kubectl apply -f foo.

yaml

* kube-apiserver
- All cluster -> master communicated only thru apiserver
- communicate thru 443 port
- relatively secure
* communication : Cluster to Master and Master to Cluster
* Cluster to Master -> Relatively secure ->
* Master to Cluster -> apiserver->kublete / apiserver->nodes/pods/services
* apiserver->kublete (huddles)
- Certificate not verified by default
- Vulnerable to man-in-the-middle attacks
- Don't run on public network
- To harden
- set --kubelete-certificate-authority
- use SSH tunnelling
* apiserver -> nodes/pods/services (huddles)
- Not safe
- Plain HTTP
- Neither authenticated or encrypted
- On public clouds, SSH tunnelling provided by cloud provider

* etcd -
is consistent and highly available key-value store
source-of-truth for the cluster state
* kube-scheduler -
Handle pod creation and management
kube-scheduler match/assign nodes to pods
complex-affinities, taints, tolerations
* controller-manager
cloud-controller-manager :
used when k8s runs on cloud
cloud-specific

kube-controller-manager
used when not running on public cloud
not infra-specfic

different master processes

actual state <-> desired state
node controller
replication controller
route controller
volume controller

POD:
Atomic unit of deployment in Kubernetes
consists of 1 or more tightly couple containers
Prod runs on node, which is controlled by master
Kubernets only knows auto pods
Cannt start container without a pod
Pod => sandbox for 1 or more containers
multi-container pods
1 pod usually contains 1 container
multi-container pods are possible too
such containers are tightly coupled
share access to memory space
connect to each other using localhost
 share access to the same volumes (storage abstraction)

High level kubernetes Objects

* ReplicaSet, ReplicationController: Scaling and healing
* Deployment: Versioning and rollback
* Service: Static(non-ephemeral) IP and networking
* Volume: Non-ephemeral storage

- Federated Clusters
Individual Cluster
- All nodes on same infra
- Administer with kubectl
Federation (Federated Cluster)
- Nodes in multiple clusters
- Administer with kubefed

- Limitation
* No Auto healing or scalling or rollback
* Pod crashes? must be handled higher level
* ReplicaSet, Deployment, Service
* Ephemeral: IP addresses are ephemeral

- Advantages
* Fault-tolerance: Pod/Node failures
* Rollback: Advanced deployment options
* Auto-healing: Crashed containers restart
* Auto-scalling: More clients? More demand
* Load-balancing: Distribute client requests
* Isolation: Sandboxes so that containers dont interfere

- LAB :
* Create Multi-Container POD ansible program
----------------------------------------------------------------------
apiVersion: v1
kind: Pod
metadata: frontend
spec
containers:
- name: db
image: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: "password"
resources:
requestes:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
- name: wp
image: wordpress
resources:
requestes:
memory: "64Mi"
cpu: "250Mi"
limits:
memory: "128Mi"
 cpu: "500m"
----------------------------------------------------------------------
Declarative Pod Example:

apiVersion: v1
kind: Pod
metadata:
name: declarative-pod
spec:
containers:
- name: memory-demo-ctr
image: nginx
----------------------------------------------------------------------

Kubernetes node
- kubelet : agent running on this node
listens to kubernetes master
port 10255
- container engine : Works with kubelet
: pulling images
: start/stopping
: could be docker or rkt (containerd)
- kube-proxy : needed because pod ip addressess are ephemeral
: network - will make sense when we discuss service objects

Public Cloud command:

kubectl get pods

kubectl run first-deployment --image=nginx<pod image>
kubectl exec -it <podname> -- /bin/bash
kubectl create -f resource-limited-pod.yaml
kubectl describe pods <pod name>71

Private Cloud command:

kubeadm