Wiki.Quizz.vn

User Tools

Site Tools

Trace:
k8s:core:kind

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
k8s:core:kind [2026/05/31 03:06] – created phong2018k8s:core:kind [2026/05/31 04:07] (current) – [Here's the relationship diagram.] phong2018
Line 1: Line 1:
-====== kind ======+====== Kubernetes ''kind'' Field — Complete Guide ======
  
-kind defines **what type of Kubernetes object you want to create**.+===== Overview =====
  
----+In Kubernetes, every resource manifest (written in YAML or JSON) must declare four top-level fields:
  
-===== Examples =====+<code yaml> 
 +apiVersion: apps/v1 
 +kind: Deployment 
 +metadata: 
 +  name: my-app 
 +spec: 
 +  ... 
 +</code>
  
-  Pod +The ''kind'' field tells Kubernetes **what type of resource** you are creating or managing. It maps to a specific API object within Kubernetes, and each kind has its own schema, behavior, and lifecycle.
-  Deployment +
-  Service +
-  ConfigMap +
-  * Secret +
-  * Namespace+
  
----+----
  
-===== Example =====+===== Core Resource Kinds =====
  
 +==== 1. Pod ====
  
 +The **smallest deployable unit** in Kubernetes. A Pod wraps one or more containers that share network and storage.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: Pod
 +metadata:
 +  name: nginx-pod
 +  labels:
 +    app: nginx
 +spec:
 +  containers:
 +    - name: nginx
 +      image: nginx:1.25
 +      ports:
 +        - containerPort: 80
 +</code>
 +
 +^ Field       ^ Description                                  ^
 +| ''kind''    | ''Pod'' — declares a single pod resource     |
 +| ''metadata'' | Name and labels for identifying the pod     |
 +| ''spec.containers'' | List of containers inside the pod   |
 +
 +> **Note:** Pods are rarely created directly. Use Deployments or StatefulSets instead for resilience.
 +
 +----
 +
 +==== 2. Deployment ====
 +
 +Manages a **ReplicaSet** to ensure a specified number of Pod replicas are running at all times. Supports rolling updates and rollbacks.
 +
 +<code yaml>
 +apiVersion: apps/v1
 kind: Deployment kind: Deployment
 +metadata:
 +  name: web-app
 +  namespace: default
 +spec:
 +  replicas: 3
 +  selector:
 +    matchLabels:
 +      app: web-app
 +  template:
 +    metadata:
 +      labels:
 +        app: web-app
 +    spec:
 +      containers:
 +        - name: web
 +          image: nginx:1.25
 +          ports:
 +            - containerPort: 80
 +</code>
 +
 +^ Field         ^ Description                                          ^
 +| ''kind''      | ''Deployment'' — manages a set of identical pods     |
 +| ''replicas''  | Number of desired Pod instances                      |
 +| ''selector''  | Labels used to identify which Pods belong here       |
 +| ''template''  | Pod template used to create new Pods                 |
 +
 +----
 +
 +==== 3. Service ====
 +
 +Exposes a set of Pods as a **stable network endpoint**. Handles load balancing across all matching Pods.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: Service
 +metadata:
 +  name: web-service
 +spec:
 +  selector:
 +    app: web-app
 +  ports:
 +    - protocol: TCP
 +      port: 80
 +      targetPort: 80
 +  type: ClusterIP
 +</code>
 +
 +^ Service Type    ^ Description                                              ^
 +| ''ClusterIP''   | Default. Internal cluster access only                    |
 +| ''NodePort''    | Exposes on each node's IP at a static port               |
 +| ''LoadBalancer'' | Creates an external load balancer (cloud providers)     |
 +| ''ExternalName'' | Maps to an external DNS name                            |
 +
 +----
 +
 +==== 4. ConfigMap ====
 +
 +Stores **non-sensitive configuration** as key-value pairs, decoupling config from container images.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: ConfigMap
 +metadata:
 +  name: app-config
