k8s core concept

1. Cluster Architecture and Components

1. Related components

[1] Three components of the master node

• The k8s control node schedules and manages the cluster and accepts requests from users outside the cluster to operate the cluster
• Master node composition (four components): control plane

1. API Server: Communication
2. Kube-Scheduler: Scheduling distributes pods to nodes (servers) through scheduling algorithms
3. Cluster State Store (ETCD database) / distributed key-value storage
4. Controller Manger Server : Resources

[2] Three components of worker node: user plane

• Cluster working nodes, running user business application container 1
• Worker node composition (three components)
  1. kubelet: a management tool on the worker side, responsible for pod lifecycle, storage, and network management
  2. kube proxy: network proxy, setting the forwarding path, responsible for service discovery (here is the discovery of internal services, and the discovery of external services is ingress), load balancing (4-layer load)
  3. Container Runtime: the software that creates the container

【3】Add-ons

• be - dns
• ingress Controller: Provide external network entry for services (discovery of external services)

1. Layered architecture

【1】Ecological Management

【2】Interface layer

【3】Management

【4】Application layer

【5】Core layer

Externally provide API to build high-level applications, internally provide plug-in application execution environment

2. Core concepts and terminology

1. Classification of services

[1] Stateless

• Representative applications: nginx, aoache
• Advantages: There is no dependency on customers, and expansion and migration can be realized efficiently
• Disadvantages: data cannot be stored, and additional data service support is required

[2] Stateful

• Representative applications: MySQL, redis
• Advantages: data can be stored independently and data management can be realized
• Disadvantages: In a cluster environment, master-slave, data synchronization, backup, and horizontal expansion are complex

2. Classification of resources

[1] Metadata type: For the metadata description of resources, each resource can use the data in the metaspace

• Horizontal Pod Autoscater (HPA): The pod is automatically expanded, and the pod can be expanded or reduced according to the CPU usage or custom indicators (metrics)
• PodTeplate: pod template, which is about the definition of pod
• LimitRange: Limit the resources in the cluster, which is equivalent to setting the resource usage limit of pods within a certain range (namespace) in batches

[2] Cluster-level resources: act on the cluster, and all resources under the cluster can be shared and used

• namespace
• node: node, equivalent to a server
• ClusterRole: used to manage the permissions of the cluster
• ClusterRoleBinding: used to bind the above roles to a resource (only cluster-level resource objects can be bound)

[3] Namespace-level resources: act on the namespace, and usually can only be used within the scope of the namespace

1. Workload pod: It can be regarded as a container group. There can be multiple containers in the pod, and the containers in the pod can be managed. It is the smallest deployable unit.

A pod contains an application container (or multiple), storage resources, a unique network IP address, and some options that determine how the container should run. The pod container group represents an independent application running instance in k8s, which may consist of a single container or several tightly coupled containers.
[1] Replicas: A pod can be replicated into multiple. One that is not copied is a copy.
【2】Controller

• Applicable to stateless services: RC, RS, Deployment
• Applicable stateful service: StatefuiSet
• DaeminSet: DaeminSet guarantees to run a container copy on each node, which is often used to deploy some cluster logs, monitoring or other system management applications
• Task/scheduled task: Job (one-time task, do not restart the container after completion), CroJob (periodically executed task, adding timing function on the basis of job)

2. service discovery

• Service : Realize network calls within the k8s cluster, load balancing (four-layer load), and horizontal traffic
• ingress : The service that exposes the internal services of the k8s cluster to external network access (ingress-nginx reverse proxy, seven-layer load), vertical traffic
  
  

3. storage

• volume : Storage volume, shared data used by containers in Pod, used to store persistent verses, such as database data
• CSI

4. special type configuration

• configmap : Cluster configuration files, data descriptions, and data volumes, which can be mounted on different pods without encryption, and can also be used as environment variables
• secret : Encrypted, sha256 encrypted. Used to save the certificate and pull the image certificate password
• DownwardAPI：

5. other

• Role: defines the permissions for a set of namespaces
• RoleBinding

3. Resource List

4. Object specification and state

【1】Statute Spec

Spec is required and describes the desired state of the object (Desired Status) and some basic information about the object.

【2】Status

The actual state of the object, this attribute is maintained by K8S itself, and k8s will manage the object through a series of controllers, so that the actual state of the object conforms to the expected state as much as possible.