Introduction
In this article, we are going to explore Kubernetes and its usage and practical use case.
Agenda
- What are Kubernetes, Docker, MiniKube, Container, and Image
- The Architecture of Kubernetes and its components
- About K8's Services and its types
- Pods
- Security Measures
- Scripts
Kubernetes
It was released by Google in 2014 and written in the programming language Go. Google worked in CNCF and donated Kubernetes as the first open-source project.
It is also known as K8's. Kubernetes has this name because it does container orchestration. For eg., the Captain of the ship leads its team members. Kubernetes makes a decision about where and how the containerized application is placed on the server and when to scale up and down a number of replicas. on top of that, it decides when to start and stop the server.
The biggest service currently running on Kubernetes takes 10m requests per second and benefits greatly from autoscaling. Without K8s it will take at least a couple of hours to bring the new machine to life, now it is just a minute or two to bring it up to life, without manual intervention.
Docker
Docker is an open-source and container-based platform used to enable developers to create an image that has everything up and running. In earlier days we used to work with virtual machines which run on top of the Hypervisor, so it takes huge memory and VM. However, In this case, docker works with the help of the Docker engine which is a lightweight module.
For more information on how to setup and usage please follow the below link
Docker With Node.js (c-sharpcorner.com)
Minikube
Minikube is used to quickly set up a local Kubernetes cluster on macOS, Linux, and Windows. This helps application developers and new Kubernetes users. Please note this is a non-production work environment.
Please refer to more detail in the following link
Welcome! | minikube (k8s.io)
Container
A container is a package of software that has a project and its dependencies as an image and it's a lightweight virtual environment to run the application.
Image
It represents data that encapsulates an application and all its software dependencies. The images are executable software bundles that can run as a standalone.
Architecture of Kubernetes
![Source : https://kubernetes.io/docs/concepts/overview/components/]()
Source: cloudfront.net
The main components of Kubernetes architecture are
- Control Panel
- Worker Node
- Interaction between control panel vs worker node sequence diagram
Control Panel
The control panel consists of the following components, each does its own specialization
| Component Name |
What it does |
| apiserver |
This is the front runner for the control panel, where it will interact with worker nodes. This is used to design to scale horizontally if new nodes are on addition or deletion. |
| etcd |
It has key-value pair, where it stores all vital information of the cluster to keep running.
For further information please follow this link Why etcd | etcd
|
| schedular |
This is used to watch the newly created pods and map the node to make it run. |
| control manager |
This regulates and continuously watches the state of the cluster, and then makes changes on a demand basis. It continuously connects to apiserver, which receives all information from the worker node using kubelet.
It has four types of controller
- Node Controller
- Job Controller
- Endpoint slice controller
- Service Account Controller
|
| cloud control manager |
This is used specifically for cloud-specific control logic. This ccm is used to connect to your cloud provider API. It has three types of controllers
- Node controller
- Route controller
- Service controller
|
Worker Node
| Component Name |
What it does |
| k-proxy |
It's a proxy that runs on each node, this is used to allow network communication to your pods. |
| kubelet |
It acts as an agent which runs on each node in the cluster. Its job is to make sure containers are running in Pod |
Interaction between Control Panel vs Worker Node Sequence Diagram
![Hello Kubernetes - Kubernetes Succinctly Ebook | Syncfusion]()
source from: https://www.syncfusion.com/books/kubernetes-succinctly/Images/pod-creation-sequence-source.png
About K8's Services and its types
A K8's services are used to expose applications both internally and externally. Every service will create an IP address that can be used as a connector, On top of that, a few services can create ports in every node.
Types of Services
| Types of Services |
What it does |
| Cluster IP (default) |
This is the default type of service in K8s. This uses an internal IP address and port. The limitation of this service is able to connect only with the internal system. if you want to connect from an external system, this service won't fit for the purpose. |
| NodePort |
It exposes ports in each node between the range 30000-32767. This is preferred for non-HTTP communication. It is used to connect external systems and acts as a single point of source, then internally it connects multi-node with a load balancer mechanism.
Accessible on the same network, who can able to ping host nodes.
|
| LoadBalancer |
It uses a load balancer concept. Accessible to everyone connected to the internet. |
Topology about Kubernetes Service
![]()
source from: https://i.stack.imgur.com/1owA5.jpg
Pods
Pods are tiny deployable units in K8s, which facilitate the creation and management. Also, Pod is a set of one or more containers that shared namespace, storage, and network resource to run in the container(s).
Interaction between Pods and Service
In the below diagram, you can see four pods are connected with node port service and this has an exposed external layer. Here the pods will create/terminate based on the threshold.
![100 Days Of Kubernetes — Pods.]()
source from here
Security Measures
Please find a few security measures which we need to take care of in Kubernetes.
- Implementation of Ratelimit to avoid DDOS attach
- Define the memory limit based on the pod size
- Avoid anonymous access, and opt for low-level privileges
- please follow the link to get some more insight into security https://www.tigera.io/learn/guides/kubernetes-security/
Few Scripts
Create a namespace for each environment
#filename : namespace.yml
---
apiVersion: v1
kind: Namespace
metadata:
name: development
---
apiVersion: v1
kind: Namespace
metadata:
name: qa
---
apiVersion: v1
kind: Namespace
metadata:
name: production
The following code needs to execute to apply the above namespace
kubectl apply -f namespace.yml
Deployment Script
#filename: deployment.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-deployment
namespace: development
labels:
app: hello-world
spec:
replicas: 3
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world-container
image: <This is your docker image>
# security script start
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
# security script end
ports:
- containerPort: 3000
The following code needs to execute to deploy the above YAML script.
kubectl apply -f deployment.yml
Sample Service Yaml Script
#filename: service.yml
---
apiVersion: v1
kind: Service
metadata:
name: hello-world-service
namespace: development
spec:
selector:
app: hello-world
ports:
- port: 80
targetPort: 3000
type: LoadBalancer
#This is where we need to define what type of service ClusterIP|Nodeport|loadbalancer>
The following code is used to create a new service
kubectl apply -f service.yml
I hope this article gives an overview of Kubernetes and its internal ecosystem. Thanks for reading, will catch up in the next session.