Please enable JavaScript.

Coggle requires JavaScript to display documents.

(Cloud Controller Manager) - Coggle Diagram

- - - - What problem does the Cloud Controller Manager solve?
        Kubernetes is designed to be cloud-agnostic.
        But clouds (AWS, GCP, Azure) all have:
        
        load balancers
        
        virtual machines
        
        disks
        
        ips
        That’s the job of the Cloud Controller Manager (CCM).
        
        talks to the cloud provider APIs
        
        translates Kubernetes requests into cloud actions
    - - You edit YAML -> Git (single source of truth) -> GitOps Controller -> K8 API Server -> etcd (stores desired + current state) -> Controllers detect changes -> CCM -> Cloud Provider API (AWS / GCP / Azure)
        kinde: Service
        type: LoadBalancer
        k8 sees LoadBalancer -> CCM is triggered -> CCM calls the cloud provider API -> Cloud creates a real LB -> CCM reports back to k87
  - - - docker ps - running containers
      - docker ps -a - all containers including stopped
      - docker images - list images
      - docker build -t myapp:1.0 . - build an image
      - docker pull nginx:latest - pull image from registry
      - docker rmi myapp:1.0 - remove an image
      - docker run --name my-nginx -p 8080:80 nginx:latest - run container
      - docker start, stop, restart, rm my-nginx
      - docker logs my-nginx
      - docker exec -it my-nginx sh - open a shell inside a running container
      - docker container prune - remove stopped containers
      - docker image prune - remove unused images
      - docker system prune - remove everything unused
      - docker run - create a new container from an image and start it
    - - Diversions
        
        What problem do static Pods solve?
        
        Sometimes Kubernetes itself is not fully running yet.
        
        API server is down
        
        etcd is not reachable
        
        cluster is bootstrapping
        
        What is static Pod?
        
        A static Pod is a Pod that is managed directly by the kubelet, not by the Kubernetes API server.
        the kublet:
        
        reads Pod YAML files from disk
        
        starts the Pods itself
        
        keeps them running
        No API Server required
        
        How static Pods works?
        
        Pod YAML is placed on a node (for example /etc/kubernetes/manifests)
        
        kubelet watches that directory
        
        kubelet starts the Pod
        
        If it crashes, kubelet restarts it
        
        Why this is useful?
        
        In Kubernetes, control plane components are often static Pods:
        
        kube-apiserver
        
        kube-scheduler
        
        kube-controller-manager
        
        etcd
        
        This allows:
        
        the cluster to start itself
        
        recover even if the API Server is unavailable
      - ServiceAccount
        
        Diversions
        
        What problem does a ServiceAccount solve?
        
        Pods sometimes need to call the Kubernetes API, for example to:
        
        list pods
        
        read ConfigMaps
        
        update a custom resource (CRD)
        
        watch Jobs
        
        What a ServiceAccount is?
        
        A ServiceAccount is an identity used by processes running inside Pods.
        
        an authentication token (modern clusters use projected tokens)
        
        a way to attach permissions via RBAC
        
        ServiceAccount = “who the Pod is”
        
        RBAC = “what the Pod can do”
        
        RBAC
        
        Diversions
        
        What is RBAC?
        
        RBAC (Role-Based Access Control) defines who can do what in the cluster.
        RBAC controls access to the Kubernetes API.
        
        What problem does RBAC solve?
        
        Without RBAC:
        
        anyone with access could delete Pods
        
        apps could read secrets they shouldn’t
        
        one mistake could break the cluster
        
        RBAC makes sure:
        
        users and apps have only the permissions they needusers and apps have only the permissions they need
        
        nothing more
        
        3 core RBAC building blocks
        
        Subject (WHO)
        Who is making the request?
        
        User (human)
        
        ServiceAccount (Pod identity)
        
        Role / ClusterRole (WHAT can be done)
        Defines permissions.
        
        read Pods
        
        create Jobs
        
        delete Deployments
        Role → permissions in one namespace
        ClusterRole → permissions across the whole cluster
        
        RoleBinding / ClusterRoleBinding (WHERE it applies)
        Connects a subject to a role.
        
        RoleBinding → namespace scope
        
        ClusterRoleBinding → cluster scope
        
        Node Placment
        
        Diversions
        
        In Kubernetes, node placement answers one question:
        On which node should this Pod run?
        
        nodeName (hard placement, bypasses scheduler) -You want a Pod on one exact node, no discussion.
        
        NodeSelector (simple rules)
        You want Pods on certain types of nodes, not a specific one.
        How it works?
        Nodes have labels
        Pod says which labels it requires
        
        Node Affinity (advanced rules)
        You need more expressive placement rules.
        Like NodeSelector, but with logic:
        
        required (must)
        
        preferred (nice to have)
        
        Taints and Tolerations (repulsion model)
        You want to keep Pods away from certain nodes by default.
        How it works?
        Nodes get taints (“do not schedule here”)
        Pods need tolerations to be allowed in
        
        Default scheduler (do nothing)
        Most apps don’t care where they run.
        
        Containers types
        
        Diversions
        
        TWO container types
        
        3 more items...
        
        Autoscaling
        
        Diversions
        
        5 more items...
        
        Serverless on k8
        
        2 more items...