
Welcome to The Cloud Educators, The Ultimate Kubernetes Fundamentals, instructor-led, training class.
Note: Some of the contents in this class, including the images belong to their owners from the Web.
I borrowed them for uniformity and make it easy for us to be on the same page no matter who is teaching this class.
My name is Mamadou Lamine Diatta and I often use the alias Andialy Sokone, for the training classes, to make sure that, I don’t mess up my personal accounts, on different cloud providers,
I have more than 25 years of experience in IT, in delivering secure, readily scalable and resilient infrastructure, and in designing and delivering hybrid cloud infrastructure.
Broad experience, in data center set up and relocation, server consolidation, and disaster recovery, system security, Software development, and OS hardening, network and storage.
PLEASE NOTE THAT, IN SOME CLASSES NOT ONLY YOU HAVE TO PAY FOR SUBSCRIPTION TO THE CLASS, YOU ALSO HAVE TO PAY FOR, ANY LAB EXERCISE.
FOR THIS CLASS à ALL LABS, ARE ON, AN ONLINE, FREE TIERS, AT NO ADDITIONAL COST TO YOU . . .
HERE IS A LIST OF PEOPLE TO WHOM WE RECOMMEND IT:
§
§ Individuals New to Kubernetes and Container Orchestration: This course is specifically designed, for those with little, to no prior experience, with Kubernetes or container, orchestration in general. It starts with, the fundamental concepts, and builds a strong foundation, for understanding and working with, the platform. Anyone curious about, the principles behind, modern cloud-native architectures, microservices, and scalable infrastructure, will benefit from this course. Understanding Kubernetes, is crucial for navigating and contributing to, the evolving landscape of cloud computing.
§
§Developers and Operations Professionals Seeking to Adopt Kubernetes: Software developers and, IT operations professionals who, want to learn how to deploy, manage, and scale applications, using Kubernetes, will find this course invaluable. It provides the practical skills, and theoretical knowledge, needed to integrate Kubernetes, into their workflows.
§
• DevOps Engineers / Site Reliability Engineers (SREs): These roles are at the forefront of, managing infrastructure, and application deployments. Kubernetes is, a core tool in their arsenal. This course will provide them, with the foundational knowledge, to set up, maintain, monitor, and scale Kubernetes clusters, enabling them to, build robust and automated CI/CD pipelines
•
• System Administrators / IT Operations Professionals: As organizations migrate to cloud-native architectures, traditional system administration skills need to evolve. This course will provide, the fundamental knowledge of, Kubernetes' capabilities and, limitations, helping them, make informed decisions, about infrastructure design, application modernization, and cloud strategy.
•
•Cloud Architects / Solutions Architects: To design scalable, resilient, and cost-effective cloud solutions, architects need a deep understanding of, container orchestration. This course, will provide, the fundamental knowledge of, Kubernetes' capabilities and limitations, helping them make, informed decisions, about infrastructure design, application modernization, and cloud strategy.
•Students / Aspiring Cloud Professionals: Kubernetes is, a highly sought-after skill, in the tech industry. This course provides, a strong entry point, into cloud-native technologies, making them more competitive, in the job market, for roles in DevOps, cloud engineering, and software development. It builds, a foundational understanding, that can be expanded upon, with more advanced topics.
•Technical Managers / Project Managers: While not directly hands-on, understanding the core concepts of, Kubernetes, helps managers make, better strategic decisions, estimate project timelines, more accurately, communicate effectively with, technical teams, and understand the implications of, adopting container orchestration, for their projects and products.
In short, anyone involved in the lifecycle of modern software applications, from development to deployment and operations, will find this course, invaluable for, navigating the cloud-native landscape.
We are glad, to have you today for: The Kubernetes Fundamentals Class.
From the physical servers and Virtual Machines, hosted in the datacenters around the world, Docker Containers are built, and Orchestrated by Kubernetes, to power the Public, Privates and Hybrid Cloud.
What is Kubernetes?
Base on Wikipedia: Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. It was originally designed by, Google and, is now maintained by, the Cloud Native Computing Foundation.
In this Kubernetes Fundamentals, we are to study the following:
THEORICAL where we will explain some the basics principles of K8s like . .
