Kubernetes is a system for managing and orchestrating containerized applications across a cluster of nodes. It was designed by Google to manage and schedule containers at scale. Kubernetes can run on-premises or in the cloud, making it a popular choice for modernizing IT infrastructure. Many major companies use Kubernetes to manage their containerized applications, including Google, and Shopify.
Often referred to as k8s, Kubernetes enables you to manage large containers across many hosts, providing a higher degree of automation and reliability than traditional virtual machines. Kubernetes provides many benefits over traditional application deployment models, including increased flexibility and scalability, better resource utilization, and improved fault tolerance.
In this article, we will introduce you to Kubernetes and how it works. We will also discuss some of the benefits that you can expect to get from using Kubernetes.
What is Kubernetes?
Kubernetes is a container orchestration platform that helps manage and deploy applications at scale. The system is designed to simplify life cycle management, allowing developers to focus on their application code rather than infrastructure maintenance. It offers features like self-healing, automatic scaling, and load balancing, making it an ideal solution for large-scale deployments. Kubernetes is also highly extensible, allowing users to add new functionality as needed. Additionally, Kubernetes is open source and backed by a large community of developers, making it a versatile and widely-used platform.
Features of Kubernetes
1. Create and Destroy Container
One of the many benefits of using Kubernetes is that it automatically creates resources based on YAML configuration files. This can be a great time saver, as it frees up administrators from having to manually create resources such as pods.
It also reduces the risk of human error, as all resource creation is handled by Kubernetes itself. In addition, this feature makes it easy to replicate resources across multiple servers, as all that is required is a valid YAML configuration file. As a result, Kubernetes can greatly simplify the process of managing server deployments.
2. Auto scalable infrastructure
When managing large-scale deployments, auto scalability is a key feature of Kubernetes. By automatically scaling based on factors like CPU utilization, memory usage, and network traffic, Kubernetes can provide the resources needed to keep applications running smoothly.
This not only eliminates the need for manual intervention but also helps to ensure that applications can handle sudden spikes in traffic without issue. As a result, auto scalability is a crucial component of any Kubernetes deployment.
3. Horizontal scaling
Horizontal scaling is a feature of Kubernetes that lets the user increase or decrease the number of nodes in a cluster. This is done by adding or removing replicas from the deployment. The deployment controller will ensure that the number of replicas matches the desired count.
4. Load balancers
A load balancer is a feature of Kubernetes that distributes workloads across multiple nodes in a cluster. This ensures that no single node is overloaded and the workload is distributed evenly. By using a load balancer, you can improve the performance of your Kubernetes cluster and reduce the chances of downtime.
5. Liveness and Readiness
Liveness and readiness probes are two important features of Kubernetes that help ensure that your applications are running as intended. Liveness probes are used to detect whether an application is still alive and if not, restart it. Readiness probes, on the other hand, are used to determine whether an application is ready to receive traffic.
Both liveness and readiness probes can be configured to use various health check methods. In addition, both types of probes can be configured to run at regular intervals and provide alerts if an application fails a health check.
Kubernetes can also automatically roll back failed deployments, ensuring that your application is never in an unstable state. You can learn about this feature more in any Kubernetes tutorial online.
6. Highly predictable infrastructure
Kubernetes provides highly predictable infrastructure. This means that you can always know exactly where your data is stored and how it is accessed. This makes it much easier to manage your infrastructure and keep your data safe.
Furthermore, this predictability also makes it easier to automate tasks such as backups and disaster recovery. As a result, Kubernetes can help you to reduce the amount of time and effort required to manage your infrastructure.
7. Mounts and storage system to run applications
Kubernetes also offers a mount and storage system that can be used to run applications. This system is designed to provide a way for applications to access data stored on a remote server without having to copy the data to the local machine.
The mount and storage system is also useful for situations where an application needs to read and write data to a shared location, such as a database. By using the mount and storage system, developers can avoid the need to create and maintain their storage infrastructure. Instead, they can rely on Kubernetes to provide a scalable, reliable storage solution.
