Guide to Kubernetes

Kubernetes is Orchestration system for automating software deployment, scaling, and management.

Problem that Kubernetes solving

1. Single Host

   K8 work as clusters which has a group of computing nodes, that run containerized applications

2. Auto Scaling

   K8 use HPA(horizontal pod auto scaling) feature to accommodate the load

3. Auto Healing

   K8 fixes the damaged by creating new container with help of K8 control plane

4. Enterprise Level

   Solve Enterprise level problem like: orchestration, firewall, etc.

K8s Cluster Architecture

Data Plane (worker nodes)

• Container Runtime

  In order run container application like docker, we need container runtime:

  • dockershim

  • containerd

  • CRI-O

• Pod

  • Pod is smallest unit in K8s act as wrapper for containers. It represents a single instance of a running process in cluster.

  • Provide declarative way (YAML)

  • Can run more than 1 container in a pod

• CRI(Container Runtime Interface)

  It's a API that allow kubelet to communicate with different container runtimes.

• kubelet

  Responsible for pods monitoring, deletion, creation.

• kube-proxy

  Responsible for pods networking, IP, load balancing.

Control Plane (master nodes)

• kube-api-server

  API server act as central management hub of control plane.

  It expose K8s API to external world, which enables communication b/w different components of the control plane and the worker nodes.

• scheduler

  Responsible for assigning newly created pods to nodes.

  Ensuring that workloads are evenly distributed and that pods are placed on nodes that meet their resource and other requirements.

• etcd

  It's a key-value data storage. It is responsible for storing all the cluster's state and configuration data. Act as Back-up of K8s cluster

• Controller Manager

  It responsible for managing & maintaining desired state of cluster

  It runs a set of controllers that perform various cluster management tasks.

• Cloud Controller Manager (CCM)

  Responsible for managing cloud-specific resources and interacting with the cloud provider's API.

K8s Namespace

Namespace is logical isolation of resources, n/w, policies, rbac.

KOPS (Kubernetes Operations)

KOPS an open-source tool that simplifies the creation, management, & upgrading of K8s clusters on cloud providers such as AWS, GCE, and Azure.

K8s Installation & Commands

Installation of kubectl

kubectl is command-line for K8s

For further assistance refer: kubectl documentation

1. Download the latest release with the command:

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

2. Install kubectl

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

Installation of minikube (local K8s cluster)

For further assistance refer: minikube documentation

1. Installation

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64

2. Start minikube

# minikube function
# VM -> single node K8s cluster

minikube start

kubectl Commands

get k8s clusters, filter with region

kubectl config get-contexts | grep ap-south-1

selecting k8s cluster

kubectl config use-context <user-name>@< k8scluster name>

checking current k8s cluster

kubectl config current-context

get no. of nodes

kubectl get nodes

create pod

kubectl create -f pod.yml

get no. of pods

kubectl get pods

# More details of pods
kubectl get pods -o wide

delete pods

kubectl delete pod nginx

detail info about pods

kubectl describe pod nginx

debug pods

kubectl logs nginx

K8s Pods

pod.yml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

K8s Deployment

deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3  # Replica-set ensure auto-healing by Controller
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx  # Label for pods
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

K8s Service

A K8s Service provides:

• Load balancing

• Service (network) discovery using labels and selectors

• External exposure to world

                          |---------------------------------------------|
+-------------------+     | +----------------+      +-----------------+ |    +-----------+      +-----------+
|    Service        | --->| | Deployment     |--->  |   ReplicaSet    | |--> |    Pod    | ---> | Container |
| (Load Balancer)   |     | |                |      |                 | |    |           |      |           |
+-------------------+     | +----------------+      +-----------------+ |    +-----------+      +-----------+
                          |---------------------------------------------|

Type of service

Types of services:

• ClusterIP: Access within cluster network

• NodePort: Access through outside cluster: organization, VPC, or nodes

• LoadBalancer: Public access from outside

service.yml

apiVersion: v1
kind: Service
metadata:
  name: my-loadbalancer-service
spec:
  type: LoadBalancer
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80        # Service port
      targetPort: 8080  # Pod port

Kubeshark

Tool that provides real-time visibility into K8s clusters API traffic

K8s Ingress

K8s Ingress addresses the following enterprise challenges:

1. Security

2. Advance Load balancing (various types)

Ingress Controller

Watches for Ingress resources & enforces these rules by updating its underlying load balancer or proxy configuration.

Common Ingress Controller:

• NGINX

• HAProxy

Ingress Resource

Defines the routing rules

Type of Load Balancing:

• host

• paths

• TLS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

K8s RBAC (Role based access control)

RBAC is flexible method for managing access control in various systems, OS, databases, and applications, which improve security & ensure compliance

RBAC is general access control manager, unlike AWS IAM which is cloud specific.

• Service Account: Provides an identity for processes running in a pod

• Role: Defines a set of permissions

• Role Binding: Associates role with service account (or user/group)

K8s CRD, CR & Custom Controller

CRD (Custom Resource Definition)

• CRD is a way to extend the Kubernetes API to create your own custom resources.

• It allows you to define new types of resources that Kubernetes can manage, beyond the built-in types like Pods, Services, and Deployments.

CR (Custom Resource)

• Custom Resource is an instance/new type of resource of a Custom Resource Definition.

• Once a CRD is defined and applied to the cluster, you can create, read, update, and delete instances of that custom resource.

Custom Controller

• A custom controller is a piece of software that watches for changes to custom resources (or other Kubernetes resources)

• Reconcile the current state of the cluster with the desired state specified by those resources.

K8s ConfigMaps & Secrets

Solves ENV variable problems:

• Decoupling Configuration from Code

• Dynamic Updates

• Reusability Across Multiple Pods

ConfigMaps

• ConfigMaps are used to store non-confidential configuration data in key-value pairs.

Secrets

• Secrets are used to store sensitive data, such as passwords, OAuth tokens, and SSH keys & encrypted at rest

• Use RBAC to get least access privilege.

Dynamic Configuration: ConfigMaps/Secrets as Volume

configmap.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: example-config
data:
  database_url: "mongodb://localhost:27017"
  feature_flag: "true"

deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: example-app
  template:
    metadata:
      labels:
        app: example-app
    spec:
      containers:
      - name: example-container
        image: example-image
        envFrom:
        - configMapRef:
            name: example-config
        volumeMounts:                   # Mounting Volume to Deploy -> POD
        - name: config-volume
          mountPath: /etc/config
      volumes:                          # ConfigMaps as Volume
      - name: config-volume
        configMap:
          name: example-config

K8s Operators & Helm

Both tools that help manage K8s complex (stateful) applications

K8s Operator

1. Manage tasks with minimal or no restarts

2. Automate operational tasks:

   • Upgrades

   • Backups

   • Failover

   • Scaling

Helm

1. May trigger restarts during deployments/upgrades

2. Package manager for Kubernetes that simplifies the deployment process by using charts, which are collections of files that describe K8s resources

3. Helm help with:

   • Defining, installing, and upgrading applications

   • Customizing deployments for different environments

   • Keeping track of releases

   • Versioning manifest files

   • Sharing charts across an organization

K8s Monitoring: PROMETHEUS & GRAFANA

PROMETHEUS

Monitors and alerts cloud-native environments by collecting metrics from applications and infrastructure

GRAFANA

Allows users to visualize and monitor data through dashboards and charts, using Prometheus.

Feel free to share and spread the knowledge! 🌟😊 Enjoy Learning! 😊