Kubernetes from scratch: Intro
Kubernetes architecture is beautiful and at the same time extremely difficult for newcomers to understand. Of course, there are a lot of tools like Kubadm, Minikube, Kubespray, or even cloud solutions like Google GKE or AWS EKS that help to spin up Kubernetes clusters easily. However, the tools hide what happens under the hood depriving users of the details. Without direct access to Kubernetes components, configs, certificates and other bits and pieces it is difficult to understand properly how it works and so to develop a mental model of Kubernetes architecture.
In the series of articles “Understanding Kubernetes installation” I will try to explain the main installation points providing practical examples of installing K8s from scratch:
- Kubernetes from scratch: Certificates. K8s Authentication and RBAC based on TLS certificates
- Kubernetes from scratch: OIDC and API Server. K8s Authentication and RBAC based on Identity and Access Management systems (Keycloak)
- Kubernetes from scratch: Etcd. Configuring, deploying, high availability (Coming soon)
- Kubernetes from scratch: Kubernetes components. Configuring, deploying, high availability (Coming soon)
- Kubernetes from scratch: TLS Bootstrapping (Coming soon)
When I decided to learn Kubernetes I first tried to understand its main components and how to spin up it manually using only its binaries (like Kube-apiserver, kubelet etc…) and basic tools like Kubectl. At that point, I was already quite familiar with Docker and found that all Kubernetes components had been dockerized by that time. Having Docker on my PC I could play with them easily, e.g:
docker run -it --rm gcr.io/google-containers/kube-apiserver:v1.16.4 /usr/local/bin/kube-apiserver --help
The command runs a container with a particular version (v1.16.4) of kube-Apiserver binary and outputs its help.
The same works for the rest components like kube-scheduller, kube-controller-manager, etc. All necessary images can be found at the global google cloud registry https://console.cloud.google.com/gcr/images/google-containers/GLOBAL and started the same way.
To simplify and speed up the process, I made a docker-compose file that deploys all main components:
In the docker-compose project, all K8s parameters and configs are transparent, nothing is hidden. Everything can be changed, updated, and tested quickly just by running “docker-compose up -d”. Besides that K8s does nothing with the host system, all pods are isolated in a separate container named “kube-node”
In addition, the project contains useful shell scripts and snippets like “generate-certs.sh” that shows how to generate all K8s-related certificates and kubeconfigs from scratch.
The docker-compose project can be found here https://github.com/spender0/kubernetes-sandbox
READ NEXT: Kubernetes from scratch: Certificates
