A form to isolate applications from the host OS — Allow developers to pack all dependencies — Easy to move between environments — Easy to develop, deploy and manage – Docker, Podman, nerdctl — Extra layer of security – Namespace, cgroups, capabilities, seccomp, LSM (AppArmor, SELinux, ...)
for automation and orchestration of containers — Responsible for deployment, scaling, and management of containerized applications — Groups containers into logical units (Pods) — Easy management and discovery — Designed by Google to run at Google scale
— Scale applications horizontally and vertically – Add more instances or increase resources size — Service discovery, Load balance and Network management — Long-term and temporary storage orchestration — Automate rollouts and rollbacks — Manage secrets, configurations and policies — Self-healing — and more
The Kubernetes API server — etcd – Key-value database to store all cluster data — kube-scheduler – Assing Pods to nodes — kube-controller-manager – Runs controller processes — cloud-controller-manager – Links features of your cloud provider
that runs on each node – Ensures that containers are running — kube-proxy – Proxy that maintain network rules – Allows communication between Pods — Container Runtime – Software that run containers – Such as containerd, CRI-O and others CRI compatible
Runs inside the cluster, as Pods — Cluster should have a DNS server for service discovery – CoreDNS — Cluster should have networking support for communication and resource sharing – Flannel, Calico, Canal — Clusters often deploy web-based UI for management — Clusters often need storage management and provisioning – Longhorn, Rook, OpenEBS
system — Used to represent the state of a cluster — It describes – What container to run and where – Policies and behaviors – And more — When you create an object, you are telling how your cluster should look like — Objects are, by default, described in Yaml
API version used to create this object — kind – What kind of object you want to create — metadata – Data to uniquely identify the object — spec – The desired state of the object – The spec format differs for each object kind
— Group of one or more containers – Shared resources — Always co-located and co-scheduled — Shared resources are managed by namespaces, cgroups and other isolation methods – The same used in Docker containers — Pods are generally not created directly – Managed by workload resources – Such as Deployment
of replica Pods running at any given time — Often used to guarantee the availability of a specified number of identical Pods — Deployment is a high-level ReplicaSet and the recommended way
some) Nodes run a copy of a Pod — Typical use cases – Running a cluster storage daemon on every node – Running a logs collection daemon on every node – Running a node monitoring daemon on every node
IP address — Pods on a node can communicate with all pods on all nodes without a NAT — Service discovery is often done with DNS – Requires CoreDNS add-on or another DNS server — Useful resources – Service – Ingress
container are ephemeral – Loss of data when a container crashes or restarts — Kubernetes supports multiple types of storages – Know as Volumes in Docker — Storage provisioning is another class of problem — Useful resources – StorageClass – PersistentVolume – PersistentVolumeClaim
offered in the cluster — Defined by cluster administrators — Some classes supported – NFS – GlusterFS – Ceph RDB – Amazon EBS — Each StorageClass needs a provisioner – To provision PersistentVolumes
Such as password, token, or a key — By default, Secrets are stored unencrypted – Configure RBAC rules – Enable encryption at rest — Can be used as – Files in a mounted volume – Environment variable
single node – For development and testing purposes — kOps – Easiest way to get a production grade Kubernetes — kubeadmin – Creates a minimum viable Kubernetes cluster – Good for first-time users
command line tool – Communicates with control plane using Kubernetes API – Create/update/delete resources – Check cluster and resources information — crictl – Command line to inspect and debug container runtimes – Attach to a running container – Run commands in a given running container – List images, containers, pods
manager" for Kubernetes – A tool for managing packages of pre-configured resources (Helm Charts) – Find popular Helm Charts – Create and share your applications as charts – Install charts
— Requires time and resources to set up a production ready cluster — Scaling can be difficult and expensive — Examples – "Vanilla" Kubernetes (K8s) – Rancher – RedHat OpenShift – VMware Tanzu
system — Initial setup and configuration takes time — A distributed system to run distributed systems — Scaling, High availability and redundancy is often difficult — Steep learning curve
complex as managing compute instances — Distributed storage come with many challenges — Redundancy, backup, failover is critical — Applications often need multiple storage solutions – File Storage – Block Storage – Object Storage – Persistent vs Ephemeral
public cloud – No maintenance headaches — Use Rancher – RKE solves common problems with installation complexity – Rancher addresses operational and security challenges – Longhorn makes deployment of block storage easier – Harvester helps to manage virtualized workloads
Reserved. SUSE and the SUSE logo are registered trademarks of SUSE LLC in the United States and other countries. All third-party trademarks are the property of their respective owners. For more information, contact SUSE at: +1 800 796 3700 (U.S./Canada) Maxfeldstrasse 5 90409 Nuremberg www.suse.com Thank you
alexandrevicenzi
miyakemito
ks91
pacificspatialsolutions
ktc_wada
tkengo
haru860
nagix
heleeen
kenichirokimura
nokonoko1203
tetsuyaooooo
infiniteloop_inc
addyosmani
jakevdp
panda_program
lara
jonrohan
holman
thekraken
jacobian
stephaniewalter
lauravandoore
eileencodes
jlugia