8. Efficient resource usage
Efficient resource usage is a key feature of Kubernetes. By using intelligent scheduling, Kubernetes can ensure that pods are only ever run on nodes that have the resources available to support them. This ensures that resources are used as efficiently as possible, and that no node becomes overloaded.
In addition, Kubernetes can also dynamically scale pods up or down in response to changes in demand. This ensures that pods are always running at an optimal level and that resources are not wasted. As a result, Kubernetes provides a high level of efficiency when it comes to resource usage.
9. Automatic management of security, network, and network components
Kubernetes is a container orchestration system that automates the management of security, network, and network components. It allows users to deploy and manage containerized applications in a clustered environment.
Kubernetes is designed to provide high availability and scalability by distributing workloads across multiple nodes. It also includes self-healing, rolling updates, and horizontal scaling.
Kubernetes Architecture
The Kubernetes architecture is based on a number of key components, each of which plays a vital role in the overall functioning of the system:
1. Control Plane: The Kubernetes control plane is responsible for managing the cluster. It consists of several components, each of which has a specific role in the overall cluster management. The most important components of the control plane are the etcd database, the API server, the scheduler, and the controller manager.
The etcd database stores the cluster state, including information about pods and services. The API server exposes a RESTful API that can be used to manage the cluster. The scheduler is responsible for scheduling pods onto nodes. The controller manager is responsible for managing replication controllers and service accounts.
2. Data Plane: The Kubernetes data plane consists of the nodes in the cluster. Each node runs a kubelet, which is responsible for running pods. Pods are groups of containers that share a storage volume and network namespace. Nodes also run a proxy service, which provides load balancing and service discovery for pods.
3. Kube-apiserver: The kube-apiserver is the central point of contact for all Kubernetes API calls. It is responsible for data validation, authorization and access control, as well as storing the manifests file inside the etcd. The kube-apiserver also provides an interface to fill in the configuration with the default values. This ensures that all of the configurations are set correctly before being stored in the etcd.
4. Etcd: The etcd component in Kubernetes architecture is a distributed, highly-available key value data store that is used to store cluster configuration. It houses metadata and both the desired and current state for each resource. Essentially, any object or resource that gets created gets saved in the etcd.
The way it works is that the etcd only communicates directly with the kube-apiserver. The kube-apiserver acts as a mediator and validator for any interactions made with the data store.
So, if any other component needs to access information about the metadata or state of resources stored in the etcd, they have to go through the kube-apiserver. This maintains order and hierarchy when accessing data from the etcd component.
5. Kube-Controller-Manager: The kube-controller-manager component is responsible for running various controllers that manage the state of the Kubernetes cluster. The controller components watch the shared state of the cluster through the apiserver and make changes to ensure that the desired state is reflected in the actual state.
The kube-controller-manager is shipped with many controllers, each of which is responsible for a specific task. For example, the replication controller ensures that a specified number of pods are running at all times, while the service controller provides load balancing and service discovery for Kubernetes services.
In addition, the kube-controller-manager also includes controllers for managing storage, networking, and secrets. By shipping with a wide variety of controllers, the kube-controller-manager helps to make Kubernetes deployments more robust and easier to manage.
6. Kube-scheduler: The kube-scheduler is responsible for scheduling pods onto nodes in the cluster. It uses a variety of factors to determine which node is best suited to run a given pod, such as available resources and node utilization.
7. Kubelet: The kubelet is an agent that runs on each node in the cluster. It is responsible for ensuring that all pods assigned to a node are running and healthy. It also handles communication with the Kubernetes master and reports back on the status of the node and its pods.
8. Kube-proxy: The kube-proxy is an agent that runs on each node in the cluster. It is responsible for routing traffic between services and pods.
9. Kubectl Client: The kubectl client is used to interface with a Kubernetes API server in order to manipulate the resources within a Kubernetes cluster. The kubectl client can be used to create, update, delete, and view resources within a Kubernetes cluster.
