k8s Bullet Notes for Beginners

k8s Architecture

Control Plane

What does the control plane do?

• Makes decisions across the entire cluster
• Contains the core components of k8s

Where does the control plane exist?

• The control plane can run on any machine in the cluster

Control Plane Components

• api-server
• etcd
• scheduler
• controller manager

Node Components

• kube-proxy
• kubelet

k8s Resources

Pod

Why did k8s define Pods?

• To provide a unified interface for accessing containers

What is a Pod?

• A Pod is an abstraction of a node, allowing us to not be restricted by the number of physical instances
• The smallest unit of object in k8s
• Each Pod can contain multiple containers
• The same application should not exist in the same Pod
• Containers in the same Pod can communicate through their own network
• Containers in the same Pod can share the same volume

How do we prepare the environment before starting our app?

• Define an init container in the Pod and execute the prerequisite processes inside it

Deployment

Why did k8s design the Deployment object?

• To provide a declarative way to deploy applications

Serving applications in real-world scenarios

• Services should run 24/7
• Single points of failure should be avoided
• The number of Pods should remain constant

What elements make up a Deployment?

• Deployment strategy
• ReplicaSet

Deployment strategy

Recreate

• First terminate all Pods, then create new ones

Rolling Update

• Ensure there is always at least one existing Pod
• This is the default deployment strategy

ReplicaSet

• Load balances the Pods
• Ensures the correct number of Pods
• Manages Pod-level operations

DaemonSet

What does a DaemonSet do?

• Ensures that each node runs the required Pods

Examples

• Network plugins, like Calico
• Pod communication proxy, like kube-proxy
• Monitoring exporters
• Logging collectors

Network Prerequisite Knowledge

Link

1

ip link

• Inspect network interfaces at the data link layer

Switch

1

ip addr

• Inspect network interfaces at the network layer

Route

• Subnetwork resolution
  • 192.168.1.10/24 -> 255.255.255.0 -> from 192.168.1.10 to 192.168.1.255

Hostname and Domain Name

• A host can request the IP through its name
• If the name is not found in the hostname configuration, it will be searched through the domain name

NAT

• Translates internal IPs to external IPs
• IP addresses from external sources don’t have router settings, so NAT is needed

ARP

• Translates IP addresses to MAC addresses

Network Namespace

• Isolates IP definitions from the physical node
• Processes running under the namespace can communicate through network interfaces
• Network interfaces set up by different namespaces can link to each other

How do IPs of each virtual network communicate with each other?

• By setting up a virtual switch (Linux bridge)

How does an IP in a virtual network connect to the internet through the physical host?

• By adding routing through a gateway

k8s Network

Types of IP

• Cluster IP
• External IP

How does k8s discover dynamically adjusting Pods?

• By allocating CoreDNS

What is the responsibility of kube-proxy?

• Bypass request restrictions from firewalls and whitelists
• Load balance incoming requests at the Pod level
• Maintain IP tables on each node