Mastering Kubernetes: An Ultimate Guide to Containerized Application Management

What is Kubernetes?

Kubernetes (k8s) is an open-source platform for managing containerized applications and handling tasks like scaling, self-healing, service management, load balancing, deployment, storage orchestration, and updates and rollbacks.

The below diagram explains the use cases for Kubernetes:

‍

‍

Containerization and orchestration are both different.

1. Containerization is executing an application.
2. Orchestration means managing deletion, recreate, scale up, and scale down the containers.

‍

Nodes

‍

A Kubernetes cluster consists of nodes. Nodes can be physical or virtual machines and are divided into two types: master nodes and worker nodes.

Master Node (Control Plane)

• The master node is responsible for managing the overall state of the cluster.
• Components on the master node include the API server, etc., controller manager, and scheduler.

Worker Node

• Worker nodes, also known as minions, are responsible for hosting the containers that execute the actual applications.
• Each worker node has the Kubelet, Kube Proxy, Pods, and Container runtimes.

Master Node Components and Processes

API Server

• It is used to receive the incoming request.
• It exposes the K8s API and serves as the front end for the k8s control plane.

ETCD (Extended/Enhanced Distributed Database)

• ETCD is an IN memory in the k8s cluster, which we can call the k8s database.
• It is a distributed key-value store that is used to store the cluster's configuration data, state, and metadata.

Scheduler

Assigns pods to nodes based on resource availability and constraints.

Controller Manager

• Manages various controllers that regulate the state of the cluster's resources to maintain the desired state.
• Examples include ReplicationController (ensures a specified number of pod replicas) and NodeController (monitor node status).

Worker Node Components and Processes

Kubelet

• It is a node agent that runs on each worker node.
• It will maintain all the information related to the worker node.‍
• Example: The health of the worker node, how many applications are running in the worker node, how many containers are running in the worker node, etc., all the details are maintained by Kubelet in the worker node.

Kube Proxy

Kube-proxy manages network rules for pods and services, abstracting service IP addresses and providing load balancing across pods for high availability.

Container Runtime

• It is the software responsible for running containers.
• Interfaces with the Kubelet, the primary node agent in Kubernetes, to start, stop, and manage containers as part of the Kubernetes cluster.

‍

Advantages of Kubernetes

‍

• Scalability: Kubernetes allows you to easily scale your application based on demand, ensuring efficient resource utilization without manual intervention.
• High availability: Kubernetes automates health checks and restarts for failed containers, along with load balancing, to keep your application available even in case of failures.
• Portability: Kubernetes abstracts the underlying infrastructure, enabling consistent deployment across different environments, and reducing vendor lock-in.
• Resource efficiency: Kubernetes dynamically allocates resources based on application needs, minimizing wastage and reducing costs.
• Automation: Kubernetes automates deployment, scaling, and management tasks, speeding up application delivery.
• Ecosystem: Kubernetes has a rich ecosystem of tools and services for monitoring, logging, and networking, enhancing its capabilities for building complex applications.

What is a POD?

‍

A POD is the fundamental unit in a Kubernetes cluster where containers are deployed. Each POD encapsulates one or more containers and always operates within a Node. Essentially, a POD represents a running process and can consist of multiple containers running on a single Node. It's possible to create multiple PODs on a single Node, and each POD is assigned a unique IP address.

We can create PODS in 2 ways:

1. Imperative Approach
2. Declarative Approach (Manifest YAML)

Example - Kubernetes POD Manifest YML

apiVersion: v1 

kind: Pod 

metadata: 

  name: my-webapp-pod 

  labels: 

    app: my-webapp 

spec: 

  containers: 

  - name: web-server-container 

    image: nginx 

    ports: 

    - containerPort: 80 

 

 

‍

‍

‍Note: Labels are nothing but unique identifiers to identify the pod.

We can’t access PODS outside. We need to expose the pod for outside access using the Kubernetes service concept.

‍

Kubernetes services

Kubernetes Service is used to expose the PODS outside the Cluster.

Types of K8s services

• ClusterIP
• NodePort
• LoadBalancer
• ExternalName

We need to write a Service manifest Yaml to expose PODS.

‍

apiVersion: v1 

kind: Service 

metadata: 

  name: my-service 

spec: 

  type: NodePort 

  selector: 

    app: my-webapp 

  ports: 

  - port: 80 

    targetPort: 80 

‍

‍

We can see service information and the Node Port number assigned by K8s.

Note: Enable the Node Port number in the Security Group of the worker node in which our POD is Running.

PODS are Ephemeral.

Pods are short-lived Objects.

We are not using POD IP, because POD IP will change when it is re-created.

‍

‍

The above diagram explains these four topics:

Cluster IP

• When we create PODS, Every Pod will get unique IP addresses.
• We can access POD inside the cluster using its IP addresses.
• Note: PODS are short-lived objects, When POD is recreated its IP will be changing so we can’t depend on POD IP to access.
• To Expose POD within the Cluster we can use ClusterIP Services.
• ClusterIP will generate one static IP address to access our POD within the Cluster.
• Note: ClusterIP will not change even when PODs are re-created.

‍

apiVersion: v1  

kind: Service  

metadata:  

  name: my-service  

spec:  

  type: ClusterIP  

  selector:  

    app: my-app  

  ports:  

  - port: 80  

    targetPort: 8080 

‍

‍

NodePort

• Node Port service is used to expose our pod Outside Cluster.
• When we use NodePort Service, we can specify NodePort Number in the Service Managements File.
• If we don’t specify the node port number. Kubernetes with assign a random port number for our service.
• NodePort ranges from 30,000 to 32,767.

‍

‍

apiVersion: v1 

kind: Service 

metadata: 

  name: my-service 

spec: 

  type: NodePort 

  selector: 

    app: my-app 

  ports: 

    - port: 80 

      targetPort: 80 

      nodePort: 30001 

 

‍

‍

Access Application in the browser (Make sure the Port number is enabled in the security group)

URL: httpd://node-public-ip:node-port-numer

‍

Load Balancer

• It is one type of Kubernetes service.
• It is used to expose our pods outside the cluster using a load balancer.
• When we use a load balancer as a service type then, one load balancer will be created in AWS Cloud.
• Using the LoadBalancer URL, we can access our application.
• LoadBalancer will distribute the traffic to multiple worker nodes in Round Robbin Fashion.

Advantage of LoadBalancer Service Type

• Load will be distributed to all the pods available in the all the worker nodes.
• If we are using the NodePort service, the request will always be sent to the same worker node, and the server burden will be increased.
• For distributing the load, we can use a load balancer service.

‍

‍

apiVersion: v1 

kind: Service 

metadata: 

  name: my-service 

spec: 

  type: LoadBalancer 

  selector: 

    app: my-app 

  ports: 

  - port: 80 

    targetPort: 80 

‍

‍

ExternalName

• ExternalName services in Kubernetes link a service to a DNS name using spec.externalName.
• They return a CNAME record pointing to the specified DNS name when queried.
• Unlike other services, they don't proxy requests.
• ExternalName services are commonly used to represent external data stores like databases.
• They enable communication between pods in different namespaces as if the service were local.

‍

Differences between each service

• ClusterIP: This type of service exposes a service that is only accessible from within the Kubernetes cluster.
• NodePort: NodePort exposes a service using a static port on each node's IP address, making the service accessible externally.
• LoadBalancer: LoadBalancer exposes the service using the cloud provider's load balancer, allowing external access to the service.
• ExternalName: ExternalName maps a service to a predefined ExternalName field, returning a value for the CNAME record, but does not provide any kind of proxying.

K8s Namespaces

‍

• Namespaces are used to group our Kubernetes components logically.
• We can create multiple namespaces in the k8 cluster
• Namespaces are logically isolated from each other.
• In Kubernetes we will have below namespaces by default.
  1. default
  2. kube-node-lease
  3. kube-public
  4. kube-system

Note: It is not all recommended to create PODS manually.

Always create the pods using below K8 components & resources:

1. ReplicaSet
2. Deployment
3. StatefulSet
4. DaemonsSet

‍

‍ReplicaSet

• ReplicaSet is a replacement for Replication Controller (it is a next-generation components in K8s).
• ReplicaSet is also used to manage the POD life cycle.
• ReplicaSet also maintains the given number of pods.
• We can scale up and scale down our pods using ReplicaSet also.
• Replication controller supports equality-based selector.

Note: The only difference between Replication controller and ReplicaSet is the ‘selector’.

Pods within a ReplicaSet can be identified using multiple labels. These labels are configured as a set for the selector, allowing for precise selection of pods within the ReplicaSet.

‍

Deployment

• Deployment is one of the K8s resource/components.
• Deployment is the most recommended approach to deploy our application in the k8s cluster.
• Using Deployment, we can scale and scale down our pods.
• Deployment supports Roll Out (latest code) and Roll Back (go to the old version).
• We can deploy the zero downtime of our application.

