Kubernetes

Container orchestrator

Single API to manage everything
declarative management model
no more port conflicts
stateless and stateful application management with data persistence
effortless management of rollouts and rollbacks

A Kubernetes cluster contains 2 roles:

master: where the Control Manager (CM), scheduler, API Server → cluster management runs
workers: where our containers run, composed of a kubelet, kubeproxy,docker runtime

Try it locally

minikube

## Master

ETCD

Database to store cluster status Key value store for all K8s cluster data

Control Manager

Compares the state of the cluster with what is stored in ETCD (application version change, scaling...). Checks that nodes and containers are functioning correctly. Repairs if faulty.

Scheduler

choose the most appropriate cluster node to run the container (available RAM, CPU, disk space...) → Make the application more resilient.

Workers

Kubelet

launches containers (pods), monitors their status...

Kubeproxy

Manages the network and load distribution on the node

Runtime

Container runtime environment. Example: Docker Runtime,... → client/server to interact with elements

Plugins

network (Container Network Interface)
storage (Container Storage Interface)
authentication

Pentest on Kubernetes

Kubernetes Goat: Interactive Kubernetes Security Learning Playground

Play with Kubernetes Labs Cluster design: enable server redundancy Features: - Manage the status of multiple servers (add/remove), monitoring, response in case of failure - Provide resources (CPU, RAM, storage, network) - Provide a single API

Container orchestration: enabling container redundancy

managing container deployment on a server cluster
managing autoscaling: automatically resizing resources when needed