learnings
Infrastructure
Kubernetes
Architecture

Architecture

Kubernetes is designed to be a distributed system that runs on a cluster of machines. The architecture of Kubernetes is based on a master-slave model, where the master node is responsible for managing the cluster and the worker nodes are responsible for running the applications.

Nodes

A Kubernetes cluster consists of one or more nodes, which can be physical or virtual machines. Each node is responsible for running the applications that make up the cluster. There are two types of nodes in a Kubernetes cluster: master nodes, responsible for managing the cluster, and worker nodes, responsible for running the applications.

graph TD

  subgraph Master Node
    API[API Server]
    SCH[Scheduler]
    CM[Controller Manager]
    ETCD[etcd]
    KCM[Kube Controller Manager]
    CCM[Cloud Controller Manager]
  end

  subgraph Worker Node
    KubeProxy[kube-proxy]
    Kubelet[Kubelet]
    CRI[Container Runtime Interface]
    Pods[Pods]
  end

  API --> ETCD
  SCH --> API
  CM --> API
  KCM --> API
  CCM --> API

  API --> Kubelet
  Kubelet --> CRI
  Kubelet --> Pods
  KubeProxy --> API
  KubeProxy --> Pods

Master Node

The master node is the control plane of the Kubernetes cluster. It is responsible for managing the cluster, scheduling applications, and monitoring the health of the cluster. The master node consists of several components:

  • API Server: The API server is the central management point for the cluster. It exposes the Kubernetes API, which allows users to interact with the cluster.
  • Scheduler: The scheduler is responsible for placing applications on the worker nodes. It takes into account factors such as resource requirements, affinity, and anti-affinity rules.
  • Controller Manager: The controller manager is responsible for managing the various controllers that are responsible for maintaining the desired state of the cluster.
  • etcd: etcd is a distributed key-value store that is used to store the state of the cluster. It is used by the master components to store configuration data and the state of the cluster.
  • Cloud Controller Manager: The cloud controller manager is responsible for interacting with the cloud provider to manage resources such as load balancers, storage volumes, and virtual machines.

Worker Node

The worker nodes are responsible for running the applications that make up the cluster. Each worker node consists of several components:

  • Kubelet: The kubelet is an agent that runs on each worker node and is responsible for managing the containers on that node. It communicates with the master node to receive instructions on what containers to run.
  • Kube-proxy: The kube-proxy is responsible for managing network connectivity to the containers running on the node. It maintains network rules and forwards traffic to the appropriate containers.
  • Container Runtime: The container runtime is responsible for running the containers on the node. Kubernetes supports several container runtimes, including Docker and containerd.

Kubernetes Objects

The smallest unit of deployment in Kubernetes is a pod, which represents a single instance of an application. A pod is an abstraction that represents a group of one or more containers that share resources such as networking and storage, and can be scheduled together on a worker node. They are ephemeral and can be created, destroyed, and replaced dynamically.

But a pod is only one of many types of objects that Kubernetes uses to manage the state of the cluster. Here is a diagram that shows some of the key objects in Kubernetes and how they relate to each other:

graph LR
    subgraph Workloads
        Deployment["Deployment"]
        StatefulSet["StatefulSet"]
        DaemonSet["DaemonSet"]
        Job["Job"]
        CronJob["CronJob"]
        Pod["Pod"]
    end

    subgraph Services
        ClusterIP["ClusterIP"]
        NodePort["NodePort"]
        LoadBalancer["LoadBalancer"]
    end

    subgraph ConfigAndStorage
        ConfigMap["ConfigMap"]
        Secret["Secret"]
        PVC["PersistentVolumeClaim"]
        PV["PersistentVolume"]
        StorageClass["StorageClass"]
    end

    subgraph Networking
        Service["Service"]
        Ingress["Ingress"]
        NetworkPolicy["NetworkPolicy"]
    end

    subgraph Metadata
        Namespace["Namespace"]
        RBAC["RBAC"]
        ResourceQuota["ResourceQuota"]
        LimitRange["LimitRange"]
    end

