Kubernetes for Beginners

Definition

Kubernetes is a container orchestration framework that was made by

google. It helps manage containerized applications in a clustered
environment, providing mechanisms for deployment, maintenance, and
scaling of applications.

Kubernetes abstracts the underlying hardware of the nodes (servers)

and provides a uniform interface for applications to interact with. This
allows developers to focus on building their applications without
worrying about the specific details of the underlying infrastructure.

Key Concepts
Pods

A Pod is the smallest and simplest Kubernetes object. A Pod represents

a single instance of a running process in your cluster. Pods contain one
or more containers, such as Docker containers. Each Pod has its own IP
Address

Nodes

Nodes are the machines (virtual or physical) that run the applications in
the form of Pods. Each node contains the necessary services to run
Pods and is managed by the Kubernetes master.

Clusters

A cluster is a group of nodes that Kubernetes manages. Clusters allow

Kubernetes to combine the resources of multiple machines to handle
larger loads and provide redundancy.

Deployments

Deployments define the desired state of your application, such as which

images to use for the app, the number of replicas, and the update
strategy. Kubernetes ensures that the current state matches the desired
state defined in the deployment.

Services

Kubernetes for Beginners 1

 Services in Kubernetes define a logical set of Pods and a policy by
which to access them. Services enable loose coupling between
dependent Pods.

Secrets

Secrets in Kubernetes are used to store and manage sensitive

information, such as passwords, OAuth tokens, and SSH keys. They
help keep this data secure and separate from the application code.
Secrets can be injected into Pods as environment variables or as files
mounted on a volume.

ConfigMap

ConfigMaps allow you to decouple configuration artifacts from image

content to keep containerized applications portable. ConfigMaps can
be used to store configuration data in key-value pairs and can be
consumed by Pods as environment variables, command-line
arguments, or configuration files.

Ingress

Ingress in Kubernetes is an API object that helps developers expose

their applications and manage external access by providing HTTP/S
routing rules to the services within a Kubernetes cluster. It provides
features such as load balancing, SSL termination, and name-based
virtual hosting, making it easier to route traffic to your applications.

StatefulSet

StatefulSet is a Kubernetes workload API object used to manage

stateful applications. Unlike Deployments, StatefulSet maintains a
unique identity for each of its Pods, allowing for stable network
identifiers and persistent storage.

Volumes in Kubernetes
Volumes in Kubernetes provide a way to store data that is accessible to
containers in a Pod. Unlike ephemeral storage, which is tied to the lifecycle
of a container, volumes can persist data beyond the lifespan of individual
containers.

Types of Volumes

Kubernetes for Beginners 2

 emptyDir

An emptyDir volume is first created when a Pod is assigned to a

Node and exists as long as that Pod runs on that Node. As the name
suggests, it is initially empty. Containers in the Pod can read and
write the same files in the emptyDir volume, but when the Pod is
removed from the Node, the data in the emptyDir is deleted.

hostPath

A hostPath volume mounts a file or directory from the host Node's

filesystem into your Pod. This can be useful for certain applications
that require access to the host filesystem. However, it ties the Pod
to a specific Node and can pose security risks.

configMap

A configMap volume provides a way to inject configuration data into

Pods. It allows you to decouple configuration artifacts from image
content to keep containerized applications portable.

secret

A secret volume is used to inject sensitive data, such as passwords

and tokens, into Pods. Secrets are stored in the cluster and can be
used by Pods without exposing sensitive data in the Pod
specification.

persistentVolumeClaim

A persistentVolumeClaim (PVC) is a request for storage by a user. PVCs

are used to claim PersistentVolumes (PVs), which are storage
resources in the cluster. PVCs enable Pods to use persistent storage
that can be dynamically provisioned or pre-provisioned by an
administrator.

*NOTE: K8s does not manage data persistence

Use Cases for Each Volume Type

emptyDir

Temporary storage for data that does not need to persist beyond
the lifecycle of a Pod. For example, scratch space for a build
process or temporary data for processing tasks.