 +data:
 +  APP_ENV: production
 +  APP_PORT: "8080"
 +  log_level: info
 +</code>
 +
 +Use in a Pod:
 +
 +<code yaml>
 +envFrom:
 +  - configMapRef:
 +      name: app-config
 +</code>
 +
 +----
 +
 +==== 5. Secret ====
 +
 +Like ConfigMap, but for **sensitive data** (passwords, tokens, TLS certs). Values are base64-encoded.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: Secret
 +metadata:
 +  name: db-credentials
 +type: Opaque
 +data:
 +  username: YWRtaW4=        # base64 of "admin"
 +  password: cGFzc3dvcmQ=   # base64 of "password"
 +</code>
 +
 +> **Security note:** base64 is encoding, not encryption. Use tools like Sealed Secrets or Vault for production.
 +
 +----
 +
 +==== 6. StatefulSet ====
 +
 +Like Deployment, but designed for **stateful applications** (databases, message queues) that need:
 +  * Stable, persistent network identity
 +  * Ordered, graceful deployment and scaling
 +  * Persistent storage per pod
 +
 +<code yaml>
 +apiVersion: apps/v1
 +kind: StatefulSet
 +metadata:
 +  name: mysql
 +spec:
 +  serviceName: "mysql"
 +  replicas: 3
 +  selector:
 +    matchLabels:
 +      app: mysql
 +  template:
 +    metadata:
 +      labels:
 +        app: mysql
 +    spec:
 +      containers:
 +        - name: mysql
 +          image: mysql:8.0
 +          env:
 +            - name: MYSQL_ROOT_PASSWORD
 +              value: "secret"
 +          volumeMounts:
 +            - name: data
 +              mountPath: /var/lib/mysql
 +  volumeClaimTemplates:
 +    - metadata:
 +        name: data
 +      spec:
 +        accessModes: ["ReadWriteOnce"]
 +        resources:
 +          requests:
 +            storage: 10Gi
 +</code>
 +
 +----
 +
 +==== 7. DaemonSet ====
 +
 +Ensures a **copy of a Pod runs on every node** (or selected nodes). Used for cluster-level services like log collectors, monitoring agents, or network plugins.
 +
 +<code yaml>
 +apiVersion: apps/v1
 +kind: DaemonSet
 +metadata:
 +  name: fluentd
 +spec:
 +  selector:
 +    matchLabels:
 +      name: fluentd
 +  template:
 +    metadata:
 +      labels:
 +        name: fluentd
 +    spec:
 +      containers:
 +        - name: fluentd
 +          image: fluent/fluentd:v1.16
 +</code>
 +
 +----
 +
 +==== 8. Job ====
 +
 +Runs a **one-off task** to completion. Kubernetes ensures the Pod runs successfully at least once.
 +
 +<code yaml>
 +apiVersion: batch/v1
 +kind: Job
 +metadata:
 +  name: db-migration
 +spec:
 +  template:
 +    spec:
 +      containers:
 +        - name: migrate
 +          image: myapp:latest
 +          command: ["python", "manage.py", "migrate"]
 +      restartPolicy: OnFailure
 +</code>
 +
 +----
 +
 +==== 9. CronJob ====
 +
 +Runs Jobs on a **scheduled (cron) basis**.
 +
 +<code yaml>
 +apiVersion: batch/v1
 +kind: CronJob
 +metadata:
 +  name: backup-job
 +spec:
 +  schedule: "0 2 * * *"   # Every day at 2:00 AM
 +  jobTemplate:
 +    spec:
 +      template:
 +        spec:
 +          containers:
 +            - name: backup
 +              image: backup-tool:latest
 +              command: ["/bin/sh", "-c", "run-backup.sh"]
 +          restartPolicy: OnFailure
 +</code>
 +
 +----
 +
 +==== 10. Namespace ====
 +
 +Creates a **virtual cluster** within a Kubernetes cluster, providing isolation between teams or environments.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: Namespace
 +metadata:
 +  name: staging
 +</code>
 +
 +----
 +
 +==== 11. PersistentVolumeClaim (PVC) ====
 +
 +Requests **persistent storage** from the cluster for a Pod.
 +
 +<code yaml>
 +apiVersion: v1
 +kind: PersistentVolumeClaim
 +metadata:
 +  name: my-storage
 +spec:
 +  accessModes:
 +    - ReadWriteOnce
 +  resources:
 +    requests:
 +      storage: 5Gi
 +</code>
 +
 +----
 +
 +==== 12. Ingress ====
 +
 +Manages **external HTTP/HTTPS access** to services, routing rules, TLS termination.