1. Introduction to Kubernetes
2. What is Kubernetes
3. What is container-orchestration
4. What is a Container
5. Kubernetes Architecture
6. Kubernetes Components
Kube-Apiserver
Kube-Controller-Manager
Kube-Scheduler
Etcd
Kubelet
Kube-proxy
Container-runtime
7. Data Storage Ce qui est crucial pour la persistance des données
Volumes which includes PV (Persistent Volume) & PVC (Persistent Volume Claim)
8. Pods, Deployment, ReplicatSet, DaemonSets & StatefulSets Which are one of the most used K8s object . . .
9. Services Which made it easy to access your K8s Applications
The 2nd part is to come
PRACTICAL where we go in more details, in the lab about, the some of the concepts of K8s like . . .
1. Creating pods which is the smallest deployable units, of computing that, you can create and manage in, Kubernetes
2. Creating Namespaces which are essential for, organizing, and isolating resources, within a cluster, enabling efficient management of, multiple environments, teams, preventing conflicts
3. Creating deployments which simplifies, the process of packaging, distributing, and running applications, consistently across different environments, ensuring scalability, portability
4. Creating replicasets which ensures, high availability and, fault tolerance by, running multiple instances of, a containerized service, distributing workloads, across replicas, for enhanced performance, and reliability
5. YAML configuration file explained which is used to define, and configure cluster resources, such as pods, services or deployments, in a declarative way.
6. Creating Services which provides, load balancing, naming, and discovery, to isolate one microservice from another. A Service is an abstract way, to expose an application, running on a set of Pods as a network service
7. Creating Secrets and ConfigMap which is crucial to protect against vulnerabilities, unauthorized access, and data breaches, ensuring the integrity and confidentiality of workloads
8. Namespaces explained which are essential for organizing, and isolating resources
9. K8s Dashboard which is, a web-based user interface, that provides an overview of, the cluster's resources and, workloads, enabling users to, manage applications, monitor performance, and troubleshoot issues easily, enhancing operational efficiency
10. Approach to Exposing applications using NodePort, LoadBalancer, or Ingress to enable external access to services running within the cluster, ensuring they are reachable from outside clients.
Service of Type: NodePort, ClusterIP
Service of Type: LoadBalancer, ExternalName, ExternalIP
Using Ingress
Ingress Explained Ingress, is a resource that manages external access, to services within a cluster, typically HTTP/HTTPS, enabling routing, load balancing, and secure communication with applications.
Installing Ingress NGINX Controller
Using Ingress NGINX Controller with MetalLB as LoadBalancer
Host and Path based routing
11. Securing Application running on K8s which is crucial to protect against vulnerabilities, unauthorized access, and data breaches, ensuring the integrity and confidentiality of workloads
12. Kubernetes Volumes Explained a volume provides persistent storage for pods, ensuring data remains available even if containers are restarted or rescheduled.
13. Kubernetes StatefulSet Explained which is a Kubernetes controller, that guarantees, the order of pod creation and deletion, making it ideal for, applications requiring persistent storage, or specific network identities. It's commonly used for, databases, message queues, and other stateful services.
14. Kubernetes Services Explained For more details about the service type . . .
15. Video Streaming
16. Cluster Installation reference We will not leave this class, without giving you reference to create a local K8s Cluster, in case you want to create your own cluster. But note that this class is design to run an a free online K8s tiers at no cost to you.
All along the voyage, we will be deploying applications running Web Servers, including in frontend, Databases including in backend, Streaming Videos etc . . etc . . .
Step back and rest, while we go thru the theory first, to acquire the basic foundation of K8s, before we tackle the practice in the labs.
INSTALLING DOCKER AND KUBERNETES REFERENCE
As promised, here are the links we used to Install Docker and Kubernetes on Oracle Linux in our environment
Now if you feel like, not having the time to, setup the environment yourself, Well !! Docker & K8s have put in place, online sites, where you can practice, for free using lab examples, in this presentation.
The list of those free online site are the one you see in this slide.
Note that all the labs in this course will be done on a free online site that provides you with Virtual Machines on which the Docker Engine / Docker daemon is installed, allowing you to create your containers.
However I will show you how to create a Kubernetes environment in case you would like to do it yourself.
