EKS

Some part of this page is summarized using ChatGPT

PreContext

What is Kubernetes?

Kubernetes is an open-source platform that acts as an orchestration tool, meaning it automates the processes involved in deploying, managing, and scaling containers. This includes starting and stopping containers, monitoring their health, and handling failures. Kubernetes can manage hundreds or thousands of containers spread across multiple servers (nodes), handling load balancing, service discovery, and failover automatically.

Source: https://www.nccgroup.com/us/research-blog/detection-engineering-for-kubernetes-clusters/

USP Of Kubernetes

Kubernetes provides the capability to scale up horizontally as opposed to scaling vertically, i.e., spreading the workload by adding more nodes instead of adding more resources to existing nodes

Kubernetes provides the capability to scale up horizontally as opposed to scaling vertically, i.e., spreading the workload by adding more nodes instead of adding more resources to existing nodes

How different it is from from Docker?

While Docker handles the creation and management of individual containers, Kubernetes takes it a step further by orchestrating those containers across multiple hosts. Many organizations use Docker to create their containers and then deploy them in a Kubernetes cluster i.e., Kubernetes can use Docker as its container runtime, meaning that Kubernetes can manage and orchestrate containers created with Docker. However, Kubernetes is also compatible with other container runtimes.

Concepts of Kubernetes:

Kubernetes uses services to define a logical set of pods and a policy for accessing them. This abstraction allows for stable communication between different parts of an application, even as the underlying pods change.

  • Containers: At its core, Kubernetes manages containers. Containers are lightweight, portable units that package an application along with its dependencies, libraries, and configuration files. Containers ensure that an application runs consistently across different environments. Container share the operating system kernel but run in isolated user spaces, which makes them efficient and quick to start.

  • Pods: The smallest deployable units in Kubernetes are called pods. A pod can contain one or more containers that share the same network namespace and storage as they can be closely related and need to work together. This facilitates that containers within the pod can communicate with each other using localhost, while sharing storage volumes. Example: A Pod containing a Web Server Container and a Log Server Container.

Source: https://kubernetes.io/images/docs/kubernetes-cluster-architecture.svg

  • Cluster Architecture: The Kubernetes cluster is made up of nodes. Nodes are the environment in which pods operate. A node can be both baremetal machine or Virtual Machine. The cluster consists of a master node (which manages the cluster) and worker nodes (where the containers run). This architecture is what makes Kubernetes help to realize the essence of distributed computing.

    • Master Node: This node manages the Kubernetes cluster and is responsible for maintaining the desired state of the applications. It handles scheduling, scaling, and monitoring. It can automatically scale applications up or down based on demand. If more users are accessing the application, it can increase the number of pods to handle the load and then scale down when traffic decreases. It has following components:

      1. etcd

      • Definition: etcd is a distributed key-value store used by Kubernetes to store all its configuration data and state information.

      • Data Storage: etcd holds the entire cluster state, including information about nodes, pods, services, and configurations.

      • Consistency: etcd ensures data consistency and reliability by data replication. This is crucial for fault tolerance.

      2. API Server

      • Definition: The API server is the central management component of Kubernetes that exposes the Kubernetes API.

      • Communication Hub: It acts as the main interface for all interactions with the cluster, allowing users, applications, and other components to communicate.

      • RESTful Interface: The API server provides a RESTful interface for clients to send requests to create, update, or delete resources in the cluster.

      • Authentication and Authorization: It handles requests and applies security policies, ensuring that only authorized users and components can access or modify resources.

        Kubernetes uses roles to determine if a user or pod is authorized to make a specific connection/call. Roles are scoped to either the entire cluster (ClusterRole) or a particular namespace (Role).

        These roles contain lists of resources (the object) the role can grant access to, and a list of verbs that the role can perform on the said resource, are declared and then attached to RoleBindings. RoleBindings pretty much link the role (permissions) with the users and systems. More information on this functionality can be found here in the Kubernetes official documentation.

        // Sample taken from Kubernetes documentation

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

      3. Scheduler

      • Definition: The scheduler is responsible for assigning pods to worker nodes based on resource availability and requirements.

      • Pod Placement: When a new pod is created, the scheduler determines the best node to run that pod, considering factors like resource requests, node capacity, and affinity/anti-affinity rules.

      • Load Balancing: It helps balance workloads across nodes to ensure efficient resource utilization and prevent overloading any single node.

      • Custom Scheduling Policies: Users can define custom scheduling policies, such as placing pods closer to certain resources or spreading them across nodes for high availability.

      4. Controllers

      • Definition: Kubernetes user can define the desired application state (how many replicas, what images to use, etc.) in configuration files, and Kubernetes works to ensure the current state matches the desired state with the help of controllers. Controllers are control loops that monitor the state of the cluster and make adjustments to ensure the desired state matches the actual state.

      • Deployment Controller: Manages deployments by ensuring that the desired number of pod replicas are running and up-to-date.

      • ReplicaSet Controller: Ensures that a specified number of replicas for a pod are running at any given time.

      • Node Controller: Monitors the health of nodes and manages node lifecycle events, such as marking nodes as unavailable when they fail. It has the ability to automatically replace or restart failed containers, ensuring that the desired state of the application is maintained

      • Job and CronJob Controllers: Manage the execution of jobs and scheduled tasks.

    • Worker Nodes: These nodes run the actual application workloads, hosting the pods that contain the containers.

