What Application Developers Need to Know About Kubernetes
Date: Oct 28, 2022
Related Tags:1. Alibaba Cloud Container Service for Kubernetes (ACK)
2. Container Service for Kubernetes
Abstract: This article introduces two or three things that application developers must know about Kubernetes networking.
The basic unit of management in Kubernetes is not a container, but something called a pod. We consider an environment where one or more containers are deployed as a pod unit. Typically, they represent a single functional endpoint that provides part of the service.
Here's an example of two valid pods units:
Database pod - a single MySQL container
Web pod — container containing a python instance and container containing the Redis database
Pods have the following common features:
They share resources - including networking stacks and namespaces
The pod contains an IP address for client connections
A pod's configuration defines any public port and which container occupies that port
All containers in a pod can interact through any port in the network (these containers will be referenced locally, so make sure that the services in the pod have unique ports)
The Kubernetes service sits behind a load balancer and is responsible for managing multiple identical pods. Instead of connecting to each pod's IP, clients connect directly to the load balancer's IP address. Kubernetes Service defines your application as a service, allowing Kubernetes to dynamically scale the number of pods based on defined rules and actual available resources.
The only way to make an application accessible to clients outside the Kubernetes infrastructure is to define the application as part of a service. Whether you scale your nodes or not, you need the Kubernetes service to assign external IP addresses.
Labels are a set of key-value pairs in Kubernetes that act on objects (such as pods) and need to be meaningful and related.
In the standard configuration of Kubernetes, labels do not directly affect the core operations related to Kubernetes, but are mainly used to group and identify objects.
Below we will introduce some recommended network plugins for Kubernetes that use the labels we mentioned in the previous section. Using tags, they can change certain functionality while the container is running. In Kubernetes, most of the network plugins used are based on the Container Networking Interface (CNI) specification, which was developed by the Cloud Native Computing Foundation (CNCF). CNI allows the same network plugin to be used across multiple container platforms. Now we use a method of adjusting network security policy that does not pre-set everything like a traditional network or security team model, but leverages labels to adjust the correct network policy while the container is running (the dynamic change of the container too often for manual intervention), which is now part of the Kubernetes Network Special Internet Group (Network SIG). Today, we have several network plugins available to apply network policies to namespaces and pods, including OpenContrail and Project Calico.
With this new approach, Kubernetes administrators can import all pre-prepared policies, developers are responsible for adjusting and choosing policies according to their needs, and all this is defined into pods for execution.
in conclusion
With the capabilities provided by Kubernetes, developers now have the flexibility needed to fully define applications and their dependencies, and can use multiple containers within a single pod. If any one of the containers fails, Kubernetes can ensure that its corresponding pod is decommissioned and automatically replaced with a new pod. In addition, developers can define the port number on which the application or service listens, whether it is part of a larger service or just a standalone instance. By doing so, rapid development and deployment cycles using continuous delivery and deployment methodologies will become the norm.
Related Tags:1. Alibaba Cloud Container Service for Kubernetes (ACK)
2. Container Service for Kubernetes
Abstract: This article introduces two or three things that application developers must know about Kubernetes networking.
The basic deployment scheduling unit of the Kubernetes network: Pod
The basic unit of management in Kubernetes is not a container, but something called a pod. We consider an environment where one or more containers are deployed as a pod unit. Typically, they represent a single functional endpoint that provides part of the service.
Here's an example of two valid pods units:
Database pod - a single MySQL container
Web pod — container containing a python instance and container containing the Redis database
Pods have the following common features:
They share resources - including networking stacks and namespaces
The pod contains an IP address for client connections
A pod's configuration defines any public port and which container occupies that port
All containers in a pod can interact through any port in the network (these containers will be referenced locally, so make sure that the services in the pod have unique ports)
Kubernetes Services
The Kubernetes service sits behind a load balancer and is responsible for managing multiple identical pods. Instead of connecting to each pod's IP, clients connect directly to the load balancer's IP address. Kubernetes Service defines your application as a service, allowing Kubernetes to dynamically scale the number of pods based on defined rules and actual available resources.
The only way to make an application accessible to clients outside the Kubernetes infrastructure is to define the application as part of a service. Whether you scale your nodes or not, you need the Kubernetes service to assign external IP addresses.
Labels
Labels are a set of key-value pairs in Kubernetes that act on objects (such as pods) and need to be meaningful and related.
In the standard configuration of Kubernetes, labels do not directly affect the core operations related to Kubernetes, but are mainly used to group and identify objects.
Network Security
Below we will introduce some recommended network plugins for Kubernetes that use the labels we mentioned in the previous section. Using tags, they can change certain functionality while the container is running. In Kubernetes, most of the network plugins used are based on the Container Networking Interface (CNI) specification, which was developed by the Cloud Native Computing Foundation (CNCF). CNI allows the same network plugin to be used across multiple container platforms. Now we use a method of adjusting network security policy that does not pre-set everything like a traditional network or security team model, but leverages labels to adjust the correct network policy while the container is running (the dynamic change of the container too often for manual intervention), which is now part of the Kubernetes Network Special Internet Group (Network SIG). Today, we have several network plugins available to apply network policies to namespaces and pods, including OpenContrail and Project Calico.
With this new approach, Kubernetes administrators can import all pre-prepared policies, developers are responsible for adjusting and choosing policies according to their needs, and all this is defined into pods for execution.
in conclusion
With the capabilities provided by Kubernetes, developers now have the flexibility needed to fully define applications and their dependencies, and can use multiple containers within a single pod. If any one of the containers fails, Kubernetes can ensure that its corresponding pod is decommissioned and automatically replaced with a new pod. In addition, developers can define the port number on which the application or service listens, whether it is part of a larger service or just a standalone instance. By doing so, rapid development and deployment cycles using continuous delivery and deployment methodologies will become the norm.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