Note: When deploying the latest code using a ReplicationController or ReplicaSet in Kubernetes, downtime may occur. This is because you must delete the existing ReplicationController or ReplicaSet, which in turn deletes the pods associated with it. During this process, the application will be down until the new pods are created and start running.

We can deploy the latest code with zero downtime using “Deployment.”

‍

‍Benefits of using Deployment

• Zero downtime Deployment
• Rollout and Rollback
• Auto Scaling

‍

Deployment strategies

We have two strategies:

• Re-create
• Rolling update.

Recreate means it will delete all the existing pods and it will create new pods (downtime will be there).

Rolling Update strategy, it will delete the pod and create new pods one by one.

Note: if you don’t specify Re-create Deployment strategy, then by default it will consider it as a Rolling Update.

‍

Config Map

• Config map and secrete are used to avoid hard coded properties in the application.
• Config map is used to store in key value pair (non-confidential data).
• Config map allows us to de-couple application properties from docker images so that our application is deployed into any environment without making any changes to our docker images.

‍

Example ConfigMap Yaml fileex

‍

apiVersion: v1 

kind: ConfigMap 

metadata: 

  name: my-configmap 

data: 

  key1: value1 

  key2: value2 

‍

‍

Note: Config map will make the docker image portable.

Secret

• Secret is also one of the k8 resources.
• Secret is used to store confidential data in a key-value format (ex: password).
• Secret is used to store confidential data in encrypted format.

‍

apiVersion: v1 

kind: Secret 

metadata: 

  name: my-secret 

type: Opaque 

data: 

  username: <base64-encoded-username> 

  password: <base64-encoded-password> 

‍

‍

StatefulSet

• StatefulSet is a Kubernetes controller used to manage stateful applications as containers (pods) in a Kubernetes cluster.
• StatefulSet assign a unique and sticky identity, starting from zero to each pod instead of generating random IDs for each replica pod.
• When creating a new pod, StatefulSets clones the data from the previous pod. If the previous pod is in a pending state, the new pod will not be created. When deleting a pod, StatefulSets deletes pods in reverse order, not in random.

The below table from kubermatic, showcases the difference between StatefulSet and Deployment.

‍

‍

DeamonSet

• It is a K8 resource to create the Pods.
• Deamon creates copy of the pod in each worker node.
• When we add a node to the cluster then a pod will be created, if we remove a node from the cluster then the pod will be deleted.
• DaemonSets are useful for deploying and managing daemons or services that need to run on every node in a Kubernetes cluster.

‍

Some Typical uses of a DeamonSet

• Running a Cluster storage demon on every node.
• Running log collection daemon on every node.
• Running a node monitoring daemon on every node.

‍

How to Setup Kubernetes on the Cloud

‍

1. Install a Container Runtime: Install a container runtime like Docker on all nodes to manage containers.
2. Select a Deployment Tool: Choose a tool such as kubeadm, kops, or kubespray to install and manage the Kubernetes cluster.
3. Choose a Networking Solution: Select a software-defined networking (SDN) solution like Flannel, Calico, or Weave Net for communication between containers and cluster components.
4. Set Up the Master Node: Install Kubernetes control plane components (API server, controller manager, scheduler) on a dedicated master node.
5. Set Up Worker Nodes: Install kubelet and kube-proxy on worker nodes where applications will run.
6. Configure Networking: Configure network interfaces, IP addresses, and routing rules on all nodes.
7. Join Worker Nodes: Use the deployment tool to add worker nodes to the cluster and ensure they communicate with the master node.
8. Test Your Cluster: Deploy an application using kubectl to verify cluster functionality and communication.
9. Secure Your Cluster: Implement Kubernetes security features like network policies, RBAC, and secrets management.
10. Monitor and Maintain: Regularly monitor cluster performance, update and patch as needed, and scale resources appropriately.
11. Consider Managed Services: Managed Kubernetes services from cloud providers (e.g., GKE, EKS, AKS) can simplify setup and maintenance tasks.

‍

Using kubectl to Retrieve Cluster Information

‍

‍

‍

‍

Overview of Kubernetes Resources

‍

‍

‍

‍

Browser Display: Visual Representation of Kubernetes Cluster State

‍

‍

‍

‍

Empower your Kubernetes journey with these essential commands at your fingertips. Happy deploying!

kubernetes-cheat-sheet

‍