Kubernetes
Kubernetes is a container orchestration platform for abstracting the underlying machine away from the running loads. Kubernetes may use a number of container execution engines such as rkt however typically utilizes Docker. Orchestration utilizes a set of api-servers which manage a set of nodes and pods. In Kubernetes a Pod is a set of cooperating containers usually sharing the same network interface and is the smallest scheduling unit. Pods are scheduled on nodes based on a series of constraints including bin-packing of the containers.
Nodes may be any machine with a compatible runtime environment. These nodes rarely need much more than the machinery required for the runtime environment and any security suite. Resulting from these minimal needs a large number of distributions have popped optimized for this scenario.
Kubernetes is deployed with a network management configuration. On hardware and cloud systems without specific network providers this typically involves setting up an overlay network abstracting out the underlying network. Many cloud systems provide customized plugins to allow for native utilization of their VPCs by Kubernetes clusters, such as Google Kubernetes Engine allow for secondary IP names for the pods or AWS CNI plugin allow direct allocation of IPs from subnets by attaching additional ENIs. On premises Kubernetes may also be configured in this way if desired.
Building on the primitives of Pods and networks, Kubernetes offers Deployments. A Deployment intends to ensure a specific envelope of Pods is available for service and helps to rotate in newer configurations for deployments. To provide an effective resilient service on Kubernetes one should concentrate on Deployments.
For exposing services outside of the cluster you will need an Ingress controller. This is the unit responsible for routing outside traffic to the specific service. In Kubernetes a Service is a search filter for locating pods within the cluster. Both internal programs and the Ingress will utilize the service.
Kubernetes may use several different authentication and authorization frameworks for managing clusters. Many of these are plug-able in the sense they are options when starting the api-server. Kubernetes default built-in mechanism is a ServiceAccount. The 2019 contemporary authorization framework, RBAC, binds roles against the ServiceAccount to detemrine the allowed actions.