Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Kubernetes

Introduction to Kubernetes


Bastian Hofmann

October 12, 2019


  1. @BastianHofmann Introduction to Kubernetes Bastian Hofmann

  2. None
  3. Container orchestration platform

  4. Deploy, run and scale your services in isolated containers

  5. No vendor lock in

  6. Lot’s of large company backers

  7. Standardized APIs

  8. Runs on

  9. Your laptop

  10. Bare metal

  11. Cloud Providers

  12. And if you don't want to install and maintain Kubernetes

  13. Managed Kubernetes

  14. None
  15. Why containers?

  16. Services run in isolation

  17. Everything needed to run a service in one image

  18. Make things …

  19. Easier to deploy

  20. Easier to upgrade system dependencies

  21. Easier to develop

  22. Easier to scale

  23. Better resource usage

  24. #saveThePlanet

  25. Let’s define some core concepts and terminology first

  26. Kubernetes Cluster

  27. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image
  28. • A container runs a docker image. • Only 1

    process can run inside of a container Container
  29. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod
  30. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set
  31. • Manages updates and rollbacks of replica sets Deployment

  32. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service
  33. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress
  34. • A physical server • Containers get distributed automatically Node

  35. • Key/Value storage for configuration ConfigMap

  36. • Key/Value storage for configuration, usually passwords. Secret

  37. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes
  38. • Dedicated environment to deploy services in Namespaces

  39. CronJobs, DaemonSets, StatefulSets, ...

  40. ...

  41. Everything is a resource

  42. You interact with Kubernetes by creating, receiving, updating and deleting

  43. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state
  44. The Kubernetes API can be extended with additional Resources and

  45. CustomResourceDefinitions

  46. Certificate, MySQLCluster, ...

  47. Controllers / Operators

  48. Demo

  49. # 01 Deploying a simple Web Application

  50. What did just happen?

  51. None
  52. Deployment created

  53. Sees new Deployment And creates new ReplicaSet with 1 desired

  54. Sees new ReplicaSet and Creates Pod for ReplicaSet

  55. Sees new unscheduled Pod and Schedules it to Node

  56. Sees it is supposed to start a Pod And starts

    its Containers
  57. Service created

  58. Sees the new Service And configures IP Table Rules and

    DNS entries
  59. Sees the new Service has the Type LoadBalancer and creates

    An External LB at the Cloud Provider
  60. How is traffic routed to the Pod

  61. The Service load-balances incoming traffic to all available Pods

  62. Every Service has a virtual IP

  63. Round Robin with IP Tables rules

  64. OpenStack LoadBalancer

  65. OpenStack LoadBalancer

  66. # 10 Using an Ingress with TLS

  67. Recap

  68. We deployed a small hello world application

  69. Services as internal and external LoadBalancers

  70. CronJobs

  71. We talked about production readiness

  72. Namespace Resource Quotas and Defaults

  73. ConfigMaps and Secrets

  74. The ingress controller (nginx) listens on Ingress Resources and configures

    itself to route incoming traffic based on the host header to the correct running pods
  75. Cert-manager to get a TLS certificate from LetsEncrypt

  76. External-DNS listens on Ingresses and Services and creates DNS entries

    at AWS
  77. How is traffic routed to the Pod

  78. OpenStack LoadBalancer

  79. Operators

  80. MySQL Operator MySQLCluster MySQL pods MySQL statefulset Kubernetes controller manager

    Discovers Creates Creates Discovers Monitors and manages
  81. Prometheus Operator Prometheus Prometheus pods Prometheus statefulset Kubernetes controller manager

    Discovers Creates Creates Discovers Monitors and manages ServiceMonitors Writes config and reloads Discovers
  82. # 15 Service Meshes

  83. What are Service Meshes?

  84. None
  85. They provide

  86. Metrics and Traces

  87. Transparent End-To-End Encryption

  88. Advanced Routing

  89. Istio

  90. LinkerD

  91. $ linkerd install | kubectl apply -f -