Shulou(Shulou.com)06/02 Report--

1. Introduction to Kubernetes 1.1. What is Kubernetes?

Kubernetes is abbreviated to k8s (because there are eight letters between k and s). It is an open source container orchestration platform under Google. The birth of k8s is deeply influenced by Google's internal container choreography system Borg. K8s implements the following functions

Automatic packing

Build on the container and automatically deploy the container based on resource dependencies and other constraints

Self-repair

Support self-repair mechanisms such as automatic restart after container failure, rescheduling container after node failure, and closing container and recreating after failure of node health check.

Horizontal expansion

Support manual horizontal scaling through commands or UI, as well as automatic horizontal scaling mechanism based on resource load rates such as CPU

Service discovery and load balancing

K8s has a built-in service discovery function for the system through CoreDNS attachments, configures a DNS name for each Service, and allows clients in the cluster to directly use this name to issue access requests. Service uses iptables or ipvs built-in load balancing mechanism

Automatic publishing and rollback

K8s supports grayscale update of the application or its configuration information. During the update process, K8s will monitor the health status of the application during the update process to ensure that K8s will not kill all instances at the same time, and if a failure occurs in this process, the rollback operation will be performed automatically immediately

Key and configuration management

The ConfigMap of K8s decouples the configuration data from the Docker image, and only changes the configuration without rebuilding the Docker image when needed, which brings great flexibility to application development and deployment.

For some sensitive data that the application depends on, such as user name and password, token, key and other information, k8s provides Secret object for its decoupling, which not only facilitates the rapid development and delivery of the application, but also provides a certain degree of security.

Storage choreography

K8s supports Pod objects to automatically mount different types of storage systems on demand, including node local storage, public cloud service provider cloud storage, and network storage systems (NFS, Ceph, GlusterFS, etc.)

two。 Nodes and components

In general, a K8s cluster consists of multiple working nodes (worker node), a cluster control node (master) and a cluster state storage system (etcd).

2.1. Master node

Master is the gateway and hub of the cluster, responsible for the management of the cluster, such as exposing API for users and clients, tracking the health of other servers, scheduling workloads optimally, and orchestrating communications between other components. It is the core contact point between users or clients and the cluster.

A single Master node can perform all its functions, but for the purpose of redundancy and load balancing, multiple master nodes usually need to be deployed in a production environment.

The Master node is mainly composed of three components: apiserver, controller-manager and scheduler, and an etcd storage service for storing cluster state.

2.2. Node node

Node is the working node (Worker) of the K8s cluster, and receives instructions from Master and completes response operations according to the instructions, such as creating or destroying Pod objects, adjusting network rules, etc.

The Master node is mainly composed of kubelet, kube-proxy and container engine (docker is the most common container engine)

2.3. Master component Cluster Gateway (API Server)

The gateway interface of K8s cluster, which is responsible for resolving client requests

Cluster state storage (etcd)

Store K8s persistent data and provide watch mechanism for listening and pushing changes

In the K8s cluster system, when the key value in etcd changes, it will be notified to API Server and output to the client through watchAPI. Based on watch mechanism, the components of k8s cluster realize efficient cooperation.

Scheduler (Scheduler)

When a user issues a request to create a Pod, the Scheduler makes a scheduling decision based on the resources of each Node and the resources required by the container. The Pod will be created on which Node.

Controller Manager (ControllerManager)

Check whether the controller is in a healthy state

2.4. Node component kubelet

Responsible for communicating with the Master node, receiving the tasks dispatched by Master, and checking whether the Pod on the node is healthy

Container engine

Responsible for running containers. At present, the most popular container engine is Docker. K8s currently supports Rtk and Docker container engines.

Kube-proxy

Generate iptables or ipvs rules according to the Service resource object to forward user requests to the specified Pod

3. K8s term 3.1. Pod

K8s does not schedule containers directly, but uses an abstract resource object to encapsulate one or more containers, which is called Pod, which is also the smallest scheduling unit of K8s

Containers in the same Pod share network namespaces and storage resources. These containers can communicate directly through the local link port lo, but remain isolated from each other on Mount, User, and PID namespaces.

Although Pod can contain multiple containers, as a minimum scheduling unit, it should be kept as small as possible, that is, it should usually contain only one primary container, as well as other necessary auxiliary containers (sidecar).

3.2. Resource label

A Label is an identifier that classifies resources, and a resource tag is actually a key/values data.

Tags are identifiable attributes on specified objects. These attributes have a specific meaning only for users, but not for k8s clusters.

