Kubernetes (sometimes shortened to K8s with the 8 standing for the number of letters between the āKā and the āsā) is an open-source system to deploy, scale, and manage containerized applications anywhere. Kubernetes is a container-centric management software that allows the creation and deployment of containerized applications with ease. In Kubernetes, Pods are the fundamental building blocks. They are the smallest deployable units that can create and manage.
Originally created by Google Cloud in 2014, Kubernetes is now being offered by leading Cloud Providers like AWS and Azure. In this article, we are going to have a look into the working of Kubernetes and the creation of Kubernetes Pods for the deployment of applications.
What are Kubernetes Pods?
Pods are the smallest execution unit in Kubernetes. As the official Documentation says āA Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers.ā
For example, Let's assume that we have 5 containers ready for Kubernetes deployment. We can put all 5 containers in the same pod if all of them have to be run with the same configuration or we can divide the containers based on their purpose and load management.
Pods can also persist volumes just like docker, and they can be easily configured based on the requirement. Each Pod is tied to the Node where it is scheduled and remains there until termination (according to restart policy) or deletion. In case of a Node failure, identical Pods are scheduled on other available Nodes in the cluster.
If you're looking to learn about the basic of Kubernetes, you can refer our video on Kubernetes Architecture.
Types of Kubernetes Pods
There are two types of pods in Kubernetes namely single container pod and multi container pod.
1. Single Container Pod
As the name suggests, if there is only a single container running in the Kubernetes pod, then it is called a single container pod and it can easily be created with the help of a YAML file. Here is a sample YAML file used to create a pod with the postgres database.
apiVersion: v1
kind: Pod
metadata:
name: Postgres
spec:
containers:
- name: Postgres
image: Postgres: 3.1
ports:
containerPort: 8000
imagePullPolicy: Always
2. Multi Container Pod
In this type of pod, we can run multiple containers within a single pod. It can be created by specifying the containers in the same YAML file. Here is a sample YAML file used to create a multi container Pod with Tomcat and MongoDB images.
apiVersion: v1
kind: Pod
metadata:
name: Tomcat
spec:
containers:
- name: Tomcat
image: tomcat: 8.0
ports:
containerPort: 7500
imagePullPolicy: Always
-name: Database
Image: mongoDB
Ports:
containerPort: 7501
imagePullPolicy: Always
Other than the number of containers running in the pod, there is no difference between a single-container pod and a multi-container pod.
How to Create a Pods in Kubernetes?
In order to create a pod, we need to create a Kubernetes cluster in which we can have multiple pods based on the requirement. The clusters can also be scaled horizontally as well as vertically based on the workload. There is also an option of autoscaling based on the incoming load. Clusters are basically a set of nodes that run docker applications.
The application needs to dockerized with its own set of requirements and necessary services to keep it running. When compared to virtual machines, these are much more flexible and lightweight.
Clusters should at least have a master node, and they can have any number of worker nodes. The master node controls the entire cluster and monitors the activity, logs and metrics related to the cluster. To create a Kubernetes pod, we must create a Kubernetes cluster with the necessary configurations. A pod can be created on top of the Kubernetes cluster only. To create a pod, we must configure the yaml file according to the requirements. Here is a sample yaml file.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
- Apiversion: This field can be used to denote the version of the service that is being deployed in Kubernetes.
- Kind: This is usually the kind of deployment in Kubernetes. In this case, the container is being deployed in a pod.
- Metadata: This field is used to configure other metadata of the container that is being deployed in K8s.
- Spec: This field is used to configure the settings of pod and the port that should be used to deploy the service in K8s.
Command :
kubectl create -f manifests/rs-example.yaml
The main difference between create and apply commands in K8s is that create is used as a declarative state like defining the pod whereas create command in K8s is used to implement the state that has been declared.
Creates the pod with the above configurations mentioned in the YAML file.
To check if the Pod is running in the Kubernetes cluster:
Command:
kubectl get pods --watch --show-labels
Learn more about DevOps and writing pipelines with the Best DevOps Courses Online.
How to View a Kubernetes Pod?
To view all the pods running in a Kubernetes cluster, we can use the following command:
Command
kubectl get pods
This command will list all the pods running in a particular Kubernetes cluster.
To get the pod configuration we can use the following command
Command
kubectl describe pod
This command will list the nginxconfiguration along with the pod configuration details.
How to Implement Kubernetes Pod Policy?
A Pod Security Policy defines a set of conditions a pod must run with in order to run on the cluster. These conditions span host-level access, to a range of UIDs a container can run as, and even what volumes a pod can use.
All the policies are configurable in the yaml file used to create a pod. The Yaml file can be used to implement various rules and policies over the Kubernetes pod.
Here is a sample yaml file which implements policies over the pod.
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: my-restricted-psp
spec:
privileged: false
# Required to prevent escalations to root.
allowPrivilegeEscalation: false
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'nfs'
- 'persistentVolumeClaim'
- 'awsElasticBlockStore'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Require the container to run without root privileges.
rule: 'RunAsAny'
seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
To see what security policy your pod is using, you can type in the following command in the terminal.
kubectl describe <pod-name> -n <your-namespace>
You can refer to the following documentation for the types of policies that can be implemented over a Kubernetes pod.
How to Destroy Kubernetes Pod?
It is also important to delete or kill the pods which are not used anymore in the Kubernetes cluster. The following command kills the pod present in the Kubernetes cluster.
Command
kubectl delete pod <pod-name>
After executing the above command, you will get pod <pod-name> deleted. This confirms that the pod has been successfully deleted in the Kubernetes cluster.
Labels
Labels are usually key value pairs that are attached in the yaml file to identify and indicate to the end user that this pod hosts certain kind of service. Its usually in the meta data section of the yaml file.
"metadata": {
"labels": {
"key1" : "value1",
"key2" : "value2"
}
}
Kubernetes Pods Best Practices for Security, Reliability and Resource Requests
It is important to know some of the best practices that engineers follow when it comes to Kubernetes.
- Understand and embrace the ephemeral nature of Kubernetes.
- Avoid single points of failure.
- Set resource requests and limits for CPU and memory.
- Use liveness and readiness probes.
It is also necessary to configure the pods according to the requirement to save costs if its running in a managed instance and to optimize computations.
To read more about Kubernetes and deployment, you can refer to the best Kubernetes course online.
Conclusion
Kubernetes Pods are the essential building blocks of containerized applications in Kubernetes. In this blog, we have discussed the basics of Kubernetes and stepping slowly to understand Kubernetes pods, the steps to create a pod as well as to monitor pods in a Kubernetes cluster. We have also covered some of the best practices of Kubernetes followed in the DevOps world.
Enrolling to the Best Docker and Kubernetes Course at the right time can boost your DevOps career. You can also refer to the following resources to know more about K8s.