Kubernetes - Objects
Object vs kind vs resources
- A Kubernetes object is a persistent entities in the Kubernetes system.
- A Kubernetes resource is an endpoint in the Kubernetes API that stores a collection of API objects of a certain kind; for example, the built-in pods resource contains a collection of Pod objects.
The most important objects
Use controllers to manage pods, do not manage pods directly
Deployment Controller -> ReplicaSet -> Pods
In the simplest cases, each pod just have 1 container, but with sidecar, each pod has 2 containers.
apiVersion: v1 kind: Pod
A service provides an unchanging IP, used between frontend deployment and backend deployment.
A service is responsible for enabling network access to a set of pods.
Each service gets a ClusterIP allocated, one ip to get traffic to all the endpoints.
ClusterIP: cluster scoped IP, used internally, the service is not exposed to resources outside the cluster.
NodePort: maps a node port to a service; can be accessed from outside the cluster by requesting
LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
LoadBalancer has an external IP.
When you create a
Service, it creates a corresponding DNS entry.
Services will create
Endpoints, one for each healthy pod. (I.e. each
Endpoint is a
ip:port pointing to the
Pod that is part of this
Service <= (ownerReferences) <= EndpointSlice => (targetRef) => Pods
A deployment is responsible for keeping a set of pods running.
cronjob controller will create jobs
applications, app.k8s.io/v1beta1, https://github.com/kubernetes-sigs/application
CustomResourceDefinition (CRD): to extend the Kubernetes API.
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
apiVersion: v1 kind: ConfigMap
to store non-confidential data in key-value pairs.
Unlike most Kubernetes objects that have a spec, a ConfigMap has data and binaryData fields.
Secrets are similar to ConfigMaps but are specifically intended to hold confidential data. small amount of sensitive data such as a password, a token, or a key.
Default type is
apiVersion: v1 kind: Secret
- each pod is assigned a
ServiceAccountby default. A default secret token is mounted on every pod's file system.
- each pod gets a
Secretvolume automatically mounted.
k8s does not have a built-in
Cluster object. A "Cluster" is conceptually the collection of all the control plane and worker node components.
Some projects built upon k8s may have a
Cluster object, e.g. Anthos Bare Metal.
Deployment vs Service
- A deployment without a service: the deployment could be scaled up and down and pods could be replicated. Each pod could be accessed individually via direct network requests, rather than abstracting them behind a service.
- A service without a deployment: create each pod individually then the service routes network requests to the pods.
Deployment vs StatefulSet vs DaemonSet
Deploymentfor stateless services, e.g. web servers.
- Pod replicas in deployments share the same persistent volume.
StatefulSetis for stateful services, e.g. db.
Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
If a volume is configured, each pod will be provision its own persistent volume
Better use headless services (service without an IP address), clients can connect directly to what lies behind it. Headless services has
kind: Service spec: clusterIP: None
DaemonSet: one copy per worker node.
Service vs Pod
- Service has a stable IP address that lasts for the life of the service; each pod has its own address but pods may come and go and their IP addresses change.
- Service provides load balancing across pods.