A Kubernetes cluster, consists of, a master, and a set of, worker machines, called nodes, that run, containerized applications.
Every cluster has, at least one Master, and one worker node.
In this slide is our simple lab environment. We have the following:
The ISP router (Your Internet Service Provider’s router in your home)
An HP Pavilion with, 10 Generation Intel Core i7 Quad-Core processor and, 16 GB of RAM. (I recommend 32 GB, for better performance if, you can afford it). Loaded with, MS Windows 10, on top of it, I installed Oracle Hypervisor called, VirtualBox to allow me, to create Virtual Machines
Create 3 Virtual Machines for the Kubernetes Cluster of which
1 VM, with 4 GB of RAM and 2 vCPUs, to be our Kubernetes MASTER node
2 VMs of, 2GB of RAM and 2 vCPUs each, to be our 2 WORKER nodes
All, must have, internet access, for the lab to work.
See!!! This doesn’t requires heavy duty, very expensive equipment, to embrace the techies. You can learn this with few to spend.
IMPORTANT NOTE: ALL LABS ARE DESIGNED TO RUN ON A FREE THIRD PARTY WITH NO COST TO YOU. YOU ONLY NEED A COMPUTER CONNECTED TO THE INTERNET WITH A BROWSER SUCH AS Chrome, Firefox, Edge, Internet Explorer.
K8s ONLINE PLAYGROUND
Now we are to explore the online playground . . .
A playground for Kubernetes is Killercoda . . .
We will be using, this online K8s environment for free, during the less long K8s deployments . . .
. . . Which URL is, on the slide . . . Killercoda Interactive Environments
. . . You can use, your Github, or your Gitlab, or your Gmail, or any other email account, you have to login . . .
àUnder [ Areas ] select [ Playgrounds ] then select à [ Kubernetes 1.28 ]
àA Kubernetes 1.28 Environment will opened for your for 60 minutes for free . . .
NOTE: You are supposed to finish your work within the 60 minutes, if not you will loose resources you deployed . . .
This playground, will always have the latest stable Kubeadm Kubernetes version, a few weeks after release.
You have access to, an empty Kubeadm cluster, with two, 2GB nodes.
The controlplane node, which is the master here, has taint removed, to be able to schedule workload as well.
Kubernetes Master has a taint, [node-role.kubernetes.io/master:NoSchedule] to avoid, scheduling pods on them.
This is just an empty environment, if you're looking for scenarios check, CKS, CKA, CKAD or all Areas.
NOTE: Make sure, to activate pop-ups, on your browser, and use the right browser . . .
I have tried this, successfully on, Chrome and Edge.
I choose to login, with my [asokone] GitHub account . . . . You can choose, any of Sign in options. If you have an email, well click on email and follow the steps . . .
As soon as you login, you will see . . .
[ Initializing Kubernetes... Done ]
. . . Followed by the Unix PS1 prompt . . . Then type . . .
controlplane $ apt install -y xterm
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
controlplane $
controlplane $
controlplane $ resize
COLUMNS=144;
LINES=42;
export COLUMNS LINES;
controlplane $
controlplane $
controlplane $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 15d v1.28.4
node01 Ready <none> 15d v1.28.4
controlplane $
controlplane $
controlplane $ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
controlplane Ready control-plane 15d v1.28.4 172.30.1.2 <none> Ubuntu 20.04.5 LTS 5.4.0-131-generic containerd://1.6.12
node01 Ready <none> 15d v1.28.4 172.30.2.2 <none> Ubuntu 20.04.5 LTS 5.4.0-131-generic containerd://1.6.12
controlplane $
controlplane $
controlplane $ which docker
/usr/bin/docker
controlplane $
controlplane $
controlplane $ docker --version
Docker version 24.0.5, build 24.0.5-0ubuntu1~20.04.1
controlplane $
controlplane $
controlplane $ which kubectl
/usr/bin/kubectl
controlplane $
controlplane $
controlplane $ kubectl version
Client Version: v1.28.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.1
controlplane $
controlplane $
controlplane $ kubectl get pod
No resources found in default namespace.
