Kubernetes Object - Building Blocks of Kubernetes
The deployment, scaling, and management of containerized applications are automated by the open-source container orchestration platform Kubernetes. It provides a powerful set of features for managing containerized workloads, including automatic load balancing, automatic scaling, and self-healing. One of the key components of Kubernetes is the Kubernetes Object, which is used to define the desired state of a Kubernetes application.
A Kubernetes Object is a YAML file that describes the desired state of a Kubernetes application. It includes information about the application’s containers, volumes, network settings, and other configuration details. Kubernetes Objects are used to create, update, and delete resources in a Kubernetes cluster. They are also used to manage the lifecycle of a Kubernetes application, including scaling, rolling updates, and rollbacks.
Kubernetes Objects are divided into several categories, including Pods, Services, Deployments, and ConfigMaps. Each category represents a different aspect of a Kubernetes application and provides a different set of features for managing the application. Pods are the smallest deployable units in Kubernetes and represent a single instance of a containerized application. Services provide a stable IP address and DNS name for a set of Pods, while Deployments provide a way to manage the lifecycle of a set of Pods. ConfigMaps are used to store configuration data for a Kubernetes application. Overall, Kubernetes Objects provide a powerful set of features for managing containerized workloads in a Kubernetes cluster.
Kubernetes Object Basics
In the Kubernetes system, permanent entities are referred to as Kubernetes objects. They represent the state of the cluster and can be created, modified, and deleted using the Kubernetes API. In this section, I will cover the basics of Kubernetes objects, including API primitives, object metadata, and spec and status.
API Primitives
API primitives are the basic building blocks of Kubernetes objects. They define the type of object and its properties. The most common API primitives are:
Pod – A A clustered process’s single instance is represented as a pod.
Service – A service provides a stable IP address and DNS name for a set of pods.
ReplicaSet – A replica set ensures that a specified number of replicas of a pod are running at any given time.
Deployment – A deployment manages the rollout and scaling of replica sets.
Object Metadata
Every Kubernetes object has metadata that provides information about the object, such as its name, namespace, and labels. The metadata is used by Kubernetes to manage the object and to allow users to search and filter objects. The most important metadata fields are:
name – A string that identifies the object within its namespace.
namespace – A string that identifies the namespace in which the object is located.
labels – A set of key-value pairs that can be used to filter and group objects.
annotations – A set of key-value pairs that can be used to attach arbitrary metadata to an object.
Spec and Status
The spec and status fields define the desired state and current state of an object, respectively. The spec field is used to specify the desired configuration of the object, while the status field is used to report the current state of the object. The most common spec fields are:
containers – A list of containers to run in a pod.
replicas – The desired number of replicas for a replica set or deployment.
selector – A set of labels used to select the pods to which a service applies.
The most common status fields are:
conditions – A list of conditions that describe the current state of the object.
replicas – The current number of replicas for a replica set or deployment.
availableReplicas – The number of replicas that are currently available and ready to serve traffic.
List of Kubernetes Object
Pods
A Pod is the smallest and simplest unit in the Kubernetes object model. It represents a single instance of a running process in a cluster and may contain one or more containers.
- Containers within a Pod share the same network namespace, allowing them to communicate easily using localhost.
- They also share the same storage volumes, enabling data exchange.
- Pods are often used to deploy tightly coupled applications or processes that need to share resources.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (Pod).
metadata: Contains information like the name of the Pod and labels.
labels: Key-value pairs used to organize and select groups of objects (e.g., app: myapp).
spec: Describes the desired state and configuration of the Pod.
containers: Defines one or more containers within the Pod.
name: Specifies the name of the container.
image: Specifies the container image (e.g., nginx).
ports: Defines ports to expose on the container.
containerPort: Specifies the port on which the container will receive traffic.
restartPolicy: Defines the restart policy for the Pod (e.g., Always, OnFailure).
ReplicaSet
Manages and ensures a specified number of identical Pods are running at all times.
- Monitors the number of replicas defined and automatically replaces any Pods that fail or are terminated.
- Used for scaling applications horizontally by adding or removing replicas.
apiVersion: Specifies the API version (apps/v1).
kind: Specifies the type of object (ReplicaSet).
metadata: Contains information like the name of the ReplicaSet.
spec: Describes the desired state.
replicas: Defines the desired number of replicas (in this case, 3).
selector: Specifies the labels used to match and manage pods.
template: Defines the pod template for creating individual pods.
metadata: Labels associated with the pods created by the ReplicaSet.
spec: Describes the containers within the pods, such as the Nginx image.
Deployment
Provides declarative updates to applications, allowing you to describe the desired state and letting Kubernetes handle the details of making the updates.
- Manages ReplicaSets to ensure the desired number of replicas is maintained.
- Supports rolling updates and rollbacks with minimal downtime.
apiVersion: Specifies the API version (apps/v1).
kind: Specifies the type of object (Deployment).
metadata: Contains information like the name of the Deployment.
spec: Describes the desired state, similar to a ReplicaSet.
replicas: Defines the desired number of replicas (in this case, 3).
selector: Specifies the labels used to match and manage pods.
template: Defines the pod template for creating individual pods.
metadata: Labels associated with the pods created by the Deployment.
spec: Describes the containers within the pods, such as the Nginx image.
