Everything you need to know about Kubernetes—a container orchestration tool that deploys, scales, and manages containerized applications.
What is Kubernetes?
Kubernetes is an open source, container orchestration tool that is critical to the managing of cloud applications.
Businesses turn to the cloud for the benefits of agility, flexibility, portability, and cost control. As the reliance on multicloud environments grows, the need to better manage those environments and the applications that reside in them also grows. Containers helped address those challenges by packaging together code and all its dependencies as efficient and lightweight packages that can run in any environment. Containers simplified cloud computing, but they also complicated environment management. Kubernetes resolves much of the complexity of managing cloud applications by automating the deployment, scaling, and management of containerized applications.
In the following video, Sai Vennam gives an overview of Kubernetes and its components.
Kubernetes clusters and architecture
Clusters serve as the basis of the Kubernetes architecture. You can think of clusters as building blocks, and each Kubernetes cluster consists of at least one master node and multiple worker nodes. The master node controls and monitors worker nodes and all Kubernetes resources contained in a cluster. The master node runs a scheduler service that decides where apps are deployed based on deployment requirements and available capacity.
Each worker node is a compute host that deploys, runs, and manages containerized apps. Worker nodes use tools to manage containers, such as Docker. Scripts specify container configuration and define the Kubernetes resources needed to run an application, including persistent storage, services, and annotations.
For a deeper dive on Kubernetes clusters, check out this blog post: "Kubernetes Clusters: Architecture for Rapid, Controlled Cloud App Delivery"
The video "Kubernetes Cluster Architecture" further explores the basic concepts of Kubernetes architecture.
IBM Cloud Kubernetes Service clusters can be deployed in multiple ways. This blog on "Deployment Patterns for Maximizing Throughput and Availability" describes deployment patterns, how those patterns are affected by load-balancing decisions, and how clustering and zoning impact deployment.
Kubernetes creates pods that host application instances, and pods are the smallest deployable units in a cluster. Pods house one or more app containers and shared resources, such as storage or networking information, and group containers that must be treated as a single unit.
Kubernetes deployments manage stateless services that run in a Kubernetes cluster. A deployment describes the desired state of a pod and ensures the actual state matches the desired state. Deployments verify that identical pod sets are running and upgraded in a controlled way so that rolling updates are performed with zero downtime.
For a closer look at Kubernetes deployments, check out our video "Kubernetes Deployments: Get Started Fast":
This "Kubernetes 101" course gives an overview of the various resources that make up a Kubernetes cluster.
Kubernetes container orchestration capabilities allow you to automate app deployment and speed the development process. However, containerized apps sometimes prove vulnerable to exploits and attacks, and the more containers you have, the larger your attack surface and the more vulnerabilities your attackers can exploit. Traditional security models and monitoring tools fail to address the flexible, portable, ever-changing nature of containers. As a result, Kubernetes security must be an integral part of any deployment.
This blog post outlines best practices for implementing a Continuous Integration/Continuous Delivery (CI/CD) secure container image pipeline for Kubernetes-based applications. This includes scanning container images for vulnerabilities. This scan ensures the security of instances and of containers that are subsequently instantiated.
- Protection for Kubernetes cluster infrastructure and network communications
- Isolation of compute resources
- Security compliance across infrastructure components and container deployments
Monitoring your applications provides another essential safeguard for Kubernetes clusters. The granularity and independence of containerized apps make monitoring a challenge, and traditional monitoring processes often lack the nuance to adequately monitor microservices.
Kubernetes requires logging, monitoring, and alerting tools that accommodate the portability and mutability of cloud environments. The open-source tool Prometheus uses key-value pairs and works well with how Kubernetes organizes metadata. Prometheus regularly scrapes and auto-discovers data targets making it a good match for ephemeral workloads.
Your Kubernetes clusters should also enable audit logging and monitoring for unwanted or anomalous API calls, particularly authorization failures. Such failures often uncover an attacker using stolen credentials.
Download the ebook Securing the container platform: Build a chain of trust to learn how to define a security framework that also reduces risk and ensures regulatory compliance.
Business-critical applications inside the enterprise demand persistent storage. Containers, however, use dynamic architecture designed for workloads that are more short-lived and transitory. Reconciling the needs of the enterprise with the stateless nature of containers has become a challenge for Kubernetes.
Kubernetes volumes address the need for storage orchestration and provisioning. A Kubernetes volume is a directory that can be accessed by all containers running within a pod. This volume data is preserved even during container restart. The volume abstraction also addresses the need for containers inside a pod to share files.
Kubernetes supports many volume types, and pods can use multiple types simultaneously. For proper storage planning, and to choose the correct storage solution, you must understand your app requirements, the data type being stored, and how often your data will be accessed. Making the correct storage choice requires answering these questions:
- Does your app require persistent or non-persistent storage?
