• Containers are atomic pieces of application architecture
• Containers can be linked (e.g. web server, DB)
• Containers access shared resources (e.g. disk volumes)

• Automation of deployments, scaling, management of containerized applications across number of nodes
• Based on Borg, a parent project from Goolge

• Compute: Define what to run without specifying where it runs
• Storage: Applications request storage independent of storage backend
• Networking: Stable access to applications regardless of IPs or location

• Portability across on-prem and cloud environments
• Scalability and resilience through dynamic scheduling
• Consistency and standardization of deployment model
• Reduced vendor lock-in thanks to open standards

• A set of worker nodes and a control plane
• Runs and manages containerized applications

• A worker machine in Kubernetes (VM or physical)
• Runs Pods scheduled by the control plane

• Manages the overall state of the cluster
• Schedules workloads and responds to cluster events

• The smallest deployable unit in Kubernetes
• One or more tightly-coupled containers
• Containers share networking and storage within a Pod

• Schedulling
• Detecting and responding to cluster events, starting up new pods

• exposes the Kubernetes API
• The API server is the front end for the Kubernetes control plane.

• highly-available key value store used to store all cluster data

• watches for newly created Pods with no assigned node
• selects a node for Pods to run on.
• Decision factors: resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications

• runs controller to ensure the desired state of cluster objects
• Node controller
• noticing and responding when nodes go down
• Job controller
• creates Pods to run one-off tasks to completion.
• Endpoints controller
• Populates the Endpoints object (that is, joins Services, Pods).

• Integration with cloud services (when the cluster is running in a cloud)
• Node controller
• checks if a node has been deleted in the cloud after it stops responding
• Route controller
• For setting up routes in the underlying cloud infrastructure
• Service controller
• For creating, updating and deleting cloud provider load balancers

• Run on every node
• Maintaining running pods

• An agent that runs on each node in the cluster
• It makes sure that containers are running in a Pod.

• maintains network rules on nodes
• network rules allow network communication to Pods from inside or outside of the cluster
• uses the operating system packet filtering layer or forwards the traffic itself.

• Responsible for running containers
• Kubernetes supports several container runtimes (containerd, CRI-O)
• Any implementation of the Kubernetes CRI (Container Runtime Interface)

• Allow you to organize and separate objects within a Kubernetes cluster
• Useful when multiple teams, environments, or projects share the same cluster

• Provide isolation and boundaries between workloads
• Prevent name collisions
• Objects can have the same name if in different namespaces
• Enable resource limits and access control per namespace

• Common namespaces: default, kube-system, kube-public, kube-node-lease
• Create separate namespaces for e.g. dev, test, prod
• Commands run in a namespace unless another is specified

• A group of one or more tightly-coupled containers.
• Containers share storage and network resources.
• A Pod runs a single instance of a given application
• Pod's containers are always co-located and co-scheduled
• Pod's containers run in a shared context, i.e. in a set of Linux namespaces

• You do not create them directly

• Run a single container, the most common Kubernetes use case
• Run multiple containers that need to work together

          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
          spec:
            selector:
              matchLabels:
                app: nginx          
            replicas: 3 # tells deployment to run 3 pods matching the template
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                - name: nginx
                  image: nginx:1.14.2
                  ports:
                  - containerPort: 80          
        

• A desired state of an application running in the cluster
• Kubernetes reads the Deployment spec and starts three app instances
• If an instance fails, Kubernetes starts a replacement app instance

• A logical set of Pods
• A policy to access them.

• Internal pods communication
• External access to cluster workloads

• A DNS name and
• virtual IP (ClusterIP) inside the cluster.

• Exposes the Service on an internal IP in the cluster only.
• Used for internal communication between Pods.

• Exposes the Service on each Node’s IP at a static port (e.g. 30080).
• Accessible externally via NodeIP:NodePort.

• Provisions an external load balancer (e.g. in cloud environments).
• Routes external traffic to the Service.

• Maps the Service to an external DNS name.
• No proxying — pure DNS CNAME redirection.