02. Main ComponentsΒΆ
Deployment ToolsΒΆ
ProductionΒΆ
Dev / TrainingΒΆ
- MiniKube
- KinD (Kubernetes in Docker)
- DockerDesktop
Control Plane ComponentsΒΆ
The control plane's components make global decisions about the cluster (for example, scheduling), as well as detecting and responding to cluster events (for example, starting up a new pod when a deployment's replicas field is unsatisfied).
API ServerΒΆ
API Server is a common spot to integrate all kubernetes modules.
- Authentication and Authorization are here
- Validation is here
- can Mutate incoming date
- can add Admission Control (get permission or not to transaction)
SchedulerΒΆ
- Scheduler chooses the location of the deployment
- Scheduler alway talks with api-server
- It can't talk directly with etcd
Control ManagerΒΆ
kube-controller-manager functions are:
- manage component "desire-state"
- monitor the cluster state via API-Server
- determine the number of nodes
-
Node controller: For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding
-
ReplicationController: A ReplicationController ensures that a specified number of pod replicas are running at any one time. In other words, a ReplicationController makes sure that a pod or a homogeneous set of pods is always up and available.
Node ComponentsΒΆ
Kubernetes runs your workload by placing containers into Pods to run on Nodes. A node may be a virtual or physical machine, depending on the cluster. Each node is managed by the control plane and contains the services necessary to run Pods.
Typically you have several nodes in a cluster; in a learning or resource-limited environment, you might have only one node.
The components on a node include the kubelet, a container runtime, and the kube-proxy.
KubeletΒΆ
Kubelet is an agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn't manage containers which were not created by Kubernetes.
KubeProxyΒΆ
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
kube-proxy is in charge of updating iptables rules
kube-proxy uses the operating system packet filtering layer if there is one and it's available. Otherwise, kube-proxy forwards the traffic itself.
API PrimitivesΒΆ
PODΒΆ
The shared context of a Pod is a set of Linux namespaces, cgroups, and potentially other facets of isolation - the same things that isolate a container. Within a Pod's context, the individual applications may have further sub-isolations applied.
A Pod is similar to a set of containers with shared namespaces and shared filesystem volumes.
- Register Nodes
- Create PODs
- Monitor Nodes & PODs
Key Pod Container AttributesΒΆ
- name: The name of the container
- image: The container image
- ports: array of ports to expose. Can be granted a friendly name and protocol may be specified
- env: array of environment variables (environment variables)
- command: Entrypoint array (equal to Docker ENTRYPOINT)
- args: Arguments to pass to the command (equal to Docker CMD)
Container RuntimeΒΆ
The container runtime is the software that is responsible for running containers.
Kubernetes supports container runtimes such as containerd, CRI-O, and any other implementation of the Kubernetes CRI (Container Runtime Interface).
APIsΒΆ
Container v1 coreΒΆ
API terminologyΒΆ
Kubernetes generally leverages common RESTful terminology to describe the API concepts:
- A resource type is the name used in the URL (
pods,namespaces,services) - All resource types have a concrete representation (their object schema) which is called a kind
- A list of instances of a resource is known as a collection
- A single instance of a resource type is called a resource, and also usually represents an object
- For some resource types, the API includes one or more sub-resources, which are represented as URI paths below the resource