![Strategic Picks — Prioritising the Right Agentic Use Cases [2/6]](https://cdn.slidesharecdn.com/ss_thumbnails/session-2-250902135931-4c97717a-thumbnail.jpg?width=560&fit=bounds)
Kubernetes basics information along with stateful session info
- 1. Kubernetes Icons v0.2 ● Set of icons to create diagrams ● Use them as SDK, feel free to create ● Non official library ● Kubernetes official blue color ○ #326ce5 ○ RGB(50,108,229) ● Maintainers: ○ Arnaud Mazin <[email protected]> ○ Etienne Coutaud <[email protected]>
- 2. Table of contents 1...Compute 2...Storage 3...Network 4...RBAC Model 5...Pods Configuration 6...Cluster Configuration 7...Others 8...Infrastructure components 9...Control Plane components 10...Group and links 11...Kubernetes ressources map 12...Diagrams examples
- 3. Compute Pod: Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. ReplicaSet: ReplicaSet ensures that a specified number of pod replicas are running at any given time. Deployment: Deployment enables declarative updates for Pods and ReplicaSets. DaemonSet: DaemonSet represents the configuration of a daemon set. Job: Job represents the configuration of a single job. StatefulSet: StatefulSet represents a set of pods with consistent identities. Identities are defined as: network, storage. CronJob: A CronJob manages time based Job, namely: - once at a specified point in time - repeatedly at a specified point in time
- 4. Storage PersistentVolume: is a storage resource provisioned by an administrator. PersistentVolumeClaim: PersistentVolumeClaim is a user's request for and claim to a persistent volume. StorageClass: StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.
- 5. Network Ingress: Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc. Service: Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy. NetworkPolicy: NetworkPolicy describes what network traffic is allowed for a set of Pods. Endpoint: Endpoints is a collection of endpoints that implement the actual service.
- 6. RBAC model ServicaAccount: binds together: a name, a principal that can be authenticated and authorized * a set of secrets. User: Human user of Kubernetes cluster. Group: Set of Service Accounts or Users. Role: Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. ClusterRole: ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. ClusterRoleBinding: A cluster role binding grants the permissions defined in a role/clusterrole to a user or set of users. Permissions are granted cluster-wide. RoleBinding: A role binding grants the permissions defined in a role/clusterrole to a user or set of users. Permissions are granted within a namespace.
- 7. Pods Configuration ConfigMap: ConfigMap holds configuration data for pods to consume. Secret: Secret holds secret data of a certain type.
- 8. Cluster configuration LimitRange: LimitRange sets resource usage limits for each kind of resource in a Namespace. Quota: ResourceQuota sets aggregate quota restrictions enforced per namespace. HorizontalPodAutoscaler: configuration of a horizontal pod autoscaler.
- 9. Others CustomResourceDefinition: Extension of Kubernetes API. PodSecurityPolicy: governs the ability to make requests that affect the Security Context that will be applied to a pod and container.
- 10. Infrastructure components Cluster: Kubernetes cluster. Node: Worker machine in Kubernetes cluster. Master: Kubernetes Control Plane. ETCD: Kubernetes’s backing store.
- 11. Control Plane components K8s API Server: Kubernetes API. Scheduler: In charge of ensuring Pods placement. Controller Manager: Kubernetes controller manager. Cloud Controller Manager: Optional and External Cloud controller (experimental). Kubelet: The kubelet is the primary “node agent” that runs on each node. Kube-proxy: The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node.
- 12. Groups and links kube-system Use to represent a reference between components, reference can be through various selector (label, name ...) Use to represent a generation, resource generate other resource Namespace: Namespace provides a scope for Names. Use of multiple namespaces is optional. default kube-public dns heapster dashboard kubernetes
- 13. Creates References Resources mgt Network / exposition Configuration Storage IAM Pod generator Kubernetes Ressources Map
- 17. Application with persistent storage trololo.com
- 20. system:kube-dns kube-dns system:kube-dns Kube-dns example rules: - apiGroups: - "" resources: - endpoints - services verbs: - list - watch kube-system kube-dns (Static ClusterIP)
- 21. Minimal H-A design masters Prod-ready design masters ingress nodes etcd cluster workload nodes etcd cluster workload nodes Server implementation
- 22. static pods K8s cluster K8s components startup kube-system sched c-m api default kubernetes k-proxy mirror pods
- 23. Appendices