This document provides an overview of containers, Kubernetes, and their key concepts. It discusses how Kubernetes manages containerized applications across clusters and abstracts away infrastructure details. The main components of Kubernetes include Pods (groups of tightly-coupled containers), ReplicationControllers (manages Pod replicas), Services (expose Pods to external traffic), and Namespaces (logical isolation of clusters). Kubernetes architecture separates the control plane running on the master from the nodes that run container workloads.

1. Overview and exploitation
of Kubernetes

2. Containers
• When an application is composed of only smaller numbers of large components, we
provide a dedicated Virtual Machine (VM) to each component
• But when these components start getting smaller and their numbers start to grow it’s
not only about wasting hardware resources.
• Here comes container into the picture. Containers allow us to run multiple service on the
same host machine. They not only provide different environment to each of them, but
also isolate them from each other.
• A process running in a container runs inside the host’s operating system, but the process
in the container is isolated from other process in the host and any other process in a
different container.

5. Container Security
• Never run your container as root.
• Check for capabilities.
• Look for kernel vulnerabilities.
• Look out for docker.sock.
• Unsecure mounts
• And the list goes on…..

6. Kubernetes
• Launched by Google in 2014 as an open source tool.
• Allows us to easily deploy and manage containerized applications on top of it.
• User doesn’t have to manually deploy applications on each host.
• Kubernetes enables you to run your software applications on thousands of computernodes as if
all those nodes were a single, enormous computer.
• It abstracts away the underlying infrastructure.
• Deploying applications through Kubernetes is always the same, whether your cluster contains
only a couple of nodes or thousands of them. The size of the cluster makes no difference at all.
• Kubernetes cluster is composed of a master node and any number of worker nodes. Developer
submits a list of apps to the master, and it gets deployed to the worker nodes.

9. Kubernetes architecture
• The master node hosts the Kubernetes Control Plane that controls and manages the whole Kubernetes system.
Master node contains the following components:
• The Kubernetes API Server, which you and the other Control Plane components communicate with.
• The scheduler schedules the apps, .i.e., assigns a worker node to each deployable component.
• Controller Manager performs cluster level functions such replication, tracking worker nodes, handling
failures.
• Etcd stores the cluster configuration.
• Worker nodes that run the actual applications you deploy.
• Docker or rkt runs the container
• Kubelet talks to the API server and manages containers to the node.
• Kube proxy load balances network traffic between application components.

11. Pods
• Kubernetes doesn’t deal with individual containers directly. Instead it uses the concept
of multiple co-located containers. This group is known as pods.
• A pod is a group of one or more tightly related containers that will always run together
on the same worker node and in the same Linux namespace(s).
• Each pod is like a separate logical machine with its own IP, hostname, processes, and so
on, running a single application.
• All the containers in a pod will appear to be running on the same logical machine,
whereas containers in other pods, even if they’re running on the same worker node, will
appear to be running on a different one.
• In order to list pods, use the command – “kubectl get pods”

16. Kubernetes namespaces
• Namespaces allow us to split complex systems with numerous components into smaller distinct
groups.
• Mainly used for separating resources in a multi-tenant environment, splitting up resources into
production, development and QA environments.
• List the namespaces using the command below
• Kubectl get ns
• Kubectl get pods –namespace <namespace_name>
• Besides isolating resources, namespaces are also used for allowing only certain users access to a
particular resource and even for limiting the amount of computational rsources available to
individual users.

17. Replication Controller

18. Talking to the Kubernetes API Server
• Kubectl cluster-info
• Curl https://<cluster-ip>:<cluster-port> -k
• Kubectl proxy
• Curl localhost:<porxy_port>
• kubectl exec -it <pod_name> bash
• Token directory – “/var/run/secrets/kubernetets.io/serviceaccount/
• From pod – “Env | grep KUBERNETES_SERVICE”
• From pod – “export TOKEN=$(cat <directory>)
• From pod – “curl –H “Authorization: bearer $TOKEN” http://<url>

19. Services

20. Using a NodePort Service