Kubernetes Engine and Containers - bobbae/gcp GitHub Wiki
Containers
Typical Containers like Docker make use of Namespaces and CGroups features in the Linux kernel.
Kubernetes
Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation.
Kubernetes is influenced by Borg, Omega and other systems. You should check out various Kubernetes Examples to learn more about Kubernetes Architecture.
Kubernetes Networking implements flat pod networking where pods in the host network of a node can communicate with all pods on all nodes without NAT. This model enables low-friction porting of apps from VMs to containers.
As Kubernetes evolved the support for Stateful Applications the Kubernetes Storage architecture has evolved over time.
Kubernetes objects can quickly be created, updated, and deleted directly using imperative commands built into the kubectl command-line tool.
A Kubernetes cluster consists of a set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.
KubeVirt
KubeVirt technology addresses the needs of development teams that have adopted or want to adopt Kubernetes but possess existing Virtual Machine-based workloads that cannot be easily containerized.
Minikube
https://github.com/bobbae/gcp/wiki/Minikube,-Kind,-K3S
GKE
GKE provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped together to form a cluster.
GKE clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your cluster. You use Kubernetes commands and resources to deploy and manage your applications, perform administration tasks, set policies, and monitor the health of your deployed workloads.
GKE is Secured and fully managed Kubernetes service with revolutionary autopilot mode of operation.
Kubernetes Control Plane
A Kubernetes cluster consists of a set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.
The worker node(s) host the Pods that are the components of the application workload. The control plane manages the worker nodes and the Pods in the cluster. In production environments, the control plane usually runs across multiple computers and a cluster usually runs multiple nodes, providing fault-tolerance and high availability.
API
The core of Kubernetes' control plane is the API server. The API server exposes an HTTP API that lets end users, different parts of your cluster, and external components communicate with one another.
The Kubernetes API lets you query and manipulate the state of API objects in Kubernetes (for example: Pods, Namespaces, ConfigMaps, and Events).
Most operations can be performed through the kubectl command-line interface or other command-line tools, such as kubeadm, which in turn use the API. However, you can also access the API directly using REST calls.
Consider using one of the client libraries if you are writing an application using the Kubernetes API.
Objects
A Kubernetes object is a "record of intent"--once you create the object, the Kubernetes system will constantly work to ensure that object exists. By creating an object, you're effectively telling the Kubernetes system what you want your cluster's workload to look like; this is your cluster's desired state.
Kubectl
The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters.
Authentication and Authorization in Kubernetes
https://www.youtube.com/watch?v=dAUJ3TBwDWo
Ingress
Kubernetes Ingress may provide load balancing, SSL termination and name-based virtual hosting.
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.
Service Mesh
Kubernetes Service Mesh is configurable infrastructure layer for a microservices application.
Cloud Build & Cloud Code with Containers
Cloud Build provides a gke-deploy
builder that enables you to deploy a containerized application to a GKE cluster.
K8s monitoring
There are many Kubernetes Monitoring tools.
Configuration as Data
Binary Authorizations
Binary Authorization is a service on Google Cloud that provides software supply-chain security for container-based applications. Binary Authorization extends Google Kubernetes Engine (GKE) and Anthos clusters on VMware with deploy time enforcement of security policies. On Anthos clusters on VMware, Binary Authorization extends this policy enforcement to hybrid-cloud architectures. Binary Authorization works with container images from Container Registry, Artifact Registry and other container image registries.
With Binary Authorization, you can automatically check each component of your software supply chain, ensuring the quality and integrity of your software before an application is deployed to your production environment.
Stateless Applications
https://kubernetes.io/docs/tutorials/stateless-application/
Stateful Apps
https://kubernetes.io/docs/tutorials/stateful-application/
Scaling
Kubernetes Scaling has evolved over time to include VPA and HPA.
Federation
Multiple Kubernetes clusters can be managed as a single cluster with the help of federated clusters. So, you can create multiple Kubernetes clusters within a data center/cloud and use federation to control/manage them all at one place.
Kubernetes & AI
Kubernetes has awesome support and integration with AI Workflows such as Kubeflow.
Kubernetes & GitOps
Kubernetes supports various Workflows for DevOps as discussed here.
It is possible to support GitOps CICD in Kubernetes.
Kubernetes Security
https://kubernetes.io/docs/concepts/security/overview/
Tutorials
https://kubernetes.io/docs/tutorials/
Qwiklabs
There are many interesting Kubernetes Qwiklabs.