Thursday, 14 August 2025

Learning Kubernetes(k8s)

What is Kubernetes?

Kubernetes (often abbreviated as K8s) is an open-source platform for managing large-scale containerized applications. It automates container deployment, scaling, and operations across clusters of machines. It's written in Go.
It's inspired by the Google project: Boorg.

An instance of Kubernetes is called a Cluster.
Cluster has :
  • Control plane
    • kube-apiserver
      •  The kube-apiserver is a key component of Kubernetes that exposes the Kubernetes API, handles most requests, and manages interactions with the cluster by processing and validating API requests, making it essential for the cluster's operation
    • etcd
      • A key-value store that saves all data about the state of the cluster; only the kube-apiserver can communicate directly with etcd
    • kube-scheduler
      • Identifies a newly created pod that has not been assigned a worker node and assigns it to a specific node
    • kube-controller-manager
      • Monitors the Kubernetes cluster's state, running processes to ensure the current state matches the desired state
    • cloud-controller-manager
      • Connects a Kubernetes cluster to a cloud provider's API, managing cloud-specific resources and ensuring proper integration with the underlying infrastructure
  • Worker Node
    • kubelet
      • An agent that runs on each node in a Kubernetes cluster, ensuring containers in a pod are running and healthy while communicating with the API server in the control plane to maintain the desired state of the node
    • container-runtime
      •  Pulls container images, creates and manages containers, and ensures they run properly and securely as directed by the Kubernetes control plane
    • kube-proxy
      •  A network proxy that runs on each node in a Kubernetes cluster, maintaining network rules and enabling communication between pods and services within the node and the control plane, while also communicating directly with the kube-apiserver


Brief about Containers:

Containers are a lightweight, portable way to package and run applications. They bundle your application along with everything it needs—like libraries, dependencies, and configuration—so it runs reliably in any environment.

Containers terminology:

Image: A container image is a snapshot of everything needed to run a containerized application. It’s like a blueprint or a frozen package that contains:

Container Registry: A container registry is a storage and distribution system for container images.
eg, Docker Hub, quay, Google Container Registry

Advantages of Containers:

  • Portable: Runs on any Linux, Windows or macOS machine
  • Use fewer CPUs and memory, saving money.
  • Self-contained, can be spun up and down in seconds
  • Quick replication and scale up and down.

Cloud-native:

Cloud Native is a modern approach to building and running applications that fully leverages the advantages of the cloud, such as scalability, flexibility, and resilience.


Setting up a K8s cluster

  1. Install Docker (or any container engine): Helps to spin up a Kubernetes cluster.
  2. Install minikube: Software that helps us run a Kubernetes cluster on our computer. it runs locally on the computer.

Spin up a minikube cluster

  • Make sure Docker/Podman is running
  • $ minikube start [create a cluster]

Explore the cluster

  • $ kubectl cluster-info
  • $ kubectl get nodes
  • $ kubectl get namespaces
  • $ kubectl get pods -A
  • $ kubectl get services -A

Application Deployment

Creating namespaces:

Namespaces help in isolating apps.
---
apiVersion: v1
kind: Namespace
metadata:
    name: demo
  • $ kubectl apply -f namespace.yaml
  • $kubectl get namespaces or kubectl get ns
  • $ kubectl delete -f namespace.yaml

Deploying an app

  • $ kubectl apply -f <yaml file>
  • $ kubectl get deployments -n demo
  • $ kubectl get pods -n demo

Check the health of the pod using event logs

  • $ kubectl describe pod <pod name> -n demo

Making sure the app is running fine using BusyBox

  • Create  a Busybox pod
  • $ kubectl apply -f busybox.yaml   #creating a busybox pod in the default namespace
  • $ kubectl get pods   # checking busybox pod is up and running
  • $ kubectl get pods -n demo -o wide  # get the IP address of the pods
  • $ kubectl exec -it <busy box pod name> -- /bin/sh  #we are in busybox command prompt 
  • /# wget <IP address of pod: Port>
  • /#exit     #exit out of busybox

Viewing application logs

  • $ kubectl logs <pod_name> -n demo

Types of service

  • ClusterIP
  • NodePort
  • LoadBalancer

Exposing the application to the internet 

A Kubernetes Service is an abstraction that exposes a set of Pods as a network service. It allows other Pods or external clients to communicate with them, even as Pods are created or destroyed.
A load balancer directs traffic from the internet to k8s pods. 

Running a stateful application
  • Using a database outside your cluster
  • Using a Kubernetes Persistent Volume

Deleting k8s resources

  • $ kubectl delete -f <yaml file>
  • $ minikube delete

Kubernetes Security

  • Adding some security context
    • Containers are running as non-root
    • The container's filesystem is read-only
  • Scan your file using Snyk
    • snyck iac test <yaml file>
    • Regularly update your k8s version







Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)