Tags can be attached to an object when it is created and can be added and modified at any time after creation. An object can have multiple tags, and a tag can be attached to multiple objects

3.3. Tag selector

Tag selector (Selector) is called Label Selector. It is a mechanism to filter eligible resource objects based on Label.

For example, picking out and grouping all Pod objects with the tag role: backend is an application of the tag selector

Users usually use tags to classify resource objects, and then use tag selectors to select them and manipulate them in bulk.

3.4. Pod controller

In general, users do not deploy and manage Pod objects directly, but manage them with the help of another type of abstract controller (Controller)

K8s has a large number of built-in controllers for managing Pod objects. Common controllers are as follows

The controller ReplicaSet replica set used in the early days of ReplicationController K8s generally does not use this manager directly but uses Deployment Manager Deployment to manage stateless applications StatefulSet manages stateful applications Job runs jobs Cronjob runs periodic jobs DaemonSet runs one copy on each Node Instead of running 3.5. 5 on random nodes. Service Resources (service)

Service is a resource abstraction based on a set of Pod objects. It selects a set of Pod objects through a tag selector (Label Selector) and defines a uniform fixed access entry (usually an IP address) for this group of Pod objects. If there are DNS attachments in the k8s cluster, it will automatically configure a DNS name for the client to make service discovery when the Service is created.

Requests arriving at Service IP are load balanced over subsequent Pod objects, so Service is essentially a four-tier proxy service.

3.6. Storage Volume (volume)

A storage volume (Volume) is a storage space independent of the container file system, which is often used to expand the storage space of the container and provide it with persistent storage capacity.

The storage volumes on the k8s cluster can be divided into temporary volumes, local volumes and network volumes.

Both temporary and local volumes are local to Node, and once Pod is dispatched to another Node, this type of storage volume will not be accessible, so temporary and local volumes are usually used for data caching, and persistent data needs to be placed on top of persistent volumes (persistent volume).

3.7. Name and Namespace

Name is the identifier of resource objects in k8s cluster, and their scope is usually namespaces (Namespace). In the same namespace, the names of resources and objects of the same type must be unique.

Namespaces are usually used to isolate resources from users or projects, resulting in logical grouping. The default namespace is default.

3.8. Annotation (comments)

Annotation is a type of key-value data attached to an object, which has a larger data capacity than Label.

Annotation is often used to attach all kinds of unidentified data to objects, but it cannot be used to identify and select objects, and it is usually not directly used by K8s. Its main purpose is to facilitate users to read and find, etc.

3.9. Ingress

K8s isolates Pod objects from the external network environment, and communication between Pod and Service objects is carried out using their internal private addresses. If you need to open some Pod objects for external users to access, you need to open a channel for their request traffic to the K8s cluster. Besides service, Ingress is also one of the ways to implement such channels.

3.10. Pause container

In each Pod, there is a special container, the Pause container, while the other containers are user-defined containers. These user-defined containers share the network stack of the Pause container and the Volume mount volume, so the communication and data exchange between them is more efficient. In programming, we can make full use of this feature to put a group of closely related service processes into the same Pod.

4. Core attachment

K8s provides richer functionality through a set of components called attachments, which are usually provided by third parties, provide specific functions for K8s, and usually run on top of the K8s cluster as a Pod

4.1. K8s common accessories CoreDNS provides DNS services for K8s clusters Kubernetes Dashboard provides Web UI interfaces for K8s clusters Heapster K8s cluster monitoring, now Prometheus has gradually replaced another implementation of Ingress Controller K8s network, providing K8s with a network model 5. K8s network different from service

There are four main types of network communication in K8s network.

5.1. Network communication type: containers within the same Pod communicate with each other

Containers of the same Pod share network namespaces and communicate through the lo interface

Communication between Pod and Pod

The Pod network is implemented by the K8s network plug-in, and the execution plug-ins all follow the CNI protocol. The mainstream network plug-ins are flannel, calico, canel and so on. These network plug-ins configure at least one characteristic address for all Pod objects, that is, Pod IP, and the Pod IP actually exists on the network card.

Communication between Pod and Service

Service is specified by K8s cluster, and the default is 10.96.0.0 Pod 12 network segment. In general, each group of Pod has at least one Service. This group of Pod communicates with each other through Service.

Pod creates an association with Service through a tag selector. The Service address does not exist on any network interface. It is a NET rule created by kube-proxy with the help of iptables or ipvs.

Communication between external cluster traffic and Service

K8s exposes an access address. When a user accesses it, it first arrives at this unique access interface. After forwarding it to the specified Service through iptables or ipvs rules, Service is above the specific Pod to which it is forwarded.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.