Kubernetes object creation 101
A pod is the smallest unit in K8s ecosystem like an atom in the universe.
Before creating any pod, I assume that the application is already developed along with docker image is build and it is available on docker repository(public or private). So, whenever kubernetes cluster runs, create a pod, it will pull the respective docker images. Also, assuming that kubernetes cluster is up and running. In case you need one using kubeadm, visit, Create a Kubernetes cluster using kubeadm. So, as both prerequisites are met, we are good to deploy an application into kubernetes cluster which ultimately creates a pod.
Pod is a group of containers that are deployed together on the same host. With the help of pods we can deploy multiple dependent containers together so it acts as a wrapper around these containers so we can interact and manage these containers primarily through pods.
containers so we can interact and manage these containers primarily through pods.
There are three ways you can create a pod(or resources) in a running K8s cluster.
- Imperative way
- Declarative way
- Using an API interface
Also, we can create the resources from Kubernetes-dashboard.
You can use the Kubernetes supported client-libraries to write applications using Kubernetes REST API.
Imperatively, with many kubectl commands directly applying to k8s cluster.
e.g. If I want to deploy an nginx web server into k8s cluster, then I can directly create a deployment which will create a replica set and replica set in turn will create pod using,
$ kubectl run --generator=run-pod/v1 nginx --image=nginx
pod/nginx createdIn the latest version of Kubernetes the generators have been removed from kubectl run command [Ref PR: Remove kubectl run generators] and they suggested a declarative way of creating resources. Also, it’s never been recommended to create any resources imperative way as there will be less transparency while creating/updating resources.
Declaratively, by writing manifests and using kubectl apply. This is good for reproducible deployments, i.e., for production — though you may still use some kubectl commands for debugging in production. So, these manifest contains the metadata and detail specification w.r.t. type of object you want to create. This method is even helpful to update the objects which are currently running in the K8s cluster.
Let’s create an nginx deployment the declarative way,
vim simple_deployment.yaml$ kubectl create -f simple_deployment.yaml
deployment.apps/nginx-deployment createdThis declarative way of creating resources will keep a track on what specification we have provided while creating a resource. Hence, 95% of system admin or devops engineer who managed a K8s cluster leverage it.
Creating a Pod/Deployment using REST API
In a typical Kubernetes cluster, the API is exposed on port 443, which can be accessed through a TLS connection. The self-signed certificate, which is generated during the cluster creation or configuration, is available at $USER/.kube/config on the client machine.
The API server performs authentication, authorization, and admission control of clients.
cat > nginx-pod.json <<EOF
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "nginx-deployment"
},
"spec": {
"selector": {
"matchLabels": {
"app": "nginx"
}
},
"minReadySeconds": 5,
"template": {
"metadata": {
"labels": {
"app": "nginx"
}
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:1.14.2",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
}
}
EOFCreate the above deployment using the following curl request,
curl -k -v -X POST -H "Authorization: Bearer <JWT_TOKEN>" -H "Content-Type: application/json" https://K8s-master-ip:6443/api/v1/namespaces/default/pods -d@nginx-pod.jsonMake sure you have created JWT_TOKEN which will have the necessary permissions to create the deployment. Otherwise you will get HTTP 401 Unauthorized response. Also, replace the K8s-master-ip with your K8s cluster’s master servers ip.
As shown in the above deployment life cycle, the control plane and data plane components work together seamlessly to make sure your cluster must be in desired state always. Controllers, make sure the current state always matches with desired state. Kubernetes controllers watch changes to Kubernetes objects in the API server, basic CRUD operations, and when it happens, controllers run its business logic. I will explain this in my next blog about, Nuts and Bolts of Kubernetes
Kubernetes is one of the most extensible container orchestration engines and day by day it is becoming a de-facto standard for infrastructure. Google’s borg experience bringing to all to run applications of internet-scale. The API-first approach makes Kubernetes programmable and extensible. The modular approach helps you to build on top of Kubernetes. So, any way you create the resources in the Kubernetes cluster, it will ultimately be going to be converted into an API through which it will communicate with the Kubernetes API server.