      1. Kubelet

      • Definition: It is an agent that runs on each worker node in a Kubernetes cluster. Its primary job is to manage the pods and containers on that node.

      • Kubelet receives pod specifications (instructions) from the Kubernetes API server and ensures that the specified containers are running in those pods.

      • It continuously monitors the health of the pods and their containers, reporting back to the Kubernetes control plane. If a container crashes or fails, Kubelet will attempt to restart it.

      • Kubelet manages resources on the node, including CPU and memory, to ensure that pods have what they need to run efficiently.

      2. Kube-proxy

      • Definition: It is a network proxy that runs on each worker node in a Kubernetes cluster. Its role is to facilitate communication between services and pods.

      • Kube-proxy maintains network rules on the nodes, allowing for load balancing and routing of requests to the appropriate pod based on the service configuration.

      • Kube-proxy supports various protocols, including TCP and UDP, allowing for versatile network communication

      3. Pods

      • Already discussed about the pod in earlier points.

    • Service: Kubernetes services provide a stable endpoint for accessing a set of pods. Services allow for load balancing and automatic DNS resolution, making applications accessible within the cluster or externally. Some of the Kubernetes service are:

Source: https://www.linkedin.com/pulse/day-33-working-namespaces-services-kubernetes-kartik-bhatt-hloyc

  • Namespace: Within a physical Kubernetes cluster, namespace is a logical, virtual cluster which provide a way to segregate and isolate resources and objects within a cluster, creating distinct scopes for applications and services

Source: https://www.linkedin.com/pulse/day-33-working-namespaces-services-kubernetes-kartik-bhatt-hloyc

kubectl is the command-line tool used to interact with the Kubernetes cluster. It acts as the primary way to communicate with the Kubernetes API server. kubectl allows engineers to apply configuration files (YAML or JSON) that define how their applications should run in the cluster.

ConfigMaps in Kubernetes are a way to manage configuration data for applications in a decoupled manner. They allow engineers to separate configuration from the application code, making it easier to manage and update configurations without rebuilding the container images. Here’s a breakdown of what ConfigMaps are and how they work:

A ConfigMap is a Kubernetes API object that allows to store non-confidential data in key-value pairs. This can include configuration settings, command-line arguments, environment variables, or any other configuration details needed by the applications.

AWS EKS Features:

Amazon Elastic Kubernetes Service (AWS EKS) is a managed Kubernetes service that simplifies the deployment, management, and scaling of containerized applications using Kubernetes.

AWS EKS abstracts the complexities of Kubernetes cluster management and offers a reliable and scalable platform for running containerized workloads. Key components include:

EKS Cluster: The EKS cluster is the central management entity that hosts multiple worker nodes and manages their orchestration. It’s responsible for maintaining the desired state of Kubernetes applications.

Worker Nodes: Worker nodes are EC2 instances within your EKS cluster that run containerized applications. These nodes are managed by the EKS control plane.

Source: https://www.devopsschool.com/blog/wp-content/uploads/2021/03/Amazon-Elastic-Kubernetes-Service-EKS-Explained-Diagram-5.png
Source: https://rafay.co/the-kubernetes-current/getting-started-with-amazon-eks/

Bonus Learning: Rancher

Rancher is a powerful and popular open-source container management platform that simplifies the deployment, orchestration, and management of containerized applications in Kubernetes clusters across multiple environments. It provides a comprehensive suite of tools and features that streamline the containerization journey for organisations, making it easier to harness the full potential of container technology.

It provides a user-friendly interface for managing containers, clusters, and applications, making it easier to deploy and maintain container-based applications.

In short, Rancher builds on top of Kubernetes to manage multiple Kubernetes cluster that can span across different Cloud Providers

Source: https://miro.medium.com/v2/resize:fit:720/format:webp/1*TnFotcV01sGOnJ0_4Q8Eww.png

Some key aspects and benefits of using Rancher:

Centralised Management: Rancher offers a unified, web-based interface that allows users to manage and monitor multiple Kubernetes clusters across different environments from a single, centralised dashboard. This simplifies the management of complex container infrastructures, whether they are on-premises, in the cloud, or at the edge.

Kubernetes Made Accessible: Rancher abstracts much of the complexity of Kubernetes, making it accessible to a wider range of users, from DevOps teams to developers. It provides an intuitive user experience for cluster provisioning, scaling, and lifecycle management, reducing the learning curve associated with Kubernetes.

Multi-Cluster Management: Organisations often operate multiple Kubernetes clusters for various purposes, such as development, testing, and production. Rancher excels at managing multiple clusters, making it easy to ensure consistency, security, and compliance across these clusters. It simplifies the process of creating, upgrading, and patching clusters.

Extensibility: Rancher’s open architecture allows users to easily integrate additional tools and services. It supports a wide range of third-party plugins and extensions, making it adaptable to various infrastructure and application requirements. This extensibility enhances Rancher’s capabilities, such as networking, storage, and security.

Security and Compliance: Rancher offers robust security features, including role-based access control (RBAC), identity and access management (IAM), and security scanning for container images. These capabilities help organisations enforce security policies and ensure compliance with industry standards and regulations.

Source: https://www.webagesolutions.com/blog/rancher-introduction

Additional Reading Material: https://blog.devops.dev/rancher-multi-cloud-on-prem-kubernetes-management-b67fd1f11b9d

PreviousECR and ECSNextAppRunner

Last updated