Kubernetes Concepts
Hardware Level Concepts
Under the concepts of Kubernetes, a couple of concepts are related to the hardware level.
Node
The node is the smallest unit in Kubernetes Cluster and represents a single machine (hardware) that consists of a volume space, memory, and processing power. This node can be either a physical machine instance/server or a virtual machine instance in a virtual environment like a VM server or cloud services.
Execute the following Kubernetes command to get node-level information and resource allocation between pods.
kubectl describe nodesName: ip-xxx–xxx–xxx–xxx.us-east-2.compute.internal
Roles: node
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/instance-type=m4.large
beta.kubernetes.io/os=linux
failure-domain.beta.kubernetes.io/region=us-east-2
failure-domain.beta.kubernetes.io/zone=us-east-2c
kops.k8s.io/instancegroup=nodes
kubernetes.io/hostname=ip-xxx.xxx.xxx.xxx.us-east-2.compute.internal
kubernetes.io/role=node
node-role.kubernetes.io/node=
Annotations: node.alpha.kubernetes.io/ttl=0
volumes.kubernetes.io/controller-managed-attach-detach=true
Taints: <none>
CreationTimestamp: Mon, 04 Jun 2018 16:15:14 +0530
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
...Addresses:
InternalIP: xxx.xxx.xxx.xxx
ExternalIP: xxx.xxx.xxx.xxx
InternalDNS: ip-xxx.xxx.xxx.xxx.us-east-2.compute.internal
ExternalDNS: ec2–xxx.xxx.xxx.xxx.us-east-2.compute.amazonaws.com
Hostname: ip-xxx.xxx.xxx.xxx.us-east-2.compute.internal
Capacity:
cpu: 2
memory: 8178068Ki
pods: 110
Allocatable:
cpu: 2
memory: 8075668Ki
pods: 110
System Info:
Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
System UUID: xxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx
Boot ID: xxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx
Kernel Version: 4.4.121-k8s
OS Image: Debian GNU/Linux 8 (jessie)
Operating System: linux
Architecture: amd64
Container Runtime Version: docker://1.13.1
Kubelet Version: v1.8.11
Kube-Proxy Version: v1.8.11
PodCIDR: xxx.xxx.xxx.xxx/xx
ExternalID: i-xxxxxxxxxxxxxxxx
Non-terminated Pods: (6 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
istio-system istio-mixer-7b7d4dc8db-dkkqz 0 (0%) 0 (0%) 0 (0%) 0 (0%)
kube-system kube-proxy-ip-172–20–35–235.us-east-2.compute.internal 100m (5%) 0 (0%) 0 (0%) 0 (0%)
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
CPU Requests CPU Limits Memory Requests Memory Limits
— — — — — — — — — — — — — — — — — — — — — — — — — -
500m (25%) 0 (0%) 0 (0%) 0 (0%)
Events:
Type Reason Age From Message
— — — — — — — — — — — — -
Normal NodeAllocatableEnforced 52m kubelet, ip-172–20–35–235.us-east-2.compute.internal Updated Node Allocatable limit across pods
....
Cluster
The cluster is a collection of nodes (physical or virtual), and it facilitates us to deploy our applications into the Kubernetes cluster without worrying about underlying hardware and nodes. Then Kubernetes takes care of the resource management by handling it intelligently and distributing the application among individual nodes.
Even if any nodes are added or removed, the cluster will shift workload as necessary.
Persistent Volume
Since our application runs on a cluster, we can not guarantee that it runs on a specific node. Even though the program wants to stage some data for later use (like log files), there is a high chance of relocating our application onto a new node next time. So traditionally, local storage associated with each node is considered a temporary cache. Kubernetes uses Persistent Volumes to provide persistent storage, which enables the addition of local storage or cloud storage. This provides a file system that mounts to our cluster, but it is not associated with any underlying node, and it is like plugging an external hard into our collection.
Software Level Concepts
Container
The container is a lightweight standalone executable package of an application that consists of everything to run it, like dependencies, environment settings, etc. Containerized files can be shared, and with CICD concepts, it manages versions of our application.
Sample Dockerfile.
FROM python:3.6
RUN apt-get update -y
RUN apt-get install -y
python-pip python-dev build-essential COPYtarget/dist/hello_workd_flask* /appWORKDIR /app
RUN pip install /app EXPOSE 5001
ENTRYPOINT [“python”]
CMD [“/app/api/run.py”]
Containerizing steps:
build image
docker build -t hello-world-flask:latest -f Dockerfile.Then push the built image to the container registry (docker, AWS container service, and GCP containers)
Pod
Instead of running the container directly, Kubernetes executes the container inside Pods. The Pod is a higher-level structure that wraps one or more containers into a system. Containers that perform inside the same pod shares the same resources and network layer. Hence the communication can be accessed through localhost.
E.g., the application and caching application (Redis instance) can be run inside the same Pod, providing fast communication.
Replica Set
The Pod is the unit of replication, and Kubernetes creates multiple pod instances concerning the traffic when a single Pod cannot handle the request load. As in the Introduction to Kubernetes, Kubernetes uses an internal proxy and balances the load between pods when the cluster has more Pod instances to distribute the load. Replication control can be up or down; with job optimizers like escalators, replication controlling can be automated.
Deployment
Pods are not directly launched to the Kubernetes cluster but use an abstract concept called deployment, which consists of containers in a pod, related environment variables, and replicas. Deployment is the highest level; if a pod dies, Kubernetes spins up.
hello_world_deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: hello-world-deployment
namespace: default
spec:
replicas: 2
template:
metadata:
labels:
app: hello-world
env: dev
spec:
containers:
- name: hello-world
image: tiroshanm/hello-world-flask:latest
imagePullPolicy: Always
ports:
- containerPort: 5001
env:
- name: message
value: "hello world !"Network Level Concepts
Service
Pods are assigned for services based on the labels (match metadata.labels), and the Kubernetes service provides a channel to access available application services.
Communication between pods can be managed with services, and the service name can be used as the host, just like http://hello-world-service:5001 within the cluster. Kubernetes proxy handles load balancing among multiple pods.
hello_world_service.yaml
apiVersion: v1
kind: Service
metadata:
name: hello-world-service
namespace: default
labels:
app: hello-world
env: dev
spec:
ports:
- name: http
port: 5001
selector:
app: hello-world
env: devIngress
By default, Kubernetes isolates pods by restricting outside communication. To expose internal services to external (allow access to pods), Kubernetes uses ingress. Kubernetes exposes internal services to the outside world using the ingress controller or the load balancer. With a network management layer like Istio, Kubernetes can manage external traffic routing intelligently.
ingress_test.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo-bar-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "istio"
spec:
rules:
- http:
paths:
- path: /foo/.*
backend:
serviceName: foo-service
servicePort: 7000
- path: /bar/.*
backend:
serviceName: bar-service
servicePort: 7000References:
