## Kubernetes

* Kubernetes (K8s) is an open source container orchestration platform developed by Google.
* 	It is designed to automate the development, scaling, and management of containerized applications across a cluster of nodes
* •	Kubernetes provides a consistent and reliable way to manage applications, regardless of whether they are running on-premises, in the cloud, or in hybrid environments.


## Microservices  
* Microservice are a software architecture pattern that structures applications as a collection of small, independently deployable services.
* Each microservice is designed to perform a specific function or business capability and communicates with other services over well-defined APIs or protocols


## Architecture and Components of Kubernetes


<img src="images/1.svg" alt="image not loaded">
(source:https://kubernetes.io/images/docs/components-of-kubernetes.svg)

Kubernetes follows a master-slave architecture model, where different components play specific roles in managing and maintaining the cluster.
# MasterNode
* The master node acts as the control plane for the Kubernetes cluster.
* It oversees the entire cluster and manages its workload.
* Components running on the master node include:
* * <b>API Server:</b> Acts as the front-end for Kubernetes. The API server is responsible for handling all administrative tasks and management operations within the cluster via a RESTful API.
  * <b>Scheduler:</b> Monitors newly created pods and assigns them to nodes based on resource availability, workload requirements, and other constraints.
  * <b>Controller Manager:</b> Manages different non-terminating control loops that regulate the state of the cluster. Examples include node controllers, replication controllers, endpoints controller, and service account & token controllers.
  * <b>etcd:</b> A distributed key-value store that stores the configuration data of the cluster, representing the cluster’s state at any given time. It is critical for maintaining cluster state and configuration.


# WorkerNode
* Worker nodes host the application containers and other Kubernetes components necessary for running pods, the smallest deployable units in Kubernetes.
* Each node typically runs:
* * <b>Kubelet:</b> An agent that runs on each node in the cluster. It ensures that containers are running in a Pod and handles communication between the Kubernetes control plane and the node.
  * <b>Container Runtime:</b> The software responsible for running containers, such as Docker or containerd.
  * <b>Kube-proxy:</b> Manages network routing for TCP, UDP, and SCTP packets. It enables Kubernetes services to be exposed to the network and provides load balancing for applications.
  * <b>Pods:</b> The fundamental unit of Kubernetes, consisting of one or more containers deployed together on a single node.


# Components of Kubernetes

Beyond the architectural components, Kubernetes is built around several key concepts and components that define its functionality and operational capabilities:

* <b>Pods:</b> The basic building block in Kubernetes, encapsulating one or more containers (typically tightly coupled) that share storage, network, and configuration.
* <b>Services:</b> An abstraction that defines a set of pods and how to access them. It enables load balancing and service discovery for pods.
* <b>Deployments:</b> A declarative approach to managing pods and replica sets. Deployments allow you to describe the desired state for your application and Kubernetes ensures that the current state matches the desired state.
* <b>Volumes:</b> Storage abstraction that provides persistence for container data beyond the life of the pod.
* <b>Namespace:</b> A logical partition within a Kubernetes cluster used to create multiple virtual clusters within the same physical cluster, providing isolation and a scope for resources.
* <b>ConfigMaps and Secrets:</b> Kubernetes resources for storing configuration settings and sensitive data securely.
* <b>Labels and Selectors:</b> Key-value pairs attached to objects (like pods) to identify and select subsets of objects for various operations.
* <b>Controllers:</b> Kubernetes uses controllers to ensure that the cluster remains in its desired state. Controllers like ReplicaSets, StatefulSets, DaemonSets, and Jobs manage pods and other resources to ensure availability, scalability, and reliability.

## Pod

Pod is the smallest deployable unit in Kubernetes, representing a single instance of an application. It can contain one or more tightly coupled containers that share resources such as storage and networking.


* <b>apiVersion:</b> Specifies the Kubernetes API version being used (v1 for Kubernetes core resources).
* <b>kind:</b> Defines the type of Kubernetes resource (Pod in this case).
* <b>metadata:</b> Contains information about the Pod, including its name and labels.
* <b>spec:</b> Defines the specification for the Pod.
  * <b>containers:</b> Specifies the containers to run within the Pod.
    * <b>name:</b> Name of the container (nginx-container).
    * <b>image:</b> Docker image to use for the container (nginx:latest).
    * <b>ports:</b> Exposes port 80 on the container.

## Deployment

Deployment manages the lifecycle of Pods and ReplicaSets (which ensures a specified number of identical Pods are running). It provides declarative updates to applications, allowing you to describe the desired state for your Pods.

i.e : Manages the lifecycle and scaling of Pods, ensuring the desired number of Pods are running.

-   **apiVersion**: Specifies the Kubernetes API version (`apps/v1` for Deployment).
-   **kind**: Defines the type of Kubernetes resource (`Deployment`).
-   **metadata**: Contains metadata about the Deployment (e.g., name).
-   **spec**: Defines the desired state for the Deployment.
    -   **replicas**: Specifies the desired number of Pods (`3` replicas).
    -   **selector**: Specifies how the Deployment identifies which Pods to manage.
    -   **template**: Defines the Pod template used by the Deployment.
        -   **metadata**: Labels to be applied to the Pods.
        -   **spec**: Specification of the Pods.
            -   **containers**: Specifies the containers to run within each Pod.
                -   **name**: Name of the container (`nginx-container`).
                -   **image**: Docker image to use for the container (`nginx:latest`).
                -   **ports**: Exposes port 80 on the container.

## ReplicaSet

ReplicaSet ensures that a specified number of identical Pods are running at any given time. It is often created and managed by Deployments, which use ReplicaSets to manage the lifecycle of Pods.

-   **apiVersion**: Specifies the Kubernetes API version (`apps/v1` for ReplicaSet).
-   **kind**: Defines the type of Kubernetes resource (`ReplicaSet`).
-   **metadata**: Contains metadata about the ReplicaSet (e.g., name).
-   **spec**: Defines the desired state for the ReplicaSet.
    -   **replicas**: Specifies the desired number of Pods (`3` replicas).
    -   **selector**: Specifies how the ReplicaSet identifies which Pods to manage.
    -   **template**: Defines the Pod template used by the ReplicaSet (similar to Deployment).

## Kubernetes Services

Kubernetes Services are an abstraction that define a logical set of Pods and a policy by which to access them. Services enable communication between different components in a Kubernetes application. They provide stable IP addresses, DNS names, and load balancing across the Pods.

<img src="images/2.png" alt="image not loaded" />

#### Key Concepts

1.  **Service Types**: Kubernetes supports different types of Services based on their use case:

    -   **ClusterIP**: Exposes the Service on a cluster-internal IP. This is the default type and makes the Service only reachable from within the cluster.
    -   **NodePort**: Exposes the Service on each Node's IP at a static port. This allows external traffic to access the Service by contacting the Node's IP and specified port.
    -   **LoadBalancer**: Exposes the Service externally using a cloud provider's load balancer.
    -   **ExternalName**: Maps the Service to the contents of the `externalName` field by returning a CNAME record with its value. No proxying of any kind is set up.
2.  **Selectors and Labels**: Services use label selectors to identify the Pods they should route traffic to. Pods are matched based on their labels.

3.  **Endpoints**: An Endpoint is a set of IP addresses and ports that a Service routes to. Kubernetes automatically creates Endpoints objects when the Service selectors match running Pods.

4.  **DNS**: Kubernetes offers a built-in DNS service, which automatically assigns DNS names to Services. Pods can resolve the Service name to the Service's ClusterIP.

#####  ClusterIP (default)

-   **Usage**: Internal communication within the cluster.
-   **Configuration**:

-   **Description**: This Service will route traffic to Pods with the label `app=MyApp` on port 9376 internally within the cluster.

#####  NodePort

-   **Usage**: Exposes the Service on each Node's IP at a static port.
-   **Configuration**

-   **Description**: This Service will route traffic to Pods with the label `app=MyApp` on port 9376 and expose it on port 30007 of each Node's IP.
#####  LoadBalancerer

-   **Usage**: Exposes the Service externally using a cloud provider's load balancer.
-   **Configuration**

-   **Description**: This Service will route traffic to Pods with the label `app=MyApp` on port 9376 and expose it externally using a cloud provider's load balancer.

