Introduction to Kubernetes - other Kubernetes components and abstract concepts

Quick 101 about other Kubernetes components and abstract concepts

Last time on the TechniClinical

– Me? I my dear friend, I do have great connection!

– How so?

– Well, you see… my app in K8S has sidecar with proxy, which cooperate with service mesh, which CRD is a gateway, which has a service that spawns load balancer, which has external authorization in rules thru OAuth but there is WAF in front of it anyway, which blocks all connections because you know… badinputrule

Other Kubernetes components and abstract concepts

If you are a bit confused with the joke above after reading my first article you will understand it 🙂 

CLICK!

In addition to all that Kubernetes also includes a number of other components and virtual concepts.

Services in Kubernetes

Kubernetes services act as an abstract way to expose an application running on a set of Pods as a network service. You don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

Policies in Kubernetes

Kubernetes policies are a set of rules that define how a Kubernetes cluster should be configured and operated. They can be used to enforce best practices, prevent errors, and ensure compliance with organizational standards.

Objects in Kubernetes

Kubernetes objects are persistent entities that represent the state of your cluster. You can create, modify, or delete them to tell the Kubernetes system what you want your cluster’s workload to look like. To do this, you’ll need to use the Kubernetes API, which you can access through the kubectl command-line interface or one of the Client Libraries.

Security in Kubernetes

Kubernetes was designed with a security in mind. It provides all the features which are necessary in enterprise environments. There is a wide range of features that enable the security. From the high-level, like private networks and the data encryption, to the low-level features like securing the communication between the nodes using TLS, limiting the access to the API and securing the pods with RBAC.

RBAC Authorization

Kubernetes Role Based Access Control (RBAC) is a key security control that limits a user’s or workload’s access to resources to only what is required to execute their roles. It is important to design permissions for cluster users in a way that prevents privilege escalation, which could lead to security incidents.

Networking in Kubernetes

The Kubernetes network model creates a clean, backwards-compatible model where Pods can be treated much like VMs or physical hosts from the perspectives of port allocation, naming, service discovery, load balancing, application configuration, and migration. Pods are treated as expendable and are assumed to be continuously replaced by identical (or interchangeable) copies.

In a Kubernetes network, each Pod gets its own IP address. This means that containers within a Pod can share their local network and do not have to map ports to each other. This simplifies applications significantly. Containers in different Pods have distinct IP addresses and can be treated as completely separate entities.

Kubernetes services provide a stable, virtual IP address and DNS name for a set of Pods. This lets you decouple the public-facing name of an application from the underlying implementation. It also enables load-balancing and service-failover.

Kubernetes supports a number of networking plugins, including those based on the Container Network Interface (CNI).

Storage in Kubernetes

Kubernetes supports a variety of storage solutions, from simple local storage to complex, multi-region storage solutions.

Kubernetes supports multiple Kubernetes Storage Classes, which define how the cluster’s storage is provisioned and consumed. Storage Classes allow an administrator to create and manage storage resources with specific performance, availability, and durability characteristics. Storage Classes can be used to bind persistent volumes to specific nodes, making it possible to replicate data across multiple nodes for high availability.

Kubernetes also supports dynamic provisioning of storage resources, allowing storage to be allocated on-demand when applications are deployed. This can be used to provision storage for development and testing environments, or to burst capacity for applications that have sporadic or unpredictable storage needs.

In addition to the core storage primitives, Kubernetes also provides a number of specialized storage solutions, including:

Kubernetes Persistent Volumes (KPVs): This storage solution provides a way to create and manage persistent volumes in Kubernetes. KPVs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.

Kubernetes PVCs: This storage solution provides a way to create and manage PVCs in Kubernetes. PVCs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.

Kubernetes Stateful Sets: This storage solution provides a way to create and manage stateful applications in Kubernetes. Stateful Sets are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.

Kubernetes Jobs: This storage solution provides a way to create and manage batch jobs in Kubernetes. Jobs are usable by any container in a pod, and can be used to store data that needs to be persisted across container failures or pod scheduled down times.

Kubernetes Metrics

Kubernetes provides a rich set of metrics that can be used to monitor the health and performance of applications and the Kubernetes system itself.

Kubernetes metrics are available through the Kubernetes API, and can be queried using the kube-state-metrics project.

Prometheus is a popular tool for monitoring Kubernetes, and the Prometheus Operator makes it easy to monitor Kubernetes with Prometheus.

Grafana is a popular tool for visualizing metrics, and can be used with Prometheus to create dashboards for monitoring Kubernetes.

The kube-prometheus project provides a comprehensive set of tools for monitoring Kubernetes, including Prometheus, Grafana, and the AlertManager.

Logging in K8S

Kubernetes provides a logging infrastructure that can be used to collect and aggregate logs from containers and pods.

The Fluentd project provides an open source log collector that can be used to collect and aggregate logs from containers and pods.

The Elasticsearch, Logstash, and Kibana (ELK) stack is a popular tool for storing, analyzing, and visualizing logs.

The EFK stack is a popular alternative to the ELK stack that uses Fluentd for log collection.

Kubernetes Scheduling, Preemption and Eviction

Scheduling in Kubernetes ensures that Pods are matched to Nodes so that the kubelet can run them. Preemption is the process of terminating Pods with lower Priority to make room for Pods with higher Priority. Eviction is the process of terminating one or more Pods on Nodes.

Scaling in K8S

One of the Kubernetes most prominent features is its scaling capability on the pods and nodes level. On the Pod level there are two basic method of scaling horizontal with Horizontal Pod Autoscaler and vertically with Vertical Pod Autoscaler. On the node level there is Cluster Autoscaler that will automatically adjust the number of nodes in a given node pool, based on the demands of your workloads, the guidelines he received in the configuration and the available resources.

Summary

Well… that is it! You now know all the core Kubernetes services and concepts, bit much huh?

Therefore, if you are looking for an experienced project manager with technical knowledge, contact me!

Let’s find out how I can help you.

Check out all the articles in this series

Don’t miss anything, read them all!

Are you considering streamlining your business processes with modern technology? You have heard of Kubernetes and wondered if it’s right for your organization?

Let’s discuss how Kubernetes can benefit your business!

Tell me about your current applications, IT infrastructure setup, and deployment methods. In return, I’ll share how containerization orchestration can enhance the productivity of your entire team, from developers and testers to DevOps and SecOps.

I’ll walk you through the potential benefits, my approach, and the strategic business and technology partnerships I bring to the table.

I believe in delivering tangible outcomes, not just selling visions. And that is why a discovery consultation is free.

Don’t hesitate and contact me today!