Networking, Load Balancing, and Security

Introduction to Kubernetes

Frank Heilmann

Platform Architect and Freelance Instructor

More on Labels and Selectors

Labels:

  • Key/Value pairs attached to Kubernetes objects like Pods or Nodes
  • Can be used to organize subsets of objects
  • Can be modified at any time
  • Examples:
    • environment: prod
    • app: my_cool_app
    • has_GPU: true

Selectors:

  • Can be used to identify objects via labels

  • Examples:

    • ...    
selector:
    environment: prod
    app: my_cool_app
...

    • ...
nodeSelector:
  has_GPU: true
...
Introduction to Kubernetes

Networking and Services

Kubernetes Services

  • Each Pod gets its own cluster-wide IP (internet address)
  • Can be used for communication between Pods
  • Not very useful, as Pods can restart at any time, and will get a new IP
  • Services are used to attach Pods to, and offer stable connectivity
Introduction to Kubernetes

Service Manifests

Kubernetes Servicesl

apiVersion: v1
kind: Service
metadata:
  name: Kubernetes_Service_2
spec:
  type: ...
  selector:
    app: app2 
  ...
Introduction to Kubernetes

Load Balancing

Loadbalancing

  • A load balancer in Kubernetes distributes load over Pods

  • Avoids uneven load on resources, increases efficiency and lowers response times

  • Example:

    • providing a service from multiple Pods
    • load balancer will distribute load evenly to Pods
Introduction to Kubernetes

Load Balancing in Kubernetes

apiVersion: v1
kind: Service
metadata:
  name: <service name>
spec:
  type: LoadBalancer
  selector:
    <key1>: <value1>
    <key2>: <value2>
  ...
  • Load balancers are typically pre-configured by Kubernetes Provider (Cloud Provider)
  • No need to declare additional manifests for a load balancer - will automatically be created and attached to the service
Introduction to Kubernetes

Ingress

Kubernetes Ingress

  • Ingress objects are used to route HTTP and HTTPS requests (traffic) from outside the cluster to services in the cluster
  • Ingress rules define which requests are served by which service
  • Typically used in combination with load balancing
Introduction to Kubernetes

Kubernetes Security

  • Security in modern IT architectures is an extremely important, but complex field with many facets

  • Kubernetes has all necessary components to secure applications running on

    it, e.g:

    • the "Secret" API for confidential objects like passwords, tokens, keys etc.
    • tools and APIs to enable encrypted network communication
    • methods for authentication of users
    • role-based and attribute-based access control ("RBAC" and "ABAC")
Introduction to Kubernetes

Let's practice!

Introduction to Kubernetes

Preparing Video For Download...