Kubernetes for Beginners 3

 hostPath

Accessing specific files on the host Node, such as logging or

monitoring files, or when using third-party software that requires
access to the host filesystem.

configMap

Injecting configuration data, such as environment-specific settings,

into Pods. This keeps configuration separate from application code
and allows for easier updates and management.

secret

Storing and managing sensitive information, such as database

credentials and API keys, securely and injecting them into Pods
without hardcoding them in the application code.

persistentVolumeClaim

Providing durable storage for stateful applications, databases, and

other services that require persistent data storage. PVCs ensure
that data is retained even if the Pod is rescheduled or restarted.

Example of a PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

Example of Using a PersistentVolumeClaim in a Pod

apiVersion: v1
kind: Pod

Kubernetes for Beginners 4

 metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
volumeMounts:
- mountPath: "/data"
name: my-volume
volumes:
- name: my-volume
persistentVolumeClaim:
claimName: my-pvc

Kubernetes Features
High Availability

No downtime

Scalability with high performance

High Response rates

Disaster Recovery and Data Restoration

Structure of a Node
Node ==⇒ Container=⇒Abstraction Layer=⇒Pod(contains the application
for running)

Pods
Note: Each pod has it own IP address (which gets re-assigned on restart or
for crashed pods)

This is not ideal, so K8s has a IP service which stays online all the time

Having this service is good because if the pod crashes and restarts, the
address of the pod does not change , which is ideal in web-services

Kubernetes for Beginners 5

 Note: The lifecycle of the service and the pod is not connected

The service can be used to assign a permanent IP address

Services
Services support different types of service discovery, including ClusterIP,
NodePort, and LoadBalancer.

Types of Services
ClusterIP

ClusterIP is the default type of service, which exposes the service on

an internal IP in the cluster. This type of service is only reachable from
within the cluster.

NodePort

NodePort exposes the service on each Node's IP at a static port. This

makes the service accessible from outside the cluster using <NodeIP>:

<NodePort> .

LoadBalancer

LoadBalancer exposes the service externally using a cloud provider's

load balancer. It automatically creates a public IP address that can route
traffic to the service.

Use Cases for Each Service

ClusterIP

ClusterIP is useful for internal communication within the cluster. For

example, if you have a microservices architecture and one microservice
needs to communicate with another, you can use a ClusterIP service to
expose the target microservice on an internal IP that is only accessible
from within the cluster. This keeps the communication secure and
isolated from external traffic.

NodePort

NodePort is suitable when you want to expose a service to external

clients but do not want to set up an external load balancer. For example,

Kubernetes for Beginners 6

 if you are running a small-scale application where you need to quickly
expose it to the internet for development or testing purposes, you can
use NodePort to access the service using <NodeIP>:<NodePort> from
outside the cluster.

LoadBalancer

LoadBalancer is ideal for production environments where you need a

robust and scalable way to expose services to external clients. For
instance, if you have a web application that needs to handle a large
amount of traffic, you can use a LoadBalancer service to automatically
create a public IP address and distribute incoming traffic across
multiple instances of your application, ensuring high availability and
reliability.

StatefulSet for Databases

StatefulSet is a Kubernetes workload API object designed to manage stateful
applications, such as databases, that require unique network identifiers,
persistent storage, and stable, ordered deployment and scaling. Unlike
Deployments, which manage stateless applications, StatefulSets provide
guarantees about the ordering and uniqueness of Pods.

Key Features of StatefulSet

Stable Network IDs: Each Pod in a StatefulSet gets a unique, stable
network identity that persists across rescheduling. This is crucial for
databases that require consistent network connections.

Persistent Storage: StatefulSet allows each Pod to have its own

PersistentVolume. This ensures that data is not lost when Pods are
rescheduled or restarted.

Ordered Deployment and Scaling: Pods in a StatefulSet are created,

updated, and deleted in a specific order. This is beneficial for databases
that need to initialize in a specific sequence or depend on other Pods being
available.

Example of a StatefulSet for a Database

Kubernetes for Beginners 7

 apiVersion: apps/v1
kind: StatefulSet
metadata:
name: db-statefulset
spec:
serviceName: "db-service"
replicas: 3
selector:
matchLabels:
app: database
template:
metadata:
labels:
app: database
spec:
containers:
- name: database
image: my-database-image
ports:
- containerPort: 5432
name: db
volumeMounts:
- name: db-storage
mountPath: /var/lib/database
volumeClaimTemplates:
- metadata:
name: db-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi

Why Databases Should Be Located Outside of the

Cluster

Kubernetes for Beginners 8

 While Kubernetes provides mechanisms to manage stateful applications,
including databases, there are several reasons why it is often recommended to
locate databases outside of the Kubernetes cluster:

ACID Rules for Databases

ACID is an acronym that stands for Atomicity, Consistency, Isolation, and
Durability. These are the key properties that ensure reliable processing of
database transactions. When managing databases within or outside of
Kubernetes clusters, it's crucial to understand and implement these principles
to maintain data integrity and reliability.

