Kubernetes The Hard Way — Notes

Kubernetes Logo

Kubernetes have some of the most active open source communities, and it is not new that has been consolidated as the standard for containers orchestration. For these and several other reasons, it is essential to know the core components of Kubernetes and their interactions. One of the most well-known and effective methods to acquire this knowledge base, and even to study to CKA certification (Certified Kubernetes Administrator), it is through the Kubernetes the Hardway by Kelsey Hightower, by configuring a cluster from scratch.

This post aims to give an overview of the tutorial and notes on some points that most get our attention when configuring Kubernetes.

Getting Started

Some tools used throughout the tutorial are also showed in the beginning, among which we highlight:

CFSSL: A package of tools created by Cloudflare, an American company focused on web infrastructure and security. It is called by Cloudflare itself as swiss army knife for PKI/TLS. It is built in Golang and can be used to sign, verify and group TLS certificates. We really recommend this tool to any other situations with TLS needs, it is simple to use and powerful.

kubectl: No need in depth presentation, it is a well known command line tool for Kubernetes cluster control, it uses the information stored in the kubeconfig (default is in $HOME/.kube/config) to handle the cluster through the API Server interactions.

Computational Resources

Note that the network is flat, which all containers and nodes can communicate with each other. For this we have a subnet (10.240.0.0/24) with 254 hosts used for the controller nodes and worker nodes (and perhaps new nodes that may come in the future). And for the pods allocation it is also necessary to define a CIDR range, in the tutorial 10.200.0.0/16, which supports 254 subnets. The distribution of the subnets is set in the Controller Manager component on each worker node, thus, each pod allocation receives an address within the range defined for its worker node subnet. For instance, the worker-1 with pod CIDR 10.200.1.0/24 can set pods between addresses 10.200.1.1 and 10.200.1.254; and the worker-2 with pod CIDR 10.200.2.0/24 can set pods between addresses 10.200.2.1 and 10.200.2.254.

Configurations, certificates and more certificates

source: https://resources.infosecinstitute.com/ssl-dot-net-volume-1-hypothesis/

Another important point of the tutorial is the configuration of the EncryptionConfig, which plays a fundamental role in security, encrypting the information saved in etcd. It is important to note that the information saved in etcd componente is in a key/value based format, where by default, the maximum request size is 1.5 MiB, so that the system does not suffer so much with latency. And if you like your cluster, have a backup policy for etcd’s data.

Kubeconfig

Controllers and Worker Nodes Components

Controller Nodes Components (Control Plane)

Worker Nodes Components

source: https://kubernetes.io/docs/concepts/overview/components/

Kubelet Swap

CNI Networking Plugin

Networking

It is important to mention that the tutorial does not offer the possibility of using services with LoadBalancer type, because it is out of the scope configure the integration with the cloud provider, and the LoadBalancer type have to have the integration to create the appropriate component for expose the service on the provider network.

Last Chapters

But why stop there with the Kubernetes cluster? We have total control to adjust settings, change network ranges, make new tests, and why not, break components configurations to understand behaviors and failures. Undoubtedly, Kubernetes The Hard Way it is a fantastic way to understand and evaluate this complex system.

Cloud Specialists providing professional services with DevOps, BigData, Cloud Native Applications and Security. https://www.3bit.com.br/3bit