It can also be used to configure a Kubernetes cluster, including setting up networking, RBAC, and other cluster level configurations. In addition, the kubectl client can be used to connect to a Kubernetes API server in order to debug and troubleshoot issues within a Kubernetes cluster.
The kubectl command-line tool uses the Kubernetes API to interact with the Kubernetes cluster. By default, kubectl will try to connect to the API server using the certificate-based credentials provided by the admin.
Alternatively, kubectl can be configured to use bearer tokens or username/password for authentication. Once kubectl has been authenticated, it will send requests to the API server in order to manipulate the resources in the Kubernetes cluster.
10. Container runtime: The container runtime is the software that actually runs containers on a given host. Kubernetes supports a number of different runtimes, such as Docker, rkt, and CRI-O.
In a Kubernetes system, there are a few key components that work together to orchestrate containerized applications across a cluster of nodes. The control plane comprises several components - the API server, scheduler, and controller manager.
The API server is the most important component in the Kubernetes control plane and it is responsible for exposing the Kubernetes API. The scheduler is responsible for scheduling pods onto nodes in the cluster.
The controller manager is a daemon that embeds multiple controllers - such as the replication controller - that observe the state of the system and make necessary changes to ensure that the desired state is maintained.
In addition to the control plane components, there are also a few worker node components - kubelet and kube-proxy. The kubelet is responsible for ensuring that containers are running on a node and reporting back to the API server.
The kube-proxy is responsible for networking and load balancing for services on a node. All of these components work together in order to provide an orchestration platform for containerized applications.
To learn more about Kubernetes Architecture, you can go for an exclusive CKA certification and understand all aspects easily.
Container/Container-Runtime
Kubernetes container/container-runtime is a system for automating the deployment, scaling and management of containerized applications. It provides an easy way to manage and monitor your containers, making it ideal for running production workloads in the cloud.
Kubernetes container/container-runtime is based on Docker but adds several features that make it more suited for running production workloads. These include support for multiple containers per host, automatic restarts, and self-healing capabilities.
Kubernetes also includes a number of tools for monitoring and managing your containers, such as kubelet and kubectl. These tools make it easy to keep track of your containers and ensure they are running smoothly.
Kubernetes Concepts
We'll take a closer look at some of the key concepts in Kubernetes, including pods, nodes, services, and deployments.
Pods are the basic unit of K8s deployment. When one creates a service or a deployment, Kubernetes automatically creates a Pod with the container inside. A pod represents a group of one or more containers (such as Docker containers) with shared storage and network resources. Kubernetes pods are used to host applications in it.
Nodes are the machines (such as physical servers or virtual machines) on which pods are deployed. Nodes also have associated storage and network resources. In Kubernetes, nodes are used to run pods and provide the resources required by those pods.
Each node can run on a minimum of two services:
- A container runtime
- Kubelet
A Kubernetes service is used to expose applications running in Kubernetes to the outside world. A service defines a logical set of pods and a policy by which to access them. Services can be exposed using a variety of protocols, including ClusterIP (standard), TCP, UDP, NodePort, Loadbalancer, and HTTP.
Deployments are used to manage the lifecycle of applications in Kubernetes. Deployment represents a desired state for an application, such as a specific version of an image or a particular configuration. Deployments can be used to update applications, roll back changes, or scale applications up or down.
