Shulou(Shulou.com)06/02 Report--

This article focuses on "how to understand the Kubernetes architecture", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to understand Kubernetes architecture".

Kubernetes has a well-deserved reputation as a powerful platform, especially for cloud native applications. It provides a series of rich and flexible functions. This reputation also includes a learning curve, which can be steep for beginners, especially if you try to go your own way using open source platforms.

Amir Jerbi, co-founder and chief technology officer of Aqua security, said: "the initial setup of Kubernetes seems simple, but it is quite complicated to configure it correctly according to your needs, size and security."as an open source project, it is deliberately loosely integrated, with some confusing options."

These options are really part of the power of the orchestration tool: you have powerful features that are readily available, and there are a lot of them. In the long run, Kubernetes can simplify the burden on DevOps teams to manage containerized workloads. Without a business process platform, containers and micro-services may incur a lot of operational overhead. But in the short term, this can be unbearable.

Kubernetes architecture. Where do we start?

"Kubernetes provides a very rich set of abstractions, effectively software primitives, that automate the functions of computing, storage, networking, and other infrastructure services," said Tom Manville, engineering director at Kasten. "in many ways, developers think less in these areas, but they need to learn how Kubernetes defines and automates these functions so that they can invoke them appropriately."

"Today, there is no abstraction in Kubernetes that makes the underlying system easier to understand. They just make them easier to use." Said Chris Short, chief technical marketing manager at Red Hat OpenShift. You and your team should be prepared to learn from mistakes and notes.

If you're just getting started, be sure to understand the basics of Kubernetes architecture and some of the choices you need to make. Veterans of Kubernetes may think this is easy, but thousands of IT experts are still new to the platform. This is a quick start to the basics of Kubernetes architecture, as well as other key things you need to know from the start.

"when providing these functions, Kubernetes has different architectural components that users need to learn-the control panel of Kubernetes and the control plane that runs on each node," Manville said. "they also need to know how to protect the main components, including the API server, because they have to deal with many key functions."

Let's use more expertise from Manville and others to lay the foundation for this understanding.

Kubernetes basics: node (Nodes) and cluster (Clusters)

Kubernetes essentially has a client-server architecture-except that the term may be a little different from other systems you are familiar with. A key concept here is a node: each Kubernetes cluster contains a master node and at least one worker node. (a cluster will typically contain multiple worker nodes.)

The master node is essentially an operating brain: it controls the state you want, and everything gets out of it. A worker node is a physical machine or virtual machine that runs actual applications and workloads.

"Kubernetes has two goals: to be a cluster administrator and a resource administrator," explains developer Ravi Lachhman. Kubernetes uses a model from the master node to the worker node, which means that the worker node is scalable and usable. The Kubernetes architecture can use different worker node sizes for different workloads, so the resource manager section will find a suitable location in your cluster to perform the work. "

The master node consists of three key components: the Kubernetes API server, the scheduler and the controller manager. The complete Kubernetes control panel also includes etcd and kubectl. The latter is Kubernetes's command line interface for managing clusters. In essence, it is the way to tell the master node what to do.

At the same time, the worker node includes kubelet,kube-proxy and the container in which you are running. The Kubernetes official documentation provides a useful diagram (figure 1) that shows the relationship between the master node and the worker node, including each component.

Figure 1: the relationship between the Kubernetes master node and the worker node

This is the basic setting for each cluster: a master node and at least one (possibly multiple) worker node or worker, which can be virtual or physical.

Now let's talk about platform and security options:

Evaluate important platform and security options

With this in mind, you need to make some key design choices. A basic question is: do you run a separate cluster for each application in Kubernetes, or do you manage multiple applications in the same cluster? Both are possible; Jerbi from Aqua Security points out that this is one of the key architectural considerations and usually brings some advantages and disadvantages.

"the multi-tenant model is a little more complex, usually using the K8s namespace to create administrative isolation between applications, but it is more efficient in terms of resource utilization," says Jerbi. " "on the other hand, if your application itself is large and doesn't have much in common, it's easier to set up a separate cluster, especially for beginners."

Jerbi added: the latter is especially true if you are using commercial or hosted Kubernetes services and allows you to better adapt resources and security requirements to specific applications. 、

Manville from Kasten points out that even if you choose a commercial platform that runs on top of an open source Kubernetes project to reduce day-to-day management, you still need to understand the underlying system. And using this approach does not make them get rid of their understanding of Kubernetes and its functions. "

Security is another area where you need to make important decisions.

"Security itself is an interesting learning curve for Kubernetes," Manville said. "the platform supports many native controls, but they are not necessarily safe to enable by default and are not easy to use."

As speed and scale grow, keep in mind that Kubernetes is "scalable" and "pluggable". This comes back to the question of choice: it is not a stereotyped tool.

"when I first started, it took me a while to realize that Kubernetes is highly pluggable," says Harness's Lachhman. "if you don't agree with the opinions or implementation within the Kubernetes platform, you can replace most projects. For example, how do you deal with Ingress if you don't like Kubernetes? you can switch to another provider, such as Istio or Traefik."

Comparison: Kubernetes and Cloud Computing

Manville provides an interesting reference point for thinking about Kubernetes abstractly: the cloud itself. In short: similar and different.

"it provides an interesting comparison in terms of cloud similarities and differences," says Manville. "Kubernetes is like the cloud in providing abstractions and primitives to programmatically configure infrastructure functions, but Kubernetes differs from the cloud in that it is not limited to the infrastructure, but also has an extensible workload object / resource model-these are standardized objects, such as Deployments and Pod, which also specify the interface between applications."

This is another layer of the dazzling selection menu. In a big way, this is a good thing, including improved security, but it can be daunting at first.

"this difference allows developers to have a very clear definition of workload functionality so that important controls and security policies can be detected," Manville said. "developers can use these features to ensure greater workload security early in the lifecycle, but they also need to realize that the configuration needed to protect the environment is not always obvious."

At this point, I believe you have a deeper understanding of "how to understand the Kubernetes architecture". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.