Objects - Nejati Notes

![[Pasted image 20250206075342.png|k8s cluster objects]] 1. A cluster has one or many nodes. 2. A node has one or many pods. 3. A pod has one or many containers. > [!note] > Normally, each pod has one container. When otherwise, the sidecar container can bootstrap the main one, is a notification service to the main one or something similar. ### Pod - a pod is the smallest object kubernetes knows of. - in order to **add** a pod, we use [[controller-manager]] through workloads. #### Init containers - init containers bootstraps the main containers. - usually fetches some data, makes a volume and prepares a configuration #### Pod template When we define that we need many replicas of a pod, these replicas will be made out of the pod template #### Static Pods Normally, the [[Components|components]] of Kubernetes are pods their self. These pods are called static pods which will be initialised by their self. #### Life-cycle - usually called pod *phase*. - `preStop` and `postStop` processes can be defined for each pod. ![[Pasted image 20250206080749.png|k8s pod phases]] In each pod, their containers can be in these statuses: 1. Waiting 2. Running 3. Terminated ### Namespaces Namespace is used to isolate the workspaces or groups of resources within a single cluster. > [!info] > Although both docker namespaces and kubernetes namespaces does the same thing, docker namespaces are a feature of the Linux kernel but Kubernetes namespaces are a feature in Kubernetes itself. To mimic kernel behaviour, Kubernetes creates a *virtual* version of network interfaces. e.g. `veth0` Packet travel route from pod to pod in a node: ![[Pasted image 20250210214823.png]] Packet travel route from pod to pod in different nodes: ![[Pasted image 20250210215017.png]] > [!tip] > When the packet is travelling between nodes, alongside with IPTable rules, a **network routing** is performed. Namespaces are a way to divide cluster resources between multiple users (via [resource quota](https://kubernetes.io/docs/concepts/policy/resource-quotas/)). ![[Pasted image 20250206231547.png|k8s-resource-quotas]] For a production cluster, consider _not_ using the `default` namespace. Instead, make other namespaces and use those. #### Default namespaces 2. `default` Kubernetes includes this namespace so that you can start using your new cluster without first creating a namespace. 3. `kube-node-lease` This namespace holds [Lease](https://kubernetes.io/docs/concepts/architecture/leases/) objects associated with each node. Node leases allow the kubelet to send [heartbeats](https://kubernetes.io/docs/concepts/architecture/nodes/#node-heartbeats) so that the control plane can detect node failure. 4. `kube-public` This namespace is readable by _all_ clients (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement. 4.`kube-system` The namespace for objects created by the Kubernetes system. #### Limit range Using a _limit range_ the lower and upper range of resources can be defined. This often give more flexibility than _resource quotas_. If the user does not define a resource bound for its pod, limit range can define _default_ boundary. ### Label & Selector Both _label_ and _selector_ can be used to connect pods and services to each other. A label is a `key-value` object. ![[Pasted image 20250206233155.png|k8s labels and selectors]] It is recommended to add some default labels to *pods* that explains its name, instance. version, who-manages-it, part-of-where. Also, *nodes* can be be labels something like: `size=large` or `hasGPU=true` for better node selection for pods. #### Annotation Usually, all application in Kubernetes read their configuration from annotations. For example, you can configure `ngnix`'s `max-body-size` using _annotations_. ![[Pasted image 20250206233754.png]] ### Finalizer Finalizer are namespaced keys that tell Kubernetes to wait until specific conditions are met **before it fully deletes resources** marked for deletion. ![[Pasted image 20250207031413.png|finalizer-k8s-arch]] ### Auto scaling Kubernetes has bot HPA (horizontally pod auto-scaling) VPA (vertically pod auto-scaling). #### HPA HPA -- scaling out -- is called when the number of pods change. In comparison to VPA, this kind of scaling is very effiecient. ![[Pasted image 20250207055352.png|hpa in k8s]] How HPA calculates when the threshold is passed: ![[Pasted image 20250207055655.png|how hpa works]] #### VPA VPA -- scaling up -- is called when we change amount of resources a pod can use. ![[Pasted image 20250207055913.png]] Components: ![[Pasted image 20250207060104.png]] Recommender: calculates how much resources the pod use. It can actually help us to find out how much a pod use resources. #### CA Cluster auto-scaling (or CA) calculates the amount of the whole cluster use resources. If not in the threshold, it adds or deletes a pod or it changes the amount of resources a node can use. ![[Pasted image 20250207060423.png|ca-in-k8s]] - It is recommended to not to use HPA and VPA at the same time. ### Summery ![[Pasted image 20250207060908.png]]