Declaratively - Describe the implementation that we want to look
Imperatively - Imperatively means - at the command line and execute a sequence of commands to get the system to be in the state that we want it to be in.
API SERVER
API server, the API server is a RESTful API that runs over HTTP or HTTPS using JSON. Sole way to interact with your cluster.
Key deployment objects are
Pods - Single or collection or pods. Keeps the desired state check the health and liveness probes
Controllers - Creates and manages Pods. Keep our system in desired state ( ReplicaSets and deployments). Respond to Pod state and health.
- ReplicaSet - Number of replicas
- Deployment - Manage rollout of ReplicaSet
Services - Networking abstraction for Pod access. Persistent access point to the application provided by pods when pods comes and goes. Provides IP and DNS name for the services. Scaling by adding/removing pods and load balancing.
Storage - Persistent objects
Earlier K8s had the concept of physical media called volumes. Then it came up with the concept of
Persistent Volume - pod-independent storage that's defined by administrator at the cluster level. So when the pod wants to access to the storage, so when the pod wants to access to that storage it makes a Persistent Volume Claim. In the pod def, we define the amount of storage required from the Persistent volume. This decouples the pod from teh storage inside of the cluster.
ControlPlane
Master -
Cluster Store
Scheduler
Controller Manager
Node ( even on master the below 3 services will be running)
Kubelet - It monitor for API servers for changes. Responsible for pod lifecycle. Report node and pod state. Pod liveness probes.
Kube-proxy - Responsible for all network components in the nodes. It does this behind the scenes with iptables. Implements services. Routes traffic to pods and load balancing.
Container Runtime - Downloading images and run containers, with ContainerRuntimeInterface using Docker.
DNS - this DNS was swapped out in Kubernetes 1.13 to core DNS. These special purpose pods provides a DNS services inside the cluster. The IPs of these DNS server pods and the search suffix domain is placed into the network configuration of any pods created by by the cluster API server. So the pods and nodes and services will register their addresses with this DNS server.
This is the DNS server used inside of the cluster for its service, it's commonly used for service discovery for applications inside of the cluster.
INGRESS: Advanced HTTP load balancers and content routers.
Kubernetes Networking Requirement:
1. All pods can communicate with each other on all Nodes
2. All Nodes can communicate with all Pods
3. No Network Address Translation (NAT)
So essentially, what we need to be able to do is that all pods and all nodes have reachability to each other with the real IP addresses that are on the nodes and the pods themselves. let's say we have a cluster up and running, and we deploy a multi-container pod inside of our cluster. they're going to do that over localhost using namespaces. Now let's say we deploy some additional pods. Those pods aren't self-contained so they can't communicate over local hosts, so they'll communicate to each other over a layer-2 software bridge on the node, using the real IP address of the pods themselves. And so that's how they can communicate to each other. Now let's say we have to reach out onto a pod onto another node. Let's say the pods in our first node there at the top need to communicate to that pod on the bottom. Well, that's going to happen on the real IP address of that pod. So we'll need to facilitate for layer-2 or layer-3 connectivity between the pods on different nodes, and so that's going to be really dependent upon our network infrastructure. So we might have to work with our network engineering team to ensure that we have the ability to have layer-2 or layer-3 reachability between the pods on these nodes. Another common scenario is if you don't control the underlying network structure is to deploy what's called an overlay network, and that overlay network gives the ability of all these things to seem like they're on the same layer-3 network and communicate them together on an individual pod overlay network.