#####  ExternalName

-   **Usage**: Maps the Service to an external DNS name.
-   **Configuration**

**Description**: This Service will route traffic to the DNS name `my.database.example.com`.

#### Advanced Concepts

##### Headless Services

-   **Usage**: Sometimes you don't need load balancing and a single service IP. For such cases, you can create headless services by setting the `ClusterIP` to `None`.
-   **Configuration**

-   **Description**: This Service will directly return the IPs of the Pods selected by the label `app=MyApp`.

##### Service Without Selectors

-   **Usage**: You can create a Service without specifying selectors. In this case, you manually define Endpoints.
-   **Configuration**

-   **Description**: This Service routes traffic to the manually specified Endpoint (192.168.1.100:9376).

### Summary

-   **Services** in Kubernetes provide a stable way to expose Pods.
-   **ClusterIP** is used for internal communication.
-   **NodePort** and **LoadBalancer** are used to expose services outside the cluster.
-   **ExternalName** allows you to map a service to an external DNS name.
-   **Selectors and labels** are used to route traffic to the correct set of Pods.
-   **Headless Services** and **Services without selectors** offer more advanced use cases for direct Pod IPs or manual endpoint management.

## Kubernetes Ingress

**Ingress** in Kubernetes is an API object that manages external access to services within a Kubernetes cluster, typically HTTP or HTTPS. Ingress provides a way to define rules for routing external traffic to the appropriate services in the cluster. It acts as a bridge between the outside world and your Kubernetes cluster.

#### Key Concepts

1.  **Ingress Controller**: An Ingress controller is a specialized load balancer for Kubernetes (such as NGINX, Traefik, or HAProxy) that implements the Ingress rules you define. You must deploy an Ingress controller to use Ingress resources.

2.  **Ingress Resource**: This is a collection of rules that allow inbound connections to reach the cluster services.

3.  **Ingress Rules**: These define how the traffic should be routed based on the host and path of the incoming request.

#### Basic Structure

Here's a simplified example of an Ingress resource:

### Detailed Explanation

1.  **Ingress Controller**:

    -   **Deployment**: Ingress controllers are typically deployed as pods within the cluster. Each controller watches the Ingress resources and configures the underlying load balancer according to the rules specified.
    -   **Common Controllers**: Popular Ingress controllers include NGINX Ingress Controller, Traefik, and HAProxy Ingress.
2.  **Ingress Resource**:

    -   **Metadata**: This section includes the name and optional annotations. Annotations are used to specify additional configurations, like rewrite rules.
    -   **Spec**: This section includes rules and configurations for the Ingress resource.
3.  **Ingress Rules**:

    -   **Host**: Specifies the domain name for which the rules apply.
    -   **Paths**: Defines how the requests to specific paths should be routed to backend services. Each path has:
        -   **Path**: The specific URL path.
        -   **PathType**: Specifies how the path should be matched (`Prefix`, `Exact`, or `ImplementationSpecific`).
        -   **Backend**: Specifies the service name and port to which the request should be forwarded.

### Advanced Concepts

#### TLS (HTTPS)

To secure your applications with HTTPS, you can configure Ingress to use TLS. This requires you to create a TLS secret that contains the certificate and key.

#### Ingress Annotations

Annotations provide additional configurations for the Ingress resource. Some common annotations include:

-   **nginx.ingress.kubernetes.io/rewrite-target**: Used to rewrite the URL path.
-   **nginx.ingress.kubernetes.io/ssl-redirect**: Force SSL redirect.
-   **nginx.ingress.kubernetes.io/limit-connections**: Limit the number of connections.

#### Example with Annotations

### Use Cases

1.  **Single Service Exposure**: Expose a single service to the internet.
2.  **Multiple Services with Path-based Routing**: Route traffic to different services based on URL paths.
3.  **Multiple Domains**: Host multiple applications on different domains using the same Ingress controller.
4.  **TLS Termination**: Secure your services with HTTPS.