Installation of Kubernetes
You may check how to Install Kubernetes on Windows. However, to install Kubernetes on Linux, run the terminal and input the following codes.
sudo apt-get update
O
sudo apt-get install -y apt-transport-https
Download the Google Cloud signing key:
$ sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
Now, add Kubernetes repository:
Sudo chmod 777 /etc/apt/sources.list.d/
cat / etc/apt/sources.list.d/Kubernetes.list deb https://apt.Kubernetes.io/ Kubernetes-xenial main
Lastly, update and install Kubernetes components
sudo apt-get update
sudo apt-get install kubectl kubelet kubeadm Kubernetes Kubernetes-cni
Initializing Kubernetes Master Node
Thereafter, you have to start the Kubernetes master node. Prior to this, turn off the swap and initialize the master node using these commands
sudo swapoff –a
sudo kubeadm init
After the command executes, you’ll get three commands that you need to use.
mkdir -p $HOME/.kube \
sudo cp -i /etc/Kubernetes/admin.conf $HOME/.kube/config \
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Deploy Pod Network
Now, deploy a Pod network. Use the command as:
sudo kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.8.0/config/v1.8/aws-k8s-cni.yaml
Use the below command to show all the running nodes:
sudo kubectl get pods
Config Maps
Config maps in Kubernetes are used to store configuration information that can be used by pods and services. This information can include database passwords, API keys, and TLS certificates.
Config maps can be used to provide a single source of truth for an application's configuration, which can make it easier to manage and deploy applications. Additionally, config maps can be used to reduce the amount of duplicated code and configuration files.
By using config maps, you can ensure that all of your applications are using the same configuration information. This can reduce the risk of configuration errors and make it easier to troubleshoot problems.
Services
Kubernetes services are the backbone of any great Kubernetes deployment. A service defines a logical set of pods and a policy to access them. By using services, you can abstract away the details of individual pod IPs and have a consistent way to access your applications regardless of where they are running.
There are a few different ways to expose Kubernetes services. The first is to use a NodePort. With this method, you specify a port on each node, and the Kubernetes system will forward traffic from that port to your service.
The second method is to use a LoadBalancer. With this approach, Kubernetes will provision a load balancer in your cloud provider's infrastructure and configure it to route traffic to your service. This is a more scalable solution, but it can also be more expensive since you will be paying for the load balancer.
The third method is to use an Ingress resource. Ingres resources allow you to configure routing rules that send traffic to different services based on the hostname or path of the request. This can provide you with more flexibility in how you expose your services, but it can also be more complex to setup.
Deployment
In Kubernetes, a deployment is a higher-level object that manages a ReplicaSet (or other deployment types). A Deployment provides declarative updates to applications; it ensures that an application is always up-to-date and available.
When you create a Deployment, you specify the number of replicas of the application that you want to run (the desired state), and Kubernetes creates or removes Pods to reach the desired state.
Deployments are useful for creating immutable snapshots of your application at different stages of development (e.g., test, staging, and production), which can then be deployments can rolled back if necessary.
By using deployments, you can also roll out new versions of your application gradually by incrementally updating your replicas with the new version while keeping the old version running. If there are any problems with the new version, you can simply roll back by undoing the deployment.
Secrets
A secret in Kubernetes is an object that contains sensitive data such as passwords, tokens, and certificates. Secrets are used to protect this data from being exposed publicly. Secrets are typically created by an administrator and then assigned to a service account or individual user.
Types of Secrets
When creating a secret, you must specify the type of data that it will contain.
- Opaque Secrets: These are secrets that are completely user-defined. There is no specific format or structure for these secrets, and they can be used to store any sensitive data.
- Service account token Secrets: These secrets are used to store tokens for Service Accounts. A Service Account is an account that is used by processes in a pod to access the API of the Kubernetes cluster.
- Dockercfg Secrets: These secrets are used to store credentials for Docker registries. This allows pods to pull images from private Docker registries.
- Dockerconfigjson Secrets: Similar to Kubernetes.io/dockercfg secrets, these secrets are used to store credentials for Docker registries. However, the credentials are stored in a JSON file instead of a .dockercfg file.
- Basic auth Secrets: These secrets are used to store credentials for basic authentication. Basic authentication is a simple authentication scheme that is often used for HTTP basic access authentication.
- Ssh auth Secrets: These secrets are used to store SSH private keys. This allows pods to authenticate with remote servers over SSH.
- Tls Secrets: These secrets are used to store TLS certificates and keys. This allows pods to communicate with other pods and services over TLS.
