Kubernetes

Description:

• Container orchestration engine by:
  • Declaratively state the config
  • imperatively
• Automating deployment, scaling, and management of containerized applications.
  • good for Microservices
• Docs and Ref
• Why?
  • manage multiple hosts container orchestration
  • auto-scaling
  • load-balancing
  • self-healing
  • rolling updates and rollbacks
• context = user + cluster + namespace
• v1.34

A. Documentations v1.34

B. Getting started

1. Learning environment

2. Prod environment:

3. Best practices

C. Concepts:

1. Overview:

Components:

• 
• Kubernetes Control Plane
• Kubernetes Data Plane consist of Kubernetes Nodes
• Add-ons:
  • .

Objects in K8s, Kubernetes Objects

The Kubernetes API:

2. Cluster Architecture:

.

• 
• Control plane components
• Node components:
• data plane is made of Kubernetes Nodes

Kubernetes Nodes

3. Containers:

4. Workloads:

1. Kubernetes Pod

2. Workload management:

• Kubernetes Deployment
• Kubernetes ReplicaSet
• K8s StatefulSets
• Kubernetes DaemonSet
• Kubernetes Job
• Kubernetes Automatic Cleanup for Finished Jobs
• Kubernetes CronJob
• Kubernetes ReplicationController

3. Autoscaling workloads

4. Managing workloads

5. Vertical pod autoscaling

5. Service, load balancing and networking:

0

• The Kubernetes network model***
  • each pod in a cluster gets its own cluster-wide unique IP address
    • containers in a pod are in same namespace, communicated with eachother over localhost
  • The pod network (cluster network) handles communication between pods, ensure that
    • all pods can communicate with all other pods, same or different node, without proxy or NAT
    • agents on a node (system daemons, or kubelet daemon) can communicate with all pods on that node
  • Kubernetes Service API create a long-lived IP or hostname for a service implemented by one or more backend pods
    • ?
  • K8s Gateway API allows you to make services accessible to clients that are outside the cluster
  • K8s Network Policy is a built-in Kubernetes API that allows you to control traffic between pods, or between pods and the outside world.

Kubernetes Service

…

Service ClusterIP allocation

6. Storage:

• K8s Volumes

7. Configuration

8. Security

9. Policies

10. Scheduling, preemption and eviction

Kubernetes Scheduler

Assigning pods to Nodes

• Node Label
• nodeSelector
  • strict placement → atleast 1 node must match every labels for it to be scheduled
• Affinity and anti-affinity
  • Node Affinity
    • more advanced than nodeSelector, doesnt have to only specify the name
    • requiredDuringSchedulingIgnoredDuringExecution:
      • The scheduler can’t schedule the Pod unless the rule is met. This functions like nodeSelector, but with a more expressive syntax.
    • preferredDuringSchedulingIgnoredDuringExecution:
      • The scheduler tries to find a node that meets the rule. If a matching node is not available, the scheduler still schedules the Pod.
        • weight 1-100
  • inter-pod affinity and anti-affinity:
    • Types of Inter-pod Affinity and Anti-affinity
      • this pod should/shouldnt run in node with property X if X is already has 1 or more pod that meet rule Y
      • use requiredDuringSchedulingIgnoredDuringExecution to
    • Scheduling behavior:
      1. hard constraints: node filtering
         1. podAffinity.requiredDuringSchedulingIgnoredDuringExecution and podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution

    • Scheduling a Group of Pods with Inter-pod Affinity to Themselves

• nodeName
• nominatedNodeName
• Pod topology spread constraints
• Operators

Pod overhead

Kubernetes Taint and Kubernetes Toleration

• Concept:
  • A Taint is applied to a node to indicate that it should not accept certain pods unless they explicitly tolerate it.
    • Kubernetes Control Plane has taint by default
    • tolerate must match by key-value and have same effect
  • A taint repels all pods that do not have a matching toleration
  • adding nodeName to a pod will bypass scheduler
    • if the node also has NoExecute taint set, the kubelet will eject the pod if it doesnt have right tolerant
  • allowed value for effect:
    • NoExecute:
      • pods that do not tolerate are evicted immediately
      • pods that telerate will remaind for tolerationSeconds if set, otherwise forever
    • NoSchedule:
      • running pods say running, no new pod without toleration
    • PreferNoSchedule:
      • Control plane will try to avoid if there is other node
  • Multiple taints and tolerations can be added…
• uses cases:
  • Dedicated node: can be set so that a node can only be used by a user or group (Admission Control)
  • Nodes with special hardware: …
  • Tainted-based eviction
• Tainted based eviction:
  • .
• Taintnodes by condition

11. Cluster administration:

Cluster networking

• .
• .
• How to implement The Kubernetes network model
  • implemented by the container runtime on each node
  • most Container Runtime use Container Network Interface
    • main functions:
      • assign ip to pods
      • creat network interface for pods
      • IP management (IPAM)
      • Network policy management
      • pod to pod networking

12. Windows in kubernetes

13. Extending kubernetes

D. Tasks:

1. Install tools:

• kubectl
• KIND
• Minikube
• kubeadm

2. Adminster a cluster with kubeadm

6.

8. Run applications:

• …
• K8s Horizontal Pod Autoscaling vs K8s Vertical Pod Autoscaler
• ..
• K8s Pod Disruption Budget
• s

9. Run jobs

E. Tutorials

F. Reference

Kubernetes API

Workload resources

• written in each object’s API section

…

Common definition:

• …
• Kubernetes Label Selector
• NodeSelectorRequirement
  • key
  • operator
  • values

API access control

Admission Control

Networking reference

Setup tools:

kubeadm

kubectl

---