Atomicity
Definition: Atomicity ensures that each transaction is treated as a single
unit, which either completely succeeds or completely fails. There are no
partial transactions.

Example: Consider a bank transfer where money is moved from one

account to another. Atomicity ensures that either both the debit and the
credit occur, or neither does. This prevents scenarios where money could
be debited from one account without being credited to another.

Consistency
Definition: Consistency ensures that a transaction can only bring the
database from one valid state to another, maintaining the predefined rules
and constraints.

Example: If a database rule states that an account balance cannot be

negative, the consistency property ensures that any transaction violating
this rule will be rolled back.

Isolation
Definition: Isolation ensures that the execution of transactions concurrently
does not affect their respective outcomes. Each transaction operates
independently until it is committed.

Example: When two transactions are trying to update the same account
balance, isolation ensures that the final balance reflects both updates
correctly, without interference.

Kubernetes for Beginners 9

 Durability
Definition: Durability ensures that once a transaction is committed, it will
remain so, even in the event of a system failure. The changes made by the
transaction are permanently recorded.

Example: After a successful bank transfer, even if the system crashes

immediately afterwards, the transfer details will not be lost, and the updated
balances will be preserved.

Why Databases Should Be Located Outside of the Cluster

(Continued)
Maintaining ACID properties is crucial for the reliability of databases, and this
often necessitates specialized database management systems and
infrastructure that may not be fully supported within a Kubernetes cluster. Here
are some more reasons:

Performance Optimization: Databases often require high I/O operations

and optimized storage systems to meet performance requirements.
Dedicated database servers can be tuned specifically for these needs,
providing better performance than general-purpose Kubernetes nodes.

Complexity and Maintenance: Managing databases within Kubernetes

adds complexity to your cluster management. Tasks like scaling, backup,
and disaster recovery for databases are more straightforward when
managed separately.

Data Security: Databases may need to comply with specific security and
regulatory requirements that are easier to enforce outside of a Kubernetes
cluster. This includes data encryption, access controls, and audit logging.

Resource Isolation: Databases often require consistent and predictable

resources, such as CPU and memory. Isolating databases on dedicated
hardware ensures that they are not affected by the resource demands of
other applications running in the cluster.

Vendor Support: Many database vendors offer managed services or

specialized support for running databases outside of a Kubernetes
environment. Leveraging these services can provide additional reliability
and support for your database operations.

Basics of YAML

Kubernetes for Beginners 10

 1. Key-Value Pairs: Each entry is a key followed by a colon and a space, then
the value.

key: value

2. Lists: Lists are denoted by a dash followed by a space.

items:
- item1
- item2

Basics of YAML (Continued)

1. Nested Elements: You can nest elements using indentation. Consistent
indentation is crucial in YAML.

parent:
child1: value1
child2: value2

2. Comments: Comments in YAML are denoted by a hash ( # ) symbol.

Anything after the # on a line will be ignored.

key: value # This is a comment

3. Multi-line Strings: Use the pipe ( | ) symbol to denote multi-line strings.

Each new line will be included in the string.

multiline: |
This is a multi-line
string in YAML.

4. Literal Block Scalars: Use the greater-than ( > ) symbol to fold new lines
into spaces, creating a single-line string.

folded: >
This is a folded

Kubernetes for Beginners 11

 multi-line string.

5. Dictionaries: YAML supports nested dictionaries. These are simply key-

value pairs where the value can be another dictionary.

dictionary:
key1: value1
key2:
subkey1: value2
subkey2: value3

6. Anchors and Aliases: YAML allows you to use anchors ( & ) and aliases ( )
to duplicate content. This is useful for reusing configuration blocks.

default: &default
key1: value1
key2: value2

custom:
<<: *default
key3: value3

Example YAML Configuration for a

Kubernetes Deployment
Here's an example of a complete YAML configuration for a Kubernetes
Deployment. This includes defining a Deployment, specifying a Pod template,
and setting up a Service to expose the Deployment.

