Kubernetes roadmap

Kubernetes is an open source orchestration platform which helps us automate the deployment, scaling and management of container workloads. It is most widely used software in organizations practicing DevOps as it makes services more scalable and available with almost zero downtime.

Prerequisites for learning Kubernetes :

1. Understanding the container concepts and how a container is different from virtualization.

2. Knowledge on docker as in creating docker files, spinning up containers and managing lifecycle of a container.

1. Cluster Architecture

Understanding cluster components is crucial and one of the first step. A simple K8's cluster consists of a control plane and a data plane which can also be understood as master and worker node respectively. The control plane manages workers present in its cluster. A control plane/ master node contains components that are responsible for specific functionality. The main aspect of K8 is to manage the container workloads i.e., spinning up containers(or pods), exposing the applications running inside a pod, checking pod health, always make sure to run specified number of pods(declared state) and many more.
Control plane possess API server, Controller, Scheduler & etcd and the worker plane consists of kubelet and kubeproxy and container runtime.

Knowing duties and working of each component gives us basic understanding of how containers are being managed in a cluster.

2. Workloads - Pods and deployments

After getting the conceptual knowledge on how kubernetes works, we can go to what we run inside cluster. A cluster consists of multiple nodes and each node ideally have single pod running in it. Pod is the smallest unit of cluster which is a group of one or multiple containers running in it. A pod usually consists of single instance of an application and we create it using a declarative Yaml script(in form of Pod template).

But pod alone is ephemeral i.e., if some error occurs and container stopped it wont be created again. Then comes workload resources like Deployments, replica sets, demon sets and stateful sets. While these have different use cases they are important for auto scaling and auto healing of pods. There is a common attribute in these resources which is 'replicas' where we mention minimum number of pods. The controller ensures that these number of pods are running at any time and if any pod goes down it immediately spins up new one.

3. Services and Ingress

Services expose the application running inside a container. There are 3 types of services , Cluster IP, NodePort and load balancer. Cluster IP is the default service where we can access the app only inside the cluster. It is suitable only for internal apps. In NodePort type, we define target port to which all the traffic is routed to and the service can be accessed outside cluster using Node's IP address along with target port.

Finally the Load balancer mode, uses in production environment where we can access it from everywhere. But we have some limitations in kubernetes load balancers, where it provides only round robin type. To extend the capabilities and use third party load balancers we will use Ingress controllers.

4. Config maps and Secrets

Next important topic to cover is to how we store user data required by pods or other components and other sensitive data. Two options available are secrets and config maps. Secrets are used to store highly sensitive data like DB user and passwords after encrypting it. Config maps are used to store less sensitive data.

5. RBAC (Role based access control)

Kubernetes doesn't deal with user management and it outsources to third party identity providers like OKTA, IAM for EKS .. etc. Defining access for service accounts (pods or deployments) in K8 is based on Roles. Roles are created based on which kind of access we want to provide and we bind it using Role binding to service accounts.

6. Custom resources

Kubernetes extends capabilities of its API to support third party software which adds additional value. Example is Isito, a service mesh which is used for service discovery and other security purposes. In order to use these, we need to provide 3 components which are Custom resource definition, custom controller and a custom resource. Definition is required to validate the resource script provided by user and controller manages and watches for the resource that is created.

7. Monitoring

Careful monitoring and management is required to avoid unexpected failures and security risks. Logging and monitoring are key evidences to quickly detect the issues and troubleshoot which lets us take actions accordingly. For monitoring, to collect cluster metrics we have Prometheus, which is open source monitoring platform that provides native support to K8. Similarly there are other open source software available for logging and tracing.

This helps to quick start your kubernetes journey. After understanding each concept, its important to implement them to solidify our understanding. Moving forward one can explore important concepts like pod security, helm charts, multi container pods, configuration using kubeconfig, DNS server and so on.