What is Kubernates Architecture?
What is Kubernates Architecture?
Each thing managed by Kubernetes is represent by an object model. Object model is having two elements. Kubernetes object is a persistent entity that defines the state of something running in a cluster.
- Object spec: We have to provide an object spec for each object that we wanted to create. It defines desire state of the object by providing the characteristics that we want.
- Object status: The object status is simply current status of the object provided by the Kubernetes control plan.
What are the main components of Kubernetes architecture?
POD:
POD’s are the basic building block for Kubernetes. It is the smallest deployable object in Kubernetes.
POD’s create an environment where containers live and this environment can accommodate multiple containers.
If multiple containers are running in a POD they are tightly coupled and shared resources like networking and storage.
Kubernetes cluster
Kubernetes connect multiple servers into a cluster which includes master node and worker nodes or simply nodes.
Control plan (Master node):
Control plan is the brain of a Kubernetes cluster. Overall functions of control plan in Kubernetes are scheduling containers, managing services and service API request etc.
Nodes in which control plan components are running is called master node. Job of master node is to coordinate with entire cluster.
Control plan component:
Control plan or master node consist of various component like –
- kube-apiserver:
This is the frontend server for the control plane, handling API requests.
- etcd:
This is the database where Kubernetes stores all its information: what nodes exist, what resources exist on the cluster, and so on.
- kube-scheduler:
This decides where to run newly created Pods.
- kube-controller-manager:
This is responsible for running resource controllers, such as Deployments. It continuously monitors the state of the cluster through kube-api-server. Whenever the current state of the cluster does not match with desired state kube-controller-manager will try to make changes to achieve the desire state.
- cloud-controller-manager:
This interacts with the cloud provider (in cloud-based clusters), managing resources such as load balancers and disk volumes.
Nodes:
Cluster member that runs user workload is called worker node. Each node runs a small portion of control plan function too.
Nodes consist of below components:
- kubelet:
When the kube-api-server wants to start a POD on a node, it connects with kubelet of that node. Kubelet uses container runtime to start the POD and monitor it’s lifecycle including readiness, POD status and reports back to the kube-api-server.
- kube-proxy:
This does the networking magic that routes requests between Pods on different nodes, and between Pods and the internet.
- Container runtime:
This actually starts and stops containers and handles their communications. Usually Docker, but Kubernetes supports other container runtimes, such as rkt and CRI-O.
Kubernetes cluster deployment consideration
- Control plan high availability:
Master node should be configured more than one, at least three master nodes for production deployment. In case of any master node failure of control plan function failure Kubernetes cluster should work without any service impact.
- Worker node high availability:
Worker node deployment should be highly available to run workloads uninterruptedly. Cluster should run in case of several worker node failures or even one availability zone failure. There should be some auto provisioning mechanism to heal itself.
- Secure Kubernetes cluster:
It has to be ensured that Kubernetes cluster nodes are accessing each other TLS encryption and trusted certificates.
Users and applications should have minimal rights and permissions for cluster operations.
Need to take care of container security.
Nodes should not have unnecessary access to control plane components.
Access to the underlying etcd database should be properly controlled and authenticated.
- All the services in cluster have to be secured. It should be properly access controlled if they’re accessible from the internet. Access to the cluster API should be limited strictly.
- Kubernetes cluster should meet standards defined by the Cloud Native Computing Foundation.
- Kubernetes cluster nodes should be fully config-managed, rather than being set up by imperative shell scripts and then left alone. The operating system and kernel on each node needs to be updated, have security patches applied, and so on.