Managing Google Kubernetes Engine Resources

Kubernetes
1. Overview
  1. Platform for managing container workloads
  2. Groups containers into logical units for easy discovery and management
  3. Handles deployment, auto-scaling, updates, load balancing, auto-recovery
  4. Invented by Google, used internally and open sourced in 2014
2. Features
  1. Cloud Infrastructure provisioing
  2. CA and TLS certificate generation
  3. TLS client bootstrap and RBAC authentication
  4. Highly available etcd cluster
  5. Highly available Kubernetes Control Plane
  6. Cluster of Worker nodes
  7. Kubernetes client for remote access
  8. Managing the Container Network Routes
  9. Deploying cluster DNS Add-on
3. Master
  1. Runs the Kubernetes control plane processes
  2. API server, scheduler, and core controller resources
4. Nodes
  1. Worker machines that run containerized applications and other workloads
  2. Each node is a compute engine VM instance that GKE creates when a cluster is created
  3. Containers are hosted on VMs
  4. Multiple containers/pods on single node
5. Node pool
  1. Group of nodes
  2. Managed instance group
6. Cluster
  1. Foundation of GKE
  2. Consists of one Cluster Master and one or more worker machines called Nodes
7. Node image
  1. Node-level OS image
  2. Container Optimized OS/Ubuntu
  3. Different from the container image
8. Pods
  1. Smallest deployable unit
  2. Pods contain one or more containers
  3. One or more pods are deployed to nodes
  4. Stateful applications (Pods) save data to persistent disk storage
  5. Stateless applications (Pods) do not save state
  6. Updating and scaling/autoscaling statefulset pod is more deliberate
9. Container Image
  1. Base image used in container (not node)
  2. Smaller deployment and less security surface
  3. To avoid unnecessary reinstalls, do not copy source files before installing dependencies
  4. Tag different versions of container deployments with version number, not just "latest"
  5. Skip pulling image if it already exists vs forcing a pull regardless
  6. Set pull policy to "IfNotPresent" not "Always"
  7. Use Alphine Linux for super slim container image
10. Administration
  1. gcloud/kubectl command line or YAML/JSON configuration files
  2. gcloud command used to interact with GCP resources (GKE cluster/nodes, disks, APIs)
  3. kubectl used to interact with applications on nodes (Pods) - deploy, scale, update pods
Workload
1. Containers
  1. Bundles entire runtime environment in one package
  2. Runtime environment includes dependencies, libraries and config files
  3. Operating system and infrastructure concerns are abstracted away
  4. Containers are more lightweight and use fewer resources than an entire VM
  5. Portable, self-contained package that can be run virtually anywhere
2. Cloud Build
  1. Create Docker container image from source code
  2. Push created images stored in Container Registry
  3. Pulls code from Google Cloud Storage, Source Repositories, GitHub, BitBucket
3. Container Registry
  1. Private Docker repository
  2. Integrate with Google cloud and external container services
  3. Supports CI/CD model
  4. Can deploy to Kubernetes Engine, Compute engine or AppEngine (Flexible), Cloud Run
Networking
1. Label
  1. Arbitrary key/value pair attached to an object
2. Service
  1. Groups multiple related pods into a logical unit using labels
  2. Stable IP address, DNS entry and ports
  3. Provides load balancing among the set of Pods
  4. All the labels defined in the label selector must match pod labels
3. kube-proxy
  1. Component running on each node
  2. Manages connectivity between pods and services
  3. Egress based load balancer controller
  4. Continually maps the cluster IP to healthy pods at random
4. Namespace
  1. Useful for environments with multiple teams or projects
  2. Partitions cluster resources between multiple users
  3. Unique name within a cluster