### Summary

-   **Ingress** is a powerful way to manage external access to your services.
-   **Ingress Controller** is required to implement the Ingress rules.
-   **Ingress Resource** defines the routing rules for your applications.
-   **TLS Support** enables HTTPS for secure communications.
-   **Annotations** provide additional configurations for fine-tuning the Ingress behavior.

## Kubernetes ConfigMaps and Secrets

**ConfigMaps** and **Secrets** are Kubernetes resources used to manage configuration data and sensitive information separately from application code. This approach allows you to change configuration or sensitive data without rebuilding your application images or disrupting your application services.

### ConfigMaps

**ConfigMaps** are used to store non-confidential configuration data in key-value pairs. This allows you to decouple configuration artifacts from image content to keep your containers portable.

#### Key Concepts

-   **Data Storage**: ConfigMaps store data as key-value pairs.
-   **Mounting Methods**: ConfigMaps can be used as environment variables, command-line arguments, or configuration files in a volume.

#### Example ConfigMap Definition

Here is a basic example of a ConfigMap definition:

#### Using ConfigMaps in Pods

1.  **As Environment Variables**:

2. **As Command-Line Arguments**:

3. **As Configuration Files**:

### Secrets

**Secrets** are similar to ConfigMaps but are specifically intended for storing sensitive information, such as passwords, OAuth tokens, and SSH keys. Secrets are encoded in base64 and can be used in Pods similarly to ConfigMaps.

#### Key Concepts

-   **Data Storage**: Secrets store sensitive data as key-value pairs.
-   **Security**: Secrets are encoded in base64 but are not encrypted by default. They provide a higher level of security and control.

#### Example Secret Definition

Here is an example of a Secret definition:

#### Using Secrets in Pods

1.  **As Environment Variables**:

2. **As Configuration Files**:

### Comparison and Best Practices

#### ConfigMaps

-   **Use Case**: Store non-sensitive configuration data.
-   **Security**: No special security measures beyond standard Kubernetes access control.
-   **Usage**: Ideal for application settings, configuration files, and non-sensitive data.

#### Secrets

-   **Use Case**: Store sensitive information.
-   **Security**: Base64 encoded by default; can be integrated with Kubernetes secrets management tools for encryption.
-   **Usage**: Ideal for passwords, API keys, certificates, and other sensitive data.

#### Best Practices

1.  **Separate Configurations**: Use ConfigMaps and Secrets to separate configuration and sensitive data from your application code.
2.  **Version Control**: Do not store sensitive information in version control systems.
3.  **Access Control**: Use Kubernetes Role-Based Access Control (RBAC) to limit access to ConfigMaps and Secrets.
4.  **Encryption**: Use tools like Kubernetes Secrets encryption or third-party solutions to encrypt Secrets at rest.
5.  **Environment Variables vs. Volumes**: Consider security implications when choosing between environment variables and mounted volumes for injecting sensitive data.


## Kubernetes Namespaces

**Namespaces** in Kubernetes are a way to divide cluster resources between multiple users. They provide a scope for names, allowing you to organize and manage resources in a Kubernetes cluster more effectively.

#### Key Concepts

1.  **Logical Partitioning**: Namespaces are intended for use in environments with many users spread across multiple teams or projects.
2.  **Resource Isolation**: Namespaces help isolate resources between different teams, applications, or environments.
3.  **Resource Quotas**: You can apply resource quotas to namespaces to limit the amount of resources consumed.
4.  **Access Control**: Namespaces can be used with Kubernetes Role-Based Access Control (RBAC) to manage access to resources.

#### Default Namespaces

Kubernetes comes with three pre-configured namespaces:

-   **default**: The default namespace for objects without a namespace.
-   **kube-system**: The namespace for objects created by the Kubernetes system.
-   **kube-public**: A namespace that is readable by all users, used for special purposes.

#### Creating a Namespace

Here is an example of how to create a namespace:

Apply the namespace definition using `kubectl`:

#### Using Namespaces

1.  **Creating Resources in a Namespace**: When creating resources, you can specify the namespace where they should be created.

Apply the Pod definition using `kubectl`:

2. **Viewing Resources in a Namespace**:
   
   You can list resources in a specific namespace using the `-n` flag.

