Core Concept - HackMD

# Core Concept ###### tags: `CKA` --- [TOC] --- ## [Overview](https://kubernetes.io/docs/concepts/overview/) - Service discovery and load balancing 基本上就是可以將內部服務透過 DNS/IP 來提供給外部使用，同時具有負載平衡機制來分配流量，使整體服務較穩定 - Storage orchestration 想 mount 在哪就去哪~ mount local -> Yes mount cloud (e.g., GCP, AWS, Azure) -> Hell Yeah - Automated rollouts and rollbacks 躺著玩趴著玩坐著玩，就是好好玩提供你一個依你需求進行部署及回滾的好架構 - Automatic bin packing 我有酒，你有故事嗎˙ˇ˙ 建立一個完整的 cluster 後，要部署或是執行 job 的時候就可以直接透過給定所需的條件(CPU, Mem etc.)來讓 k8s 幫你部署到最適合的環境中 - Self-healing 壞了？~~換女友~~ 換新的；不理我？換新的可以自動去檢測容器的狀態，然後進行重啟或刪除 - Secret and configuration management 誒嘿，躲貓貓將一些機敏性的資料或是連線資訊額外儲存，讓他可以不受服務的下上影響單獨更新，也不用把這些資料裸奔在外層 ## Architecture ![](https://i.imgur.com/x1g2gy2.png) ![](https://i.imgur.com/xLRs01i.png) ![](https://i.imgur.com/NGWn8Dd.png) ![](https://i.imgur.com/d9KdRbD.jpg) 在 k8s 中啟動服務的方式(kubeadm init)： https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/ --- ### [ETCD](https://kubernetes.io/docs/concepts/overview/components/#etcd) `Control Plane` store k8s cluster data record whole cluster status, info Key value storage :::warning If your Kubernetes cluster uses etcd as its backing store, make sure you have a back up plan for those data. ::: ![](https://i.imgur.com/qURO4Mp.png) --- ### [kube-apiserver](https://kubernetes.io/docs/concepts/overview/components/#kube-apiserver) `Control Plane` K8s front end -> execute kubectl command node 溝通的友善橋樑 Which means :::danger if apiserver crashed -> Boom Boom Boom so, scale horizontally to avoid the bomb ::: ![](https://i.imgur.com/vdh1gSA.jpg) ![](https://i.imgur.com/emfdY9l.jpg) --- ### [Kube Controller Manager](https://kubernetes.io/docs/concepts/overview/components/#kube-controller-manager) `Control Plane` Monitoring the status ![](https://i.imgur.com/ncPFany.png) 簡單的幾個 controller - Node controller 觀察並回報 node 的狀態 - Job controller 觀察是否有 job 的執行條件被滿足，若有的話就 schedule 一個 pod 來執行 - EndpointSlice controller 觀察 service 與 pod 之間的狀態 - ServiceAccount controller 管理 namespace 底下的 ServiceAccount，剛建好 namespace 時會產生一個 default 的 ServiceAccount --- ### [Cloud Controller Manager](https://kubernetes.io/docs/concepts/overview/components/#cloud-controller-manager) 結合 cloud provider 的 controller manager :::warning The cloud-controller-manager only runs controllers that are specific to your cloud provider. ::: 基本的 ccm - Node controller For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding - Route controller For setting up routes in the underlying cloud infrastructure - Service controller For creating, updating and deleting cloud provider load balancers --- ### Kube Scheduler `Control Plane` 叫你去哪，你就去哪依據不同的需求條件，來決定要被部署的 pod 應該要去哪個 node 上詳細的內容，請看佩璇show --- ### Kubelet 船長，指引前路有哥在，就安心了 ![](https://i.imgur.com/zpycJCZ.png) apiserver 的接口，負責回報現在這個 node 上所有的狀況，並執行指令們 ``` kebectl create pod kubectl delete pod ``` --- ### Kube Proxy 就是 network proxy，負責維護 node's network rules，來決定這個node 的網路要怎麼跑 ![](https://i.imgur.com/68hsL6p.png) --- ### Container Runtime The container runtime is the software that is responsible for running containers. Kubernetes supports container runtimes such as containerd, CRI-O, and any other implementation of the Kubernetes CRI (Container Runtime Interface).