\______ NO POD IN default NAMESPACE
controlplane $
controlplane $
Any service . . .
controlplane $ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d
\______ YES THE FAMOUS kubernetes SERVICE IS HERE . . .
controlplane $
controlplane $
Any namespace . . .
controlplane $ kubectl get ns
NAME STATUS AGE
default Active 15d
kube-node-lease Active 15d
kube-public Active 15d
kube-system Active 15d
local-path-storage Active 15d
controlplane $
controlplane $
Any pods in kube-system namespace . . . .
controlplane $ kubectl get pod --namespace=kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-784cc4bcb7-b8bdm 1/1 Running 3 9d
canal-bnbnp 2/2 Running 0 32m
canal-sgvnp 2/2 Running 0 32m
coredns-5d769bfcf4-j6wzd 1/1 Running 0 9d
coredns-5d769bfcf4-z4wqc 1/1 Running 0 9d
etcd-controlplane 1/1 Running 0 9d
kube-apiserver-controlplane 1/1 Running 2 9d
kube-controller-manager-controlplane 1/1 Running 2 9d
kube-proxy-4c8vx 1/1 Running 0 9d
kube-proxy-wdr48 1/1 Running 0 9d
kube-scheduler-controlplane 1/1 Running 2 9d
controlplane $
controlplane $
Since the controlplane will host pods, you have a kubernetes cluster with 2 nodes, that you can play with. . .
. . . Note that, in this playground, you are timed for 60 minutes . . .
Another Free Tiers for K8s . . .
We will be using, this online K8s environment for free, during the longer K8s deployments . . .
Play with Kubernetes Classroom, the URL is shown in this slide . . .
The Play with Kubernetes classroom, is a new site, provided by Docker, that helps you get hands-on experience, using Kubernetes.
They provide a workshop that will allow you, in the browser, to follow a Kubernetes tutorial, without having to install a single thing.
When you access the URL then click on [ Kubernetes Hands-on Workshop ] to access the prompt login to your server, then follow the instructions on the left of the page to create your K8s cluster.
NOTE: Make sure to activate pop-up on your browser and use the right browser. I have tried successfully on Chrome.
Let me show how . . .
I will accessed this URL, and login with my asokone’s, hub.docker.com or Github credentials: https://labs.play-with-k8s.com/
àThe select [START]
WARNING!!!!
This is a sandbox environment. Using personal credentials
is HIGHLY! discouraged. Any consequences of doing so, are
completely the user's responsibilities.
You can bootstrap a cluster as follows:
We will go through the 2 steps below since the third one is optional . . . .
1. Initializes cluster master node:
kubeadm init --apiserver-advertise-address $(hostname -i) --pod-network-cidr 10.5.0.0/16 ç COPY THIS AND PASTE ON THE PS1 PROMPT TURN THIS INSTANCE INTO K8s CLUSTER
IMPORTANT NOTE FOR COPY AND PASTE:
on windows with MS-Edge browser following cmd will work
ctrl + insert to copy and shift + insert to paste
2. Initialize cluster networking:
kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml ç COPY THIS AND PASTE IT . . .
3. (Optional) Create an nginx deployment:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
The PWK team.
BELOW ARE THE STEPS I FOLLOWED
ANOTHER WAY TO CREATE A KUBERNETES CLUSTER WITN KIND
In a Physical Server or a Virtual Machine,
In my case I have downloaded Oracle VirtualBox to create virtual machines, I have created devopsoel82 . . .
Then . . .
>>>>>> BRING YOUR ORACLE VIRTUALBOX APPLICATION AND SHOW THE VM devopsoel82
Download Oracle Linux 8.2 from : edelivery dot oracle dot com
•Install the OS in your Physical machine or Virtual Machine
•Install Docker Engine :
oracle-base dot com/articles/linux/docker-install-docker-on-oracle-linux-ol8
Install kubectl command
kubernetes dot io/docs/tasks/tools/install-kubectl-linux/
Install KIND
kind dot sigs dot k8s dot io/docs/user/quick-start/
Create your cluster with the KIND command
Verify the Cluster Status
K8s – PRODUCTION ARCHITECTURE
A production architecture ensures the stability, performance and scalability of applications in a real environment, where reliability is crucial.
