Kubernetes (K8S) is derived from the Greek meaning, ‘captain of the ship’. An analogy for Kubernetes (K8S) being that containers that are loaded onto the ship managed by the captain are like docker containers loaded into the Kubernetes (K8S) container orchestrator, managed by the kubectl captain. K8S is the shorthand name for Kubernetes used mainly in the development community.
Kubernetes started life as a Google project called Borg also known as “The Borg Project”. Google created ‘The Borg’ project to manage their rapidly growing container environments running their Google apps infrastructure. Kubernetes is an open source project branched from ‘The Borg’ project. The main contributors were originally google employees and then more and more a community was created and today Kubernetes has a vast eco system.
Comparing the technologies used for container orchestration we soon see Kubernetes is the main player in this space. Kubernetes solves the problem of management when you have 100’s , 1000’s or millions of containers in your environments.
- Borg
- Mesos
- Kubernetes
- Omega
Borg: As we have mentioned Borg is a closed source project created at Google. Borg was the original code base for Kubernetes released to the public by Google around 2014. Google stated “We are not sure where the ultimate scalability limit to Borg’s centralized architecture will come from; so far, every time we have approached a limit, we’ve managed to eliminate it.”
Mesos: Is another container orchestrator created over at the Apache Foundation. Mesos is built using the same principles as the Linux kernel, only at a different level of abstraction. The Mesos kernel runs on every machine and provides applications (e.g., Hadoop, Spark, Kafka, Elasticsearch) with API’s for resource management and scheduling across entire datacenter and cloud environments.
Docker Swarm: Docker swarm is a native component of docker. Docker swarm allows you to manage a cluster of docker engines called swarms. There are pro’s and cons against using docker swarm over Kubernetes it all depends on the goals of your distributed system.
Cloud Foundry: Cloud Foundry is a PaaS for applications deployed to the cloud. Cloud Foundry supports a DevSecOps methodolgy due to it’s internal continuous delivery systems supporting the SDLC, from initial development through all testing stages to deployment.
Omega: Omega is Google’s next generation cluster management system. Considered to be underdevelopment and still in theory state. If Borg is anything to set the standards by then Omega could blow everything out the water (Pun Intended).
The Kubernetes Architecture
Head (Master) Node: The head, AKA Master node, is the brain of Kubernetes. The Master node is responsible for running the API server, Scheduler, Controller Manager, Datastore(ectd), kubectl, docker. These are the only processes you will see running on the head node at any time. We’ll define each of these processes in more detail after the high level review of the kubernetes arcbitecture.
Worker Node: The worker node is what it says, this does all the work for your application. This is the home for your application and this is where the resources for your application are taken from. The worker node is one of many worker nodes within the kubernetes orchestration stack. All worker nodes within a kubernetes deployment are managed by one head node. Security and redundancy will be discussed in detail in the next post so keep reading and following to catch these posts.
The worker node has the following processes kubelet (talks to the api server), KUBE-PROXY manage the ip tables in that node?, docker (pods) the container that holds the application.
This is a Seagulls view of K8, I hope this has given you a little background into where Kubernetes has come from, what is the main architecture of Kubernetes and also what are the key components of kubernetes. In my next post I will be discussing the security best practices when working within a Kubernetes infrastructure.
Software Security 