Kubernetes

Kubernates
 Agenda
● Introduction
Kubernates
● Architecture
Instructions / Notes
● K8 cluster installation ● Starts: 30 May, 7:30am PDT/PST or 30 May, 8pm IST
● Minikube ● 2 Hours session with 10 minutes Break

● K8 Objects ● Except Instructor, everyone is on mute

● Please use the Q/A Window to Ask Questions
● Service
● The recording & slides will be shared after session
● Role based Access
● More Info: CloudxLab.com
● Volume
● Config Map and Secret
● Ingress
Ashok Singh
Kubernates
 What is Kubernetes?

Kubernates
 Kubernetes

"Kubernetes is an open-source system for automating deployment, scaling, and management of

containerized applications."

Source: Kubernetes website

It can run hundreds of thousands of jobs, from many thousands of different

applications, across a number of clusters each with up to tens of thousands
of machines".

The open source project is hosted by the Cloud Native Computing Foundation (CNCF).

Kubernates
 Kubernates : Product features

● Self-healing : Restarts failed containers, replaces containers, kills bad

containers

● Automatic bin packing : Kubernetes fit containers on worker nodes to make

the best use of resources.

● Service discovery and load balancing: It can expose a container using the

DNS name or using their own IP address. it can load balance and distribute

the network traffic.

Kubernates
 Kubernates : Product features
● Automated rollouts and rollbacks: It constantly monitors pods health and
rollout or rollback deployments to maintain desired state

● Secret and configuration management: Kubernetes manages secrets and

configuration details for an application separately from the container image.

● Storage orchestration : It automatically mounts storage defined for container

from local storage, external cloud providers, or network storage systems.

Kubernates
 Kubernates: Popularity
Kubernetes' functionality can be extended Deployment :

1. Local
i. custom resources,
2. Remote
ii. operators,
3. Virtual Machine
iii. custom APIs, 4. Bare metal
iv. scheduling rules or plugins. 5. public cloud
6. private cloud
7. hybrid
8. multi-cloud setups
9. Offered as Managed service by
various cloud providers like
a. AWS
b. Azure

Kubernates
 Kubernates
K8s is used for workload management in online retail, ridesharing, telecommunications,
banking, education, finance and investments, gaming, information technology, media and
streaming and many other industries. Below are few case study on the Kubernetes website:

○ BlaBlaCar
○ BlackRock
○ Huawei
○ Box
○ IBM
○ eBay
○ ING
○ Haufe Group
○ Nokia
○ Wikimedia
○ Pearson
○ And many more.

Kubernates
 Cloud Native Computing Foundation

The Cloud Native Computing Foundation (CNCF) is one of the projects hosted by the Linux
Foundation.

Sandbox Project Incubation projects: Graduated projects:

SPIFFE :Secure Production Identity
Framework for Everyone
Brigade :Event-driven scripting
Network service mesh (NSM)
gRPC: open source universal RPC
framework
CNI :Container Network Interface -
networking for Linux containers
OpenTelemetry:portable telemetry a
built-in feature of cloud-native software
Kubernetes for container orchestration
Prometheus for monitoring
Envoy for service mesh
CoreDNS for service discovery

Kubernates
 Kubernetes Architecture

Kubernates
 Kubernates Jargon
● Cluster :Group of Machine working in coordination to host multiple container

services for high availability and optimized resource utilisation

● Controller Manager:- Manages controllers

○ Node controller

○ Replication controller

○ Endpoints controller

○ Service Account & Token controllers:

● kube-api-server : REST interface of control plane for user and service account

Kubernates
 Kubernates Jargon

● Pod: A Pod is the smallest scheduling unit in Kubernetes. It is a logical collection of

one or more containers scheduled together

● kube-scheduler : Schedules pod on nodes. Brain of control plane.

● etcd : key value distributed data store based on Raft Consensus Algorithm

● kubelet: Ensures container are running on node

● kube-proxy: works like a network proxy manages network rules on worker node

Kubernates
 Kubernetes Components

Source: Kubernates website

Kubernates
 K8s cluster

● Master Node: Provide environment to run Control plane

● Worker Node : Run the load for applications
● etcd: Key value consistent data store

● Add ons
○ DNS : Servers DNS records for services hosted in k8s cluster
○ UI: General purpose web UI dashboard
○ CNI : network overlay for pod communication

Kubernates
 Master Node
● Runs control plane components
○ kube-apiserver
○ etcd
○ kube-scheduler
○ kube-controller-manager
○ cloud-controller-manager
● Receive request for Kube - API servers in control plane
○ API - Application programing interface
○ CLI - Command Line interface
○ UI Dashboard
● Loss of master node can result is downtime
● Host etcd if etcd is not hosted on external node
● If is recommended to have at least 3 master node for High availability
● Cluster configuration data is stored in etcd.

