This is one of the most challenging and interesting project in the curriculum.
Broadly speaking, the project involves the following:
- Creating Public Key Infrastructure(PKI) for implementing TLS encryption for data on flight. This is a hard requirement for K8s
- Provisioning Ec2 instances for the master(3) and worker nodes(3)
- provisioning the Network infrastructure to power the Ec2 instances
- Configuring the instances: Installing the required software needed by the instances to perform their role.
Our K8s cluster has 3 master nodes and 3 worker nodes.
The Master nodes has the following services running on each of them:
- ETCD - Key value distributed store. Used to persist the state of the cluster.
- Kube-Scheduler - Select the worker node to run containerized workload.
- kube-Controller-Manager - Ensures the desired state of the cluster is meet.
- Kube-Api-Server - This the brain of the cluster and serves as an entry point into the cluster.
The Worker nodes has the following services running on each of them:
- Kubelet - Its servers the agent and is in constant communication with kube-api-server
- Kube-Proxy - Responsible for maintaing network rules withhin the node. Which allows communication between pods both within and outside the cluster
- Container runtime - Is the Engine for running container work loads. In this project we used containerd
