Skip to main content

Understanding Kubernetes 101

Image credits to Dribble
What is Kubernetes?

"Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation." - Kubernetes

To understand in a simple way, we can say Kubernetes is an open source system to scale, deploy and manage containers. It automates operational tasks and has built-in commands for deploying applications, rolling back changes, scaling up and down your application as per requirements, and monitoring which makes managing applications easier.

Why Kubernetes?

Containers are a good way to bundle and run your application, but when these are deployed in large volumes then you need a centralized framework for running distributed systems resiliently ensuring minimum downtime.

Benefits of Kubernetes:

  • Automation of day-to-day operations, rollouts, and rollbacks.
  • Secret and Configuration Management - Kubernetes lets you store and manage sensitive information like passwords, SSH keys, and OAuth tokens. These can be deployed, changed, and managed without rebuildings container images. 
  • Self-healing - Kubernetes restarts containers that fail, replaces containers, and kills containers that do not respond to health checks.
  • Handles storage, networking, and compute workloads.
  • Continuous service health monitoring
  • Allows custom codes, APIs, and plugins.

Kubernetes vs Docker:

A lot of people get confused between these two, both are different yet complementary technologies for running containerized applications.

With docker, you can put all the things needed for the application to run in a container and then are spun when needed, but how do you manage started docker containers, that's what Kubernetes does. Kubernetes is responsible for carrying and delivering these containers safely to locations where they can be used. 

People often say that they are alternatives which is incorrect, Kubernetes can be used with or without docker, the question is when you should and shouldn't use them together depending on the scale of application deployment.

Components in Kubernetes:

Image Credit to Kubernetes

When you deploy Kubernetes, you get a cluster.

A cluster consists of a set of working machines called nodes that run containerized applications. Every cluster has at least one worker node.

A pod is a set of containers that are running in your cluster.

The worker node(s) host the pods that are components of the application workload.

API Server

  • Component of Kubernetes Control Plane that exposes the Kubernetes API.
  • Front end for Kubernetes Control Plane
  • Main Implementation is kube-apiserver - scale horizontally i.e deploys more instances. 
  • You can run several kube-apiserver and balance traffic between them.
  • API Server is what you can call the brain of the cluster.
etcd
  • In the Kubernetes world, etcd is used as the backend for service discovery and stores the cluster's state and its configuration.
  • etcd is a strongly consistent, distributed key-value store that provides a reliable way to store data that needs to be accessed by a distributed system or cluster of machines
kube-scheduler
  • kube-scheduler is the default scheduler for Kubernetes and runs as part of the control plane. kube-scheduler is designed so that, if you want and need to, you can write your own scheduling component and use that instead
kube-controller-manager
  • It manages various controllers in Kubernetes. Controllers are control loops that continuously watch the state of your cluster, then make or request changes where needed.
cloud-controller-manager
  • The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster.
Node Components
These components run on each node maintaining running pods and providing the Kubernetes runtime environment.

    kubelet
  • An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
  • The kubelet doesn't manage containers which were not created by Kubernetes.
    kube-proxy
  • kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.

Kubernetes Alternatives:- 

  • Docker Swarm
  • Apache Mesos
  • HashiCorp Nomad
  • AWS Fargate
  • Rancher
  • Cloudify

What's Next?

What’s described above is an oversimplified version of Kubernetes, but it should give you the basics you need to start experimenting. Now that you understand the pieces that make up the system, it's time to deep dive into Appsec free Kubernetes course, the course also has a free lab to deploy and learn Kubernetes.


Thanks for reading!

Labels:

Comments

Post a Comment

Popular posts from this blog

VULNHUB INFOSEC PREP : OSCP

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named ...
Post a Comment
Read more

Beginners Code Review Part 1

  Image credits to  Leobit This is a walkthrough of an exercise created by  PentesterLab  as a free course for learning beginner-friendly source code review. The link to the source code is here . Either clone it or download it as a zip locally. As instructed in the exercise we won't run the run, just read through the source code and look for possible weaknesses that we can leverage into vulnerabilities. LIST OF WEAKNESSES You can find below the list of issues present in the application: Hardcoded credentials or secrets Information leak Missing security flags Weak password hashing mechanism Cross-Site Scripting No CSRF protection Directory Listing Crypto issue Signature bypass Authentication bypass Authorization bypass Remote Code Execution Hand-On Findings and Objectives * Hardcoded credentials or secrets      ...
Post a Comment
Read more

KIOPTRIX LEVEL 1 WALKTHROUGH WITH AND WITHOUT METASPLOIT

Kioptrix Level 1 is a beginner level CTF challenge. You can download this virtual machine from here .  Details of Kioptrix : Size----186 MB OS---Linux Note: In virtual box, set up a Bridged network (virtual box -> preferences -> network) in networking, put both your Kali and Kioptrix to Bridged network. Fire-up both the machines(Kali and Kioptrix Level 1) Kioptrix will ask for the logins which we don't know at the moment. This also means we can't find IP of the Kioptrix directly from the Kioptrix machine itself. Leave the Kioptrix machine as it is and switch to Kali. First we need to find the IP address of the Kioptrix machine. We will use the tool netdiscover that comes pre-installed in Kali Linux to identify the IP address. Command   sudo netdiscover -i eth0 Wait  for scan results. 192.168.233.130 seems to be the IP of the Kioptrix machine. Let's scan this IP address using the tool Nmap (scan will also verify that its the IP of Kioptrix machine) Command  su...
1 comment
Read more