Skip to content

Kubernetes core concepts

Kubernetes (k8s) is a platform used to manage containerized applications across multiple hosts in a cloud environment.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Its primary goal is to make deploying containerized applications simple and efficient by providing mechanisms for application deployment, planning, updating, and maintenance.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] It is widely regarded as the mainstream orchestration tool for managing Docker containers.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Architecture

Kubernetes is generally considered an IaaS (Infrastructure as a Service) rather than a traditional PaaS service.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] The architecture typically consists of a Master node (responsible for management) and multiple Worker or Node instances (responsible for running containers).^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

The control plane comprises several key components:

  • API Server: The core function is handling CRUD operations for core objects (like Pod, Service) and serving as the hub for data exchange between internal cluster modules.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]
  • Etcd: A high-availability, consistent key-value store used to store all resource information (often embedded within or accessed by the API Server).^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]
  • Controller Manager: Responsible for maintaining cluster state, such as fault detection, auto-scaling, and rolling updates.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]
  • Scheduler: Assigns Pods to specific nodes based on predetermined scheduling strategies and resource availability.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]
  • kubectl: The command-line interface used to interact with the cluster.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Node-level components include:

  • Kubelet: The primary agent running on each node, ensuring containers are running in a Pod.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]
  • kube-proxy: Manulates network rules on each node, enabling service discovery and load balancing for Services.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Core Objects

In Kubernetes, logical concepts are defined as "Resources" (资源), each possessing attributes such as apiVersion, kind, metadata, spec, and status.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Key objects include:

Pod

The Pod is the smallest logical unit (atomic unit) that can be run in Kubernetes.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] A single Pod can encapsulate one or more containers (e.g., Docker containers) that share UTS, NET, and IPC namespaces.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] When multiple containers run within a single Pod, this is often referred to as the Sidecar pattern.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Pod Controllers

Pod controllers are templates used to manage the lifecycle of Pods, ensuring they run as expected (e.g., maintaining specific replica counts, health checks, and updates).^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Common types of controllers include: * Deployment * DaemonSet * ReplicaSet * StatefulSet * Job / CronJob^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Namespace

A Namespace provides a mechanism to isolate resources within a cluster, acting as a virtual cluster.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] This is essential for organizing resources in multi-tenant or multi-project environments, allowing resource names to be duplicated across different namespaces while remaining unique within the same one.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Default namespaces include default, kube-system, and kube-public.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Labels and Selectors

Labels are key-value pairs attached to resources that facilitate flexible categorization and management.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Since the relationship is many-to-many, a resource can have multiple labels for different dimensions.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Label Selectors are used to query and filter resources based on these labels, supporting equality-based (e.g., equals, not equals) and set-based (e.g., in, not in) queries.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Service

Because Pods have dynamic IP addresses that are lost upon termination, Service defines a stable network endpoint.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] It acts as an abstraction layer for a group of Pods (usually selected by Labels), providing a consistent access point (typically an IP and port).^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] Services operate at Layer 4 (TCP/UDP).^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Ingress

While Services handle Layer 4 traffic, Ingress operates at Layer 7 (Application Layer) of the OSI model.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md] It acts as an external interface that can route traffic based on business domains or URL paths, allowing for more sophisticated HTTP/HTTPS load balancing.^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]

Sources

^[400-devops__06-Kubernetes__k8s-paas__02.企业部署实战_K8S.md]