In summary the typical Kubernetes environment is at least with 3 Masters and as many worker nodes as your load can handle.
In Kubernetes, master nodes are, nodes which control, and manage, a set of worker nodes. A master node has the following components to help manage worker nodes:
Kube-Apiserver: is the front-end of the master node control panel, and is responsible for establishing communication between Kubernetes Node and the Kubernetes master components.
Kube-Controller-Manager: is a daemon that embeds controllers and does namespace creation and garbage collection
Kube-Scheduler: is responsible for, the distribution and management of, workload on the worker nodes
Etcd: is a distributed key-value store, used for coordinating, distributed work. Etcd stores, the configuration data, of the Kubernetes cluster, representing the state of the cluster, at any given point in time.
In Kubernetes, worker/nodes run your workload, by placing containers, into Pods, to run on Nodes. A node may be, a virtual or physical machine, depending on, the cluster.
Each node is managed, by the control plane, and contains the services, necessary to run Pods
The user requests, are received by API-Server, in the master node(s), and then processed, and executed in the worker node, by the kubelet.
The process is, a little more complex when, are involved, Deployment, Service / Ingress / ReplicatSet and StatefulSet.
Example: A user request to schedule a new Pod
-The API Server receives the request and analyzes it to make sure it’s not out of the specs
-Then the API Server sends it to the Schedule which decide, base on resources availability, where, in which worker/node to put the Pod
-Then the kubelet get the request from the Scheduler, to execute the user’s request
Another important element, is the Controller Manager, it detects, state changes (like dead pods), and try to recover, the desired state, of the cluster, as soon as possible.
If the Controller Manager, detects deficiency, of the desired cluster state, it contacts, the Scheduler to, take care of the deficiencies.
Then finally, THE ETCD, which is the KEY:VALUE store, is updated on, the new cluster state. !!!! I call it, the ETCD, the registry, the database of the cluster.
It keeps track, of all changes, and activities, in the cluster.
The users access the API server of the Kubernetes Cluster via
A dashboard which is web interface for Kubernetes
Or Kubectl which is Kubernetes Command-line tool (CLI) ç THIS IS THE ONE WE WILL WORKING WITH ALL THE TIMES
Or an API which is (Application Programming Interface)
In a production, where you have, at least more than, one Master, the API Server, is load-balanced, between the nodes, the etcd is, on a distributed storage, across all the masters.
K8s – THE INTRODUCTION
Now that we have an idea, on how, we can practice, let us come back, to our main subject: Kubernetes, to learn, the basic, theorical foundations, which are necessary, to understand, the power behind Kubernetes.
Kubernetes is an open-source platform for automating the deployment, scaling, and management of containerized applications.
K8s Orchestration Simulation
This Tetris game of the 80s, is just doing the orchestration, of the cubes, placing each set of cubes, to the right place, where they fit perfectly, leaving no, wasted space.
Well similarly K8s, does just that in a more complex way.
What is Kubernetes?
Base on Wikipedia, Kubernetes is, an open-source container-orchestration system, for automating, computer application deployment, scaling, and management.
It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.
Initial release: 7 June 2014
It can manage different deployment environments:
-Public
-Private
-Hybrids
What is Container-Orchestration?
Container orchestration, is the automation of, much of the operational effort, required to run containerized workloads, and services.
This includes a wide range of things, container's lifecycle, including provisioning, deployment, scaling (up and down), networking, load balancing, HA (High Availability) and much more
What is a service in this specific case?
Service: Is an abstract way, to expose an application, running on a set of Pods as a network service.
Since pods are ephemeral, a service, enables a group of pods, which provide, specific functions like (web services, databases, image processing, etc.) to be assigned, a name and a unique IP address (clusterIP).
Please remember the word: CLUSTERIP.
What is a Container?
Container is a lightweight, standalone, executable package of software that includes, everything needed, to run an application, code, system tools running on a physical host, in parallel with other containers.
K8s – ARCHITECTURE
Kubernetes architecture comprises of a control plane and worker nodes. The control plane manages the cluster's state, scheduling pods to nodes, and ensuring their health, while worker nodes run pods and provide the runtime environment for containers.
ØKubernetes Architecture
A Kubernetes cluster, consists of, a master, and a set of, worker machines, called nodes, that run, containerized applications.
