Notes to Self

Alex Sokolsky's Notes on Computers and Programming

Kubernetes Concepts

k8s cluster

k8s runs workload by placing containers into Pods to run on Nodes. Each node is managed by the control plane and contains the services necessary to run Pods.

Control Plane Components


There are master and worker nodes

Node components:

Master node has:

About node ops.

To manage association of pods to nodes, we assign a taint to a node and toleration to a pod.

List node taints

To list node taints:

kubectl get nodes -o json|jq '.items[].spec.taints'

Taint a node

To taint the node1 with key1=value1:

kubectl taint nodes node1 key1=value1:NoSchedule

No pod will be able to schedule onto node1 unless it has a matching toleration.

Remove the node taint

To remove the taint added by the command above, you can run:

kubectl taint nodes node1 key1=value1:NoSchedule-


A pod is the smallest deployable unit, a wrapper around one or more containers.

You specify a toleration for a pod in the PodSpec. Both of the following tolerations “match” the taint created by the kubectl taint line above, and thus a pod with either toleration would be able to schedule onto node1:

- key: "key1"
  operator: "Equal"
  value: "value1"
  effect: "NoSchedule"
- key: "key1"
  operator: "Exists"
  effect: "NoSchedule"


Addons use resources (DaemonSet, Deployment, etc) to implement cluster features. Namespaced resources for addons belong within the kube-system namespace. Include:


Deployment is a Kubernetes controller that matches the current state of your cluster to the desired state mentioned in the Deployment manifest.

Deployment creates a ReplicaSet which, in turn, creates pod(s).


StatefulSet is manages stateful applications. It manages the deployment and scaling of a set of Pods, and provides guarantee about the ordering and uniqueness of these Pods.

StatefulSet is also a Controller but unlike Deployment, it doesn’t create ReplicaSet rather itself creates the Pod with a unique naming convention.


A DaemonSet is a controller that ensures that the pod runs on all the nodes of the cluster.




crictl is a container runtime cli. See also contanerd.


cli: etcdctl



kube-apiserver is the only entity talking to etcd

kube controller manager

Controller monitors state of some object(s)

kube controller manager uses kube-apiserver to monitor node status:


Decides which pod goes to which node. Actual deployment is done by a kubelet.

Decision making process:

Relevant attributes:


Note: kubeadm does NOT deploy kubelets.



YAML manifests

Always have: