Kubernetes

Kubernetes, also known as K8s, is an open-source system for orchestrating containerized applications.

The time to first interaction with a k8s cluster is very quick and native resources are easy to understand. There are a lot of k8s distros that make it even easier.

However, core concepts and build blocks for kubernetes componentes need more attention. We have to go through documentation to see how everything works (you should read the manual).

This is my main motivation to share k8s-from-scratch so new users can understand better how the setup components of kubernetes is performed.

Components

The kubernetes abstract the components in two groups, Control Plane, and Worker Node. Ultimately, worker node components can also exist in Control Plane node, and we can control ability to schedule a pod with taints and tolerations.

Control Plane:

  • kube-apiserver
  • kube-scheduler
  • kube-controller-manager
  • etcd

Worker Node:

  • container runtime
  • network plugin
  • kubelet
  • kube-proxy

Component Authentication

All the communication in kubernetes happens through kube-apiserver. It is the responsible for receiving/perceiving changes and performing operations to keep everything in a desired state. That means, this is the point of the cluster that is exposed to receive request from external agents.

All that traffic is made available through a secure channel using SSL, therefore, it will need a certificate matching IP or FQDN that your server is running on.

The same way, components that need to interact with kube-apiserver, will also require a certificate to identify themselves in each request.

With that identification dependency, kubernetes makes use of a chain of certificates, issued by a CA certificate where it will sign and validate all other components. From this single point of truth, every single component can be validated with the signing CA certificate and ultimately this is how component authentication and authorization works.

You can check the certificate chain creation in the cert bootstrap script in the repo.

Component networking

There’s a component that plays an important role in container setup. The network plugin. The kubernetes integrates with CNI network plugins and the management and setup is performed by that part.

The plugin we’ve used is the kube-router to enable networking in our setup.

Closing thoughts

Kubernetes is an amazing platform do build customized components and knowing it through a deep-dive helps to see how everything is connected and how it works.

Take a look on k8s-from-scratch for the full build and try it out.