Deployment Configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3

Kubernetes for Beginners 12

 selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: my-image
ports:
- containerPort: 80

Service Configuration
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer

Summary
Understanding the basics of Kubernetes and YAML is essential for managing
containerized applications efficiently. Kubernetes provides a powerful platform
for orchestrating containers, and YAML is the de facto standard for defining
Kubernetes resources. With these tools, you can create scalable, reliable, and
maintainable applications.

Kubernetes for Beginners 13

 Advanced Kubernetes Concepts
After understanding the basics of Kubernetes and YAML, it's essential to delve
into more advanced topics to fully leverage the power of Kubernetes in
managing complex, large-scale applications.

Namespaces
Namespaces in Kubernetes provide a way to divide cluster resources between
multiple users. They are intended for use in environments with many users
spread across multiple teams or projects.

Creating a Namespace

apiVersion: v1
kind: Namespace
metadata:
name: my-namespace

RBAC (Role-Based Access Control)

RBAC is a method of regulating access to computer or network resources
based on the roles of individual users within your organization. Kubernetes
RBAC allows you to define roles and assign them to users or groups.

Defining a Role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: my-namespace
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]

Creating a RoleBinding

Kubernetes for Beginners 14

 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: my-namespace
subjects:
- kind: User
name: "jane-doe"
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io

Custom Resource Definitions (CRDs)

CRDs allow you to extend Kubernetes capabilities by defining your own
resource types. This is particularly useful for implementing custom controllers
and operators.

Defining a Custom Resource

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: myresources.mygroup.example.com
spec:
group: mygroup.example.com
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object

Kubernetes for Beginners 15

 properties:
foo:
type: string
scope: Namespaced
names:
plural: myresources
singular: myresource
kind: MyResource
shortNames:
- mr

Monitoring and Logging

Effective monitoring and logging are critical for maintaining the health and
performance of your Kubernetes cluster. Tools like Prometheus, Grafana, and
ELK (Elasticsearch, Logstash, Kibana) stack are commonly used.

Prometheus Example
Prometheus is a powerful monitoring system that collects metrics from
configured targets at given intervals, evaluates rule expressions, displays the
results, and can trigger alerts if certain conditions are observed.

Prometheus Configuration

global:
scrape_interval: 15s

scrape_configs:
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod

Conclusion

Kubernetes for Beginners 16

 Advanced Kubernetes concepts such as Namespaces, RBAC, CRDs, and
monitoring are essential for managing complex applications at scale. By
utilizing these features, you can achieve a highly organized, secure, and
efficient Kubernetes environment. Understanding these advanced topics will
empower you to take full advantage of Kubernetes' capabilities, ensuring your
applications run smoothly and re

graph TD
K[Kubernetes Objects] ---> W[Workload Resources]
K ---> S[Service Resources]
K ---> C[Config and Storage Resources]
K ---> M[Metadata Resources]
K ---> CR[Cluster Resources]

graph
W[Workload Resources]
W ---> D[Deployments]
W ---> P[Pods]
W ---> RS[ReplicaSets]
W ---> STS[StatefulSets]
W ---> DS[DaemonSets]
W ---> J[Jobs]
W ---> CJ[CronJobs]

graph
S[Service Resources]
S ---> SVC[Services]
S ---> EP[Endpoints]
S ---> I[Ingress]

graph
C[Config and Storage Resources]
C ---> CM[ConfigMaps]
C ---> SEC[Secrets]
C ---> PV[PersistentVolumes]
C ---> PVC[PersistentVolumeClaims]

Kubernetes for Beginners 17

 graph
M[Metadata Resources]
M ---> NS[Namespaces]
M ---> LBL[Labels]
M ---> AN[Annotations]

graph
CR[Cluster Resources]
CR --> ND[Nodes]
CR --> CL[Cluster]
CR --> N[Namespaces]
CR --> RB[RoleBindings]
CR --> CRB[ClusterRoleBindings]
CR --> R[Roles]
CR --> CRL[ClusterRoles]
CR --> SA[ServiceAccounts]
CR --> CRS[CustomResources]

Kubernetes for Beginners 18