 +
 +<code yaml>
 +apiVersion: networking.k8s.io/v1
 +kind: Ingress
 +metadata:
 +  name: web-ingress
 +  annotations:
 +    nginx.ingress.kubernetes.io/rewrite-target: /
 +spec:
 +  rules:
 +    - host: myapp.example.com
 +      http:
 +        paths:
 +          - path: /
 +            pathType: Prefix
 +            backend:
 +              service:
 +                name: web-service
 +                port:
 +                  number: 80
 +</code>
 +
 +----
 +
 +===== Summary Table =====
 +
 +^ Kind                   ^ API Version         ^ Purpose                                      ^
 +| ''Pod''                | ''v1''              | Smallest deployable unit                     |
 +| ''Deployment''         | ''apps/v1''         | Stateless app, rolling updates               |
 +| ''StatefulSet''        | ''apps/v1''         | Stateful app with stable identity            |
 +| ''DaemonSet''          | ''apps/v1''         | One pod per node                             |
 +| ''Job''                | ''batch/v1''        | One-off task                                 |
 +| ''CronJob''            | ''batch/v1''        | Scheduled recurring task                     |
 +| ''Service''            | ''v1''              | Network endpoint for pods                    |
 +| ''Ingress''            | ''networking.k8s.io/v1'' | HTTP routing / TLS termination         |
 +| ''ConfigMap''          | ''v1''              | Non-sensitive config data                    |
 +| ''Secret''             | ''v1''              | Sensitive config data                        |
 +| ''Namespace''          | ''v1''              | Cluster isolation                            |
 +| ''PersistentVolumeClaim'' | ''v1''           | Request for persistent storage               |
 +
 +----
 +
 +===== How ''kind'' Connects to ''apiVersion'' =====
 +
 +The ''apiVersion'' determines which API group and version handles your ''kind'':
 +
 +^ apiVersion              ^ Kinds included                                       ^
 +| ''v1''                  | Pod, Service, ConfigMap, Secret, Namespace, PVC      |
 +| ''apps/v1''             | Deployment, StatefulSet, DaemonSet, ReplicaSet       |
 +| ''batch/v1''            | Job, CronJob                                         |
 +| ''networking.k8s.io/v1'' | Ingress, NetworkPolicy                              |
 +| ''rbac.authorization.k8s.io/v1'' | Role, ClusterRole, RoleBinding           |
 +
 +----
 +
 +===== Here's the relationship diagram. ===== 
 +Hierarchy flows top-down:
 +
 +Deployment → ReplicaSet → Pod (Deployment manages replicas, which manage pods)
 +
 +StatefulSet and DaemonSet go straight to their own Pods
 +
 +CronJob → Job (CronJob triggers Jobs on a schedule)
 +
 +Networking routes traffic inward:
 +
 +Ingress → Service → Pod (external HTTP traffic funneled down to running containers)
  
 +NetworkPolicy applies traffic rules at the Pod level
  
----+Config and Storage are mounted into Pods:
  
-===== Real-world meaning =====+ConfigMap and Secret are injected as env vars or volume mounts (dashed lines)
  
-kind = "what am I building?"+PVC (PersistentVolumeClaim) binds to a PV (PersistentVolume) and mounts into Pods
  
-  * Pod → run container +Everything lives inside a `Namespace for isolation.
-  * Deployment → manage pods +
-  * Service → expose pods+
  
----+{{ :k8s:core:kind-in-kubenetes.png?600 |}}
  
-===== Key idea =====+===== See Also =====
  
-kind tells Kubernetes what resource to create.+  * [[https://kubernetes.io/docs/concepts/|Kubernetes Concepts]] 
 +  * [[https://kubernetes.io/docs/reference/kubernetes-api/|Kubernetes API Reference]] 
 +  * ''kubectl api-resources'' — list all available kinds in your cluster
k8s/core/kind.1780196814.txt.gz · Last modified: by phong2018