Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Introduction to Kubernetes

Introduction to Kubernetes

A short introduction to Kubernetes.

Alexandre Vicenzi

March 24, 2023
Tweet

More Decks by Alexandre Vicenzi

Other Decks in Technology

Transcript

  1. Copyright © SUSE 2022 Agenda • What is a container

    • What is Kubernetes • Cluster components • Objects • Tooling • Distributions • Challenges • Demo 2
  2. Copyright © SUSE 2022 What is a Linux container? —

    A form to isolate applications from the host OS — Allow developers to pack all dependencies — Easy to move between environments — Easy to develop, deploy and manage – Docker, Podman, nerdctl — Extra layer of security – Namespace, cgroups, capabilities, seccomp, LSM (AppArmor, SELinux, ...)
  3. Copyright © SUSE 2022 What is Kubernetes? — A system

    for automation and orchestration of containers — Responsible for deployment, scaling, and management of containerized applications — Groups containers into logical units (Pods) — Easy management and discovery — Designed by Google to run at Google scale
  4. Copyright © SUSE 2022 What can we do with Kubernetes?

    — Scale applications horizontally and vertically – Add more instances or increase resources size — Service discovery, Load balance and Network management — Long-term and temporary storage orchestration — Automate rollouts and rollbacks — Manage secrets, configurations and policies — Self-healing — and more
  5. Copyright © SUSE 2022 Control Plane Components — kube-apiserver –

    The Kubernetes API server — etcd – Key-value database to store all cluster data — kube-scheduler – Assing Pods to nodes — kube-controller-manager – Runs controller processes — cloud-controller-manager – Links features of your cloud provider
  6. Copyright © SUSE 2022 Node Components — kubelet – Agent

    that runs on each node – Ensures that containers are running — kube-proxy – Proxy that maintain network rules – Allows communication between Pods — Container Runtime – Software that run containers – Such as containerd, CRI-O and others CRI compatible
  7. Copyright © SUSE 2022 Addons — Provides cluster-level features —

    Runs inside the cluster, as Pods — Cluster should have a DNS server for service discovery – CoreDNS — Cluster should have networking support for communication and resource sharing – Flannel, Calico, Canal — Clusters often deploy web-based UI for management — Clusters often need storage management and provisioning – Longhorn, Rook, OpenEBS
  8. Copyright © SUSE 2022 Objects — Persistent entities in the

    system — Used to represent the state of a cluster — It describes – What container to run and where – Policies and behaviors – And more — When you create an object, you are telling how your cluster should look like — Objects are, by default, described in Yaml
  9. Copyright © SUSE 2022 Object example — apiVersion – Kubernetes

    API version used to create this object — kind – What kind of object you want to create — metadata – Data to uniquely identify the object — spec – The desired state of the object – The spec format differs for each object kind
  10. Copyright © SUSE 2022 Pod — The smallest deployable unit

    — Group of one or more containers – Shared resources — Always co-located and co-scheduled — Shared resources are managed by namespaces, cgroups and other isolation methods – The same used in Docker containers — Pods are generally not created directly – Managed by workload resources – Such as Deployment
  11. Copyright © SUSE 2022 Workloads — A workload is an

    application running on Kubernetes — Built-in workload resources – Deployment – ReplicatSet – StatefulSet – DaemonSet – Job – CronJob
  12. Copyright © SUSE 2022 Deployment — Describes desired state for

    Pods — Common way to define your application in Kubernetes — Declares container images, replicas, rollout strategy and more
  13. Copyright © SUSE 2022 ReplicaSet — Maintains a stable set

    of replica Pods running at any given time — Often used to guarantee the availability of a specified number of identical Pods — Deployment is a high-level ReplicaSet and the recommended way
  14. Copyright © SUSE 2022 StatefulSet — Similar to a Deployment

    and ReplicaSet — Guarantees ordering and uniqueness of Pods — Typical use cases – Stable, unique network identifiers – Stable, persistent storage – Ordered, graceful deployment and scaling – Ordered, automated rolling updates.
  15. Copyright © SUSE 2022 DaemonSet — Ensures that all (or

    some) Nodes run a copy of a Pod — Typical use cases – Running a cluster storage daemon on every node – Running a logs collection daemon on every node – Running a node monitoring daemon on every node
  16. Copyright © SUSE 2022 Job and CronJob — Job –

    One time run – Executes and exit – Retry if fails — CronJob – Periodically run on a given schedule – Similar to crontab
  17. Copyright © SUSE 2022 Networking — Every Pod gets an

