Notes to Self

Alex Sokolsky's Notes on Computers and Programming

Kubernetes Concepts

k8s cluster

k8s runs workload by placing containers into Pods to run on Nodes. Each node is managed by the control plane and contains the services necessary to run Pods.

Control Plane Components

Node

There are master and worker nodes

Node components:

Master node has:

About node ops.

To manage association of pods to nodes, we assign a taint to a node and toleration to a pod.

List node taints

To list node taints:

kubectl get nodes -o json|jq '.items[].spec.taints'

Taint a node

To taint the node1 with key1=value1:

kubectl taint nodes node1 key1=value1:NoSchedule

No pod will be able to schedule onto node1 unless it has a matching toleration.

Remove the node taint

To remove the taint added by the command above, you can run:

kubectl taint nodes node1 key1=value1:NoSchedule-

Pod

A pod is the smallest deployable unit, a wrapper around one or more containers.

You specify a toleration for a pod in the PodSpec. Both of the following tolerations “match” the taint created by the kubectl taint line above, and thus a pod with either toleration would be able to schedule onto node1:

tolerations:
- key: "key1"
  operator: "Equal"
  value: "value1"
  effect: "NoSchedule"
tolerations:
- key: "key1"
  operator: "Exists"
  effect: "NoSchedule"

Addons

Addons use resources (DaemonSet, Deployment, etc) to implement cluster features. Namespaced resources for addons belong within the kube-system namespace. Include:

Deployment

Deployment is a Kubernetes controller that matches the current state of your cluster to the desired state mentioned in the Deployment manifest.

Deployment creates a ReplicaSet which, in turn, creates pod(s).

StatefulSet

StatefulSet is manages stateful applications. It manages the deployment and scaling of a set of Pods, and provides guarantee about the ordering and uniqueness of these Pods.

StatefulSet is also a Controller but unlike Deployment, it doesn’t create ReplicaSet rather itself creates the Pod with a unique naming convention.

DaemonSet

A DaemonSet is a controller that ensures that the pod runs on all the nodes of the cluster.

Comparisons

deployments-vs-statefulsets-vs-daemonsets

crictl

crictl is a container runtime cli. See also contanerd.

etcd

cli: etcdctl:

Listens on port 2379.

Env var ETCDCTL_API determines API version used, defaults to 2.

etcdctl v2

etcdctl set key1 val1

More commands:

etcdctl v3

etcdctl put key1 val1
etcdctl get key1

More commands:

kube-apiserver

does:

kube-apiserver is the only entity talking to etcd

kube controller manager

Controller monitors state of some object(s)

kube controller manager uses kube-apiserver to monitor node status:

kube-scheduler

Decides which pod goes to which node. Actual deployment is done by a kubelet.

Decision making process:

Relevant attributes:

kubelet

Note: kubeadm does NOT deploy kubelets.

kube-proxy

kube-proxy:

YAML manifests

Always have: