Kubernetes 101: A Beginner's Guide to Installation, Configuration, and Architecture

Vipul VyasVipul Vyas
9 min read

Table of contents

Before installing or understanding architecture let's first understand what is Kubernetes and why we should use it and it's advantages,

What and Why?

Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

Advantages

Kubernetes provides you with a framework to run distributed systems resiliently. It takes care of scaling and failover for your application, provides deployment patterns, and more. some use cases,

Architecture

The Kubernetes architecture consists of a set of master nodes or control plane and a set of worker nodes. The control plane is responsible for managing the overall state of the cluster, including scheduling and scaling of containers, while the worker nodes are responsible for running the containers themselves.

Let's take a closer look at each of these components and how they work together:

Control plane(Master Node)

The master nodes are the control plane of the Kubernetes cluster. They are responsible for managing the overall state of the cluster, including the deployment, scaling, and management of containerized applications. The Kubernetes master is comprised of several components that work together to manage the cluster. Control plane has several components like, API server, etcd, scheduler, controller manager.

  1. API Server: The API Server is responsible for exposing the Kubernetes API, which allows users to interact with the cluster, and for managing the state of the cluster. When a user issues a command to the Kubernetes API, the API Server validates the request and forwards it to the appropriate component for execution.

    • The API Server acts as the front-end to the control plane and is responsible for processing RESTful API requests. It receives requests from kubectl, which is the command-line tool used to interact with Kubernetes. When a request is received, the API Server validates it and forwards it to the appropriate component for execution.

  2. etcd: etcd is a distributed key-value store that is used to store the state of the Kubernetes cluster. It is used to store information about the state of each node in the cluster, including information about running containers, pod configurations, and other cluster-level settings.

    • The state of the cluster is stored in etcd as a set of key-value pairs. Each key represents a resource in the cluster, such as a pod or a replication controller, and the corresponding value represents the current state of that resource. When a resource is modified, the API Server updates the state of the resource in etcd.

    • etcd is a highly available and fault-tolerant data store. It uses a distributed consensus algorithm to ensure that the state of the cluster is consistent across all nodes in the cluster. This means that even if some nodes in the cluster fail, the cluster can continue to operate without interruption.

  3. Scheduler: The Scheduler assigns containers to nodes based on resource availability, affinity and anti-affinity rules, and other user-defined requirements. It operates on a continuous loop, filtering nodes that don't meet requirements, scoring remaining nodes based on various factors, and selecting the node with the highest score to assign the container. It also supports advanced features like affinity and anti-affinity rules.

  4. Controller manager: The Controller Manager is responsible for managing the various controllers that are responsible for ensuring the desired state of the cluster. Controllers are responsible for tasks such as scaling containers, managing load balancing, and monitoring the health of the cluster.

    • Each controller in Kubernetes is responsible for managing a specific set of resources. For example, the ReplicaSet controller is responsible for ensuring that a specified number of replicas of a pod are running at all times. The Deployment controller is responsible for managing the rollout of new versions of an application.

    • The Controller Manager is responsible for starting and stopping the controllers and ensuring that they are running correctly. It also monitors the state of the controllers and takes action if a controller fails.

Worker Nodes

The worker nodes are responsible for running the containers that make up the application. Each worker node runs a set of container runtime processes, such as Docker or CRI-O, which are responsible for managing the containers themselves. Worker node has components like, Pod, Kube-Proxy, Kubelet and Container Runtime.

  1. Pod: A pod is the smallest deployable unit that can be created and managed. A pod is a group of one or more containers that share the same network namespace and can communicate with each other via localhost. Pods are used to encapsulate and manage related containers that need to be deployed together on the same host. They provide a layer of abstraction between the containers and the underlying infrastructure and can be easily scaled up or down based on application needs. Kubernetes can manage and orchestrate pods, providing automatic rescheduling, rolling updates, and self-healing capabilities.

  2. Kube-Proxy: kube-proxy is a network proxy that runs on each node in a Kubernetes cluster. It is responsible for managing network communications between different services and pods in the cluster.

    • kube-proxy uses the iptables tool to create rules that forward network traffic to the appropriate destination. It maps service IPs to the IP addresses of the pods that are part of the service. This mapping enables communication between services and pods, even if they are running on different nodes in the cluster.

    • kube-proxy also provides load balancing functionality for services that have multiple replicas running across different nodes in the cluster. It distributes traffic across the replicas to ensure that the workload is evenly balanced and can handle high traffic loads.

  3. Kubelet: The kubelet is an agent that runs on each node in a Kubernetes cluster. It is responsible for managing the state of the node, ensuring that containers are running and healthy, and communicating with the Kubernetes master to receive instructions and send status updates. The kubelet pulls container images, starts and monitors containers, and manages other resources on the node, such as volumes and network interfaces. It plays a critical role in the Kubernetes architecture, enabling the management and orchestration of containers in a distributed environment.

  4. Container Runtime: The Container Runtime is responsible for managing the containers themselves. It is responsible for starting and stopping containers, as well as managing their resource usage and networking.

    • The Container Runtime is responsible for creating and managing the container filesystem and for isolating the container from the host system. It is also responsible for managing container networking, including exposing ports and configuring

Kubernetes Installation & Configuration :

We will install Kubernetes on AWS EC2. for that When configuring the instances, we should choose at least 2 CPU Core and 2GB RAM at minimum to get the system working efficiently. In terms of instance type, `t2.medium` does the job so we will use it to satisfy the minimum infrastructure requirement.

To ensure the smooth operation of Kubernetes, it is necessary to configure two security groups to accompany the instances before spinning them up. The Kubernetes documentation outlines specific port requirements that must be open for Kubernetes to function properly. For further information, please refer to the official documentation.

Ports for the Control-plane (Master) Node(s)

1. TCP 6443      → For Kubernetes API server
2. TCP 2379–2380 → For etcd server client API
3. TCP 10250     → For Kubelet API
4. TCP 10259     → For kube-scheduler
5. TCP 10257     → For kube-controller-manager
6. TCP 22        → For remote access with ssh
7. UDP 8472      → Cluster-Wide Network Comm. — Flannel VXLAN

Ports for the Worker Node(s)

1. TCP 10250       → For Kubelet API
2. TCP 30000–32767 → NodePort Services
3. TCP 22          → For remote access with ssh
4. UDP 8472        → Cluster-Wide Network Comm. — Flannel VXLAN

Create Security Group for Master and worker node

  1. Go to the AWS Console, EC2 Service and choose Security Group from the left hand bar menu.

  2. Click on create security group, name it K8-Master-SG and then click on Add rule in Inbound rules to enter the ports described above. When you are done just click on create security group on the lower left of the page to finish the process.

  1. Click on create security group, name it K8-Worker-SGand then click on Add rule in Inbound rules to enter the ports described above. When you are done just click on create security group on the lower left of the page to finish the process.

Security groups are created let's create the instance,

  1. Go to the AWS Console, EC2 Service and hit on Launch instance.

  2. Name your instance kube-master and choose Ubuntu 20.4 as AMI.

  3. Choose t2.mediumas instance type, choose your own key, select existing security groups and choose the master security group(K8-Master-SG) that we just created and finally hit on launch instance

  4. Repeat the steps above to create the worker instance. Keep the same configuration and just name it kube-workerand choose the K8-Worker-SG security group.

  5. Wait for the instances to boot up. and then connect to the instance.

  6. Select k8-Master instant and click on connect. Here I am connected via AWS itself we can also use ssh also. And same for worker instance as well.

    Setup Master Node:

    1. Before installing Kubernetes packages, we should update the system.

       sudo apt-get update

    2. . Now, we can install helper packages for Kubernetes.

       sudo apt-get install -y apt-transport-https gnupg2

    3. Continue installing the helper packages

       sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg

 echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]

    4. We need to update the system again after we are done with the helper packages.

       sudo apt-get update

    5. Continue with the Kubernetes installation including Docker

       sudo apt-get install -y kubectl kubeadm kubelet kubernetes-cni docker.io

    6. Now we have to start and enable Docker service.

       sudo systemctl enable docker
 sudo systemctl start docker
 sudo systemctl status docker

    7. Configure master node.(Run on master node)

       sudo su
 kubeadm init

 mkdir -p $HOME/.kube
 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config

 kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml

 kubeadm token create --print-join-command

      • The master node is initialized by running the "kubeadm init" command. To prepare for this, a directory for the Kubernetes configuration file is created using "mkdir". The configuration file is then copied using "cp" and given the correct permissions using "chown". The "kubectl apply" command is used to install Weave Net, a widely used networking plugin for Kubernetes. Finally, a token for joining worker nodes to the cluster is generated using the "kubeadm token create" command. you will get kubeadm join for connect worker with master. like this Then you can join any number of worker nodes by running the following on each as root:

        kubeadm join 172.31.84.38:6443 --token 5e2yud.34s6ma7pbta0kct9
        --discovery-token-ca-cert-hash sha256:a2dbcc172efb41f8ad707b6b628dc3c85236cc5bfc94aa940df622eaead923cd

    8. Configure the Worker Node (Run on worker node)

       sudo su
 kubeadm reset pre-flight checks

 # Paste the Join command on worker node with `--v=5`
 kubeadm join xx.xx.xx.xx:xxxx --token 5e2..d.34s6... --discovery-token-ca-cert-hash sha256:a2dbcc172efb41f8...ead923cd --v=5

    9. Now list the nodes using (Run on Master node)

       kubectl get nodes

Now Kubernetes is installed successfully in EC2 instances.

Thanks 😊

0
Subscribe to my newsletter

Read articles from Vipul Vyas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Kubernetescontainerskubernetes architectureTrainWithShubham#linux #devops #devopsengineer #devopscommunity #devopsjobs #automation #security #scalability #infrastructure #90daysofdevops #trainwithshubham

Written by

Vipul Vyas
Vipul Vyas