Kubernetes - Objects
Object vs kind vs resources
- A Kubernetes object is a persistent entities in the Kubernetes system.
- A Kubernetes resource is an endpoint in the Kubernetes API that stores a collection of API objects of a certain kind; for example, the built-in pods resource contains a collection of Pod objects.
The most important objects
Pods
Use controllers to manage pods, do not manage pods directly
Deployment Controller -> ReplicaSet -> Pods
In the simplest cases, each pod just have 1 container, but with sidecar, each pod has 2 containers.
apiVersion: v1
kind: Pod
Service
A service provides an unchanging IP, used between frontend deployment and backend deployment.
A service is responsible for enabling network access to a set of pods.
Each service gets a ClusterIP allocated, one ip to get traffic to all the endpoints.
service type:
ClusterIP
: cluster scoped IP, used internally, the service is not exposed to resources outside the cluster.NodePort
: maps a node port to a service; can be accessed from outside the cluster by requesting<NodeIP>:<NodePort>
LoadBalancer
: Exposes the Service externally using a cloud provider's load balancer.
ClusterIP
vs LoadBalancer
: LoadBalancer
has an external IP.
When you create a Service
, it creates a corresponding DNS entry.
EndpointSlice
Services
will create Endpoints
, one for each healthy pod. (I.e. each Endpoint
is a ip:port
pointing to the Pod
that is part of this Service
.)
EndpointSlice
replaces Endpoints
.
Relations:
Service <= (ownerReferences) <= EndpointSlice => (targetRef) => Pods
Deployment
A deployment is responsible for keeping a set of pods running.
CronJob
cronjob controller will create jobs
Application
applications, app.k8s.io/v1beta1, https://github.com/kubernetes-sigs/application
CRD
CustomResourceDefinition (CRD): to extend the Kubernetes API.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
ConfigMap
apiVersion: v1
kind: ConfigMap
to store non-confidential data in key-value pairs.
Unlike most Kubernetes objects that have a spec, a ConfigMap has data and binaryData fields.
Secret
Secrets are similar to ConfigMaps but are specifically intended to hold confidential data. small amount of sensitive data such as a password, a token, or a key.
Default type is type: Opaque
.
apiVersion: v1
kind: Secret
Service Accounts
- each pod is assigned a
ServiceAccount
by default. A default secret token is mounted on every pod's file system. - each pod gets a
Secret
volume automatically mounted.
Cluster
k8s does not have a built-in Cluster
object. A "Cluster" is conceptually the collection of all the control plane and worker node components.
Some projects built upon k8s may have a Cluster
object, e.g. Anthos Bare Metal.
Versus
Deployment vs Service
- A deployment without a service: the deployment could be scaled up and down and pods could be replicated. Each pod could be accessed individually via direct network requests, rather than abstracting them behind a service.
- A service without a deployment: create each pod individually then the service routes network requests to the pods.
Deployment vs StatefulSet vs DaemonSet
-
Deployment
for stateless services, e.g. web servers.- Pod replicas in deployments share the same persistent volume.
-
StatefulSet
is for stateful services, e.g. db.-
Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
-
If a volume is configured, each pod will be provision its own persistent volume
-
Better use headless services (service without an IP address), clients can connect directly to what lies behind it. Headless services has
clusterIP: None
.kind: Service spec: clusterIP: None
-
-
DaemonSet
: one copy per worker node.
Service vs Pod
- Service has a stable IP address that lasts for the life of the service; each pod has its own address but pods may come and go and their IP addresses change.
- Service provides load balancing across pods.