Every cluster has, at least one Master, and one worker node.
The worker node(s), host the Pods, that are the components of, the application workload..
In production environments, a cluster usually runs with 3 masters at least and, multiple nodes/workers, providing fault-tolerance, and high availability.
In our case for this training purpose, we have one Master, and 2 nodes/workers, running on, Virtual Machines, out of Oracle VitualBox.
Of the Kubernetes components, illustrated in this cluster schema, we have the followings:
On Master
Kube-Apiserver
Kube-Controller-Manager
Kube-Scheduler
Etcd
On each Nodes/Workers
Kubelet
Kube-proxy
Container-runtime
In the next slide, we will go over each, of the components, in details.
K8s – COMPONENTS EXPLAINED
In this chapter we will go in details about the role of each element of the cluster.
Kubernetes Components (cont’ed)
Of the Kubernetes components, illustrated in the cluster schema, in the previous slide:
On Master, we have running the following components:
Kube-Apiserver: The Kube-API-server is the central management entity of a Kubernetes cluster, acting as the primary point of interaction for administrators and users to configure and manage the cluster. It processes RESTful API requests, validates them, and updates the cluster's state, serving as the front end for the Kubernetes control plan
API lets you, query and manipulate, the state of API objects (for example: Pods, Namespaces, ConfigMaps, and Events).
Most operations, can be performed through, the kubectl command-line interface, or other command line tools, such as kubeadm, which in turn, use the API.
However, you can also access the API directly using REST calls.
You can run, several instances of kube-apiserver, and balance traffic, between those instances
Kube-Controller-Manager: The Kube-Controller-Manager is responsible for running controller processes that regulate the state of the cluster, ensuring that the desired state of the system matches the current state..
In Kubernetes, a controller is, a control loop, that watches, the shared state, of the cluster, through the apiserver, and makes changes, attempting to, move the current
state, towards the desired state.
Examples of controllers that, ship with Kubernetes today, are the replication controller, endpoints controller, namespace controller, and serviceaccounts controller.
Kube-Scheduler: is responsible for, the distribution and management of, workload on the worker nodes. So, it selects, the most suitable node, to run the unscheduled pod, based on resource requirement, and keeps a track of, resource utilization. It makes sure, that the workload is not, scheduled on nodes, that are already full. It watches for, newly created Pods, with no assigned node, and selects, a node for them, to run on.
Etcd: is a distributed key-value store, used for coordinating, distributed work. Etcd stores, the configuration data, of the Kubernetes cluster, representing the state of the cluster, at any given point in time. If your Kubernetes cluster, uses etcd, as its backing store, make sure, you have a back up plan, for those data.
A RESTful API (Representational State Transfer) is an architectural style for designing networked applications. It relies on a stateless, client-server communication model where requests and responses are made using standard HTTP methods like GET, POST, PUT, and DELETE. Each resource in a RESTful API is identified by a URL, and interactions with these resources are performed via the standard methods, allowing for scalable and flexible application development.
ØKubernetes Components (cont’ed)
q
On each Nodes/Workers, we have running the following components of Kubernetes.
Kubelet: An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
The kubelet takes, a set of PodSpecs, that are provided, through, various mechanisms, and ensures that, the containers described, in those PodSpecs, are running and healthy.
The kubelet, doesn't manage containers, which were not, created by Kubernetes
Kube-proxy: kube-proxy, is a network proxy, that runs on each node, in your cluster, implementing, part of the Kubernetes, Service concept.
Kube-proxy, maintains network rules, on nodes. These network rules, allow network communication, to your Pods, from network sessions, inside or outside of, your cluster.
Kube-proxy, uses the operating system, packet filtering layer, if there is one, and it's available. Otherwise, kube-proxy, forwards the traffic itself.
Container-runtime: The container runtime is, the software, that is responsible, for running containers. Kubernetes supports, several container runtimes: Docker, containerd, CRI-O, and any implementation of, the Kubernetes CRI, (Container Runtime Interface)
DNS
While the other addons, are not strictly, required, all Kubernetes clusters, should have, cluster DNS, as many examples rely on it.
