Kubernetes Concepts

k8s runs workload by placing containers into Pods to run on Nodes. Each node is managed by the control plane and contains the services necessary to run Pods.

Control Plane Components

Node

There are master and worker nodes

Node components:

• the kubelet - an agent that runs on each node in the cluster, makes sure that containers are running in a Pod.
• a container runtime, responsible for managing the execution and lifecycle of containers
• the kube-proxy, a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.

Master node has:

• etcd
• kube controller manager
• kube-scheduler
• kube-apiserver

About node ops.

To manage association of pods to nodes, we assign a taint to a node and toleration to a pod.

List node taints

To list node taints:

kubectl get nodes -o json|jq '.items[].spec.taints'

Taint a node

To taint the node1 with key1=value1:

kubectl taint nodes node1 key1=value1:NoSchedule

No pod will be able to schedule onto node1 unless it has a matching toleration.

Remove the node taint

To remove the taint added by the command above, you can run:

kubectl taint nodes node1 key1=value1:NoSchedule-

Pod

A pod is the smallest deployable unit, a wrapper around one or more containers.

You specify a toleration for a pod in the PodSpec. Both of the following tolerations “match” the taint created by the kubectl taint line above, and thus a pod with either toleration would be able to schedule onto node1:

tolerations:
- key: "key1"
  operator: "Equal"
  value: "value1"
  effect: "NoSchedule"

tolerations:
- key: "key1"
  operator: "Exists"
  effect: "NoSchedule"

Addons

Addons use resources (DaemonSet, Deployment, etc) to implement cluster features. Namespaced resources for addons belong within the kube-system namespace. Include:

• cluster DNS
• dashboard
• container resource monitoring
• cluster level logging
• network plugins

Deployment

Deployment is a Kubernetes controller that matches the current state of your cluster to the desired state mentioned in the Deployment manifest.

Deployment creates a ReplicaSet which, in turn, creates pod(s).

StatefulSet

StatefulSet is manages stateful applications. It manages the deployment and scaling of a set of Pods, and provides guarantee about the ordering and uniqueness of these Pods.

StatefulSet is also a Controller but unlike Deployment, it doesn’t create ReplicaSet rather itself creates the Pod with a unique naming convention.

DaemonSet

A DaemonSet is a controller that ensures that the pod runs on all the nodes of the cluster.

Comparisons

deployments-vs-statefulsets-vs-daemonsets

crictl

crictl is a container runtime cli. See also contanerd.

etcd

cli: etcdctl

kube-apiserver

does:

• user authentication
• request validation
• data retrieval (from etcd)
• etcd update
• talking to scheduler
• talking to kubelet

kube-apiserver is the only entity talking to etcd

kube controller manager

Controller monitors state of some object(s)

kube controller manager uses kube-apiserver to monitor node status:

• node monitor period - 5sec
• node monitor grace period - 40sec
• pod eviction timeout - 5min

kube-scheduler

Decides which pod goes to which node. Actual deployment is done by a kubelet.

Decision making process:

• filter nodes that do not need requested resorues
• rank nodes

Relevant attributes:

• resource requirements and limits
• taints and tolerations
• node selector/affinity

kubelet

• registers the node with the cluster
• creates pods
• monitors pod state

Note: kubeadm does NOT deploy kubelets.

kube-proxy

kube-proxy:

• runs on each node,
• allows for the pods across the nodes to talk to each other

YAML manifests

Always have:

• apiVersion
• kind
• metadata
• spec