Architecture
Kubernetes is designed to be a distributed system that runs on a cluster of machines. The architecture of Kubernetes is based on a master-slave model, where the master node is responsible for managing the cluster and the worker nodes are responsible for running the applications.
Nodes
A Kubernetes cluster consists of one or more nodes, which can be physical or virtual machines. Each node is responsible for running the applications that make up the cluster. There are two types of nodes in a Kubernetes cluster: master nodes, responsible for managing the cluster, and worker nodes, responsible for running the applications.
Master Node
The master node is the control plane of the Kubernetes cluster. It is responsible for managing the cluster, scheduling applications, and monitoring the health of the cluster. The master node consists of several components:
- API Server: The API server is the central management point for the cluster. It exposes the Kubernetes API, which allows users to interact with the cluster.
- Scheduler: The scheduler is responsible for placing applications on the worker nodes. It takes into account factors such as resource requirements, affinity, and anti-affinity rules.
- Controller Manager: The controller manager is responsible for managing the various controllers that are responsible for maintaining the desired state of the cluster.
- etcd: etcd is a distributed key-value store that is used to store the state of the cluster. It is used by the master components to store configuration data and the state of the cluster.
- Cloud Controller Manager: The cloud controller manager is responsible for interacting with the cloud provider to manage resources such as load balancers, storage volumes, and virtual machines.
Worker Node
The worker nodes are responsible for running the applications that make up the cluster. Each worker node consists of several components:
- Kubelet: The kubelet is an agent that runs on each worker node and is responsible for managing the containers on that node. It communicates with the master node to receive instructions on what containers to run.
- Kube-proxy: The kube-proxy is responsible for managing network connectivity to the containers running on the node. It maintains network rules and forwards traffic to the appropriate containers.
- Container Runtime: The container runtime is responsible for running the containers on the node. Kubernetes supports several container runtimes, including Docker and containerd.
Kubernetes Objects
The smallest unit of deployment in Kubernetes is a pod, which represents a single instance of an application. A pod is an abstraction that represents a group of one or more containers that share resources such as networking and storage, and can be scheduled together on a worker node. They are ephemeral and can be created, destroyed, and replaced dynamically.
But a pod is only one of many types of objects that Kubernetes uses to manage the state of the cluster. Here is a diagram that shows some of the key objects in Kubernetes and how they relate to each other:
Common Objects
Here is a description of the most common objects in Kubernetes (not an exhaustive list):
| Object | Type | Description |
|---|---|---|
| Pod | Workloads | The smallest deployable unit in Kubernetes. Represents a single instance of a running process in a cluster. |
| Deployment | Workloads | Manages the deployment and scaling of Pods. Ensures a desired number of replicas are running at all times. |
| StatefulSet | Workloads | Manages Pods that require stable network identities and persistent storage. Commonly used for stateful applications like databases. |
| DaemonSet | Workloads | Ensures that a copy of a Pod runs on all (or selected) nodes in the cluster. Often used for system services like logging or monitoring. |
| Job | Workloads | Runs a batch task until completion. Ensures a specified number of successful completions for the task. |
| CronJob | Workloads | Schedules Jobs to run periodically at specified times, similar to cron in Unix/Linux systems. |
| Service | Networking | Exposes a set of Pods as a network service. Can load balance traffic and make Pods accessible internally or externally. |
| Ingress | Networking | Manages external HTTP and HTTPS access to Services, providing routing, load balancing, and SSL termination. |
| ConfigMap | Configuration | Stores non-sensitive configuration data for Pods, such as configuration files or environment variables. |
| Secret | Configuration | Stores sensitive data like passwords, tokens, or keys. Data is encoded and accessible to Pods securely. |
| PersistentVolume (PV) | Storage | Represents storage in the cluster. Provisioned by an administrator or dynamically created through a StorageClass. |
| PersistentVolumeClaim (PVC) | Storage | A request for storage by a user. Links Pods to PersistentVolumes. |
| StorageClass | Storage | Defines storage types and parameters for dynamically provisioning PersistentVolumes. |
| Namespace | Cluster Organization | Provides a way to group and organize resources within a cluster, offering logical isolation. |
| NetworkPolicy | Security | Defines rules for network traffic to and from Pods. Helps secure cluster communications. |
| ReplicaSet | Workloads | Ensures that a specified number of replicas of a Pod are running at any given time. Used by Deployments under the hood. |
| ResourceQuota | Resource Management | Defines resource usage limits within a Namespace, such as CPU, memory, or the number of objects. |
| LimitRange | Resource Management | Specifies default resource requests and limits for Pods and Containers in a Namespace. |
| HorizontalPodAutoscaler (HPA) | Scaling | Automatically adjusts the number of Pods in a Deployment or ReplicaSet based on CPU, memory, or custom metrics. |
| ClusterRole | Security | Defines cluster-wide permissions for accessing Kubernetes resources. |
| Role | Security | Defines permissions for accessing resources within a specific Namespace. |
| RoleBinding | Security | Grants a Role to a user or group within a specific Namespace. |
| ClusterRoleBinding | Security | Grants a ClusterRole to a user or group cluster-wide. |
Resource Management
Controllers
Controllers are objects in Kubernetes that manage the state of the cluster. They ensure that the desired state of the cluster matches the actual state by creating, updating, and deleting resources as needed. Controllers are responsible for maintaining the desired number of replicas of a Pod, managing the lifecycle of a Pod, and ensuring that Pods are scheduled on the appropriate nodes.
Examples of controllers in Kubernetes include Deployments, StatefulSets, DaemonSets, Jobs, and CronJobs.
Services
A service in Kubernetes is an abstraction that represents a set of Pods and provides a consistent way to access them. Services can load balance traffic across a set of Pods, provide a stable network endpoint for Pods, and make Pods accessible internally or externally.
There are several types of services in Kubernetes, including ClusterIP, NodePort, LoadBalancer, and ExternalName.
Labels and Selectors
Labels are key-value pairs that are attached to objects in Kubernetes. They are used to identify and select objects in the cluster. Labels can be used to group related objects, filter objects based on specific criteria, and define relationships between objects.
Selectors are used to filter objects based on their labels. They allow you to select a subset of objects in the cluster based on specific criteria. Selectors are used by controllers and services to identify the objects they need to manage or expose.
Namespaces
Namespaces provide a way to group and organize resources within a cluster. They offer logical isolation and help prevent naming conflicts between resources. Namespaces can be used to divide a cluster into multiple virtual clusters, each with its own set of resources and policies.