- If your app requires persistent storage, will it be stored in a file system or database?
- What type of data is being stored: structured, semi-structured, or unstructured?
- How will data be accessed, and will the data set be read-only or read and write?
- How often will data be accessed? Is the data hot, warm, cool, cold, or frozen?
- Must data be shared across apps, zones, or regions?
- What other storage characteristics must be accommodated? These might include (but are not limited to) consistency, performance, durability, resiliency, availability, scalability, and encryption.
Within Kubernetes, storage class objects describe available storage classes. Storage classes use a provisioner to determine what volume plug-in is used for provisioning persistent volumes. Before provisioning storage, it helps to review and understand Kubernetes storage basics.
One of the benefits of Kubernetes is the ability to continuously integrate systems more frequently through the power of automation. When you take a continuous integration approach to application development, you can keep systems current, identify issues and correct them early, and reduce the development effort required. This enables you to deliver a higher quality product to your end users, who experience greater app functionality, less system disruption, and predictable delivery schedules.
Continuous integration (CI) enabled by Kubernetes provides a number of benefits:
- Improved feedback: A constant feedback loop that is acted upon provides a record of constant and demonstrable progress.
- Faster error detection: CI helps uncover errors faster, which can then be addressed and corrected quickly.
- Enhanced team collaboration: With CI, team members can work safely and maintain version control standards. Developers can change code, integrate the code into the system, and quickly see if that change conflicts with others.
- Better system integration: By using CI during a project, teams confirm the viability of the systems they build, removing the possibility of failure at later stages of the development cycle.
- Fewer parallel changes that need to be merged and tested.
- Fewer errors uncovered during system testing: Conflicts are resolved before changes are set.
- Less technical risk: Teams have access to an always updated system to test against.
- Reduced management risk: CI processes allow teams to know exactly how much functionality has been built to date. This information enables the predictable delivery of functionality updates and improvements.
If you want to practice CI, check out the "Continuous Deployment to Kubernetes" tutorial.
Kubernetes and DevOps
DevOps combines software development and IT operations processes—typically automating tasks—to shorten the development cycle while still meeting business objectives. DevOps speeds up and improves application development and fosters close collaboration between development and operations staff in all stages of the development lifecycle. As a tool, Kubernetes links development and operations by design, making Kubernetes a good fit for organizations committed to following a DevOps approach.
Kubernetes and containers also embrace modularity by breaking down applications into microservices. This modularity works well with DevOps processes. Development teams focus on smaller services rather than monolithic applications. Integration and development are continuous, leading to smaller changes that happen faster and prove less disruptive to end users. For more information on microservices, see "Microservices: A Complete Guide."
Kubernetes deployments define the desired state—the set of instructions that describe exactly what you want from your application environment. In Kubernetes, an application's current state is constantly driving toward this defined and desired state. When the current state fails to match the desired state, Kubernetes makes adjustments through updates and provisioning and de-provisioning resources. This process of rolling updates makes DevOps improvements smoother by ensuring applications stay in their desired state.
Open source and third-party tools allow for the creation of a DevOps toolchain. You can create your own toolset that supports development, deployment, and operations tasks. For example, you can develop a Kubernetes app toolchain and a Kubernetes app with Helm toolchain.
The tutorial "Use the 'Develop and test microservices with Kubernetes and Helm' toolchain" will show you how to continuously deliver a microservices app.
Check out "DevOps: A Complete Guide" for a complete overview the DevOps approach.
Kubernetes and Istio
A service mesh describes the network of microservices or containers (and the interactions between them) that make up an application. Istio is a configurable, open source service mesh layer that connects, monitors, and secures the containers in a Kubernetes cluster.
Istio installs on top of existing Kubernetes clusters and complements Kubernetes in three major ways: service introspection, at-scale app management, and hybrid deployment.
Istio aids service introspection by using tools that allow developers more insight into running containers. Istio uses Prometheus and Grafana to collect, store, and display application metrics. It also uses a service graph to help you visualize the services you’re running and how they interact with each other.
Managing microservices becomes more complex as applications scale. Istio helps manage traffic flow so an app isn’t overwhelmed when updates are made. It also uses fault injection to ensure that when failures occur, your services respond predictably.
Istio also supports a service mesh that works across different environment types. It recognizes that most businesses operate in hybrid environments, with both cloud-native and on-premise services. Istio creates a central control plane so that apps continue to work as expected, even when services span different environments.
To get fully familiar with Istio and its capabilities, read "Istio: A Complete Guide."
