A collection of diagrams explaining kubernetes, extracted from our trainings, articles and talks (k8s sec, k8s intro).
The diagrams are realized using PlantUML, so they're basically text and can be adjusted easily.
Note that the diagrams don't use UML notation. They are rather box and line diagrams.
- Deployment ➜ Pod ➜ Container
- Pod ➜ Node
- Services, Nodes and Pods explained
- Services, Nodes and Pods explained (including IP addresses)
- Rolling Update
- Authentication and Authorization
- PodSecurityPolicy Activation via RBAC
- Troubleshooting Kubernetes PodSecurityPolicies
Relationship between Deployment, Pod and Container.
Simplified - leaves out ReplicaSets for brevity.
Relationship between Pod and Node.
Traffic flow from Cloud LoadBalancer via Service to Pods running on Nodes.
Traffic flow from Cloud LoadBalancer via Service to Pods running on Nodes. Including different address IP address ranges and ports:
- external IP,
- node internal and external IP and node port,
- service IP,
- pod IP and target port (on container)
Flow from user API server request to response: check authn via identity provider, then authz via RBAC.
Connection from Pod to PSP via RBAC (Role, RoleBinding, ServiceAccount).
A diagram to help debugging Kubernetes PodSecurityPolicies.