- Token Secrets: These secrets are used to store bootstrap tokens. Bootstrap tokens are used to initially bootstrap a Kubernetes cluster.
You can create a secret by defining a secret Kubernetes object using YAML or with the kubelet command tool.
Using kubelet:
With Kubelet, you can create a simple create command to create s secret where you simply have to name the secret and the data. The data then can easily be passed in using a literal or a file.
kubectl create secret generic admin-credentials --from-literal=user=poweruser --from-literal=password='test123'
Then the exact functionality via a file may appear like this.
echo -n 'poweruser' > ./username.txt
echo -n 'test123' > ./password.txt
kubectl create secret generic admin-credentials--from-file=./username.txt --from-file=./password.txt
You can also give multiple files at once with the help of a folder.
kubectl create secret generic admin-credentials --from-file=/creds
Using definition files:
Just like any other Kubernetes objects, you can also define secrets using a YAML file.
apiVersion: v1
kind: Secret
metadata:
name: secret-apikey
data:
apikey: YWRtaW4=
The secret has a key-value pair of your crucial information and apiKey is a key.
Plus, you can use the apply command to create a secret.
kubectl apply -f secret.yaml
In case you need to provide plain data and allow Kubernetes to manage the encoding for you, simply use the stringData attribute instead.
apiVersion: v1
kind: Secret
metadata:
name: plaintext-secret
stringData:
password: test
Since Kubernetes plays a big role in easing the development, testing, and deploying pipelines in the DevOps Managed Services, you must explore the best DevOps courses available online.
Namespaces
In Kubernetes, a namespace is a virtual cluster that groups objects together. Namespaces provide a way to divide cluster resources between multiple users by providing each user with their own virtual cluster. This way, each user can have their own set of objects, without having to worry about name collisions.
Each object in a namespace is given a unique identifier that includes the namespace name. For example, an object in the "default" namespace would have an identifier of "default:myobject". This ensures that there can be no collisions between objects in different namespaces.
In addition, namespaces can be used to control access to resources. For example, a user may only have read access to the "default" namespace, but they may have full access to their own personal namespace. This allows administrators to fine-tune permissions and give users only the access they need.
An example of Namespace with a manifest:
File: my-namespace.yaml |
---|
1 | apiVersion: v1 |
2 | kind: Namespace |
3 | metadata: |
4 | name: my-app |
Issue the create command to create the Namespace:
kubectl create -f my-namespace.yaml
Check out an example of a Pod with a Namespace:
File: my-apache-pod-with-namespace.yaml
File: my-apache-pod-with-namespace.yaml |
---|
1 | apiVersion: v1 |
2 | kind: Pod |
3 | metadata: |
4 | name: apache-pod |
5 | labels: |
6 | app: web |
7 | namespace: my-app |
8 | spec: |
9 | containers: |
10 | - name: apache-container |
11 | image: httpd |
Use the -n flag, to retrieve resources in a specific Namespace,
kubectl get pods -n my-app
Now, you may see a Pods list within your namespace:
NAME READY STATUS RESTARTS AGE
apache-pod 1/1 Running 0 7s
Use the --all-namespaces flag, to view Pods in all Namespaces,
kubectl get pods --all-namespaces
Issue the delete namespace command to delete a namespace.
kubectl delete namespace my-app
Simplifying Kubernetes with Docker Compose
If you come from the Docker community, you might find it easier to work on Docker compose files. Here comes Kompose into play. It enables you to convert your Kubernetes docker compose file with the help of a CLI (command line interface).
Installing Kompose:
Mac and Linux users need to curl the binaries in order to install Kompose.
# Linux
curl -L https://github.com/Kubernetes/kompose/releases/download/v1.21.0/kompose-linux-amd64 -o kompose
# macOS
curl -L https://github.com/Kubernetes/kompose/releases/download/v1.21.0/kompose-darwin-amd64 -o kompose
chmod +x kompose
sudo mv ./kompose /usr/local/bin/kompose
You can download an executable on Windows as well and just run it.
