Difference between revisions of "Kubernetes"

From Ever changing code
Jump to navigation Jump to search
(4 intermediate revisions by the same user not shown)
Line 123: Line 123:
</source>
</source>


= Containers runtime =
= Kubernetes components =
== Core components ==
;kube-proxy: it's responsible for forwarding traffic from an overlay network to backend pods. The name is misleading as it's not a real proxy, it programs iptables to intercept traffic and ask the Linux Kernel to do its job. Iptables randomly select one of the backend pods when forwarding the traffic, perform NAT and PAT before sending a packet to the destination pod.
== Containers runtime ==
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
<source lang=bash>
<source lang=bash>
Line 130: Line 133:
containerd /run/containerd/containerd.sock
containerd /run/containerd/containerd.sock
</source>
</source>
= Kubernetes Entrypoint and Cmd =
Docker allows you to define an <code>Entrypoint</code> and <code>Cmd</code> which you can mix and match in a Dockerfile. Entrypoint is the executable, and Cmd are the arguments passed to the Entrypoint. The Dockerfile schema is quite lenient and allows users to set Cmd without Entrypoint, which means that the first argument in Cmd will be the executable to run.
Kubernetes uses a different naming convention for Docker Entrypoint and Cmd. In Kubernetes <code>command</code> is Docker <code>Entrypoint</code> and Kubernetes <code>args</code> is Docker <code>Cmd</code>.
Description                        Docker_field_name  Kubernetes_field_name
The command run by the container    entrypoint          command:
Arguments passed to the command    cmd                args:
K8s overrides: <code>tail -f /dev/null</code> or <code>sleep infinity</code>
;References
* [https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r container runtimes] Fascinating reading, published in 2017
= Annotations for humans =
* [https://kubernetes.io/blog/2021/04/20/annotating-k8s-for-humans/ Annotations for humans]
[[Category:kubernetes]]
[[Category:kubernetes]]

Revision as of 15:24, 22 February 2022


Common ports

Docker
TCP :2375 - docker.d http
TCP :2376 - docker.d https


Kubernetes

Control-plane node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 443 Kubernetes API Server (or 8080 if TLS is disabled) Worker nodes, API requests and End-Users
TCP Inbound 6443* Kubernetes API Server (or 8080 if TLS is disabled) All
TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd
TCP Inbound 10250 Kubelet TLS secure API, accepts connections from the API server (master) Self, Control plane
TCP Inbound 10251 kube-scheduler Self
TCP Inbound 10252 kube-controller-manager Self
TCP 10255 Read-Only (non-secure) Kubelet API, *disabled on EKS


Worker node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 30000-32767 NodePort Services (defaults) All
UDP Inbound 8285 flannel overlay network - udp backend (default)
UDP Inbound 8472 flannel overlay network, vxlan backend
TCP Inbound 179 Calico BGP network - BGP backend
TCP Inbound 2379-2380 etcd server client API only if using flannel or Calico


Others

127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward
                  shim is build in into kublet


Kubernetes curls:

curl localhost:<port>/metrics
                     /healthz
                     /api

Kubernetes components

Core components

kube-proxy
it's responsible for forwarding traffic from an overlay network to backend pods. The name is misleading as it's not a real proxy, it programs iptables to intercept traffic and ask the Linux Kernel to do its job. Iptables randomly select one of the backend pods when forwarding the traffic, perform NAT and PAT before sending a packet to the destination pod.

Containers runtime

Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.

Docker     /var/run/docker.sock
CRI-O      /var/run/crio/crio.sock
containerd /run/containerd/containerd.sock

Kubernetes Entrypoint and Cmd

Docker allows you to define an Entrypoint and Cmd which you can mix and match in a Dockerfile. Entrypoint is the executable, and Cmd are the arguments passed to the Entrypoint. The Dockerfile schema is quite lenient and allows users to set Cmd without Entrypoint, which means that the first argument in Cmd will be the executable to run.

Kubernetes uses a different naming convention for Docker Entrypoint and Cmd. In Kubernetes command is Docker Entrypoint and Kubernetes args is Docker Cmd.


Description                         Docker_field_name   Kubernetes_field_name
The command run by the container    entrypoint          command:
Arguments passed to the command     cmd                 args:


K8s overrides: tail -f /dev/null or sleep infinity

References

Annotations for humans