{{announcement.body}}
{{announcement.title}}
refcard cover
Refcard #292

Advanced Kubernetes

Kubernetes is a distributed cluster technology that manages container-based systems in a declarative manner using an API. There are currently many learning resources to get started with the fundamentals of Kubernetes, but there is less information on how to manage Kubernetes infrastructure on an ongoing basis. This Refcard aims to deliver quick, accessible information for operators using any Kubernetes product.

Free PDF for Easy Reference

Brought to You By

Mesosphere
refcard cover

Written By

Section 1

About Kubernetes

Kubernetes is a distributed cluster technology that manages a container-based system in a declarative manner using an API. Kubernetes is an open-source project governed by the Cloud Native Computing Foundation (CNCF) and counts all the largest cloud providers and software vendors as its contributors along with a long list of community supporters.

There are currently many learning resources to get started with the fundamentals of Kubernetes, but there is less information on how to manage Kubernetes infrastructure on an ongoing basis. This Refcard aims to deliver quickly accessible information for operators using any Kubernetes product.

For an organization to deliver and manage Kubernetes clusters to every line of business and developer group, operations needs to architect and manage both the core Kubernetes container orchestration and the necessary auxiliary solutions (addons) — for example, monitoring, logging, and CI/CD pipeline. The CNCF maps out many of these solutions and groups them by category in the “CNCF Landscape.”

In 2019, Gartner predicted that by 2022, more than 75% of global organizations would be running containerized applications in production, up from less than 30% at that time. The CNCF Survey 2019, published roughly one year later in 2020, says that more than that are already in production. This research points out how quickly Kubernetes is being adopted and what a strategic role it plays in the global digital landscape.

Kubernetes differs from the orchestration offered by configuration management solutions in that it provides a declarative API that collects, stores, and processes events in an eventually consistent manner.

A few traits of Kubernetes include:

  • Abstraction – Kubernetes abstracts the application orchestration from the infrastructure resource and as-a-service automation. This allows organizations to focus on the APIs of Kubernetes to manage an application at scale in a highly available manner instead of the underlying infrastructure resources.
  • Declarative – Kubernetes’ control plane decides how the hosted application is deployed and scaled on the underlying fabric. A user simply defines the logical configuration of the Kubernetes object, and the control plane takes care of the implementation.
  • Immutable – Different versions of services running on Kubernetes are completely new and not swapped out. Objects in Kubernetes, say different versions of a pod, are changed by creating new objects.

This is a preview of the Advanced Kubernetes Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 2

Basics

Figure 1: Simplified Kubernetes architecture and components

Control Plane, Nodes, and Persistent Storage

Kubernetes’ basic architecture requires a number of components.

API Server

The Kubernetes API server handles all requests coming into the cluster. Users, as well as other Kubernetes components, send events to the Kubernetes API Server through HTTPS (port 443). The API Server then processes events and updates the Kubernetes persistent data store, usually etcd. The API Server also performs authentication and authorization depending on how the cluster was configured.

https://kubernetes.io/docs/concepts/architecture/master-node-communication/

Etcd Cluster

Kubernetes uses etcd for persistent storage, providing a single source for all Kubernetes objects. A best practice is to ensure that there are multiple etcd instances to ensure high availability of the cluster. A loss of etcd storage will result in a loss of the cluster's state, so etcd should be backed up for disaster recovery. Since etcd is the single source of truth for the cluster, it's imperative to secure it against malicious actors.

https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/

Controller Manager

Kubernetes uses a control plane with several types of controllers to perform non-terminating control loops that observe the state of Kubernetes objects and reconcile it with the desired state. This includes a wide variety of functions such as invoking pod admission controllers, setting pod defaults, or injecting sidecar containers into pods, all according to the configuration of the cluster.

https://kubernetes.io/docs/concepts/architecture/controller/

Kubelet (Agent)

Each node in a Kubernetes cluster has an agent called the Kubelet. The Kubelet manages the container runtime (e.g., Docker, containerD, rkt) on individual nodes. It is the component that enables orchestration of multiple containers across many nodes and is critical to any Kubernetes cluster. The logs it produces are often the first place to troubleshoot problems and can be viewed on any given node with the command $ journalctl -u kubelet.

https://kubernetes.io/docs/concepts/overview/components/


This is a preview of the Advanced Kubernetes Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 3

Constructs

Kubernetes has a number of constructs for defining and managing objects on the cluster:

Construct Description
Namespaces
  • Kubernetes includes a means to segment a single physical cluster into separate logical clusters using namespacing.
  • Can be used to isolate users, teams, or applications and set quotas among other functions.
Pods
  • Encapsulate one or more tightly bound containers, the resources required to run these containers, and a network namespace.
  • Always scheduled on a single node, regardless of the number of containers that are run as part of that pod.
StatefulSets
  • A Kubernetes controller for managing workloads that require additional management of state due to application requirements.
  • Pods managed by a StatefulSet have a consistent naming convention and manner of connecting to persistent storage that might be required for some applications, particularly legacy apps or databases.
ReplicaSet
  • A construct (ordinarily created by a Deployment object) that ensures the desired number of copies (or replicas) of a pod that share a particular container image(s) are running.
  • Replicas may be used in the background when performing rollouts on a new deployment.
Roles
  • Sets of permissions that can be assigned to users or service accounts of a cluster.
  • Contain rules that specify which API set, object, and verbs are permitted for an account that's assigned a particular role.
Ingress and Load Balancing
  • Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
  • Load balancers ensure traffic is routed to multiple instances of the service running on the cluster to avoid a single point of failure of the service.
Deployments
  • Construct that provides capabilities for managing to the desired state of an app, allowing higher availability and dynamic scaling of workloads.
  • Include container deployment, placement, scaling, image updates, rollout, and rollback of a workload.
Services
  • Enable a consistent mechanism to access applications inside a cluster by providing a logical layer that assigns IP/DNS/etc. persistence to apps.
DaemonSet
  • Enables users to run a pod on all nodes in the cluster.
  • Ordinarily used by Kubernetes plugins or administrative addons that require code to be executed throughout the cluster (e.g., log aggregation, networking features).
Jobs and Cronjobs
  • Logic to run processes that run to completion (jobs) and processes that run at specific intervals to completion (cronjobs).
  • Kubernetes CronJobs schedule configuration is identical to Linux CronJob configuration.

This is a preview of the Advanced Kubernetes Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 4

Extensions

Kubernetes has a number of points to extend its core functionality:

Point Description
Custom Resource Definition (CRD)
  • Allows users to extend Kubernetes with custom APIs for different objects beyond the standard ones supported by Kubernetes.
Container Runtime Interface (CRI)
  • A plugin API that enables Kubernetes to support other container runtimes beyond Docker and Containerd.
Container Network Interface (CNI)
  • Gives users a choice of network overlay that can be used with Kubernetes to add networking features.
  • A networking plugin is required to run Kubernetes (e.g., Calico, Flannel, Canal, and other more niche/specific plugins).
Container Storage Interface (CSI)
  • Empowers users to support different storage systems through a driver model.

This is a preview of the Advanced Kubernetes Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 5

And More

Other sections include:

  • Kubectl
  • Manage Nodes
  • Test Plan – Test Clusters, Test Workloads
  • Troubleshoot – Troubleshoot With Kubectl, jq, and Curl; General Debugging
  • Feed Results to External Scripts
  • Etcd
  • Security Checklist
  • Additional Resources

This is a preview of the Advanced Kubernetes Refcard. To read the entire Refcard, please download the PDF from the link above.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}