Code Monkey home page Code Monkey logo

k8s-diagrams's Introduction

k8s-diagrams

A collection of diagrams explaining kubernetes, extracted from our trainings, articles and talks (k8s sec, k8s intro).

The diagrams are realized using PlantUML, so they're basically text and can be adjusted easily.
Note that the diagrams don't use UML notation. They are rather box and line diagrams.

Table of contents

Deployment ➜ Pod ➜ Container

Relationship between Deployment, Pod and Container.
Simplified - leaves out ReplicaSets for brevity.

Pod ➜ Node

Relationship between Pod and Node.

Services, Nodes and Pods explained

Traffic flow from Cloud LoadBalancer via Service to Pods running on Nodes.

Services, Nodes and Pods explained (including IP addresses)

Traffic flow from Cloud LoadBalancer via Service to Pods running on Nodes. Including different address IP address ranges and ports:

  • external IP,
  • node internal and external IP and node port,
  • service IP,
  • pod IP and target port (on container)

Ingresses explained

Progress of a requests from the ingress controller's service to the actual pod, illustrating the role of the ingress resource.

Rolling Updates explained

Authentication and Authorization

Flow from user API server request to response: check authn via identity provider, then authz via RBAC.

Role Based Access Control (RBAC) Resources

A simplified display of resources involved in RBAC and their correlations.

Note that

  • Permission is not a k8s resource, but a list of rules inside the (Cluster-)roles that make up a kind of permission.
    It consits of resources and verbs granted on it. For example:
    • resources: "secrets"
    • verbs: "get"
  • Subject can be a serviceAccount, user or group

PodSecurityPolicy Activation via RBAC

Connection from Pod to PSP via RBAC (Role, RoleBinding, ServiceAccount).

Troubleshooting Kubernetes PodSecurityPolicies

A diagram to help debugging Kubernetes PodSecurityPolicies.

GitOps

Diagrams describing the general concepts of gitOps and distinguishing it from "ciOps".

See also our

High-level overview

Details

There are different options when implementing GitOps. Some of them are depicted bellow.

CI Server writes image version to GitOps Repo.

CI Server read-only on GitOps Repo; GitOps Operator writes image version to GitOps Repo.

Infra as Code stays in app repo, CI Server writes to GitOps repo.

k8s-diagrams's People

Contributors

schnatterer avatar dhuchthausen avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.