Kubernetes

Kubernetes has emerged as a de-facto standard for platform-as-a-service (PaaS) for Microservices, Cloud Native, and emerging architecture patterns. As a software architect, it is essential to not only understand the basics of Kubernetes but also become a practitioner of it. This article showcases 5 awesome views of Kubernetes architecture to help you grasp the key concepts.

Kubernetes High-level Architecture View

  • Controller Manager – manages control processes such as node controller, job controller, etc.
  • Scheduler – allocates the resource requirements such as allocation of node for PODs
  • Cluster DNS – manages DNS records for Kubernetes services
  • Cloud Controller Manager – embeds Cloud-provider (e.g. AWS, GCP, Azure) specific control logic
  • API Server – main interface for control plan as API server
  • ETCD – Key-value based datastore for storing cluster data
View of Kubernetes Architecture

Kubernetes Workload Architecture View

Kubernetes workload components represent an application running in the Kubernetes cluster. As your application can have multiple components, a workload can be executed in a single Pod or set of Pods as per the configuration.

  • Pods – smallest component to run one or more containers with shared storage and network
  • Deployment – provides instructions to Deployment manager in terms of desired state of the Pods & Replicasets. Deployment configures the ReplicaSet.
  • ReplicaSet – ensures that specified number of Pods are running in a given time (for Stateless applications)
  • StatefulSet – ensures that specified number of Pods are running in a given time (for Stateful applications)
  • ReplicationController – obsolete and recommended to use Deployment using Replicaset
  • Job – to run a single or multiple tasks by creating required number of Pods
  • CronJob – creates the Jobs on the repeated schedule
Kubernetes Workload Architecture View

Kubernetes Network Architecture View

Kubernetes Network Architecture View

Kubernetes Storage Architecture View

  • Volume – provides persistent storage to containers running in a Pod
  • Persistence Volume – provides long-term storage and exists beyond containers, pods, and nodes.
  • ConfigMap – stores config values (non-confidential data) as key-value store and provides them to Pods as environment variables, command-line arguments, or as configuration files in a volume
  • Secret – stores sensitive data such as a password, a token, or a key.
Kubernetes Storage Architecture View

Kubernetes RBAC Architecture View

Kubernetes uses standard Role-based Access Control (RBAC) method to manage permissions on resources in context with users and their associated groups and roles:

  • Kubernetes also supports Attribute-based Access Control (ABAC) where access rights are granted to users through the use of policies which combine attributes together.
  • Role represents set of permissions – there are no “deny” rules. Role binding grants the permissions to the users or group of users.
  • Verbs are the actions such as “get, update, list, watch, create, delete, patch”.
  • Service accounts are for processes (not humans) running in Pods. Typically, user accounts get fetched from the existing identity store (such as Microsoft Active Directory) but Service Accounts are maintanied locally by Kubernetes. It allows cluster users to create service accounts for specific tasks by following the principle of least privilege.
Kubernetes RBAC Architecture View

References

RELATED ARTICLES

Leave a Comment