Kubernetes - Kubernetes Cluster

Kubernetes | Kubernetes Cluster

Notes
Kubernetes Nodes
Kubernetes DNS Service
Kubernetes Proxy: kube proxy

Notes
See these pages for more details about Kubernetes:
https://kubernetes.io/docs/concepts/overview/components/
https://kubernetes.io/docs/concepts/cluster-administration/
https://kubernetes.io/docs/concepts/cluster-administration/proxies/
https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
https://kubernetes.io/docs/tasks/debug/debug-cluster/

To install Kubernetes using Docker Desktop (Windows - WSL 2): Install Docker Desktop (WSL 2) and Enable Kubernetes

Amazon Elastic Kubernetes Service (EKS): https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html

Microsoft Azure Kubernetes Service (AKS): https://learn.microsoft.com/en-us/azure/aks/

Google Kubernetes Engine (GKE): https://cloud.google.com/kubernetes-engine/docs

Kubernetes Nodes

To List the nodes of the cluster:

$ kubectl get nodes -o wide

NAME             STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE         KERNEL-VERSION                       CONTAINER-RUNTIME
docker-desktop   Ready    control-plane   9h    v1.32.2   192.168.65.3   <none>        Docker Desktop   5.15.167.4-microsoft-standard-WSL2   docker://28.0.4

Depending on your installation you might see at least one node with the role "master" (the control plane: kube-apiserver, etcd) and eventually a list of worker nodes (where the containers are scheduled).

To get information about a node:

$ kubectl get nodes docker-desktop -o yaml

apiVersion: v1
kind: Node
metadata:
  annotations:
    kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock
  labels:
    beta.kubernetes.io/arch: amd64
    beta.kubernetes.io/os: linux
    kubernetes.io/arch: amd64
    kubernetes.io/hostname: docker-desktop
    kubernetes.io/os: linux
  name: docker-desktop
spec: {}
...

To describe a node:

$ kubectl describe nodes docker-desktop

Name:               docker-desktop
Roles:              control-plane
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=docker-desktop
                    kubernetes.io/os=linux
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock
...

The commands above show information about the node (hostname, processor, OS, ...), its capacity (CPU, memory, ...), the Pods running on it (their names, CPU/Memory requests and limits), the total allocated resources (CPU/Memory requests and limits), the conditions of the pressure on the disk and the memory, and the version of some system components is also printed (Linux Kernel, Container Runtime, Kubelet, ...).

To show the resources usage in the cluster:

$ kubectl top nodes

NAME             CPU(cores)   CPU(%)   MEMORY(bytes)   MEMORY(%)
docker-desktop   188m         0%       3880Mi          12%

If the metric server is not installed, you will get this error: "error: Metrics API not available".
For more details see: Kubernetes Metrics Server

To show the resources usage by the pods:

$ kubectl top pods

NAME          CPU(cores)   MEMORY(bytes)
hello-nginx   0m           21Mi

To print the events in the cluster:

$ kubectl get events

LAST SEEN   TYPE      REASON      OBJECT              MESSAGE
1m          Normal    Pulling     pod/hello-busybox   Pulling image "busybox:latest"
...

Kubernetes DNS Service

If you have installed Docker Desktop, you will see that Kubernetes is using CoreDNS DNS server.

The DNS server is used as the internal Kubernetes DNS service (cluster DNS) that provides naming and discovery for all Kubernetes Services that are created in the cluster.

The CoreDNS is running as a Kubernetes Deployment (replicas of Pods) and has a Service (acts as a load balancer for the DNS server).

The CoreDNS server components run in the "kube-system" namespace (can be filtered with the label "k8s-app=kube-dns").

To see the CoreDNS Deployment:

$ kubectl get deployments -n kube-system -l k8s-app=kube-dns -o wide

NAME      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                                    SELECTOR
coredns   2/2     2            2           9h    coredns      registry.k8s.io/coredns/coredns:v1.11.3   k8s-app=kube-dns

To see the CoreDNS Pods:

$ kubectl get pods -n kube-system -l k8s-app=kube-dns -o wide

NAME                       READY   STATUS    RESTARTS   AGE   IP          NODE             NOMINATED NODE   READINESS GATES
coredns-668d6bf9bc-mjgnv   1/1     Running   0          9h    10.1.0.26   docker-desktop   <none>           <none>
coredns-668d6bf9bc-mrs79   1/1     Running   0          9h    10.1.0.27   docker-desktop   <none>           <none>

To see the CoreDNS Service (kube-dns):

$ kubectl get services -n kube-system -l k8s-app=kube-dns -o wide

NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE   SELECTOR
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   9h    k8s-app=kube-dns

Let's install dnsutils utility to help debuging the DNS name resolution for services:

$ kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml

pod/dnsutils created

Check that Pod was created properly:

$ kubectl get pod dnsutils

NAME       READY   STATUS    RESTARTS   AGE
dnsutils   1/1     Running   0          56s

First let's validate that the DNS resolution is working correctly.
The nslookup command can be used to resolve the "kubernetes" Service of the API Server (you should get something like the following):

$ kubectl exec -i -t dnsutils -- nslookup kubernetes

Server:  10.96.0.10 <- The IP address of the Kubernetes DNS
Address: 10.96.0.10#53

Name:    kubernetes.default.svc.cluster.local <- The FQDN of the "kubernetes" Service
Address: 10.96.0.1 <- The clusterIP of the "kubernetes" Service

Let's check the "/etc/resolv.conf" file (the search path and name server should look like the following):

$ kubectl exec dnsutils -- cat /etc/resolv.conf

nameserver 10.96.0.10 <- Kubernetes DNS IP address (kube-dns Service ClusterIP)
search default.svc.cluster.local svc.cluster.local cluster.local <- Kubernetes DNS search domains
options ndots:5

The "nameserver" (DNS IP address) and "search" (DNS search domains) are saved in the "/etc/resolv.conf" file of all containers.

Kubernetes Proxy: kube proxy

kube-proxy is a network proxy that runs on each node in the Kubernetes cluster. It routes network traffic (from inside or outside of the Kubernetes cluster) to Pods of load-balanced services.

The CoreDNS is running as a Kubernetes DaemonSet in the "kube-system" namespace (can be filtered with the label "k8s-app=kube-proxy").

To see the "kube proxy" DaemonSet and its Pod:

$ kubectl get all -n kube-system -l k8s-app=kube-proxy -o wide

NAME                   READY   STATUS    RESTARTS   AGE   IP             NODE             NOMINATED NODE   READINESS GATES
pod/kube-proxy-4xt54   1/1     Running   0          10h   192.168.65.3   docker-desktop   <none>           <none>

NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE   CONTAINERS   IMAGES                               SELECTOR
daemonset.apps/kube-proxy   1         1         1       1            1           kubernetes.io/os=linux   10h   kube-proxy   registry.k8s.io/kube-proxy:v1.32.2   k8s-app=kube-proxy