Not Following... ● What are these? ○ Container ○ Docker ○ Kubernetes ● How to ... ○ construct k8s cluster ○ use kubectl ○ use built-in resources(e.g. Deployment) properly
Components of k8s cluster ● A cluster is a set of worker nodes. ● Every worker node runs the Pods ● Kubernetes cluster consists of ○ C-plane components ■ may include an interface providing connection to Cloud provider API ○ Node components
Components of k8s cluster#C-plane ● C-plane has a responsibility to ○ manage worker node(s) ○ detect several events in a cluster ○ serve API to interconnect with cloud provider (optional) ■ AWS/GCE/OpenStack/etc ● esp, kube-apiserver is the core-system of it. ● In general, these components are deployed in a Node. ○ the node is known as "master node" ○ in prod, you should deploy C-plane comps to multiple machines(using Kubeadm or stuff)
Components of k8s cluster#kube-apiserver ● exposes the Kubernetes API to cluster's outside ○ so it plays an important role as the front-end of C-plane comps. ● Note that kube-apiserver scales "horizontally" (not vertically) ○ this feature enables us to balance traffics between those instances ● kube-apiserver is the only component is connected with etcd. ○ other all components need to communicate with etcd through apiserver. ■ even if it is a C-plane component!
Components of k8s cluster#etcd ● etcd is well known as "distributed key-value store" ● You can construct a "etcd cluster" ○ a consensus algorithm called "Raft" works in it ○ actually the number of nodes in cluster should be odd
Components of k8s cluster#kube-scheduler ● kube-scheduler assigns a Pod to Node ● When a Pod is created newly, It's not determined where It deploys to yet. ● kube-scheduler detects some Pods they're not assigned any node yet ● And apply a scheduling algorithm, then a Node is selected.
Components of k8s cluster#k-c-m(stripped) ● A controller is a control loop that watches the state of clusters, nodes, and resources. ○ If a current state isn't desirable, a controller makes changes by requesting to kube-apiserver. ● k-c-m is a set of built-in controllers. ○ includes replicaset/deployment/service/etc
Components of k8s cluster#kubelet ● An agent that is in each Node. ● Start some Pods scheduled by kube-scheduler, by communicating with container-runtime. ○ You can deploy pods to a specified node by using a mechanism called "Static Pod".
Components of k8s cluster#container-runtime ● A software that is responsible for running containers ● Kubernetes support any implementation of CRI ○ Docker ○ containerd ○ CRI-O ● If you're operating a cluster in a multi-tenant network ○ preferred to use secure OCI runtime(e.g. kata-runtime)
Appendix#Service ● In k8s cluster, each Pod has its IP address. ● A container will communicate to others with "localhost" in a pod. ● There is a few issue if a pod wants to be connected with pods they're created dynamically(e.g. using deployment). ○ How to get their IP addresses? ○ Is there a way to balance traffics to them smart?
Appendix#Service ● A Service is a way to expose an application runs on a cluster. ○ can also load-balance L4 traffics to several Pods. ○ create an endpoint with given ServiceType. ■ ClusterIP … provide a VIP it's only used in a cluster ■ NodePort … allocating a port that is listened to by every Node. ■ LoadBalancer … using an external LB. ● A Service marks pods by label-selector ○ marked Pods are "targeted" by a Service. ● we're going back to kube-proxy.
Components of k8s cluster#kube-proxy ● kube-proxy receives some traffics to ClusterIP/NodePort. ● kube-proxy can be configured with proxy-mode ○ userspace … running transporter in user space ○ iptables … running transporter in kernel space ■ more efficiently than userspace mode ■ iptables isn't designed for load-balancing ○ IPVS … opmizing workloads using IP Virtual Server ■ can use more optimized LB algorithms. ● least-connection ● source-hashing
drumato
forcia_dev_pr
banjun
line_developers
mixi_engineers
jeromevdl
sakiengineer
whywaita
asei
benevolent0505
okuzawats
microcms
okazuki
lemiorhan
jakevdp
ufuk
62gerente
tanoku
addyosmani
tenderlove
dotmariusz
cromwellryan
denniskardys
schacon
matthewcrist