Cluster DNS is, a DNS server that serves DNS records, for Kubernetes services, in addition to, the other DNS server(s) in your environment.
Containers started, by Kubernetes, automatically include, this DNS server in their DNS searches,
CoreDNS is a flexible, extensible DNS server which can be installed as the in-cluster DNS for pods.
It can be downloaded at coredns dot io/
Kubernetes Components (cont’ed)
On each Nodes/Workers, we have running the following components of Kubernetes.
Pods: Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.
A Pod is a group of, one or more containers, with shared storage and network resources, and a specification for how to run the containers.
A Pod's contents are always co-located and co-scheduled, and run in a shared context.
A Pod models an application-specific "logical host": it contains one or more application containers which are relatively tightly coupled.
In non-cloud contexts, applications executed on the same physical or virtual machine are analogous to cloud applications executed on the same logical host.
IMPORTANT NOTE: In Kubernetes, the POD get the IP Address, not the container. You access the container’s resource via the POD’s IP. And POD communicates with, other PODS using the IP address.
Kubernetes Components (cont’ed)
Add-Ons
Add-ons extend the functionality of Kubernetes, Here is a list of some of the available add-ons:
Networking and Network Policy
ACI provides integrated container networking and network security with Cisco ACI.
Flannel is an overlay network provider that can be used with Kubernetes, which the one we will be using
Canal unites Flannel and Calico, providing networking and network policy.
Calico is a networking and network policy provider
URL for installing the networking addons is as shown: https://kubernetes.io/docs/concepts/cluster-administration/addons/
WEB UI (Dashboard)
Dashboard is a dashboard web interface for Kubernetes
Kubectl is Kubernetes Command-line tool (CLI) ç THIS IS THE ONE WE WILL WORKING WITH ALL THE TIMES
Cluster-Level Logging
Is the mechanism, is responsible for, saving container logs, to a central log store, with search/browsing interface.
The list of Kubernetes Components did not stop here, I have highlighted the ones we will be dealing with in this Kubernetes Fundamentals.
K8s – INTERACTIVE COMPONENTS EXPLAINED
These are, Kubernetes objects, the important components, we will be configuring ourselves, and interactively deal with, during the sessions.
-Pod
-Service
-Ingress
-ConfigMap
-Secret
-Deployment
-StatefulSet
-DaemonSet
Will go trough each, in details in the upcoming slides.
K8s – Interactive Components Explained
Because of the fact that, the IP of a POD is, assigned automatically by Kubernetes, when the POD is created, if containers in a Pod fail, another similar POD, is created with a new IP.
This, makes it difficult, for applications running, on containers, on different PODS, to communicate. Imagine if a POD has to change IP, when it is re-created after it fails!!!
It will be hard task, to keep up with, managing these IP Address changes. To resolve this issue, the Kubernetes – Service is introduced.
Service: Kubernetes services provide, load balancing, naming, and discovery, to isolate one microservice from another
A Service is an abstract way, to expose an application, running on a set of Pods as a network service.
Since pods are ephemeral, a service enables a group of pods, which provide specific functions (web services, image processing, Databases, etc.)
to be assigned the following:
- a Name and
- a Unique IP address (clusterIP).
NOTE: The lifecycle of a POD and Service are NOT Connected. I Pod can dies, the SERVICE and it’s IP Address will stay
K8s – Interactive Components Explained (cont’ed)
External Service
An External Service is a service that opens the communication, from external sources to the POD.
Internal Service
An Internal Service is service that you don’t want to expose to the world, like a Database.
NOTE: Usually the External Service is done by exposing POD’s ports to the world. Looking carefully to the URL http://my-web-service-ip:port/
We have the :PORT. In the real word, you want to have something secure, with HTTPS, and without :PORT in the URL, simple like https://my-web-service.com/ right ?!?!?!
For that there is another service called INGRESS.
K8s – Interactive Components Explained (cont’ed)
What is Ingress?
Ingress ( & Kubernetes Load Balancer) provides, an easy-to-use frontend, that can combine, multiple microservices, into a single externalized, API surface area.
Ingress exposes, HTTP and HTTPS routes, from outside the cluster, to services within the cluster. Traffic routing, is controlled by rules, defined on the Ingress resource.