    Deployment --> Pod
    StatefulSet --> Pod
    DaemonSet --> Pod
    Service --> Pod
    Ingress --> Service
    PVC --> PV
    PV --> StorageClass
    Pod --> ConfigMap
    Pod --> Secret
    Namespace --> Metadata
    Namespace --> Workloads
    Namespace --> ConfigAndStorage
    Namespace --> Services
    Namespace --> Networking
    RBAC --> Metadata
    ResourceQuota --> Namespace
    LimitRange --> Namespace

Common Objects

Here is a description of the most common objects in Kubernetes (not an exhaustive list):

Object Type Description
Pod Workloads The smallest deployable unit in Kubernetes. Represents a single instance of a running process in a cluster.
Deployment Workloads Manages the deployment and scaling of Pods. Ensures a desired number of replicas are running at all times.
StatefulSet Workloads Manages Pods that require stable network identities and persistent storage. Commonly used for stateful applications like databases.
DaemonSet Workloads Ensures that a copy of a Pod runs on all (or selected) nodes in the cluster. Often used for system services like logging or monitoring.
Job Workloads Runs a batch task until completion. Ensures a specified number of successful completions for the task.
CronJob Workloads Schedules Jobs to run periodically at specified times, similar to cron in Unix/Linux systems.
Service Networking Exposes a set of Pods as a network service. Can load balance traffic and make Pods accessible internally or externally.
Ingress Networking Manages external HTTP and HTTPS access to Services, providing routing, load balancing, and SSL termination.
ConfigMap Configuration Stores non-sensitive configuration data for Pods, such as configuration files or environment variables.
Secret Configuration Stores sensitive data like passwords, tokens, or keys. Data is encoded and accessible to Pods securely.
PersistentVolume (PV) Storage Represents storage in the cluster. Provisioned by an administrator or dynamically created through a StorageClass.
PersistentVolumeClaim (PVC) Storage A request for storage by a user. Links Pods to PersistentVolumes.
StorageClass Storage Defines storage types and parameters for dynamically provisioning PersistentVolumes.
Namespace Cluster Organization Provides a way to group and organize resources within a cluster, offering logical isolation.
NetworkPolicy Security Defines rules for network traffic to and from Pods. Helps secure cluster communications.
ReplicaSet Workloads Ensures that a specified number of replicas of a Pod are running at any given time. Used by Deployments under the hood.
ResourceQuota Resource Management Defines resource usage limits within a Namespace, such as CPU, memory, or the number of objects.
LimitRange Resource Management Specifies default resource requests and limits for Pods and Containers in a Namespace.
HorizontalPodAutoscaler (HPA) Scaling Automatically adjusts the number of Pods in a Deployment or ReplicaSet based on CPU, memory, or custom metrics.
ClusterRole Security Defines cluster-wide permissions for accessing Kubernetes resources.
Role Security Defines permissions for accessing resources within a specific Namespace.
RoleBinding Security Grants a Role to a user or group within a specific Namespace.
ClusterRoleBinding Security Grants a ClusterRole to a user or group cluster-wide.

Resource Management

Controllers

Controllers are objects in Kubernetes that manage the state of the cluster. They ensure that the desired state of the cluster matches the actual state by creating, updating, and deleting resources as needed. Controllers are responsible for maintaining the desired number of replicas of a Pod, managing the lifecycle of a Pod, and ensuring that Pods are scheduled on the appropriate nodes.

Examples of controllers in Kubernetes include Deployments, StatefulSets, DaemonSets, Jobs, and CronJobs.

Services

A service in Kubernetes is an abstraction that represents a set of Pods and provides a consistent way to access them. Services can load balance traffic across a set of Pods, provide a stable network endpoint for Pods, and make Pods accessible internally or externally.

There are several types of services in Kubernetes, including ClusterIP, NodePort, LoadBalancer, and ExternalName.

Labels and Selectors

Labels are key-value pairs that are attached to objects in Kubernetes. They are used to identify and select objects in the cluster. Labels can be used to group related objects, filter objects based on specific criteria, and define relationships between objects.

Selectors are used to filter objects based on their labels. They allow you to select a subset of objects in the cluster based on specific criteria. Selectors are used by controllers and services to identify the objects they need to manage or expose.

Namespaces

Namespaces provide a way to group and organize resources within a cluster. They offer logical isolation and help prevent naming conflicts between resources. Namespaces can be used to divide a cluster into multiple virtual clusters, each with its own set of resources and policies.

Configuration