Kubernetes Objects

We will learn:

  • How to create an application
  • How to publish an application
  • How to maintain application status

Kubernetes object

An entity in a cluster representing a resource:

  • CPU, network, storage ...

we create them using client API (kubectl, web)

Object

The "installation script" of the application defines what the application should look like.

  • describes the desired status,

  • has a name and annotations,

    The Kubernetes cluster will tell how to achieve and maintain that state.

Configure k8s objects using YAML

Yaml data types: dictionary, field, string, number

Yaml is similar to JSON

Configure k8s objects using YAML

Associative array:

  • apiVersion - compatibility,
  • kind - type of object (class),
  • metadata - name, tags and annotations,
  • spec - object specification.

Kubernetes API Objects

  • Pod,
  • Deployment,
  • ReplicaSet,
  • Service,
  • Ingress.

Pod

We do not create this object directly but with StatefulSet or Deployment.

Pod

One application unit:

  • one or more containers
  • one or more volumes

Pod is indivisible - all its parts run together on one node.

Deployment

We declare the PODs that the application needs

Deployment can be easily scaled (instantiated or deleted).

Deployment

  • controls the POD using the ReplicaSet object
  • POD creates according to the specified template
+------------+
| Deployment |
+------------+
     |
     v
+------------+
| ReplicaSet |
+------------+
     |
     V
+-----+
| POD |
+-----+
        node

Cluster service disclosure

Service

Works for any TCP protocol

A public IP address is a valuable commodity

We declare the symbolic name of the micro service

Service

  • ClusterIP: the service is visible within the cluster (it gets a virtual IP address and DNS name)
  • NodePort: the service will be available on each node on the specific port.
  • LoadBalancer: the service will be available with the help of your provider's tools

TCP service publishing

  • LoadBalancer Service

Publish using LoadBalancer

  • A public IP address will be assigned
  • LoadBalancer mediates the contact between the cluster and the outside world
+-----------+         +-------------+ +---------------+
| POD       | Cluster | Service     | | Load Balancer | Public
| ClusterIP | Traffic | DNS cluster | |  Public IP    |  TCP
+-----------+         +-------------+ +---------------+

HTTP service publishing

  • Ingress

Ingress

We will publish the HTTP service

"Wrapping" reverse proxy server (nginx,HAProxy)

Public web server with a symbolic DNS name

Ingress

  • Only for services with HTTP protocol
  • Maps Service to a specific URL
  • Provides HTTPS
  • Another process (certbot) takes care of maintaining HTTPS certificates
+-----------+           +-------------+     +---------------+
| POD1      | Cluster   | Service 1   |     | Ingress       |  Public
| ClusterIP | Traffic   | Cluster DNS |     | Public DNS    |  HTTPS
+-----------+           +-------------+     + --------------+
                                        \     Ingress Rules
+-----------+           +-------------+  \__  /service1
| POD2      | Cluster   | Service 2   |
| ClusterIP | Traffic   | Cluster DNS | <--- /service2
+-----------+           +-------------+

Maintaining application state

Maintaining application state

The state of the application must be separate from the process

  • using the application protocol.
  • using volume or virtual block device mapping

Maintaining application state using an application protocol

  • Application

  • Database

  • Object storage

  • Buffer memory

  • Just configure the application and communicate with each other.

Application status using mapping

  • Application
  • NAS
  • SAN

Application status using mapping

  • Kubernetes allocates resources

  • The application "sees" only the file system

  • PersistentVolume,

  • PersistentVolumeClaim,

  • StatefulSet,

PersistentVolume

  • We declare volumes available
  • "Packaging" a specific component or block device

Access to the folder is:

  • local
  • NFS, SMB
  • iSCSI
  • Another network protocol

PersistentVolumeClaim

The object that belongs to the application

  • we declare a request for some PersistentVolume
  • defines the link between the application and the repository

Access to a local or distributed file system

Creating a storage link

Static mapping.

  • The named volume is created by the administrator.

Dynamic mapping.

  • The named volume is created by the application on demand.

Creating a storage link

+------------+ Binding +--------------+
| Persistent |<--------| Persistent   |
| Volume     |         | Volume Claim |
+------------+         +--------------+
 Hardware                  Container

StatefulSet

(similar to Deployment)

We declare the PODs that the application needs

We declare the requirements of the application for bundles

StatefulSet depends onPersistentVolume.

StatefulSet

  • controls POD withReplicaSet
  • It also takes care of PersistentVolume usingPersistentVolumeClaim
        Storage
  +------------------+
  | PersistentVolume |     LoadBalancer
  +------------------+
     ^ P.V.Claim               ^
     |                         |
  +--------------+ Port  +-----------+
  | POD Template |------>| Service   |
  |  ReplicaSet  |       +-----------+
  |  StatefulSet |
  +--------------+
        node
Reload?