Docker e Kubernetes

Transcript

1. Docker and Kubernetes

2. Docker

3. 3 What is Docker Docker is a virtualization platform that

   packages applications and its dependencies on lightweight isolated environments called containers.

4. 4 Docker vs Virtual Machines

5. 5 How does it work • cgroups • namespaces •

   union file systems • copy-on-write

6. 6 How does it work Docker Engine containerd containerd-shim runC

   containerd-shim runC ... ...

7. 7 Why this matters?

8. 8 Docker Architecture

9. 9 Containers vs Images

10. 10 Volumes

11. 11 Dockerfile

12. 12 Dependency management

13. Kubernetes

14. Kubernetes is a platform for managing containerized workloads and services,

    that facilitates both declarative configuration and automation. It achieves high utilization by combining admission control, efficient task-packing and machine resource sharing with isolation. It supports high-availability applications with runtime features that minimize fault-recovery time, and scheduling policies that reduce the probability of correlated failures. 14 What is Kubernetes

15. 15 Architecture kube-apiserver kube-controller-manager kube-scheduler kubectl web UI LB Traffic

    Pod Pod Pod kube-proxy kubelet Kubernetes Node Kubernetes Master etcd cluster Pod Pod Pod kube-proxy kubelet Kubernetes Node Pod Pod Pod kube-proxy kubelet Kubernetes Node

16. 16 Namespace • Provides scope for names • Objects in

    the same namespace have the same access control policies • Creates isolation between multiple workloads

17. 17 Pod • Group of one or more containers •

    A set of Linux namespaces, cgroups, and potentially other facets of isolation • Pods are supposed to be unique and ephemeral • Usually not directly created by the user

18. 18 Volume • On-disk files in a Container are ephemeral

    • At its core, a volume is just a directory, possibly with some data in it • Kubernetes volumes have the same lifecycle as the Pod that encloses it • On Kubernetes there are multiple types of volumes (e.g. gcePersistentDisk)

19. 19 Controllers • ReplicaSet • Deployment • StatefulSet • DaemonSet

    • Job

20. 20 ConfigMap • ConfigMaps allow you to decouple configuration artifacts

    from image content to keep containerized applications portable • A set of key-value pairs along with optional metadata • Can be mounted to Pods by args, environment variables or volumes

21. 21 Secret • A Secret is an object that contains

    a small amount of sensitive data (e.g. credentials) • Secrets can be mounted as volumes or as environment variables in a Pod • To mount a secret in a Pod, they both must be in the same namespace • A secret is only sent to a node if a pod on that node requires it. It is not written to disk. It is stored in a tmpfs. It is deleted once the pod that depends on it is deleted

22. 22 Service and Virtual Service • A Service is an

    abstraction which defines a logical set of Pods and a policy by which to access them • The DNS server watches the Kubernetes API for new Services and creates a set of DNS records for each • A VirtualService defines the rules that control how requests for a service are routed within an Istio service mesh • Requests can be routed based on the request source and destination

23. 23 Ingress and Ingress Gateway • An API object that

    manages external access to the services in a cluster, typically HTTP • Typically, services and pods have IPs only routable by the cluster network. All traffic that ends up at an edge router is either dropped or forwarded elsewhere • An Ingress Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections

24. 24 Ingress and Ingress Gateway

25. 25 Istio

26. 26 Prometheus

27. 27 Fluentd

28. 28 Grafana

29. 29 Rancher

30. 30 Minikube e Kind https://github.com/kubernetes-sigs/kind

31. 31 Where to learn more • Kubernetes Official Documentation ->

    https://kubernetes.io/docs/home • awesome-docker -> https://github.com/veggiemonk/awesome-docker • awesome-kubernetes -> https://github.com/ramitsurana/awesome-kubernetes • Kubernetes blog - > https://kubernetes.io/blog • CNCF -> https://www.cncf.io/

32. Obrigado [email protected]