Core Concepts
Kubernetes
A pivotal figure in the cloud-native ecosystem, Kubernetes simplifies both development and operations, enabling you to deploy resilient and scalable applications with efficient resource utilisation. Often abbreviated as K8s, Kubernetes is fundamentally a container orchestration system that manages large-scale containerised applications across a cluster of machines, providing tools to deploy applications, scale them as necessary, ensure their availability, and manage updates seamlessly.
Manifests and Controllers
Kubernetes utilises manifests, structured YAML files, to manage and update the state of container clusters within the cluster. Controllers, such as Custom Kubernetes Controllers (CKCs) and Custom Resource Definitions (CRDs), monitor cluster states and orchestrate changes to align with desired configurations, enhancing the efficiency of enclave management within Kubernetes clusters.
OBLV Deploy has developed Custom Kubernetes Controllers (also known as operators), that manage NitroEnclaveClusters, which are defined using CRDs.
Kubernetes Operator
A Kubernetes Operator is a method of packaging, deploying, and managing a Kubernetes application. An Operator builds on Kubernetes' custom resources and custom controller concepts, allowing you to automate the entire lifecycle of the software it manages. The goals of a Kubernetes Operator are:
- Application-Specific Operations: They perform tasks specific to a certain application that the Kubernetes API does not support natively.
- Complex State Management: Operators manage stateful applications that are difficult to manage with the stateless default controllers provided by Kubernetes.
Kubernetes Components
Kubernetes operates through a set of components that collectively enable it to manage containerised applications across a cluster of machines. The following tables list and describe these components.
| Term | Description |
|---|---|
| Custom Controllers | In Kubernetes, controllers are control loops that watch the state of your cluster, and then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state. |
| Nodes | In Kubernetes, nodes are individual worker machines responsible for hosting and managing containerised applications. They ensure efficient resource allocation, high availability, and fault tolerance in cloud environments. |
| Services | Kubernetes Services define a set of Pods and provide network access to them. They enable load-balancing and service discovery within a cluster, ensuring reliable communication between components. |
| Kubelet | Kubelet is an agent that runs on each node in a Kubernetes cluster. It is responsible for managing the Pods running on that node and ensuring they are healthy and running as expected. |
| Pods | Pods are the smallest deployable units in Kubernetes, encapsulating one or more containers. They facilitate container communication and provide a way to manage and scale containerised applications. OBLV Deploy uses only static pods. |
Static Pods are managed directly by the kubelet daemon on a specific node without the API server observing them. Unlike Pods that are managed by the control plane instead, the kubelet watches each static Pod (and restarts it if it fails). Static Pods are always bound to one Kubelet on a specific node.
OBLV Deploy's design aims to isolate the applications/plugins that run inside the enclave. Managing the lifecycle of these applications/plugins through the API server would pose a security risk, as we do not want external services to have control over the applications running inside the enclave.
What's Next?
For additional information about Kubernetes and how it works, you can explore the Kubernetes documentation.