Service
Exposes a set of Pods as a network service, providing a stable endpoint for other applications within the cluster.
- Supports different types, including ClusterIP (internal service), NodePort (exposed on each node), and LoadBalancer (external load balancer).
- Enables service discovery and communication between different parts of an application.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (Service).
metadata: Contains information like the name of the Service.
spec: Describes the desired state.
selector: Defines the set of pods to expose through the service.
ports: Specifies the ports to expose.
protocol: Specifies the protocol (TCP).
port: Specifies the port on the service.
targetPort: Specifies the port on the pod.
Ingress
Manages external access to services in a cluster, typically for HTTP/S traffic.
- Acts as a smart router, directing traffic based on rules defined in the Ingress resource.
- Supports SSL termination and host-based routing.
apiVersion: Specifies the API version (networking.k8s.io/v1).
kind: Specifies the type of object (Ingress).
metadata: Contains information like the name of the Ingress.
spec: Describes the desired state.
rules: Specifies routing rules based on hosts.
host: The domain for which the Ingress should apply.
http: Specifies HTTP routing rules.
paths: Defines URL paths and their backend services.
path: The URL path.
pathType: The path type (Prefix, Exact, ImplementationSpecific).
backend: The backend service to direct traffic to.
ConfigMap
Stores configuration data separately from the application code.
- Allows you to decouple configuration settings, making it easier to manage and update configurations independently of the application code.
- Configurations can be consumed by Pods as environment variables or mounted files.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (ConfigMap).
metadata: Contains information like the name of the ConfigMap.
data: Describes key-value pairs that store configuration information.
Secret
Manages sensitive information, such as passwords, API keys, or certificates.
- Encrypts and stores data at rest.
- Provides a secure way to manage and distribute confidential information to Pods.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (Secret).
metadata: Contains information like the name of the Secret.
type: Specifies the type of secret (Opaque or others).
data: Encodes sensitive information, such as usernames and passwords, in Base64 format.
Volume
Provides a way for containers within a Pod to share and persist data.
- Supports various types of volumes, such as emptyDir (temporary storage), hostPath (mounts a file or directory from the host), and network storage (e.g., NFS or cloud storage).
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (Pod).
metadata: Contains information like the name of the Pod.
spec: Describes the desired state, including containers and volumes.
volumeMounts: Specifies where to mount volumes within containers.
volumes: Defines the volumes to be used by the Pod.
PersistentVolume (PV) and PersistentVolumeClaim (PVC)
PV represents physical storage resources, and PVC is a request for storage by a user.
- PVs are provisioned storage resources in the cluster, and PVCs are claims for that storage.
- Enables data persistence across Pod rescheduling or recreation.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (PersistentVolume).
metadata: Contains information like the name of the PersistentVolume.
spec: Describes the capacity, access modes, and storage location.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (PersistentVolumeClaim).
metadata: Contains information like the name of the PersistentVolumeClaim.
spec: Describes access modes and requested storage.
Namespace
Creates a virtual cluster within a physical cluster, providing a way to divide cluster resources.
- Helps with organization, isolation, and resource allocation.
- Multiple namespaces can exist in the same cluster, each providing a segregated environment.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (Namespace).
metadata: Contains information like the name of the Namespace.
ServiceAccount
Provides an identity for processes running within a Pod.
- Used to grant permissions and access levels to Pods.
- Defines the set of capabilities a Pod has within the cluster.
apiVersion: Specifies the API version (v1).
kind: Specifies the type of object (ServiceAccount).
metadata: Contains information like the name of the ServiceAccount.
Role and RoleBinding
Role defines a set of permissions within a namespace, and RoleBinding associates a role with a user, group, or service account.
- Roles are used to specify what actions are allowed on which resources.
- RoleBindings link roles to users or service accounts, granting them the specified permissions.
apiVersion: Specifies the API version (rbac.authorization.k8s.io/v1).
kind: Specifies the type of object (Role).
metadata: Contains information like the name of the Role.
rules: Defines the permissions granted by the Role.
apiGroups: Specifies the API groups (in this case, an empty string).
resources: Specifies the resources (pods).
verbs: Specifies the allowed operations (get, list, create).
apiVersion: Specifies the API version (rbac.authorization.k8s.io/v1).
kind: Specifies the type of object (RoleBinding).
metadata: Contains information like the name of the RoleBinding.
subjects: Specifies the entities (e.g., ServiceAccount) to bind the Role to.
roleRef: Specifies the Role and its details.
kind: Specifies the kind of Role (Role).
name: Specifies the name of the Role.
apiGroup: Specifies the API group (rbac.authorization.k8s.io).
These Kubernetes objects collectively enable the deployment, scaling, networking, and management of containerized applications within a Kubernetes cluster. They form the core building blocks for orchestrating and maintaining distributed systems.