DevOps Shack

Kubernetes Architecture: A Deep Dive

Click Here To Enrol To Batch-6 | DevOps & Cloud DevOps

Introduction to Kubernetes
Kubernetes, often abbreviated as K8s, is an open-source container orchestration
platform designed to automate the deployment, scaling, and management of
containerized applications. Initially developed by Google, Kubernetes has become
the de facto standard for container orchestration and is now maintained by the
Cloud Native Computing Foundation (CNCF). This deep dive will explore the intricate
details of Kubernetes architecture, providing textual diagrams to enhance
understanding.

Overview of Kubernetes Architecture

Kubernetes architecture is based on a master-slave model, comprising several
components that work together to ensure the seamless operation of containerized
applications. The primary components of Kubernetes architecture include:

1. Master Node
2. Worker Nodes
3. Kubernetes Objects

Each of these components has specific roles and responsibilities, which we will
explore in detail.
Master Node
The master node is the brain of the Kubernetes cluster, responsible for managing the
state of the cluster, scheduling applications, and orchestrating the operations of
worker nodes. The master node comprises several key components:

1.1 API Server

The API Server is the central management entity that exposes the Kubernetes API. It
serves as the front end of the Kubernetes control plane and handles all RESTful API
requests. The API Server is responsible for validating and processing API requests,
updating the state of the cluster, and interacting with other control plane
components.

Textual Diagram:

+---------------------+
| API Server |
|---------------------|
| - Handles REST API |
| - Validates requests|
| - Updates cluster |
+---------------------+

1.2 etcd

etcd is a distributed key-value store used to store all cluster data, including
configuration details, state information, and metadata. It provides a reliable way to
store and retrieve data, ensuring consistency and availability across the cluster.

Textual Diagram:

+---------+
| etcd |
|---------|
| - Stores|
| cluster|
| state |
+---------+

1.3 Controller Manager

The Controller Manager is responsible for running various controllers that regulate
the state of the cluster. Controllers are control loops that continuously monitor the
state of the cluster and make necessary adjustments to achieve the desired state.
Textual Diagram:

+-----------------------+
| Controller Manager |
|-----------------------|
| - Node Controller |
| - Replication Controller |
| - Endpoint Controller |
| - Service Account Controller |
+-----------------------+

1.4 Scheduler

The Scheduler is responsible for assigning pods to available nodes based on resource
requirements, constraints, and policies. It ensures that pods are efficiently placed on
nodes to optimize resource utilization and performance.

Textual Diagram:

+-----------+
| Scheduler |
|-----------|
| - Assigns |
| pods to |
| nodes |
+-----------+

Worker Nodes
Worker nodes are the machines where the actual application workloads (containers)
run. Each worker node has several essential components that enable it to run and
manage containers.

2.1 Kubelet

The Kubelet is an agent that runs on each worker node, responsible for managing the
lifecycle of containers. It ensures that containers are running as expected, and it
communicates with the API Server to receive instructions and report back the status.

Textual Diagram:

+---------+
| Kubelet |
|---------|
| - Manages|
| containers |
| - Communicates |
| with API |
+---------+
2.2 Container Runtime

The Container Runtime is the software responsible for running containers.

Kubernetes supports several container runtimes, with Docker being one of the most
common. The container runtime pulls container images, starts and stops containers,
and manages container storage and networking.

Textual Diagram:

+-----------------+
| Container Runtime |
|-----------------|
| - Runs containers |
| - Manages storage |
| and networking |
+-----------------+

2.3 Kube-Proxy

The Kube-Proxy is a network proxy that runs on each worker node. It maintains
network rules and manages network communication between pods and services. The
Kube-Proxy ensures that each service is accessible and handles load balancing and
network routing.

Textual Diagram:

+-----------+
| Kube-Proxy|
|-----------|
| - Manages |
| network |
| communication |
| - Handles load |
| balancing |
+-----------+

Kubernetes Objects
Kubernetes uses a variety of objects to represent the state and configuration of the
cluster. These objects define the desired state of the system and Kubernetes works to
maintain this state. Key Kubernetes objects include:

3.1 Pods

Pods are the smallest and most basic deployable units in Kubernetes. A pod
represents a single instance of a running process in a cluster and can contain one or
more containers that share the same network namespace and storage.
Textual Diagram:

+------+
| Pod |
|------|
| - One or more |
| containers |
| - Shared network |
| and storage |
+------+

3.2 Services

Services define a logical set of pods and a policy to access them. They provide a
stable network identity and enable load balancing across the pods. Services decouple
the pod discovery mechanism from the actual implementation, allowing for dynamic
scaling and management of pods.

Textual Diagram:

+-----------+
| Service |
|-----------|
| - Defines set |
| of pods |
| - Provides network |
| identity |
| - Enables load |
| balancing |
+-----------+

3.3 Deployments

Deployments provide declarative updates to applications. They define the desired

state for a set of pods and ensure that the current state matches the desired state.
Deployments allow for rolling updates, rollbacks, and scaling of applications.

