k8s-ubuntu-24.04-kubernetes-install-my-bash-scripts-shell-script-bash-script/Core Components of a Production Kubernetes Cluster at main · anjilinux/k8s-ubuntu-24.04-kubernetes-install-my-bash-scripts-shell-script-bash-script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Core Components of a Production Kubernetes Cluster
1️⃣ Core Components of a Production Kubernetes Cluster

A production cluster isn’t just nodes—it’s a combination of control plane, worker nodes, networking, storage, security, monitoring, and more.

A. Control Plane (Master Nodes)

These manage the cluster state, scheduling, and API access.

kube-apiserver – the API endpoint for all kubectl commands and internal communication.

etcd – highly available key-value store storing cluster state.

kube-controller-manager – runs controllers (node, deployment, replication, etc.).

kube-scheduler – decides which node a pod should run on.

cloud-controller-manager (optional) – integrates with cloud services.

🔹 Best practice: 3+ master nodes for HA (High Availability).

B. Worker Nodes

Nodes run your workloads (Pods).

kubelet – agent that ensures containers run as defined in pods.

kube-proxy – manages networking rules and load balancing.

Container Runtime – Docker, containerd, or CRI-O.

Node Monitoring – metrics collection for CPU, memory, etc.

C. Networking Layer

Networking is essential for pod-to-pod and pod-to-service communication.

CNI (Container Network Interface) plugins like Calico, Flannel, Weave Net, or Cilium.

Service Networking – ClusterIP, NodePort, LoadBalancer.

Ingress Controller – NGINX, Traefik, or HAProxy for external traffic routing.

DNS – CoreDNS for service discovery.

D. Storage Layer

Persistent storage for stateful workloads.

PV/PVC (Persistent Volumes / Claims)

Storage classes – dynamic provisioning (e.g., NFS, Ceph, Longhorn, or cloud block storage).

Volume plugins – CSI drivers for external storage.

E. Load Balancing & External Access

External Load Balancer – e.g., MetalLB for bare-metal clusters.

Ingress / API Gateway – for routing HTTP/S traffic.

DNS / SSL – For secure access, e.g., via Cert-Manager with Let’s Encrypt.

F. Security Layer

RBAC (Role-Based Access Control) – restricts access.

Network Policies – restrict pod communication.

Secrets Management – Kubernetes Secrets, HashiCorp Vault, or SealedSecrets.

Pod Security Standards – restrict privileged containers.

G. Observability & Monitoring

A production cluster must be observable:

Metrics – Prometheus + Grafana for cluster and application metrics.

Logging – EFK stack (Elasticsearch, Fluentd, Kibana) or Loki.

Tracing – Jaeger or OpenTelemetry for distributed tracing.

Alerting – Prometheus Alertmanager, PagerDuty integration.

H. CI/CD & GitOps

CI/CD – Jenkins, GitHub Actions, GitLab CI to automate builds and deploys.

GitOps – ArgoCD or FluxCD to sync code with cluster declaratively.

Helm Charts – package deployments and manage upgrades.

I. Backup & Disaster Recovery

etcd backups – critical for cluster recovery.

PV backups – using Velero or Stash.

Cluster snapshots – regular testing of restore procedures.

2️⃣ Example: End-to-End Architecture
                 +-----------------------------+
                 |        External Users       |
                 +------------+----------------+
                              |
                              v
                    +-----------------+
                    | Ingress / API GW|
                    +-----------------+
                              |
         +-----------------------------------------+
         |               Services Layer            |
         | ClusterIP / NodePort / LoadBalancer     |
         +-----------------------------------------+
          |               |               |
          v               v               v
      +--------+      +--------+      +--------+
      |  Pods  |      |  Pods  |      |  Pods  |
      |  App1  |      |  App2  |      |  App3  |
      +--------+      +--------+      +--------+
          |               |               |
          v               v               v
     +---------+     +---------+     +---------+
     | Storage |     | Storage |     | Storage |
     +---------+     +---------+     +---------+

Monitoring & Logging Layer (Prometheus, Grafana, EFK)
Security Layer (RBAC, NetworkPolicy, Secrets)
CI/CD & GitOps (Jenkins, ArgoCD)
Backup & DR (Velero, etcd snapshot)
✅ Key Takeaways for Full Production

HA & Redundancy: Multiple masters, nodes, and etcd replicas.

Observability: Metrics, logs, tracing, and alerts.

Security: RBAC, network policies, and secrets management.

Resilience: Backups, disaster recovery, and automated healing.

Automation: CI/CD, GitOps, and Infrastructure as Code (IaC).