Introduction

Containers

This all started with VMWare where the total resource could be divided up to run more than one application on difference virtual machines. But VMWare required an OS on every machine and licenses in the case of Windows. They also needed managing, e.g. patching, Anti-virus and patching. Along came containers which shared the OS.

Docker

Docker Inc. Docker is a company which gave the word technology for containers. They are now a company which provides services around the company.

Docker is Open source and known as Community Edition (CE). The company Docker releases an Enterprise Edition (EE).
The general approach is to

• Create an image (docker build)
• Store it in a registry (docker image push)
• Start a container from it (docker container run)

The differences between EE and CE are shown below

Kubernetes

Kubernetes came out of Google and Open Source. Greek for helmsman or k8s (Kates). Kubernetes is an orchestrator and can schedule, scale and update containers. There are alternatives like Docker Swarm

Architecture

Overview

Apps are put in a container, wrapped in a pod and deployment details. They are provisioned on a Node inside a K8s Clustoer

Master

In general these are a hosted services on the cloud but you can run them locally on a linux box.

• This is the front-end to the control plane
• It exposes a RESTFul API consuming JSON and Yaml
• We send manifests describing our apps to this

The Cluster Store for users with large changes often separate this

The controllers controls

• Node Controller
• Deployment controller
• Endpoints/EndpointSlice

The scheduler

• Watches for new work
• Assigns Work to the cluster nodes

Kubernetes Nodes

Now its time for the Nodes

Kubelet

The Kubelet is the Main Kubernetes agent it

• Registers node with the cluster
• Watches API Server for work tasks (Pods)
• Executes Pods
• Reports to the master

Container Runtime

• Can be Docker
• Pluggable via Container Runtime Interface (CRI)
• Generally is Docker or containerd, other like gVisor and katacontainers exist
• Does the stop and starting of containers

Kube Proxy

• The Networking Component
• Does light-weight load balancing

Declarative Model/Desired State

We describe what we want the cluster to look like but we do not care how it happens. Kubernetes constantly checks the desired state matches the observed state.

Pods

A pod is a shared execution environment and can container one or more containers. It is the Pod which has a unique IP. Containers within the same pod must allocate unique ports if they are to talk to each other or the outside world. The same for volumes etc.When scaling you scale Pods not Containers.

Multi container Pods are for two different but complimentary containers which need to be aligned. An example of this might be a service mesh. For example the mesh container could be responsible for encryption or decryption. Note Deployment of Pods is atomic

Pods provide

• Annotations
• Labels
• Policies
• Resources
• Co-scheduling of contianers

and other Metadata.

Kubernetes Service Objects

As mentioned the IP address are provided for each Pod. However Pods die, we scales up and down and it would not be practical to use them so Kurbenetes provides the Service object which is describe in the deploymennt. With the use of labels the Service object knows which pods to send traffic to. By either removing labels from the pod the objects can be match generically.

In the example below both 1.3 and 1.4 will be matched of the Pods. Equally we could add a version to the service object and the unmatched version would not be used.
Service objects

• Only Send traffic to healthy Pods
• Can do session affinity (Sending of subsequent requests to the same Pod)
• Can send traffic to endpoints outside of the cluster
• Can do TCP and UDP

Kubernetes API Server

This is the API which exposes and RESTFul API. It exposes the various objects handles the requests. The objects are broken up into various sub categories. We use the command line kubectl to control this.