Kubernetes and serverless computing
Serverless computing—also referred to as Function-as-a-Service or FaaS—does not actually mean computing without servers. Instead, it means organizations do not have to buy, rent, or provision servers for the code to run. Developers can execute code, or functions, to run without the complexity of building or provisioning infrastructure.
Serverless computing and containers are often seen as competing technologies, but that’s not always the case. Solutions like Knative let you run serverless within a Kubernetes cluster. Knative is an open source platform derived from a collaboration between IBM, Google, Lyft, and others that allows for the running of serverless workloads in Kubernetes.
The combination of Knative and Kubernetes means development teams don't have to rely on hosted serverless vendors to take advantage of serverless computing. Knative inserts itself between Kubernetes and the serverless framework. It provides the platform on which developers build their serverless solutions on top of Kubernetes. Your development team can take advantage of Kubernetes functions like monitoring, security, logging, and authentication and combine them with Knative benefits, such as automated container build, full portability, and working across hybrid environments.
Creators of this technology believed developers should not have to choose between serverless and containers when building cloud apps. The goal was to augment the availability and consistency of containers with the powerful scaling and on-demand access of serverless. The video "What is Knative?" provides more information about this solution, and if you want a comprehensive look, see "Knative: A Complete Guide."
For more information on serverless computing, see "Serverless: A Complete Guide."
Kubernetes vs. ...
The sections below will explore how Kubernetes relates to other cloud offerings, including the following:
- Kubernetes vs. Docker
- Kubernetes vs. Docker Swarm
- Kubernetes vs. Mesosphere
- Kubernetes vs. OpenShift
- Kubernetes vs. Amazon ECS
- Kubernetes vs. Azure Service Fabric
- Kubernetes vs. Terraform
- Kubernetes vs. Cloud Foundry
- Kubernetes vs. Consul
Kubernetes vs. Docker
Although people often think that Docker and Kubernetes are competing technologies, they actually solve different problems. Docker makes using containers easier, while Kubernetes helps manage and scale containers. Docker is an open source program used to build, test, and deploy applications using containers. Containers package code and all its dependencies so that a software stack can run as expected no matter what environment it’s in. Docker makes the use of containers easier, but containers offer their own set of management challenges.
That’s where Kubernetes steps in. Kubernetes allows the use of existing Docker containers and workloads while better managing the issue of scalability. Trying to scale with Docker alone can be complex. Kubernetes addresses the challenges that arise from Docker deployments. If you already use Docker and are facing scalability challenges, then using Kubernetes may be the next logical step for workload management.
To learn about how Kubernetes and Docker work together, watch the video:
You can also read more in our blog post, "Kubernetes vs. Docker: Why Not Both?"
Kubernetes vs. Docker Swarm
While Docker and Kubernetes don't compete, Docker Swarm and Kubernetes do. Both Kubernetes and Docker Swarm are container orchestration platforms. In the debate of Kubernetes vs. Docker Swarm, you may be wondering which is the right container orchestrator for you; in the blog post "Docker Swarm vs. Kubernetes: A Comparison," we lay out the pros and cons of each to provide a head-to-head comparison.
If you’re already using Docker, you may find it easier to start with Swarm and find it easier to navigate. It works well with smaller workloads. Kubernetes, however, is more popular and is supported by every major cloud provider. Additionally, Kubernetes is more powerful, more flexible, and easier to customize. Because Kubernetes offers greater functionality, the learning curve is steeper. It can be run through a managed service, allowing development teams to focus instead on application building.
Kubernetes vs. Mesosphere
Kubernetes and Mesosphere are also both orchestration tools. Kubernetes works only with containerized applications, while Mesosphere works with containers and other technologies. Mesosphere refers to itself as a data center operational system (DC/OS) and focuses on all cloud resources, whereas Kubernetes focuses on characteristics particular to containers, such as scaling and availability. Additionally, Kubernetes can be deployed on Mesosphere.
The Mesos DC/OS has a less active user community, making it more difficult to get help and support from other users. It's a complex solution, which may explain why it has seen only limited adoption among top cloud providers. Additionally, some Mesosphere features are only available through a premium subscription or enterprise versions, whereas Kubernetes is open source.
Kubernetes vs. OpenShift
Red Hat OpenShift is an enterprise-grade application Platform-as-a-Service (PaaS), based on Kubernetes container orchestration, for application development and deployment. OpenShift streamlines application development and delivery, manages application lifecycles, and uses microservices architecture. It uses packaged software components that are supported by Red Hat and its partners.
Again, rather than being competitors, the OpenShift application builds onto Kubernetes functionality and is tailored to enterprise customers. That tailoring includes the ability to support thousands of users and apps on a single Kubernetes cluster, make large deployments simpler to execute, and improve the security of those deployments.
