CKA topics

  1. Cluster Architecture, Installation & Configuration: How to set up and configure a Kubernetes cluster, including how to install and configure a Kubernetes cluster using kubeadm, how to upgrade your cluster version, how to backup and restore an etcd cluster, and how to configure a pod to use secrets
  2. Workloads & Scheduling: How to deploy a Kubernetes application, create daemonsets, scale the application, configure health checks, use multi-container pods, and use config maps and secrets in a pod. You’ll also need to know how to expose your application using services
  3. Services & Networking: How to expose applications within the cluster or outside the cluster, how to manage networking policies, and how to configure ingress controllers
  4. Storage: How to create and configure persistent volumes, how to create and configure persistent volume claims, and how to expand persistent volumes
  5. Troubleshooting: How to troubleshoot common issues in a Kubernetes environment, including how to diagnose and resolve issues with pods, nodes, and network traffic

Kubernetes in a nutshell

Control plane management components that mother-hen nodes and pods. Key components:

  • API server: the frontend API that ties everything together (port 6443)
  • Scheduler: determines which nodes to run pods on
  • etcd: distributed key-value store used as backing store for all cluster meta-data (ports 2379 and 2380)

Node a worker machine (VM) that hosts pods:

  • Kubelet: agent used by control plane components to manage and monitor nodes, exposes an httpd api to provide metrics about the node (port 10250). A read-only api is also provided on 10255.
  • Kube Proxy: manages network rules to enable communication between pods and external entities (port 10256)
  • supervisord: monitoring of the kubelet and pods
  • Container Network Interface (CNI): a software defined network (SDN) plugin such as calico, flannel or weave.
  • fluentd: unified logging agent
  • containerd: a container runtime of some sort

Pod a set of containers (spacesuit)

ReplicaSet manages replicas of a pod (ex: 3 nginx pods)

Deployment transitions actual state to desired state

Service exposes an application that may be running on many pods, externally from the k8s cluster

Lab environment

A minimal 3 VM setup, all running ubuntu 22.04 servers, each with 2 vCPUs, 2 GB RAM and 32 GB disk (these requirements will be validated by kubeadm init pre-flight checks)

  1. cka-control on 192.168.1.20
  2. cka-worker1 on 192.168.1.21
  3. cka-worker2 on 192.168.1.22

Setting up the cluster play-by-play:

  1. git clone git@github.com:bm4cs/cka.git
  2. Install CRI-O: sudo ~/cka/setup-container.sh
  3. Install kubetools: sudo ~/cka/setup-kubetools.sh
  4. On the control node, setup cluster: sudo kubeadm init (see example output for my cluster below)
  5. Setup kubectl client:
    • mkdir ~/.kube
    • sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config
    • sudo chown $(id -u):$(id -g) .kube/config
  6. Setup a network plugin - Calico in this case
    • Install calico operator: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml
    • Install calico custom resource defintions: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml
    • Confirm calico pods are running: watch kubectl get pods -n calico-system
  7. Join nodes to the cluster with sudo kubeadm join <JOIN-TOKEN>

kubeadm init sample output 

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.20:6443 --token b92xdr.6kv3hmbvkql7jm5p \
  --discovery-token-ca-cert-hash sha256:716f8aa49972954896bb9b128eee16c8585bd8b10e37ac05e296fc27eb1c0e00

Cluster Build-out

Networking

Kubernetes primatives need to communicate internally and with the outside world:

  • Node: physical network
  • External to service: kubernetes service resources
  • Pod to service: kubernetes services
  • Pod to pod: kubernetes CNI network plugin
  • Container to container: pod

Kubernetes uses Container Network Interface (CNI) plugins for cluster networking. Out of the box is not opinionates about specific plugins to use, instead it simply provides the CNI interface and lets you choose:

  • Calico: Calico is a powerful networking and network security solution for containers, virtual machines, and native host-based workloads. It provides both networking and network policy enforcement, and it works with a broad range of platforms including Kubernetes, Docker, and OpenStack
  • Flannel: Flannel is a simple and easy-to-use CNI plugin that satisfies Kubernetes requirements. It creates a virtual network among the various nodes in a Kubernetes cluster, providing a subnet to each node from which pods can be assigned IP addresses
  • Weave Net: Weave Net creates a virtual network that connects Docker containers deployed across multiple hosts. It uses a simple, encrypted peer-to-peer communication protocol to establish a routed network between the containers, allowing them to discover each other and communicate securely
  • Cilium: Cilium leverages eBPF technology to provide networking and security for microservices in Kubernetes. It provides network visibility, load balancing, and network policy enforcement
  • Hybridnet: Designed for hybrid clouds, it provides both overlay and underlay networking for containers in one or more clusters

Resources