05-API Objects - Anvesh Jhuboo

### Overview Kubernetes provides a rich set of API resources, each evolving through alpha, beta, and stable (v1) stages. This chapter delves into various API objects, their use cases, and how they contribute to a robust, scalable, and secure Kubernetes environment. ### API Versions Kubernetes API resources are grouped and versioned independently. Stability increases as objects progress from alpha to beta to v1. For instance, DaemonSets and StatefulSets have achieved apps/v1 stability, while Jobs and CronJobs are now in batch/v1. Role-Based Access Control (RBAC) has quickly moved from v1alpha1 to stable v1, reflecting its critical role in Kubernetes security. Keeping track of these changes is crucial for effective system administration. The [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases) provide detailed information on each version. ### Exploring API Groups Kubernetes API groups categorize resources to manage them effectively. For instance, there is a v1 group, a storage.k8s.io/v1 group, and an rbac.authorization.k8s.io/v1 group. You can explore these groups using the `curl` command: ```bash $ curl https://localhost:6443/apis --header "Authorization: Bearer $token" -k ``` This command lists all available API groups. Each group can be further queried to discover included objects and their characteristics. ### Deploying an Application Using `kubectl`, you can quickly deploy applications. For example, deploying an nginx application creates a Deployment, which manages a ReplicaSet, which in turn manages the Pods. ### Key Kubernetes Objects 1. **Node**: Represents a physical or virtual machine in the cluster. Use `kubectl get nodes` to list nodes and `kubectl cordon` or `kubectl uncordon` to control scheduling. 2. **Service Account**: Provides an identity for processes running in a Pod to access the API server. 3. **Resource Quota**: Defines resource limits per namespace to ensure fair resource usage. 4. **Endpoint**: Represents the set of IPs for Pods that match a particular Service. It is useful for debugging service definitions. ### Deployments A Deployment manages ReplicaSets and ensures a specified number of Pods are running. Deployments offer flexible upgrades and administration. Here’s an example of a Deployment manifest: ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 ``` Create the Deployment with: ```bash $ kubectl apply -f deployment.yaml ``` ### StatefulSets StatefulSets manage stateful applications by maintaining a unique identity for each Pod, ensuring consistent naming and ordering. This is crucial for applications requiring stable network identities and persistent storage. ### DaemonSets DaemonSets ensure that a copy of a Pod runs on every node. They are often used for logging, monitoring, and other node-specific tasks. For example: ```yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd spec: selector: matchLabels: name: fluentd template: metadata: labels: name: fluentd spec: containers: - name: fluentd image: fluentd:latest ``` ### Autoscaling Kubernetes supports autoscaling at multiple levels: 1. **Horizontal Pod Autoscaler (HPA)**: Scales the number of Pods based on CPU utilization or other custom metrics. 2. **Cluster Autoscaler (CA)**: Adds or removes nodes based on resource demands, ensuring efficient resource utilization. 3. **Vertical Pod Autoscaler (VPA)**: Adjusts resource requests and limits for existing Pods (still under development). #### Example: Horizontal Pod Autoscaler ```yaml apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: nginx-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: nginx-deployment minReplicas: 1 maxReplicas: 10 targetCPUUtilizationPercentage: 50 ``` Create the HPA with: ```bash $ kubectl apply -f hpa.yaml ``` ### Jobs and CronJobs Jobs and CronJobs manage batch processing and scheduled tasks. A Job runs a specified number of Pods to completion, while a CronJob schedules Jobs based on time. #### Example: CronJob ```yaml apiVersion: batch/v1beta1 kind: CronJob metadata: name: hello spec: schedule: "*/1 * * * *" jobTemplate: spec: template: spec: containers: - name: hello image: busybox args: - /bin/sh - -c - date; echo Hello from the Kubernetes cluster restartPolicy: OnFailure ``` Create the CronJob with: ```bash $ kubectl apply -f cronjob.yaml ``` ### Role-Based Access Control (RBAC) RBAC defines Roles and RoleBindings to control access to Kubernetes resources. It is crucial for securing the cluster. #### Example: Role and RoleBinding ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-pods namespace: default subjects: - kind: User name: jane apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io ``` Create the Role and RoleBinding with: ```bash $ kubectl apply -f role.yaml $ kubectl apply -f rolebinding.yaml ``` ### Using Kubernetes for Machine Learning in Production Kubernetes excels at deploying and managing machine learning (ML) workloads. Key considerations include: 1. **Scaling GPU Workloads**: Use NVIDIA’s device plugin for efficient GPU scheduling. 2. **Kubeflow**: Leverage Kubeflow for a comprehensive ML toolkit, integrating training, tuning, and serving components. 3. **Resource Management**: Utilize Horizontal and Vertical Pod Autoscalers to dynamically adjust resource allocation based on workload demands. #### Example: Deploying a TensorFlow Model with GPU Support ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: tensorflow-gpu spec: replicas: 1 selector: matchLabels: app: tensorflow template: metadata: labels: app: tensorflow spec: containers: - name: tensorflow image: tensorflow/tensorflow:latest-gpu resources: limits: nvidia.com/gpu: 1 ``` Create the Deployment with: ```bash $ kubectl apply -f tensorflow-gpu.yaml ``` ### Conclusion Kubernetes API objects provide powerful tools for managing applications, scaling resources, and securing the cluster. By leveraging these resources, you can build robust, scalable, and secure environments for a variety of workloads, including machine learning. Continue: [[06-Managing State with Deployments]]