Kubernetes Learning : What & How?

First Rhyme

• A pod can contain multiple containers
• A pod can always run on a Node
• A Node is a worker machine in Kubernetes (except static on Master )
• Each Node is managed by a Master
• A Node can have multiple pods

A. Kubernetes Master Components

kube-apiserver : Exposes K8s API

etcd : Key Value stoores used as K8s’ backing store for all cluster data

kube-scheduler : Watches pods that have no node assigned & select pods for nodes ( Factors for scheduling: 1. Resource Requirements 2. H/S Policy constraints, 3. Affinity, Taints & Tolerations, 4. Data Locality )

kube-controller-manager : Responsible for node controllers, replication controllers, endpoint controllers, service account & token controllers

cloud-controller-manager : Runs controllers that interact with underlying cloud providers

B. Kubernetes Node Components

kubelet : Agent that runs on each node. Makes sure that containers are running in the pod

kube-proxy : Acts as network proxy which maintains network rules on host and performing connection forwarding

Container Runtime : Software responsible for running container e.g. Docker

C. Kubernetes Objects

Pods ( Create , delete )

Services

Secrets

Namespaces

Deployments (Ops:Setting image, Rolling updates, — record ,Rollback,Scale)

$kubectl set image deployment my-deploy nginx=nginx:1.9.1 — record

$kubectl scale deployment mydeploy — replicas 10

$kubectl rollout undo deployment mydeploy

ReplicaSets (Ensuring desired number of pod replicas )

Daemonsets (Ensuring all nodes run a copy of pod incl new nodes starting)

PersistentVolume

PersistentVolumeClaim

& more …

D. Cluster Binding Constructs

NodeSelector ( defined under a pod’s spec to pick a node with matching label)

NodeAffinity (set of rules used by scheduler to determine where pod can be placed. Will replace NodeSelector in long run 1.requiredDuringSchedulingIgnoredDuringExecution — hard preference , and 2. preferredDuringScheduling IgnoredDuringExecution )

PodAffinity (What if you want to run BE pod in same node as App pod, or vv)

ResourceLimits (Defining mem & cpu limits for each pod that helps scheduler to decide appropriate node which fits capacity with 3 approaches viz. 1. Guaranteed 2. Burstable 3. Best Effort)

Static Pods (Scheduling pods without a Scheduler, run on master node, but better use DaemonSet configurations and run pods on worker nodes)

Taints (appplied on node, used to repel pods from specific nodes. Settings needed: key, value, effect (NoSchedule, PreferNoSchedule, NoExecute) and operator (equal, exist)

$kubectl taint nodes kubadm-worker001 key=value:NoSchedule

Tolerations (defined under spec-> container for deployment pods. In order to enter a tainted worker node, you need toleration)

Sidecar Pattern Running multiple containers as part of pod in single node (one container maybe initContainer, or not)

Ambassador Pattern Type of Sidecar Pattern where second container is primarily used to proxy the requests

Sidecar Container Adapter Pattern used to transform application output to standardize for aggregation e.g. adapter exists to transform the logs to go in standard app log format. And since containers in pods can share volumes, adapter can therefore easily access overall app logs. And fluentd.conf format can be described in metadata+data details