3. **Setting a Default Namespace for `kubectl`**:
  
   You can set a default namespace for `kubectl` commands using the `kubectl config set-context` command.

4. **Switching Between Namespaces**:

   You can switch between namespaces in `kubectl` using the `kubens` command (part of the `kubectx` tool).

#### Resource Quotas

You can use resource quotas to limit the resource consumption within a namespace. Here is an example of a resource quota definition:

Apply the resource quota definition using `kubectl`:

#### Role-Based Access Control (RBAC)

Namespaces can be used with RBAC to define fine-grained access control. Here is an example of a role and role binding for a namespace:

1.  **Role**:

2. **Role Binding**:

Apply the role and role binding definitions using `kubectl`:

### Summary

-   **Namespaces** provide logical partitioning of resources in a Kubernetes cluster.
-   **Default Namespaces** include `default`, `kube-system`, and `kube-public`.
-   **Creating and Using Namespaces**: You can create namespaces and specify them in resource definitions.
-   **Resource Quotas** help limit resource consumption within namespaces.
-   **RBAC** with namespaces allows for fine-grained access control.



## Kubernetes PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs)

**PersistentVolumes (PVs)** and **PersistentVolumeClaims (PVCs)** are components of the Kubernetes storage architecture that enable the management of storage resources. PVs represent actual storage resources, while PVCs are requests for storage by users. Together, they provide a way to dynamically provision and manage storage for applications in a Kubernetes cluster.

#### PersistentVolumes (PVs)

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. PVs are cluster resources, much like a node is a cluster resource.

##### Key Concepts

-   **Static and Dynamic Provisioning**: PVs can be statically created by an administrator or dynamically provisioned based on Storage Classes.
-   **Lifecycle**: PVs have a lifecycle independent of any individual Pod that uses the PV.
-   **Reclaim Policies**: Determine what happens to the PV when it is released. Reclaim policies include Retain, Recycle, and Delete.

##### Example PV Definition

Here's an example of a statically provisioned PV:

#### PersistentVolumeClaims (PVCs)

A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod in that Pods consume node resources, and PVCs consume PV resources. PVCs specify the desired size, access modes, and storage class.

##### Key Concepts

-   **Binding**: A PVC is bound to a PV with matching requirements.
-   **Access Modes**: PVCs specify access modes like ReadWriteOnce, ReadOnlyMany, and ReadWriteMany.
-   **Storage Classes**: Define the type of storage to be dynamically provisioned (if used).

##### Example PVC Definition

Here's an example of a PVC:

#### Using PVs and PVCs in Pods

Once a PVC is created and bound to a PV, it can be used in a Pod. Here's an example of how to use a PVC in a Pod:

#### Using PVs and PVCs in Pods

Once a PVC is created an#### Dynamic Provisioning with Storage Classes

**Storage Classes** enable dynamic provisioning of PVs. A Storage Class defines the storage type (like AWS EBS, GCE PD, or NFS) and the provisioner that should be used.

##### Example Storage Class

Here's an example of a Storage Class:d bound to a PV, it can be used in a Pod. Here's an example of how to use a PVC in a Pod:

PVCs can reference a Storage Class to dynamically provision a PV:

### Reclaim Policies

-   **Retain**: Manual reclamation of the resource. The PV is not deleted and must be manually cleaned up.
-   **Recycle**: Basic scrub (rm -rf /thevolume/*). This is deprecated.
-   **Delete**: The PV and associated storage are automatically deleted.

### Summary

-   **PersistentVolumes (PVs)**: Represent actual storage resources. Can be statically or dynamically provisioned. Have lifecycle independent of Pods.
-   **PersistentVolumeClaims (PVCs)**: Requests for storage by users. PVCs consume PV resources and specify desired size, access modes, and storage class.
-   **Binding**: PVCs bind to PVs that match their requirements.
-   **Access Modes**: Define how the volume can be accessed (e.g., ReadWriteOnce, ReadOnlyMany).
-   **Storage Classes**: Enable dynamic provisioning of PVs with specific attributes and provisioners.
-   **Reclaim Policies**: Define what happens to a PV when it is released (Retain, Recycle, Delete).