Kubernetes Architecture
# Kubernetes Architecture
Kubernetes is designed ...
- for managing distributed solutions at scale, based on years of industry expertise (Google-scale experience)
- for high availabilty of the control plane and user workloads (when using pod replication), avoiding most single points of failure
- with a modular control plane architecture, allowing many peices to be replaced without disrupting workload availability
- to persist all of it's internal platform state within an etcd database
## etcd
![etcd logo](https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-glyph-color.png)
* distributed key-value store
* implements the [RAFT](https://raft.github.io/raft.pdf) consensus protocol
## Degraded Performance
Fault tolerance sizing chart:
![etcd cluster sizing chart](http://cloudgeekz.com/wp-content/uploads/2016/10/etcd-fault-tolerance-table.png)
### play.etcd.io
[play.etcd.io/play](http://play.etcd.io/play)
## Kubernetes API
* gatekeeper for etcd (the only way to access the db)
* not required for pod uptime
### API outage simulation
Example borrowed from [Brandon Philips' "Fire Drills" from OSCON 2016](https://github.com/philips/2016-OSCON-containers-at-scale-with-Kubernetes#fire-drills):
https://github.com/philips/2016-OSCON-containers-at-scale-with-Kubernetes#fire-drills
Create a pod and a service. Verify that the service is responding.
```
kubectl run metrics-k8s --image=quay.io/ryanj/metrics-k8s \
--expose --port=2015 --service-overrides='{ "spec": { "type": "NodePort" } }'
```
```
minikube service metrics-k8s
```
ssh into minikube, kill the control plane:
```
minikube ssh
ps aux | grep "kube-apiserver"
sudo killall kube-apiserver
logout
```
Use kubectl to list pods:
```
kubectl get pods
The connection to the server mycluster.example.com was refused - did you specify the right host or port?
```
The API server is down!
Reload your service. Are your pods still available?
## Kubelet
Runs on each node, listens to the API for new items with a matching `NodeName`
## Kubernetes Scheduler
Assigns workloads to Node machines
## Bypass the Scheduler
Examine both of these pod specs before sending them to the API:
```
kubectl create -f https://raw.githubusercontent.com/ryanj/metrics-k8s/master/pod.json
kubectl create -f https://gist.githubusercontent.com/ryanj/893e0ac5b3887674f883858299cb8b93/raw/0cf16fd5b1c4d2bb1fed115165807ce41a3b7e20/pod-scheduled.json
```
What are the differences between these two files?
View events:
```
kubectl get events
```
Did both pods get scheduled? Were both started?
## CRI
* containerd (docker)
* cri-o
* rkt
each compatible with the OCI image spec., runtime
### K8s Controllers
Controllers work to regulate the declarative nature of the platform state, reconsiling imbalances via a basic control loop
https://kubernetes.io/docs/admin/kube-controller-manager/
Kubernetes allows you to introduce your own custom controllers!
### Architecture Diagram
![arch diagram](https://cdn.thenewstack.io/media/2016/08/Kubernetes-Architecture-1024x637.png)
### Interaction Diagram
![interaction diagram](https://i1.wp.com/blog.docker.com/wp-content/uploads/swarm_kubernetes2.png?resize=1024)
[(copied from blog.docker.com)](https://blog.docker.com/2016/03/swarmweek-docker-swarm-exceeds-kubernetes-scale/)