Introduction to Kubernetes - other Kubernetes components and abstract concepts
Last time on the TechniClinical
- Me??I my dear friend, I do have great connection!
- How so?
- Well, you see… my app in K8S has sidecar with proxy, which cooperate with service mesh, which CRD is a gateway, which has a service that spawns load balancer, which has external authorization in rules thru OAuth but there is WAF in front of it anyway, which blocks all connections because you know… badinputrule
Other Kubernetes components and abstract concepts
If you are bit confused with the joke above after reading this article and my first article https://www.dhirubhai.net/pulse/introduction-kubernetes-main-components-dawid-francisczok/ you will understand it :)
In addition to all that Kubernetes also includes a number of other components and virtual concepts.
Services
Kubernetes services act as an abstract way to expose an application running on a set of Pods as a network service. You don't need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.
Policies
Kubernetes policies are a set of rules that define how a Kubernetes cluster should be configured and operated. They can be used to enforce best practices, prevent errors, and ensure compliance with organizational standards.
Objects
Kubernetes objects are persistent entities that represent the state of your cluster. You can create, modify, or delete them to tell the Kubernetes system what you want your cluster's workload to look like. To do this, you'll need to use the Kubernetes API, which you can access through the kubectl command-line interface or one of the Client Libraries.
Security
Kubernetes was designed with a security in mind. It provides all the features which are necessary in enterprise environments. There is a wide range of features that enable the security. From the high-level, like private networks and the data encryption, to the low-level features like securing the communication between the nodes using TLS, limiting the access to the API and securing the pods with RBAC.
RBAC Authorization
Kubernetes Role Based Access Control (RBAC) is a key security control that limits a user's or workload's access to resources to only what is required to execute their roles. It is important to design permissions for cluster users in a way that prevents privilege escalation, which could lead to security incidents.
Networking
The Kubernetes network model creates a clean, backwards-compatible model where Pods can be treated much like VMs or physical hosts from the perspectives of port allocation, naming, service discovery, load balancing, application configuration, and migration. Pods are treated as expendable and are assumed to be continuously replaced by identical (or interchangeable) copies.
In a Kubernetes network, each Pod gets its own IP address. This means that containers within a Pod can share their local network and do not have to map ports to each other. This simplifies applications significantly. Containers in different Pods have distinct IP addresses and can be treated as completely separate entities.
Kubernetes services provide a stable, virtual IP address and DNS name for a set of Pods. This lets you decouple the public-facing name of an application from the underlying implementation. It also enables load-balancing and service-failover.
Kubernetes supports a number of networking plugins, including those based on the Container Network Interface (CNI).
Storage
Kubernetes supports a variety of storage solutions, from simple local storage to complex, multi-region storage solutions.
Kubernetes supports multiple Kubernetes Storage Classes, which define how the cluster's storage is provisioned and consumed. Storage Classes allow an administrator to create and manage storage resources with specific performance, availability, and durability characteristics. Storage Classes can be used to bind persistent volumes to specific nodes, making it possible to replicate data across multiple nodes for high availability.
领英推荐
Kubernetes also supports dynamic provisioning of storage resources, allowing storage to be allocated on-demand when applications are deployed. This can be used to provision storage for development and testing environments, or to burst capacity for applications that have sporadic or unpredictable storage needs.
In addition to the core storage primitives, Kubernetes also provides a number of specialized storage solutions, including:
Kubernetes Persistent Volumes (KPVs): This storage solution provides a way to create and manage persistent volumes in Kubernetes. KPVs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.
Kubernetes PVCs: This storage solution provides a way to create and manage PVCs in Kubernetes. PVCs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.
Kubernetes Stateful Sets: This storage solution provides a way to create and manage stateful applications in Kubernetes. Stateful Sets are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.
Kubernetes Jobs: This storage solution provides a way to create and manage batch jobs in Kubernetes. Jobs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.
Metrics
Kubernetes provides a rich set of metrics that can be used to monitor the health and performance of applications and the Kubernetes system itself.
Kubernetes metrics are available through the Kubernetes API, and can be queried using the kube-state-metrics project.
Prometheus is a popular tool for monitoring Kubernetes, and the Prometheus Operator makes it easy to monitor Kubernetes with Prometheus.
Grafana is a popular tool for visualizing metrics, and can be used with Prometheus to create dashboards for monitoring Kubernetes.
The kube-prometheus project provides a comprehensive set of tools for monitoring Kubernetes, including Prometheus, Grafana, and the AlertManager.
Logging
Kubernetes provides a logging infrastructure that can be used to collect and aggregate logs from containers and pods.
The Fluentd project provides an open source log collector that can be used to collect and aggregate logs from containers and pods.
The Elasticsearch, Logstash, and Kibana (ELK) stack is a popular tool for storing, analyzing, and visualizing logs.
The EFK stack is a popular alternative to the ELK stack that uses Fluentd for log collection.
Scheduling, Preemption and Eviction
Scheduling in Kubernetes ensures that Pods are matched to Nodes so that the kubelet can run them. Preemption is the process of terminating Pods with lower Priority to make room for Pods with higher Priority. Eviction is the process of terminating one or more Pods on Nodes.
Scaling
One of the Kubernetes most prominent features is its scaling capability on the pods and nodes level. On the Pod level there are two basic method of scaling horizontal with Horizontal Pod Autoscaler and vertically with Vertical Pod Autoscaler. On the node level there is Cluster Autoscaler that will automatically adjust the number of nodes in a given node pool, based on the demands of your workloads, the guidelines he received in the configuration and the available resources.
Summary
Well... that is it! You now know all the core Kubernetes services and concepts, bit much huh?
Therefore, if you are looking for an experienced project manager with technical knowledge, contact me!
Let's find out how I can help you.