Manages containerised workloads and services. Orchestrates Containers across a cluster.
See also: Containers, Service Mesh, Agones, AWS (EKS), Container Networking
Components
- Control plane — API server, etcd, scheduler, controller manager
- Nodes — kubelet, kube-proxy, container runtime
Workload Concepts
- Pod — smallest deployable unit, contains one or more containers sharing network and storage
- Deployment — manages stateless Pods, supports rolling updates
- StatefulSet — like Deployment, with guarantees about ordering and stable identity
- DaemonSet — ensures all (or some) Nodes run a copy of a Pod
- Job / CronJob — run-to-completion and scheduled workloads
- Service — stable network endpoint for a set of Pods
- Ingress — HTTP/HTTPS routing to Services from outside the cluster
- ConfigMap / Secret — externalised configuration; Secrets are base64-encoded, not encrypted by default
Isolation
- Namespaces — logical separation within a cluster
- NetworkPolicy — restrict pod-to-pod traffic
- RBAC — role-based access control for API access
Operators
Extend Kubernetes with custom controllers managing CRDs.
- Writing an operator
- Tilt — local dev loop for Kubernetes