Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications
Kubernetes is an orchestration system to deploy and manage containers in order to serve decoupled and transcient services.
Kubernetes, Greek word for Helmsman (or pilot of the ship), has been created by Google from their experience on internal Google products called Borg, which has been used during 15 years, and Omega (know more by listening to GCP Podcast episode).
Kubernetes is written in Go language, with the Apache license.
Google donated Kubernetes to the Cloud Native Computing Foundation (CNCF) within The Linux Foundation in July 2015, when Kubernetes reached the v1.0 release.
Read more:
- Glossary
- Slack
- What is Kubernetes? (by Microsoft)
- From Google to the world: The Kubernetes origin story - Craig McLuckie (2016)
- RisingStack - The History of Kubernetes on a Timeline - Jun 20, 2018
- 2013: Omega project starts (publication)
- 2014-06-07: Kubernetes first commit (log)
- 2015-06-21: CNCF creation (annoucement)
- 2015-07-31: Kubernetes version 1.0 (release 1.0.1)
- 2018-03-06: First CNCF Graduated Project (annoucement, Blog)
- 2020-03-25: Kubernetes V1.18 release (release note)
Other solutions to manage containerized workload:
Core features:
- Autoscaling
- Service discovery & Load-balancing
- Self-healing
- Secret & Configuration management
- Automatic rollbacks & Rollouts
- Batch execution
Add-ons features:
- Centralized logging
- Monitoring
Read more:
- Principles of Container-based Application Design
- Bilgin Ibryam - Designing Cloud Native Applications With kubernetes
- Head node(s) (only Linux, previously named master node(s)): main manager which have several agents, all head nodes constitue the Control Plane
-
kube-apiserver(frontend): handles all traffic (internal & external), authenticates/validates and forwards API calls (REST operations), persists state inetcd(only component to talk to the database)Additional information
- Starting as an alpha feature in v1.16 is the ability to separate user-initiated traffic from server-initiated traffic.
-
kube-scheduler: determines which node will host a Pod (through an algorithm) -
etcd: database/storage system (b+tree key-value store) of the cluster state, container settings, networking configurationsAdditional information
- Rather than finding and changing an entry, values are always appended to the end. Previous copies of the data are then marked for future removal by a compaction process. It is expected to receive error 409 errors if the value has been updated between while processing a request.
- There is a master database along with possible followers. While very fast and potentially durable, there have been some hiccups with new tools, such as kubeadm, and features like whole cluster upgrades.
-
kube-controller-manager: core control loop daemon which interacts with thekube-apiserverthat regulates the state of the system, responsible for running resource controllers such as Deployments -
cloud-controller-manager: interacts with the cloud provider (if cloud-based clusters), managing resources such as load balancers and disk volumes, allows cloud vendors to evolve independently from the core Kubernetes code
-
- Worder nodes (Linux, and Windows since 1.14 release)
kubelet: receives requests to run the containers, manages any necessary resources and watches over them on the local node, interacts with the local container engine, which isDockerby default, but could becontainerdorcri-o(or any implementation of the Kubernetes CRI (Container Runtime Interface))kube-proxy: creates and manages networking rules to expose the container on the network- 3 proxy-modes: 'userspace' (older) or 'iptables' (faster) or 'ipvs' (or 'kernelspace' for Windows)
Overview of CRI
Image taken from Kubernetes blog post Introducing Container Runtime Interface (CRI) in Kubernetes
Readings
Container Storage Interface (CSI) Specification (Understanding the Container Storage Interface (CSI))
Kubernetes Documentation > Concepts > Cluster Architecture
Kubernetes Documentation/Concepts/Cluster Architecture/Controllers
Controllers are a series of watch-loops which makes possible the orchestration through Kubernetes. Each Controller interrogates the kube-apiserver for a particular object state, modifying the object until the declared state matches the current state. These controllers are compiled into the kube-controller-manager.
Samples: kubernetes/sample-controller
Reference: Documentation / Getting started / Production environment / Container runtimes
Kubernetes uses a container runtime to run containers in Pods. There are mainly 3:
- Docker engine is the default container runtime for Kubernetes
- CRI-O (cri-o/cri-o)
- containerd (containerd/containerd)
Note: rktlet and rkt projects have been ended
The Open Container Initiative (OCI) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. Source repositories are managed inside opencontainers GitHub organization.
There are currently two specifications:
Docker donated runC to OCI.
| Probe type | Reason |
|---|---|
| Readiness | Make sure the application is ready to accept traffic |
| Liveness | Make sure the application is running ok |
To make management easier, we can use Labels, arbitrary strings which become part of the object metadata.
Label selectors are a very powerful way to get the Kubernetes objects we want to interact with.
kubectl get pod -n <namespace> --selector app=<application-name>Introduced in 1.6 as an option when setting up clusters, should be turned on.
Tip: execute kubectl describe pod -n kube-system -l component=kube-apiserver and look at --authorization-mode to see if it's enabled
Kubernetes Objects:
- ClusterRole
- RoleBinding