Introduction to Kubernetes Architecture and Best Practices
What is Kubernetes?
Kubernetes is an open-source system, developed by Google, an orchestration engine for managing containerized applications over a cluster of machines. It works on container technology such as Docker and rkt. It's a vast project which consists of ~30M LOC and counting, kubernetes also know as K8s. It's a platform to control and manage the containerized applications and services and also all other things related to that containerized application that make application consistent and available to take request.
How Kubernetes Works?
The main component of K8s is the cluster made up of many physical or virtual machines and each machine serves a specialized function either as a master or as a worker(node). Node has a group of containers (pods) as a deployment which represents someone's applications; pods are the primary K8s objects. Master continuously communicates with nodes regarding when to create or delete containers and also help in re-routing the traffic based on new deployments.
Kubernetes uses a controller for dealing with the logistics of how pods desired state as specified in the file. There are various types of controller each with different work but with the same goal i.e. requested no. of Pods run to the K8s according to the user's specifications.
As pods can live and die according to needs, depending on application need make an application a persistent entity, done through service. A service tells how to access different pods or K8s objects via networks. It's time to see what are the primary components a k8s have -
Master Node Main components
etcd - It's a simple storage system which stores the K8s cluster data (such as no. of pods, namespace, API and service details and many other things related to the cluster) in the form of a distributed key-value pair. Only accessible through the API server, and use to enables notifications to the cluster related to configuration changes.
Kube-API server - The master node run the K8s API server which is a frontend to cluster and used for controlling the cluster, and also every request related to some changes to pods, service, or other changes is deal by the API server. It is like a control plane which manages, communicate across clusters.
Kube-control-manager - It handles the clusters of Pods using a reconciliation loop to achieve the desired cluster's state by running some different controller processes in the background, a process such as the endpoints controller or replication controller responsible for ensuring that the requested number of Pods run to the K8s user's specifications. If it finds the desired state not achieved, then it will do what needs to be done to achieve the specified state. Also if any changes in a service configuration occur, its scales the pod to achieve the desired state.
Kube-scheduler - Workloads of a node in the cluster are tracked and handled by the kube-scheduler. It is based on resource consumption, helps in scheduling the pods on the various nodes.
Cloud-control-manager - It is responsible for managing controller processes with dependencies on the underlying Cloud provider. It's an abstraction layer between the APIs and tools of a Cloud provider.
Worker Node Main components
Kubelet - It runs on each node which makes sure that the containers are running and are healthy. It is responsible for managing the state of the node such as starting, stopping, and maintenance of the container by following the rules described by the control manager.
Kube-proxy - It is a network proxy service runs on nodes in the cluster and acts as a load balancer for services running on a node.
Some basic Kubernetes terminologies
There are two ways to interact with Kubernetes: UI mode and CLI mode.
Benefits of Kubernetes
- Rollouts and Rollbacks are automated.
- Automatic scheduling of containers based on the resources.
- Load balancing.
- Resources tracking and logging.
- DNS management.
Why Kubernetes Matters?
Kubernetes has a solid Community supports and large number of active contributors that helps in making kubernetes as robust as possible and helps someones to adopt it.
Kubernetes reduces the infrastructure costs in large-scale deployments, by running many containers on the same machine, resulting in the maximum use of the available resources.
Kubernetes runs both on the Cloud and On-premises, means now K8s. It is now supported on all popular Clouds.
Self-healing, that's the fundamental feature of K8s, which makes it popular.
Easier Deployment, through K8s someones can deploy containers more efficiently, securely, and smoothly.
It's so trendy among managing Virtual Infra, that organization is adopting it as a standard for their container deployment in production.
Major Challenges in Kubernetes Adoption
There are lots of challenges a user can face and its all depend on the size of the organization along with their culture. Whether an organization is using on-premises cloud or a public cloud. Below are some primary challenges a user can face (based on the recent survey done by Cloud Native Computing Foundation (CNCF)) -
How to Adopt Kubernetes?
- Set Up a Cluster.
- Deploy an Application to Kubernetes.
- Create Dockerfile.
- Connect to Cluster.
- Add Cluster and Login Docker Registry.
- Deploy Docker image.
- Build and Deploy an image.
- Deploy the private image to Kubernetes.
- Automate the process Deployment to Kubernetes.
Kubernetes Best Practises
- Base images should be as small as possible.
- One process per container.
- Use the “record” option for rollbacks and also set relevant labels.
- Take benefits of sidecars option whenever needed (can be used: Proxies, watchers ), but don't use for bootstrapping.
- Use Readiness and Liveness Probes when needed.
- Always use a relevant value for the tag, and it should not be "latest" as a tag.
- Don’t use type: LoadBalancer, someones can use type: NodePort it's okay.
- Use static IPs and route external Services to Internal Ones.
Kubernetes Security Best Practises
- Don’t trust random base images.
- Always try to use a non-root user inside the container.
- The file system should be read-only (by setting option readOnly FileSystem: true).
- Log everything to stdout and stderr.
- Role-based Access Control to Cluster.
- Use Helm Charts.
- Organize projects or applications with Namespace.
- Put resource requests and limits.
- Terminating Pods with a grace option.
Kubernetes Top Tools
K8s Built-in tools
- kubespray - provides a set of Ansible roles for K8s deployment and configuration
- simple kube - It's a bash script that allows someones to deploy a single-node K8s cluster on a Linux server.
- kube watch - for monitoring purpose.