19 ‐ Kubernetes Intro - CloudScope/DevOpsWithCloudScope GitHub Wiki

Kubernetes Architecture Overview

Kubernetes is a powerful and flexible container orchestration system. Its architecture consists of a set of components that work together to deploy, manage, and scale containerized applications. Below is an outline of the main architectural components of Kubernetes.

1. Kubernetes Cluster

A Kubernetes cluster consists of two main types of components:

  • Control Plane: Responsible for managing the Kubernetes cluster and making global decisions (e.g., scheduling, scaling).
  • Worker Nodes: Responsible for running the application workloads (Pods).

Diagram

2. Control Plane Components

The control plane components make decisions about the cluster (such as scheduling), monitor the cluster's state, and maintain the desired state of the system. These components are typically run on the master node(s).

Key control plane components:

  • kube-apiserver:

    • The API server is the central management point of the Kubernetes cluster.
    • It exposes the Kubernetes API and handles all RESTful requests, including those from kubectl (the command-line tool), the UI, and other Kubernetes components.
    • It acts as the gateway to the Kubernetes cluster and validates and processes API requests.

  • etcd:

    • A consistent and highly-available key-value store used to store all cluster data, including configuration data, the state of the cluster, and metadata.
    • etcd is critical to cluster state persistence; it holds information such as which nodes are in the cluster, the state of the Pods, and other important configurations.

  • kube-scheduler:

    • The scheduler is responsible for determining which node should run a particular Pod based on resource availability and other constraints.
    • It evaluates all available worker nodes and selects the best one based on factors such as resource usage, node affinity, and anti-affinity rules.

  • kube-controller-manager:

    • The controller manager runs various controllers that ensure the desired state of the system is maintained.
    • Key controllers include:
      • Deployment Controller: Ensures that the correct number of replicas of a Pod are running.
      • Node Controller: Manages node status (detecting node failure).
      • Replication Controller: Ensures that Pods are replicated across nodes.
      • Job Controller: Handles batch jobs and cron jobs.

  • cloud-controller-manager:

    • The cloud controller manager interacts with the underlying cloud provider APIs.
    • It enables Kubernetes to work in different cloud environments (e.g., AWS, Azure) and manage cloud resources like load balancers, storage, and networking.

3. Worker Node Components

Worker nodes are the machines (either physical or virtual) that run the actual applications in the form of containers (Pods). They host the containers and provide resources (e.g., CPU, memory) to them.

Key worker node components:

  • kubelet:

    • The kubelet is an agent that runs on each node in the cluster and ensures the containers described in the PodSpecs are running and healthy.
    • It communicates with the kube-apiserver to ensure the node's state is synchronized with the control plane.
    • It monitors the health of containers and reports back to the API server.

  • kube-proxy:

    • The kube-proxy is responsible for maintaining network rules on nodes. It ensures that traffic is routed to the correct Pods and services.
    • It enables service discovery, load balancing, and network traffic forwarding.
    • kube-proxy can use iptables or IPVS for managing network traffic between Pods and services.

  • Container Runtime:

    • The container runtime is the software responsible for running containers on the node.
    • Kubernetes supports various container runtimes, with the most common being containerd and Docker.
    • The container runtime pulls container images and runs them within containers on the node.

4. Kubernetes Objects

These are the building blocks of the Kubernetes cluster. They define the desired state of the system and include:

  • Pods:

    • The smallest deployable unit in Kubernetes, a Pod encapsulates one or more containers with shared resources.
    • Containers in a Pod share the same network and storage.

  • Services:

    • A service is a logical abstraction that defines a set of Pods and provides a stable IP address and DNS name for accessing them.
    • Services enable load balancing and service discovery.

  • Namespaces:

    • Kubernetes namespaces provide a way to partition resources within a cluster.
    • They are used for multi-tenancy and can organize environments (e.g., dev, test, prod).

  • Deployments:

    • Deployments manage the lifecycle of Pods, ensuring the desired state (e.g., the correct number of Pods are running).
    • They handle rolling updates, scaling, and self-healing.

  • ReplicaSets:

    • Ensures that a specified number of identical Pods are running at any given time.
    • ReplicaSets are typically managed by Deployments.

image

image

  • ConfigMaps and Secrets:

    • ConfigMaps are used to store configuration data that can be consumed by Pods.
    • Secrets are similar to ConfigMaps, but store sensitive information (e.g., passwords or tokens) securely.

  • StatefulSets:

    • StatefulSets manage stateful applications that require persistent storage and stable network identities (e.g., databases).
    • Unlike Deployments, StatefulSets preserve the order and identity of Pods.

  • DaemonSets:

    • Ensure that a copy of a specific Pod runs on all (or specific) nodes in the cluster.
    • Useful for background tasks like monitoring, logging, or networking.

5. Communication Between Components

  • Kubernetes API: All components (Control Plane and Worker Nodes) communicate with each other via the Kubernetes API.
  • Kubernetes Scheduler: The scheduler decides on which worker node a Pod should run based on available resources and constraints.
  • Etcd: Stores the state and configuration of the cluster, providing a distributed database.
  • Pod-to-Pod Communication: Pods communicate with each other using a flat networking model, where each Pod gets its own IP address.

6. Kubernetes Networking Model

  • Cluster Networking: All Pods within a Kubernetes cluster can communicate with each other directly, regardless of the node they are on.
  • Service Networking: Services expose Pods to the external world or to other Pods within the cluster. The Kubernetes proxy handles load balancing and directs traffic to the right Pods.