches traffic to the new version (green) once it is verified. This minimizes downtime and allows for quick rollback if needed.

c. Canary Releases:

• Definition: Deploys new versions to a small subset of users or environments before rolling out the changes to the entire system. This allows for testing and validation of the new version with minimal risk.

Kubernetes Networking

a. Networking Model:

• Cluster Networking: All pods in the cluster can communicate with each other. Kubernetes uses a flat networking model, where each pod gets its own IP address and can communicate with any other pod without network address translation (NAT).

b. Network Policies:

• Definition: Define rules for controlling traffic between pods. Network policies help in securing communications within the cluster by specifying allowed and denied traffic.

c. Ingress Controllers:

• Definition: Manage external access to services in a Kubernetes cluster. Ingress controllers provide load balancing, SSL termination, and routing based on URL paths or hostnames.

Storage in Kubernetes

a. Volumes:

• Definition: Abstract storage resources that can be mounted into pods. Kubernetes supports various volume types, including ephemeral volumes, persistent volumes, and cloud provider volumes.

b. Persistent Volumes (PVs) and Persistent Volume Claims (PVCs):

• PVs: Represent a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using storage classes.
• PVCs: Requests storage resources by a user. PVCs are bound to PVs to provide persistent storage for pods.

c. Storage Classes:

• Definition: Define different types of storage with varying performance and access characteristics. Storage classes help in dynamically provisioning storage based on user requirements.

Monitoring and Logging

a. Monitoring:

• Tools: Kubernetes integrates with various monitoring tools such as Prometheus, Grafana, and the Kubernetes Dashboard to collect and visualize metrics related to cluster and application performance.

b. Logging:

• Tools: Kubernetes supports logging solutions like Fluentd, Elasticsearch, and Kibana (ELK stack) for aggregating and analyzing logs from containers and nodes.

Kubernetes Security

a. Role-Based Access Control (RBAC):

• Definition: Manages access to Kubernetes resources based on roles and permissions. RBAC helps enforce least privilege access policies.

b. Network Security:

• Network Policies: Define rules to control network traffic between pods. Network policies help secure communications and isolate applications.

c. Pod Security Policies:

• Definition: Define security-related configurations for pods, such as privilege escalation, volume types, and allowed container capabilities.

Kubernetes Ecosystem

a. Helm:

• Definition: A package manager for Kubernetes that simplifies deploying and managing applications using Helm charts, which are pre-configured templates.

b. Istio:

• Definition: A service mesh that provides advanced networking features such as traffic management, security, and observability for microservices.

c. Kustomize:

• Definition: A tool for customizing Kubernetes resource configurations without modifying the original manifests. It supports managing configuration overlays and patches.

d. Kubeflow:

• Definition: A machine learning toolkit for Kubernetes that provides components and workflows for developing and deploying machine learning models.