Deploying using Kompose:
Here is an example using the following compose file.
version: "2"
services:
redis-master:
image: k8s.gcr.io/redis:e2e
ports:
- "6379"
redis-slave:
image: gcr.io/google_samples/gb-redisslave:v1
ports:
- "6379"
environment:
- GET_HOSTS_FROM=dns
frontend:
image: gcr.io/google-samples/gb-frontend:v4
ports:
- "80:80"
environment:
- GET_HOSTS_FROM=dns
labels:
kompose.service.type: LoadBalancer
Kompose also allows deployment of configuration via a simple command.
kompose up
Now you should see the created resources.
kubectl get deployment,svc,pods,pvc
Converting a Compose file to Kubernetes Objects:
Kompose can also convert your current Docker Compose file into the Kubernetes object.
Use the apply command to deploy the app
kubectl apply -f filenames
Deploy an Application
To deploy a demo app, you first have to clone the repository.
git clone https://github.com/TannerGabriel/nestjs-graphql-boilerplate.git
Pushing the images to a Registry:
Before creating the Kubernetes objects, it is first important to push the images to a publicly available Image Registry. You can do it via your own private registry or a public registry like DockerHub.
Just add the image tag to push the image with the registry you need to push it to in your Compose file.
version: '3'
services:
nodejs:
build:
context: ./
dockerfile: Dockerfile
image: gabrieltanner.dev/nestgraphql
restart: always
environment:
- DATABASE_HOST=mongo
- PORT=3000
ports:
- '3000:3000'
depends_on: [mongo]
mongo:
image: mongo
ports:
- '27017:27017'
volumes:
- mongo_data:/data/db
volumes:
mongo_data: {}
Creating the Kubernetes objects:
After pushing the image to a registry, now you need to write Kubernetes objects.
First, create a new directory for storing the deployments.
mkdir deployments
cd deployments
touch mongo.yaml
touch nestjs.yaml
Now, the deployment will look like this.
apiVersion: v1
kind: Service
metadata:
name: mongo
spec:
selector:
app: mongo
ports:
- port: 27017
targetPort: 27017
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongo
spec:
selector:
matchLabels:
app: mongo
template:
metadata:
labels:
app: mongo
spec:
containers:
- name: mongo
image: mongo
ports:
- containerPort: 27017
The label Mongo is nothing but a single MongoDB container. The file also contains a service through which you can make port 27017 available to the Kubernetes network.
You may find the Nest.js Kubernetes object complicated as the container required some additional configuration.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nestgraphql
spec:
replicas: 1
selector:
matchLabels:
app: nestgraphql
template:
metadata:
labels:
app: nestgraphql
spec:
containers:
- name: app
image: "gabrieltanner.dev/nestgraphql"
ports:
- containerPort: 3000
env:
- name: DATABASE_HOST
value: mongo
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
---
apiVersion: v1
kind: Service
metadata:
name: nestgraphql
spec:
selector:
app: nestgraphql
ports:
- port: 80
targetPort: 3000
type: LoadBalancer
The service may also use a load balancer so that the host machines get access to the ports.
Deploying the application:
After the Kubernetes object files are ready, it is time to deploy them using kubectl.
kubectl apply -f mongo.yaml
kubectl apply -f nestjs.yaml
Now you can access the GraphQL playground on localhost/graphql.
GraphQL playground
So, now you have finally deployed an application on Kubernetes.
Also, since Kubernetes can benefit a lot from Docker and vice versa, check out the best Docker and Kubernetes certification online to enhance your skills like a pro.
Conclusion
Kubernetes is an open-source system for managing containerized applications across many servers. It has a wide variety of features and can be used for a variety of purposes, from developing and testing new applications to deploying them in production. In this guide, we’ve covered all you need to know about Kubernetes including Kubernetes meaning, how it works, and how you can use it to your advantage. From installation to scaling your deployments, we hope you find it useful.