    IP address — Pods on a node can communicate with all pods on all nodes without a NAT — Service discovery is often done with DNS – Requires CoreDNS add-on or another DNS server — Useful resources – Service – Ingress
  18. Copyright © SUSE 2022 Service — Exposes a Pod as

    a network service — It defines – Protocol – Port – App selector
  19. Copyright © SUSE 2022 Ingress — Exposes HTTP and HTTPS

    routes — Exposes a service to the world — Can provide – Load Balancing – SSL / TLS – Routing rules
  20. Copyright © SUSE 2022 Storage — On-disk files in a

    container are ephemeral – Loss of data when a container crashes or restarts — Kubernetes supports multiple types of storages – Know as Volumes in Docker — Storage provisioning is another class of problem — Useful resources – StorageClass – PersistentVolume – PersistentVolumeClaim
  21. Copyright © SUSE 2022 StorageClass — Describes classes of storage

    offered in the cluster — Defined by cluster administrators — Some classes supported – NFS – GlusterFS – Ceph RDB – Amazon EBS — Each StorageClass needs a provisioner – To provision PersistentVolumes
  22. Copyright © SUSE 2022 PersistentVolume (PV) — A piece of

    storage — Defines – Storage class – Access mode – Capacity – Reclaim policy
  23. Copyright © SUSE 2022 PersistentVolumeClaim (PVC) — A request for

    a piece of storage — A Pod claims storage to use as persistent volume — The volume is them mounted in the container
  24. Copyright © SUSE 2022 Configuration — Application often needs configuration

    – Such as DB, TLS, Env vars — Ideally, configuration is kept outside source code — Useful resources – ConfigMaps – Secrets
  25. Copyright © SUSE 2022 ConfigMap — Data stored as key-value

    pair — Used for non-confidential data — Can be used as – Files in a mounted volume – Environment variable – Command-line arguments
  26. Copyright © SUSE 2022 Secret — Contains sensitive data –

    Such as password, token, or a key — By default, Secrets are stored unencrypted – Configure RBAC rules – Enable encryption at rest — Can be used as – Files in a mounted volume – Environment variable
  27. Copyright © SUSE 2022 Deployment — minikube – Local cluster,

    single node – For development and testing purposes — kOps – Easiest way to get a production grade Kubernetes — kubeadmin – Creates a minimum viable Kubernetes cluster – Good for first-time users
  28. Copyright © SUSE 2022 Management — kubectl – The Kubernetes

    command line tool – Communicates with control plane using Kubernetes API – Create/update/delete resources – Check cluster and resources information — crictl – Command line to inspect and debug container runtimes – Attach to a running container – Run commands in a given running container – List images, containers, pods
  29. Copyright © SUSE 2022 Management — Helm – The "package

    manager" for Kubernetes – A tool for managing packages of pre-configured resources (Helm Charts) – Find popular Helm Charts – Create and share your applications as charts – Install charts
  30. Copyright © SUSE 2022 What to choose? — Too many

    options — On-Premise, Private Cloud or Public Cloud — Single node, multi node — Development
  31. Copyright © SUSE 2022 Development — Often single node —

    Easy to manage, but often limited — Examples – minikube – Kind – K3s
  32. Copyright © SUSE 2022 On-Premise / Private Cloud — Self-managed

    — Requires time and resources to set up a production ready cluster — Scaling can be difficult and expensive — Examples – "Vanilla" Kubernetes (K8s) – Rancher – RedHat OpenShift – VMware Tanzu
  33. Copyright © SUSE 2022 Public Cloud — Infra as a

    Service (IaaS) — Fully managed and production-ready – Hide most pain points — Can scale to "infinity" — Examples – Amazon EKS – Google GKE – Azure AKS
  34. Copyright © SUSE 2022 Edge — Limited resources — Remote

    locations — Examples – K3s – OpenShift – MicroK8s
  35. Copyright © SUSE 2022 Complexity — Kubernetes is a complex

    system — Initial setup and configuration takes time — A distributed system to run distributed systems — Scaling, High availability and redundancy is often difficult — Steep learning curve
  36. Copyright © SUSE 2022 Storage — Managing storage is as

    complex as managing compute instances — Distributed storage come with many challenges — Redundancy, backup, failover is critical — Applications often need multiple storage solutions – File Storage – Block Storage – Object Storage – Persistent vs Ephemeral
  37. Copyright © SUSE 2022 How to overcome challenges? — Use

    public cloud – No maintenance headaches — Use Rancher – RKE solves common problems with installation complexity – Rancher addresses operational and security challenges – Longhorn makes deployment of block storage easier – Harvester helps to manage virtualized workloads
  38. Copyright © SUSE 2022 © 2022 SUSE LLC. All Rights

    Reserved. SUSE and the SUSE logo are registered trademarks of SUSE LLC in the United States and other countries. All third-party trademarks are the property of their respective owners. For more information, contact SUSE at: +1 800 796 3700 (U.S./Canada) Maxfeldstrasse 5 90409 Nuremberg www.suse.com Thank you