K8s – Interactive Components Explained (cont’ed)
ConfigMap
ConfigMap allows you, to decouple, environment-specific configuration, from your container images, so that your applications, are easily portable.
ConfigMap is, an API object, used to store, non-confidential data in key-value pairs.
Pods can consume, ConfigMaps as: - environment variables, - command-line arguments, or as, - configuration files in a volume.
What is the MOTIVATION behind ConfigMap?
It is used for setting, configuration data, separately from application code.
For example, imagine that, you are developing, an application, that you can run, on your own computer (for development), and in the cloud (to handle real traffic).
You write the code, to look in an environment variable, named DB_URL. Locally, you set that variable to: mySQL-db and, in the production environment, mango-db
!! In the cloud, you set it, to refer to, a Kubernetes Service that, exposes the database component, to your cluster. It’s that simple !!!
This lets you fetch a container image running in the cloud and debug the exact same code locally if needed.
But, as you can see, in this slide, we have here, in plain-text our SQL user and password.
This is major security issue.
Well it’s where another component of Kubernetes called: - SECRETS, come to help
K8s – Interactive Components Explained (cont’ed)
Secrets
Kubernetes Secrets let you store, and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.
Storing confidential information, in a Secret, is safer and, more flexible than putting it, verbatim in a Pod definition, or in a container image.
Caution:
Kubernetes Secrets, are stored as, unencrypted base64-encoded strings by default.
Anyone, with API access, or anyone, with access to Kubernetes' underlying data store, etcd, can retrieve them, as plain text.
It is recommended, in order to safely use Secrets, that you, at a minimum:
1.Enable Encryption at Rest for Secrets.
2.Enable or configure RBAC (Role Base Access Control) rules, that restrict reading, and writing the Secret.
3.Be aware that, secrets can be obtained, implicitly by anyone, with the permission to create a Pod.
Note: OAuth is, an open standard, for access delegation, commonly used as, a way for Internet users, to grant websites, or applications, access to their information, on other websites, but, without giving them, the passwords
RBAC: Role Base Access Control, to prevent, unexpected accidents, where one person, in the wrong namespace, mistakenly, takes down ,production, when they think, they are destroying,
their test cluster.
K8s – Interactive Components Explained (cont’ed)
Namespace: Namespaces are Kubernetes objects which partition a single Kubernetes cluster into multiple virtual clusters. Each Kubernetes namespace provides the scope for Kubernetes Names it contains; which means that using the combination of an object name and a Namespace, each object gets an unique identity across the cluster.
Cgroups: cgroups, which stands for control groups, are a kernel mechanism for limiting and measuring the total resources used by a group of processes running on a system
In summary
·Cgroups = limits how much you can use related to resources (MEM/CPU/Block IO/Network);
·Namespaces are a way to divide cluster resources between multiple groups of users
Unlock the full power of Kubernetes with this immersive, hands-on course designed for developers, DevOps engineers, and IT professionals. “The Ultimate Kubernetes Fundamentals – Practical Hands-On Labs” takes you from zero to confident, guiding you through real-world lab environments where you deploy, manage, and troubleshoot modern containerized applications.
Through step-by-step labs, you'll gain a deep understanding of Kubernetes architecture, including Pods, Deployments, ReplicaSets, Services, ConfigMaps, and Secrets. You’ll explore namespace isolation, resource monitoring, and application scaling, and learn how to securely expose apps using Ingress controllers and TLS.
You’ll work with StatefulSets, DaemonSets, Jobs, Volumes, and dynamic volume provisioning using StorageClasses and PersistentVolumeClaims. Dive into powerful real-world projects, like deploying a PHP Guestbook with MongoDB and building a sample app to track website visitors.
Whether you're preparing for certification or managing production clusters, this course equips you with the practical skills to thrive. Each lesson is backed with clear explanations and real command-line practice—no fluff, just true hands-on Kubernetes mastery.
Each chapter is followed by about 20 questions to make sure you master it before moving forward to the next chapter.
Start mastering Kubernetes Pods, Deployments, ReplicaSets, Services, ConfigMaps, Secrets StatefulSets, DaemonSets, Jobs, and Volumes (PV & PVC) etc. . . the right way—by doing.