🛡️
CTHFM: Kubernetes
  • Welcome
  • Kubernetes Fundamentals
    • Kubernetes Components
      • Kubernetes Master Node
      • Worker Nodes
      • Pods
      • Service
      • ConfigMaps and Secrets
      • Namespaces
      • Deployments
      • ReplicaSets
      • Jobs and CronJobs
      • Horizontal Pod Autoscaler (HPA)
      • Kubernetes Ports and Protocols
    • Kubectl
      • Installation and Setup
      • Basic Kubectl
      • Working With Pods
      • Deployments and ReplicaSets
      • Services and Networking
      • ConfigMaps and Secrets
      • YAML Manifest Management
      • Debugging and Troubleshooting
      • Kubectl Scripting: Security
      • Customizing Kubectl
      • Security Best Practices
      • Common Issues
      • Reading YAML Files
    • MiniKube
      • Intro
      • Prerequisites
      • Installation MiniKube
      • Starting MiniKube
      • Deploy a Sample Application
      • Managing Kubernetes Resources
      • Configuring MiniKube
      • Persistent Storage in Minikube
      • Using Minikube for Local Development
      • Common Pitfalls
      • Best Practices
  • Kubernetes Logging
    • Kubernetes Logging Overview
    • Audit Logs
    • Node Logs
    • Pod Logs
    • Application Logs
    • Importance of Logging
    • Types of Logs
    • Collecting and Aggregating Logs
    • Monitoring and Alerting
    • Log Parsing and Enrichment
    • Security Considerations in Logging
    • Best Practices
    • Kubernetes Logging Architecture
  • Threat Hunting
    • Threat Hunting Introduction
    • What Makes Kubernetes Threat Hunting Unique
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • Threat Frameworks
      • MITRE Containers Matrix
        • MITRE Att&ck Concepts
        • MITRE Att&ck Data Sources
        • MITRE ATT&CK Mitigations
        • MITRE Att&ck Containers Matrix
      • Microsoft Threat for Kubernetes
    • Kubernetes Behavioral Analysis and Anomaly Detection
    • Threat Hunting Ideas
    • Threat Hunting Labs
  • Security Tools
    • Falco
      • Falco Overview
      • Falco's Architecture
      • Runtime Security Explained
      • Installation and Setup
      • Falco Rules
      • Tuning Falco Rules
      • Integrating Falco with Kubernetes
      • Detecting Common Threats with Falco
      • Integrating Falco with Other Security Tools
      • Automating Incident Response with Falco
      • Managing Falco Performance and Scalability
      • Updating and Maintaining Falco
      • Real-World Case Studies and Lessons Learned
      • Labs
        • Deploying Falco on a Kubernetes Cluster
        • Writing and Testing Custom Falco Rules
        • Integrating Falco with a SIEM System
        • Automating Responses to Falco Alerts
    • Open Policy Agent (OPA)
      • Introduction to Open Policy Agent (OPA)
      • Getting Started with OPA
      • Rego
      • Advanced Rego Concepts
      • Integrating OPA with Kubernetes
      • OPA Gatekeeper
      • Policy Enforcement in Microservices
      • OPA API Gateways
      • Introduction to CI/CD Pipelines and Policy Enforcement
      • External Data in OPA
      • Introduction to Decision Logging
      • OPA Performance Monitoring
      • OPA Implementation Best Practices
      • OPA Case Studies
      • OPA Ecosystem
    • Kube-Bench
    • Kube-Hunter
    • Trivy
    • Security Best Practices and Documentation
      • RBAC Good Practices
      • Official CVE Feed
      • Kubernetes Security Checklist
      • Securing a Cluster
      • OWASP
  • Open Source Tools
    • Cloud Native Computing Foundation (CNCF)
      • Security Projects
  • Infrastructure as Code
    • Kubernetes and Terraform
      • Key Focus Areas for Threat Hunters
      • Infastructure As Code: Kubernetes
      • Infrastructure as Code (IaC) Basics
      • Infastructure As Code Essential Commands
      • Terraform for Container Orchestration
      • Network and Load Balancing
      • Secrets Management
      • State Management
      • CI/CD
      • Security Considerations
      • Monitoring and Logging
      • Scaling and High Availability
      • Backup and Disaster Recovery
    • Helm
      • What is Helm?
      • Helm Architecture
      • Write Helm Charts
      • Using Helm Charts
      • Customizing Helm Charts
      • Customizing Helm Charts
      • Building Your Own Helm Chart
      • Advanced Helm Chart Customization
      • Helm Repositories
      • Helm Best Practices
      • Helmfile and Continuous Integration
      • Managing Secrets with Helm and Helm Secrets
      • Troubleshooting and Debugging Helm
      • Production Deployments
      • Helm Case Studies
Powered by GitBook
On this page
  • Overview:
  • 1. Kubernetes Master Node
  • 2. Worker Nodes
  • 3. Pods
  • 4. Services
  • 5. ConfigMaps and Secrets
  • 6. Namespaces
  • 7. Ingress
  • 8. Volumes
  • 9. DaemonSets
  • 10. StatefulSets
  • 11. Deployments
  • 12. ReplicaSets
  • 13. Jobs and CronJobs
  1. Kubernetes Fundamentals

