Kubernetes (K8s) is an open-source platform for automating the deployment, scaling, and management of containerized applications.

What is Kubernetes?

Kubernetes is a container orchestration system that automates the management of distributed applications, providing automatic scaling, load balancing, and automatic failure recovery.

Kubernetes Architecture

Cluster Components

  • Master Node: Cluster control node
  • Worker Nodes: Nodes that run applications
  • Pods: Minimum deployment unit
  • Services: Abstraction for pod access
  • Deployments: Pod replica management

Master Components

  • API Server: Communication interface
  • etcd: Distributed database
  • Scheduler: Pod scheduler
  • Controller Manager: System controllers

Key Concepts

Pods

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
  - name: nginx
    image: nginx:1.14
    ports:
    - containerPort: 80

Services

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
  type: LoadBalancer

Deployments

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14
        ports:
        - containerPort: 80

Main Features

Automatic Scaling

  • Horizontal Pod Autoscaler (HPA): Scaling based on metrics
  • Vertical Pod Autoscaler (VPA): Resource adjustment
  • Cluster Autoscaler: Cluster scaling

Load Balancing

  • Service Load Balancing: Internal load balancing
  • Ingress: External load balancing with rules
  • External Load Balancers: Integration with cloud providers

Configuration Management

  • ConfigMaps: Non-sensitive configuration
  • Secrets: Sensitive data
  • Volumes: Persistent storage

Security in Kubernetes

RBAC (Role-Based Access Control)

1
2
3
4
5
6
7
8

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

Network Policies

1
2
3
4
5
6
7
8
9

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Pod Security Standards

  • Privileged: No restrictions
  • Baseline: Minimum restrictions
  • Restricted: Maximum restrictions

Monitoring and Observability

Metrics

  • cAdvisor: Container metrics
  • kube-state-metrics: Cluster state
  • Node Exporter: Node metrics

Logging

  • Fluentd: Log collection
  • Fluent Bit: Lightweight log agent
  • ELK Stack: Elasticsearch, Logstash, Kibana

Tracing

  • Jaeger: Distributed tracing
  • Zipkin: Microservice tracing
  • OpenTelemetry: Unified observability

Best Practices

Application Design

  • Stateless: Stateless applications
  • Health Checks: Health checks
  • Graceful Shutdown: Orderly shutdown
  • Resource Limits: Resource limits

Security

  • Least Privilege: Minimum privileges
  • Image Security: Secure images
  • Network Segmentation: Network segmentation
  • Secret Management: Secret management

Operations

  • Backup: Cluster backups
  • Updates: Gradual updates
  • Monitoring: Continuous monitoring
  • Documentation: Updated documentation

References