Kubernetes vs. Amazon ECS
Amazon Elastic Container Service (ECS) is a container management service used to manage Docker containers on a cluster of virtual machine instances. It integrates only with Amazon infrastructure, so it works well with Amazon Web Services (AWS). ECS allows administrators to create clusters, tasks, and services. Unlike Kubernetes, ECS only works with Amazon cloud and AWS. It also only manages ECS container workloads, creating vendor lock-in.
Kubernetes can be deployed on-premise, in public clouds, or in private clouds, whereas ECS is only deployable in Amazon cloud. Kubernetes offers a wide variety of storage options, but ECS storage options are limited to Amazon. As an open source technology, Kubernetes is used more extensively and integrates with third parties.
Some of ECS code is open source so added functions can be integrated into customer and third-party applications. In comparison, Kubernetes is more complicated, making purchasing decisions and implementation more complex. Customers, particularly those already using AWS, may find ECS simpler to control and implement.
Kubernetes vs. Azure Service Fabric
Azure Service Fabric is Microsoft’s container orchestrator, and it is used to deploy microservices. It is an application platform that simplifies building and deploying microservices to deliver scalable, agile, and reliable applications that run on Azure, on-premise, or in other clouds. It provides built-in programming service models to simplify microservice development. Azure Fabric Service runs any application code and supports both stateless and stateful microservices.
Azure Service Fabric has recently shifted to an open source development model. Microsoft, recognizing the large footprint of Kubernetes, also offers Azure Kubernetes Service.
Kubernetes vs. Terraform
Terraform from HashiCorp is an open source DevOps tool. It is used to build, change, and version infrastructure and is regularly used as infrastructure-as-code. Terraform can be used with Kubernetes to provision storage, compute, and network infrastructure. It can also manage the lifecycle of Kubernetes resources, like pods, replica sets, and services. Terraform also understands how resources are linked in a Kubernetes environment. For example, Terraform knows to create persistent volumes before persistent volume claims.
Kubernetes vs. Cloud Foundry
Cloud Foundry is an open-source cloud application platform that is backed by IBM, Cisco, Google, Microsoft, and others. Cloud Foundry enables the fast and easy building, testing, deploying, and scaling of applications. The platform provides a choice of clouds, developer frameworks, and application services. It uses container-based architecture and runs apps in any programming language. It is compatible with popular technology and tools including Kubernetes, AWS, and Docker.
Kubernetes vs. Consul
Consul by HashiCorp is a distributed service mesh (a service mesh controls how parts of an application share data with other parts). Consul connects, secures, and configures services across any runtime platform in public or private clouds. Consul can be integrated with and enhance Kubernetes. The goals for this integration include automatic syncing of services between Kubernetes and Consul and auto-joining external Consul agents to Kubernetes clusters.
If you're ready to start working with Kubernetes or looking to build your Kubernetes skills, try one of these tutorials.
- Kubernetes Tutorials: 5 Ways to Get You Building Fast
- Deploy a microservices app on IBM Cloud by using Kubernetes
- Debug and log your Kubernetes applications
- Kubernetes Networking: A lab on basic networking concepts
- YAML basics and its usage in Kubernetes
- How to get Terraform and IBM Cloud to play nice
- Install IBM Cloud Private on Red Hat OpenShift
- Istio 101: Lab designed to learn how to use Istio on Kubernetes
Kubernetes and IBM
IBM Cloud Kubernetes Service relieves the pain of application security, scale, and infrastructure management over the full software lifecycle. This managed container service enables the rapid delivery of applications and can bind to advanced services like blockchain and Watson. It delivers an intuitive user experience, plus built-in security and isolation. It automates deployment, operation, scaling, and monitoring of containerized apps in a cluster of compute hosts, while adding in IBM-specific capabilities.
For an overview of how a managed Kubernetes service can help you on your cloud journey, watch our video, "Advantages of Managed Kubernetes":
With IBM Cloud Kubernetes Service, you benefit from the following:
- Single-tenant Kubernetes clusters with computer, network, and storage infrastructure isolation
- Multizone clusters to increase high availability
- Highly available masters, by spreading masters across zones, thereby protecting clusters from zone failure
- The ability to bind to advanced services like blockchain and Watson
- Image security compliance with Vulnerability Advisor
- Continuous cluster health monitoring
- Secure public app exposure
- IBM Cloud service integration
To get started, take this guided walkthrough of how to deploy a new Kubernetes cluster on IBM Cloud: "Deploy a Kubernetes cluster on IBM Cloud without installing software"
To learn more about best practices to enable and expedite container deployment in production environments, see the report "Best Practices for Running Containers and Kubernetes in Production."
Sign up for an IBMid and create your IBM Cloud account.