Textual Diagram:

+--------------+
| Deployment |
|--------------|
| - Defines desired |
| state of pods |
| - Manages updates |
| - Supports scaling|
| and rollbacks |
3.4 ConfigMaps and Secrets

ConfigMaps and Secrets are used to manage configuration data and sensitive
information, respectively. ConfigMaps store non-sensitive data, while Secrets store
sensitive data such as passwords and API keys. These objects decouple configuration
and secret management from the application code.

Textual Diagram:

+-------------------+
| ConfigMaps & Secrets |
|-------------------|
| - Manage configuration |
| data and secrets |
| - Decouple data from |
| application code |
+-------------------+

Kubernetes Networking
Kubernetes networking is a critical aspect of the architecture, ensuring that
containers can communicate with each other and with external services. Kubernetes
employs several networking models and plugins to manage networking.

4.1 Cluster Networking

Cluster networking provides a flat network where all pods can communicate with
each other without NAT. Each pod gets a unique IP address, and network policies can
be used to control traffic flow.

Textual Diagram:

+-----------------------+
| Cluster Networking |
|-----------------------|
| - Flat network model |
| - Unique IP for each |
| pod |
| - Network policies |
+-----------------------+

4.2 Service Networking

Service networking enables communication between services and external clients.

Kubernetes uses kube-proxy to manage service IPs and handle load balancing and
routing.
Textual Diagram:

+-----------------------+
| Service Networking |
|-----------------------|
| - Manages communication |
| between services |
| - Uses kube-proxy |
| - Handles load |
| balancing and routing |
+-----------------------+

4.3 Ingress

Ingress is an API object that manages external access to services, typically HTTP and
HTTPS. Ingress provides load balancing, SSL termination, and name-based virtual
hosting.

Textual Diagram:

+-------------------+
| Ingress |
|-------------------|
| - Manages external|
| access |
| - Load balancing |
| - SSL termination |
| - Virtual hosting |
+-------------------+

Storage in Kubernetes
Kubernetes abstracts storage management to provide a consistent and flexible way
to handle data. Key components include:

5.1 Volumes

Volumes are directories accessible to containers in a pod. Kubernetes supports

several volume types, including persistent volumes (PVs) and persistent volume
claims (PVCs).

Textual Diagram:

+-----------+
| Volumes |
|-----------|
| - Directories |
| accessible |
| to containers|
| - Supports PVs |
| and PVCs |
+-----------+

5.2 Persistent Volumes and Persistent Volume Claims

Persistent Volumes (PVs) are storage resources provisioned by an administrator,

while Persistent Volume Claims (PVCs) are requests for storage by users. PVCs
abstract the details of how storage is provisioned.

Textual Diagram:

+----------------------------+
| Persistent Volumes (PVs) |
|----------------------------|
| - Storage resources |
| - Provisioned by admin |
+----------------------------+

+----------------------------+
| Persistent Volume Claims |
| (PVCs) |
|----------------------------|
| - Requests for storage |
| - Abstracts storage details|
+----------------------------+

5.3 Storage Classes

Storage Classes define different types of storage available in a cluster. They allow
dynamic provisioning of storage based on specified requirements and policies.

Textual Diagram:

+----------------------+
| Storage Classes |
|----------------------|
| - Define storage |
|

types |
| - Enable dynamic |
| provisioning |
| - Specify policies |
+----------------------+

Security in Kubernetes
Kubernetes provides several features to enhance the security of clusters and
applications.
6.1 Role-Based Access Control (RBAC)

RBAC restricts access to Kubernetes resources based on user roles. It defines roles
and bindings to control who can perform what actions within the cluster.

Textual Diagram:

+--------------------------+
| Role-Based Access Control|
| (RBAC) |
|--------------------------|
| - Restricts access |
| - Defines roles and |
| bindings |
+--------------------------+

6.2 Network Policies

Network Policies control the communication between pods. They specify how pods
are allowed to communicate with each other and with external endpoints.

Textual Diagram:

+------------------+
| Network Policies |
|------------------|
| - Control pod |
| communication |
| - Specify allowed|
| traffic |
+------------------+

6.3 Secrets Management

Secrets management involves securely storing and managing sensitive information

such as passwords, tokens, and keys. Kubernetes provides mechanisms to manage
secrets and ensure they are securely accessed by applications.

Textual Diagram:

+----------------------+
| Secrets Management |
|----------------------|
| - Securely store and |
| manage sensitive |
| information |
| - Provide secure |
| access to secrets |
+----------------------+
Conclusion
Kubernetes is a powerful and complex container orchestration platform that provides
a robust framework for deploying, scaling, and managing containerized applications.
By understanding its architecture and components, developers and operators can
effectively leverage Kubernetes to build scalable and resilient applications. This deep
dive has covered the essential aspects of Kubernetes architecture, including its
master and worker nodes, key objects, networking, storage, and security features.
With this knowledge, you are well-equipped to explore and utilize Kubernetes in your
projects.

Further Reading and Resources

To gain a deeper understanding of Kubernetes, consider exploring the following
resources:

1. Kubernetes Documentation
2. Kubernetes GitHub Repository
3. The Kubernetes Book by Nigel Poulton
4. Kubernetes Up & Running by Kelsey Hightower, Brendan Burns, and Joe Beda
5. Certified Kubernetes Administrator (CKA) Training