provides an API, Scheduler, UI, controller and a KV store, all information and state is stored in -> etcd
control plane
Kubelet (Kubernetes Agent) & Docker Engine communication between workers and master over Kube API kube proxy exists on each node handles network
Kinds of objects:
- Pod
- DaemonSet
- Deployment
- Service
Pod = grouping of an app container/s and shared resources like storage/networking and container run config 1 pod 1 instance. to scale horizontally use replication managed via a controller Somewhat like an oldschool single physical/logical host for an app containers within the pod use the pod's IP address as Controllers - RS replicasets used by a deployment as a way to manage pod create delete and update Defined in a pod.yaml, BUT use a deployment to actually deploy/manage pods.
Containers in a pod, can communication with each other via localhost - sidecar. Example would be a webapp in one container and a web server in another container, which work together as an application within the pod.
Deployments are responsible for creating and updating pods Kubernetes will manage the state of those pods based on the definitions provided in the deployment.yaml Deployments can scale up and down to meet demand Deployments can also be rolled back tot an older version or can roll forward (rollout)
Defines a way to access Pods in a consistent way Services find the pod to route traffic to based on the Labels or 'selectors' in the manifest Inside the cluster hey perform load balacing. They can also interact with GKE to create external looad balancers
A service provides service discovery and a vip.
A service is an object/abstraction that defines a service that is provided by a pod or multiple pods names things in DNS, gets virtual IP Cluser Ip or Nodeport routes based on labels enabled access to pods for front end (users) as well as back end (other pods) defined in a services.yaml
Node has a IP, Pod has a cidr range, pod has an IP within the pod cidr pods cidr network flat, all pods on the node accessible to each other
kub volume linked to pod, lifecycle that of the pod, not any container within the pod. Namespace lots of different volume type objects available ie nfs awsebs
The point of name spaces or the benefit of namespaces is resource separation A cluster may contain multiple applications. Namespaces can provide resource isolution or separation between the applications on the cluster.
Base64 encoded at rest Can be attached to a pod. When attached to a pod, automatically decrypted Secrets can be files or $ENV vars
Allows for a single external (external to the cluster) endpoint to route traffic to multiple applications within the cluster
A context is a grouping of three parameters:
- Cluster
- User
- Namespace