Kubernates
 API Server
○ Administrative tasks are coordinated by the kube-apiserver,
○ The API server processes RESTful calls from users, operators and external agents, then
validates
○ API server reads cluster's current state from the etcd, and writes the resulting state of
the Kubernetes cluster is saved in etcd
○ The API server is the only master plane component to talk to the etcd data store,
○ It act as a middle-man interface for any other control plane agent requiring to access
the cluster's data store.
○ The API server is highly configurable and customizable. It also supports the addition of
custom API servers, when the primary API server becomes a proxy to all secondary
custom API servers and routes all incoming RESTful calls to them based on custom
defined rules.

Kubernates
 Scheduler
○ A scheduler is extremely important and quite complex in a multi-node
Kubernetes cluster.
○ kube-scheduler assigns pods and objects to nodes.
○ scheduling decisions are made based on current Kubernetes cluster state and
new object's requirements.
○ The scheduler implement bin packing feature by collecting worker node
resource usage data from etcd and object requirement through API server
○ Requirements may include constraints to schedule pod on which has ssd disks
○ The scheduler also takes into account Quality of Service (QoS) requirements,
data locality, affinity, anti-affinity, taints, toleration, etc.

Kubernates
 Controller Managers
Controllers are watch-loops continuously running and comparing the cluster's desired
state with its current state.

The kube-controller-manager runs controllers responsible to act when nodes become

unavailable, to ensure pod counts are as expected, to create endpoints, service accounts,
and API access tokens.

These controllers include:

● Node controller: Responsible for noticing and responding when nodes go down.
● Replication controller: Responsible for maintaining the correct number of pods for
every replication controller object in the system.
● Endpoints controller: Populates the Endpoints object (that is, joins Services & Pods).
● Service Account & Token controllers: Create default accounts and API access tokens for
new namespaces.

Kubernates
 etcd : Key -value store
○ etcd is a distributed key-value database
○ etcd is based on the Raft Consensus Algorithm like distributed
database of docker swarm
○ etcd can run co-located on master node or external separate
distributed etcd nodes
○ etcd stores storing the
i. desired cluster state,
ii. network policy,
iii. ConfigMaps,
iv. Secrets,

Kubernates
 Raft Consensus Algorithm
Visual explanation of Raft Consensus Algorithm

http://thesecretlivesofdata.com/raft/

● Multiple Master Node can have split network scenario.

Manager Manager Manager

Network 1 Manager Manager Network 2

Kubernates
 Worker Node
● A worker node is host in cluster which has been added to cluster control plane. Worker
node provide compute and memory capacity to cluster . Workload or containerized
apps run on worker node in Pods.
● wokers node are server/ hosts traditionally which were used to run application
● A typical workload is a containerized microservices.
● Worker node hardware:
○ CPU
○ RAM
○ Root Disk capacity
○ Network Interface
○ Storage interface - optional

Kubernates
 Worker Node : Component
A worker node constitutes of:

○ Container runtime
○ kubelet
○ kube-proxy

Kubernates
 Container Runtime
Kubernetes does not have the capability to directly handle containers. In order to run and manage a
container's lifecycle, Kubernetes requires a container runtime on the node where a Pod and its containers
are to be scheduled. Kubernetes supports many container runtimes:

○ Docker - Market leader in containerized world, widely used with many orchestration engines
○ CRI-O - a lightweight container runtime for Kubernetes, it also supports Docker image registries
○ containerd - An industry-standard container runtime with an emphasis on simplicity,
robustness and portability
○ rkt - rkt is a pod-native container engine for Linux, it also runs Docker images

Kubernates
 kubelet
● kubelet runs on each node and interacts with control plane component to ensure

cluster desired state is maintained for the node where kubelet is running.

● The kubelet take set of instruction and parameter, called specification that are

provided through various mechanisms like API server and ensures that the

containers described in those specification are running and healthy.

● The kubelet doesn’t manage containers outside Kubernetes. (docker run containers)

● kubelet interacts with the container runtime (dockerd) on the node to run
containers with the Pod.

Kubernates
 Container runtime environment

○ dockershim: Uses docker installed on worker node

○ cri-containerd :uses containerd to create and manage containers

○ CRI-O : CRI-O enables using any Open Container Initiative (OCI) compatible
runtimes with Kubernetes.

Kubernates
 Worker Node Components: kube-proxy
● kube-proxy is a agent that runs on each node in cluster,

● kube-proxy implements network policy on nodes.

● All traffic entering and leaving node goes through kube-proxy

● These network policy allow communication to Pods from network inside or

outside of cluster.

● kube-proxy uses OS packet filtering layer does not implement filtering layer

Kubernates
 Addons
Addons are cloud native application which can run on k8s cluster and provide
supplementary , it is written by 3rd-party pods a.

○ DNS - code DNS , manages domain name inside k8s cluster for services
○ Dashboard - Web UI to interact with kube-api server for cluster management
○ Monitoring - collecting stats on cluster , pod and host level and store in database
or generate alarms
○ Logging - collects cluster-level container logs and saves them to a central log store
for analysis.

Kubernates
 Networking

Kubernates