Open in app

Sign in

Write

Sign in

Kubernetes for Dummies — Part 2: Understanding Kubernetes

Allan John
6 min readJun 5, 2021

Introduction

In Part 1, we saw what is the purpose of kubernetes and some use cases on how Kubernetes can be useful. Now the next step will be understanding Kubernetes related stuff

Everything in Kubernetes are called objects. They are all created by Kubernetes API. Lets take a look at the most common objects in Kubernetes to understand and get to know

Objects

Pod

This is the smallest unit in Kubernetes. A pod is a group of one or more containers with shared resources like network and storage. In more Linux terms, A pod is a group of shared namespaces and cgroups with other isolation configurations, just like for any other container

Single container pods are with one container inside the pod.

For ex: An Nginx Pod can contain a container with the Nginx docker image

Multi- container pods are sometimes run due to the need for such a service. For ex:

  • an init container to populate the config for the app container to run
  • A sidecar container to run along with the app container, kind of a helper container

What to understand here is that, do not use a single pod to host a single monolithic application. For example, It does not make sense to run a pod with a frontend, an application layer end and a database together. Thats just not good or completely stupid.

Services

Pod as it is running cannot be accessed by simply running in the cluster. Service enables to create a network connectivity to make the pod communicate from within the cluster or external.

How does the service make communication available?

Each service when created, will be assigned a unique IP address. This is called ClusterIP. This address is tied to the service till the lifespan of the service. Each service will be backed with a pod or a set of pods. All communications to the service will be redirected to the pods like a loadbalancer redirects traffic to each instance.

Each pod has a unique IP address and ports that are exposed with it. These are called endpoints. This endpoints are continuously monitored. In an event if one of the pod fails the health check, the endpoint is removed.

By default when a service is created, the service type is ClusterIP. This means the service will be available only within the cluster. To expose the service, the type can be changed to NodePort. This will enable to expose the service externally outside the cluster using the IP address of the server and the port number of the NodePort.

The next type is Loadbalancer. This is useful in a cloud environment setup where the service can be exposed to internet with the help of Loadbalancers from Cloud providers. For on-premise solution Loadbalancer service can be mimicked with help of tools like MetalLB

Namespace

Most of the time, there is requirement where we need to deploy same application in the cluster or deploy applications from different teams. Since Kubernetes is a cluster, there is an option that we can create virtual clusters, to separate different environments, teams, or applications. This is called Namespace.

A simple Pod and service deployed in a Namespace

Replicaset

Running a pod is a good idea, but what if the pod fails? Replicaset comes here, where it ensures to make the number of pods available running on the cluster. If one pod crashes due to any application issues, Replicaset with spin up a new pod and remove the crashed pod.

Replicaset is defined with a set of labels, including a selector that specifies how to identify the pods.

Deployment

Deployment under the hood is just a Replicaset, which ensures number of Pods to be available all the time. In addition to it, Deployment also allows the rollout and rollback of the deployment, which is a nice must have for an application deployment.

When a new version needs to be released, a rollout event is triggered, which will create a new Replicaset with the replicas. If the pods in the new Replicaset is successfully deployed without problems, then the old Replicaset will be removed along with the old pods. The rollout strategy can be defined along with the percentage to rollout.

StatefulSet

Deployments are very good for stateless applications where we can get the storage on demand and there is no issue when those storage is destroyed. What about stateful applications, like cluster based applications? Statefulsets are good for this purpose, where the state of the application is really important and need to be persisted across nodes.

Deployment rolling out new version of an application

Role / Clusterrole

When deploying stuff on Kubernetes, security or access should also be not taken lightly. To secure the access, we can create a Role. If the access to be provided is restricted only to a namespace, it is a Role. If the access to be provided is a cluster wide, then it is a Cluster Role

Roles are set of permissions on what to do.

Service account

When users want to connect to Kubernetes cluster, they need to make use of a Kubeconfig file. This config file contains information about the certificates to connect to the cluster. What if we need to create “technical user” for applications or services to have access each other? Thats when we use Service accounts.

Role binding / Clusterrole binding

We understood what is role and service account or user. How to attach or bind the role to the service account? Thats where the bindings come into play. If the binding is namespaced, then it is called Role binding and if the binding is cluster wide, then its a Clusterrole binding

The Role bindings are simple, a role and a resource, service account or user to bind the role to.

Persistent Volumes / Persistent Volume Claims

The next important object is storage related. When we need to mount volumes to the containers in pods, we use PV (Persistent Volume) or PVC (Persistent Volume Claims). For storage, we define a PV first, this is to create a storage class or define the type of volume to create. This can be a hostpath or a disk from a cloud provider

When a PV is defined, then PVC can be claimed when there is a need from the the PV created before. In cloud solutions, we can create PVCs without creating PVs by adding storage class in the PVC.

ConfigMaps / Secrets

This is one of the interesting object I have liked. When we need to provide configuration or secrets as files into a pod, we have the option of using PVs. But they are recommended to use without data, so that every time a pod spins up, there is a fresh volume. ConfigMap is way of passing configurations into the pod, where the configurations are created as a key value pair and the configuration is mounted as a file in a location on the pod. Secrets also works the same way, except they are base64 encoded values

Some may argue that base64 encoded values are not really secure. For simple or small use-cases this is perfectly fine. For really secure secrets, its advisable to use other secret storing mechanisms like Hashicorp Vault, Azure Key vault, Amazon KMS.

These are the basic objects that we need to understand, before diving deep into Kubernetes and stuff. Some of the next objects to look for are:

  • Daemonsets: Ensures that a single pod of an application is deployed on all nodes in the cluster
  • Jobs: To run any particular jobs or tasks
  • Cronjobs: To run cronjobs
  • NetworkPolicy: To create network policy for restricted use. This depends on the CNI plugin (or the networking tool) used in the Cluster.
  • Certificates: For creating certificates for securing communication

and much more…

Conclusion

This document will provide information about how to dip your feet in to the world of Kubernetes. Although this is not everything, but this can pave way to start Kubernetes. There is a lot of other objects to learn, which I am sure you can find it when you start playing with Kubernetes

Kubernetes
DevOps
Container Orchestration
Containers
Kubernetes Object

--

--

Allan John

Written by Allan John

117 Followers

Passionate DevOps and Automation Engineer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams