Notes on basic concepts of Kubernetes

Notes on basic concepts of Kubernetes

Kubernetes (K8s) is an open-source system for automatically deploying, scaling, and managing containerized applications. It is an "open-source version" of Google's internal tool Borg ".

Kubernetes is currently recognized as the most advanced container cluster management tool. After the release of Kubernetes 1.0, Kubernetes is growing more rapidly and is fully supported by container ecosystem vendors, this includes coreos and rancher. Many vendors that provide public cloud services also perform secondary development based on Kubernetes to provide infrastructure layer support, such as. It can be said that Kubernetes is also the most powerful competitor of Docker in the container cluster management and service orchestration field (Docker Swarm ).

Kubernetes defines a set of building blocks that can work together to provide a mechanism for deploying, maintaining, and scaling applications. Components that make up Kubernetes are designed to be loosely coupled and scalable, meeting the needs of a variety of different workloads. Scalability is largely provided by the Kubernetes API-it is used as an internal component of expansion and a container running on Kubernetes.

Because Kubernetes is a system composed of many components, it is still difficult to install and deploy Kubernetes, and Kubernetes is developed by Google, many internal dependent packages require access through the wall.

Of course, there are also quick-install tools, such as kubeadm and kubeadm, which are officially provided by Kubernetes to quickly install and initialize Kubernetes clusters. Currently, they are in the initial development status, with the release of each Kubernetes version, it will be synchronously updated. Of course, the current kubeadm cannot be used in the production environment.

1. Kubernetes Architecture

2. Kubernetes features

Kubernetes features:

• Concise: lightweight, simple, and easy to use
• Portable: Public, private, hybrid, multi-cloud)
• Scalable: Modular, plug-in, mount, and combination
• Self-healing: Automatic Layout, automatic restart, and automatic replication

In general:

• Automated container deployment and Replication
• Scale up or down containers at any time
• Groups containers and provides load balancing between containers.
• It is easy to upgrade the new version of the application container
• Container elasticity is provided. If the container fails, replace it.

3. Kubernetes terminology

Kubernetes terminology:

• Master Node: The computer used to control Kubernetes nodes. All task assignments come from this.
• Minion Node: The computer that executes requests and assigns tasks. The Kubernetes host controls the nodes.
• Namespace is an abstract set of resources and objects. For example, Namespace can be used to divide objects in the system into different project groups or user groups. Common pods, services, replication controllers, and deployments all belong to a certain namespace (default), while node and persistentVolumes do not belong to any namespace.
• Pod: a Pod that is deployed on a single node and contains one or more containers. A Pod can be created and scheduled, the minimum deployment unit is managed with Kubernetes. All containers in the same container set share the same IP address, IPC, host name, and other resources. Container Assembly abstracts network and storage from the underlying container, so that you can move containers in the cluster more easily.
• Deployment: a new generation of Pod management objects, Deployment provides more comprehensive functions and is easier to use than Replication Controller.
• Replication Controller: The Replication Controller manages the lifecycle of pods and ensures that a specified number of pods are running at any given time. They do this by creating or deleting pods.
• Service: A Service provides a single and stable name and address for a group of pods. The Service can separate the work definition from the container set, the Kubernetes Service proxy automatically allocates service requests to the correct container set-no matter where the container set is moved to the cluster, even if it has been replaced.
• Labels: labels are used to organize and select key-value-based object groups. They are used for each Kubernetes component.

In Kubernetes, all containers run in the Pod. A Pod can hold a single container or multiple cooperative containers. In the latter case, containers in the Pod are guaranteed to be placed on the same machine and can share resources. A Pod can contain zero or more volume volumes, which are private to a container or can be shared between containers in the Pod. For each Pod created by the user, the system will find a healthy machine with sufficient capacity and start the corresponding container there. If a container fails, it will be automatically restarted by the Kubernetes node agent, which is called Kubelet. However, if a Pod or its machine fails, it will not be automatically transferred or restarted unless you have defined a Replication Controller.

A copy set of pods can form an entire application, a microservice, or a layer of multi-layer applications. Once a Pod is created, the system continuously monitors its health status and the health status of the machine on which it is running. If a Pod is faulty due to software issues or machine faults, the Replication controller automatically creates a new Pod on a healthy machine.

Kubernetes supports a unique network model. Kubernetes encourages you to use a flat address space without dynamically allocating ports. Instead, you can choose any port that suits your needs. To achieve this, it assigns an IP address to each Pod.

Kubernetes provides Service abstraction, which provides a stable IP address and DNS name to correspond to a group of dynamic pods, for example, a Pod of A microservice. This Pod group is defined by the Label selector, because any Pod group can be specified. When a container running in the Kubernetes Pod connects to this address, this connection will be forwarded by a local proxy (called kube proxy ). The proxy runs on the source machine. The destination of the forwarding is a corresponding backend container. The exact backend is selected through the round-robin policy to balance the load. Kube proxy also tracks the dynamic changes of the backend Pod group. For example, when the Pod is replaced by a new Pod on the new machine, the Service IP address and DNS name do not need to be changed.

Each resource in Kubernetes, such as a Pod, is identified by a URI and has a UID. A common component in URI is the object type (such as Pod), object name, and object namespace (namespace ). For a specific object type, each name is unique in its namespace. If an object name is not given in the namespace format, it is the default namespace, UID is unique in the range of time and space.

More about services:

• Service is the abstraction of application services. It provides load balancing and Service discovery for applications through labels. The Pod IP address and port list matching labels constitute an endpoints, and kube-proxy is responsible for balancing the service IP address load to these endpoints.
• Each Service is automatically assigned a cluster IP address (a virtual address that can be accessed only within the cluster) and a DNS name. Other containers can access the Service through this address or DNS, you do not need to know how the backend container runs.

4. Kubernetes Components

Kubernetes components:

• Kubectl: the command line tool on the client. After formatting the accepted command, it is sent to kube-apiserver as the operation portal of the entire system.
• Kube-apiserver: serves as the control entry for the entire system and provides interfaces using rest api services.
• Kube-controller-manager: used to execute background tasks throughout the system, including node status, number of Pods, and association between Pods and services.
• Kube-scheduler (scheduling a Pod to a Node): responsible for Node resource management. It accepts the Pods task created by kube-apiserver and assigns it to a Node.
• Etcd: responsible for service discovery and configuration sharing between nodes.
• Kube-proxy: runs on each computing node and acts as the Pod network proxy. Get the Service information from etcd on a regular basis to implement the corresponding policy.
• Kubelet: runs on each computing node and acts as an agent. It accepts the Pods tasks assigned to the node and manages containers. It periodically obtains the container status and reports the status to kube-apiserver.
• DNS: an optional DNS Service used to create DNS records for each Service object, so that all pods can access the Service through DNS.
• Flannel: Flannel is an Overlay Network tool designed by the CoreOS team for Kubernetes. You need to download and deploy the tool separately. We know that after Docker is started, there will be an IP address for interaction with the container. If it is not managed, the IP address may be the same on each machine, it is limited to communication on the local machine and cannot access Docker containers on other machines. The purpose of Flannel is to re-plan the IP address usage rules for all nodes in the cluster, so that containers on different nodes can obtain the same Intranet IP address without repeated IP addresses, and allow containers on different nodes to communicate directly through the Intranet IP address.

The master node contains components:

Docker
Etcd
Kube-apiserver
Kube-controller-manager
Kubelet
Kube-scheduler

The minion node contains components:

Docker
Kubelet
Kube-proxy

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151127.htm