Kubernetes Components

PreviousWelcomeNextKubernetes Master Node

Last updated 9 months ago

Overview:

Kubernetes is a powerful open-source platform designed to automate deploying, scaling, and operating application containers. It groups containers that make up an application into logical units for easy management and discovery. Here’s an overview of the key components of Kubernetes as well as an architecture diagram:

1. Kubernetes Master Node

  • API Server (kube-apiserver):

    • The API server is the entry point for all REST commands used to control the cluster. It processes the API calls, validates them, and then executes them by interacting with the other components of the cluster.

  • Controller Manager (kube-controller-manager):

    • This component runs various controllers, such as the replication controller, which ensures that the correct number of pods are running, or the endpoint controller, which maintains the endpoint objects (which help with service discovery). Essentially, controllers monitor the state of the cluster and make changes to ensure the desired state matches the current state.

  • Scheduler (kube-scheduler):

    • The scheduler is responsible for placing the right pod on the right node based on resource requirements, policies, and constraints. It continuously watches for newly created pods that have not been assigned to a node and then selects a suitable node for them.

  • etcd:

    • etcd is a distributed key-value store that Kubernetes uses to store all its configuration data, state data, and metadata. It’s a critical component as it serves as the central source of truth for the entire cluster.

2. Worker Nodes

  • Kubelet:

    • The kubelet is the agent that runs on each worker node. It ensures that containers are running in a pod. The kubelet watches the API server for pods that have been assigned to its node and ensures that the containers described in those pods are running and healthy.

  • Kube-proxy:

    • Kube-proxy is a network proxy that runs on each node in the cluster, implementing part of the Kubernetes Service concept. It maintains network rules on nodes, allowing network communication to your pods from inside or outside of the cluster.

  • Container Runtime:

    • The container runtime is the software responsible for running containers. Kubernetes supports several container runtimes, such as Docker, containerd, and CRI-O. The runtime pulls container images from a registry, starts and stops containers, and connects them to the network.

3. Pods

  • Pod:

    • A pod is the smallest deployable unit in Kubernetes. It can contain one or more containers, which are scheduled together on the same node. Containers in a pod share the same network namespace, IP address, and storage volumes, allowing them to communicate with each other easily.

4. Services

  • Service:

    • A service in Kubernetes is an abstraction that defines a logical set of pods and a policy by which to access them. Services enable communication between different sets of pods, load balance traffic, and provide stable endpoints for interacting with the pods.

5. ConfigMaps and Secrets

  • ConfigMaps:

    • ConfigMaps allow you to decouple environment-specific configuration from your container images, so that your applications are easily portable.

  • Secrets:

    • Secrets are similar to ConfigMaps but are intended to hold sensitive information, such as passwords, OAuth tokens, and SSH keys, which should be kept out of your application code.

6. Namespaces

  • Namespace:

    • Namespaces provide a mechanism for isolating groups of resources within a single cluster. They are used to divide cluster resources between multiple users or teams, typically in larger clusters.

7. Ingress

  • Ingress Controller:

    • An Ingress is an API object that manages external access to services in a cluster, typically HTTP. Ingress controllers, which implement the Ingress resource, help manage and route the external traffic to the appropriate services in the cluster.

8. Volumes

  • Volumes:

    • Kubernetes volumes provide storage to containers in a pod. Unlike container storage, which is ephemeral, Kubernetes volumes are persistent storage that can be reused even if the pod is rescheduled.

9. DaemonSets

  • DaemonSet:

    • DaemonSets ensure that all (or some) nodes run a copy of a pod. Typically used for background tasks like log collection, monitoring, etc., that need to run on every node.

10. StatefulSets

  • StatefulSet:

    • StatefulSets are used to manage stateful applications. Unlike a Deployment, which is used for stateless applications, a StatefulSet maintains a sticky identity for each of their pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

11. Deployments

  • Deployment:

    • A Deployment is a resource object in Kubernetes that provides declarative updates to applications. It helps manage the deployment of replica sets, which in turn manage the pods.

12. ReplicaSets

  • ReplicaSet:

    • A ReplicaSet is a higher-level concept that manages the number of replicas of a pod that should be running at any given time.

13. Jobs and CronJobs

  • Job:

    • A Job is a Kubernetes resource that is designed to run a task until it completes successfully. Once a job completes, no further pods are started.

  • CronJob:

    • A CronJob creates Jobs on a time-based schedule, much like cron jobs in Unix systems.

https://kubernetes.io/images/docs/kubernetes-cluster-architecture.svg