Kubernetes 101

Transcript

1. Kubernetes 101 Ganesh Gunasegaran
 https://itsgg.com [email protected] Code: https://github.com/itsgg/sinatra-docker

2. Cloud computing • Resources as services (computer, storage, network, apps)

   • Resources allocated on demand • Multi-tenancy • Pay-As-You-Go • Maximized e ff ectiveness of the shared resources • Lower barriers to entry

3. Cloud Native Computing • Containers represents an isolated unit of

   application deployment. • Dynamically managed by a central orchestration process. • Loosely coupled Micro-services with explicit service endpoints.

4. Application Containers • Run multiple isolated user-space application instances in

   parallel. • Self su ff i cient - Application code, libraries and runtime are bundled. • Portable. • Lightweight. • Immutable images.

5. Application Example https://github.com/itsgg/sinatra-docker

6. Container Orchestration • Framework for integrating and managing containers at

   scale. • De fi nes initial container deployment. • Ensures availability • Ensures scalability • Manages networking • Ex: Docker Swarm, Mesosphere, Kubernetes

7. Kubernetes • Open-source system developed by Google for automating deployment,

   scaling and management of containerized applications. • Places containers on nodes. • Recovers from failures. • Provides monitoring, logging, health checking etc. • Enables containers to fi nd each other.

8. Kubernetes Concepts • Master: Maintains the desired state for the

   cluster. • Node: Runs the applications. • Objects: Represent the state of the cluster. • Spec: Describes its desired state. • State: Describes the actual state. • Name: Unique for a kind in a namespace. • Namespaces: Provides a scope for names. • Labels: Key-value pairs attached to objects. • Label Selctor: Core grouping primitives. • Annotations: Attaching non-identifying metadata to objects.

9. Kubernetes Objects Categories • Workloads: Used to manage and run

   container (Pod, ReplicationController, Deployment) • Discovery & Load Balancing: Joins workloads together into an externally accessible, load-balanced service (Service, Ingress) • Con fi g & Storage: Inject initialization and persist data externally (Volume, Secret) • Metadata: Con fi gure behavior of other resources within a cluster (LimitRange) • Cluster: Responsible for de fi ning the con fi guration of the cluster itself (Namespace, Binding)

10. Kubernetes Architecture

11. Kubernetes Master • Control Plane: Controls other nodes in Data

    Plane. • API Server: Front-end for the K8 control plane. • etcd: Distributed key-value store. • Controller-manager: Daemon that handles routine tasks • Node/Replication/Endpoint/Service Account/Token • Scheduler: Assignes pods to the worker node.

12. Kubernetes Node • Workhorse of the cluster. • kublet: Watches

    for pods that have assigned to its node. • Mounts the pod’s require volume. • Downloads the pod’s secrets. • Periodically runs the liveness probes. • Reports the status of the pod. • Reports the status of the node. • kube-proxy: Maintains network rules on the host and performs connection forwarding. • Container Engine: Use to run containers. Usually docker, but other’s possible thro’ Container Runtime Interface.

13. Accessing the Kubernetes Cluster • kubectl • Dashboard (add-on) •

    REST API

14. Authorization to the API • Types of users • Service

    accounts • Normal users • Authorization modules • Node • Attribute-Based Access Control (ABAC) • Role-Based Access Control (RBAC) • Webhook

15. Kubernetes Workloads • Runs inside a set of Pods •

    Deployments • ReplicaSet • StatefulSet • Jobs & CronJobs • DaemonSet

16. Pod

17. Pod • Smallest deployable object. • Contains • One or

    more application containers. • Storage resources. • Unique IP address. • Options on how container(s) should run. • Scheduled on a node and remains there until terminated or evicted. • Don’t self-heal by itself.

18. Pod - Cont • Lifecycle: pending, running, succeeded, failed, unknown

    • Probes are performed by kublet on a container using a handler • Probe Types: readinessProbe, livenessProbe • Handler Types: ExecAction, TCPSocketAction, HTTPGetAction • Probe Result: success, failure, unknown • Restart policy based on livenessProbe: Always, OnFailure, Never

19. Pod Manifest

20. Pod - Operations • kubectl get nodes • kubectl get

    pods • kubectl apply -f pod.yml • kubectl get pod time-app • kubectl describe pod time-app • kubectl exec -it time-app — bash • kubectl logs -f time-app • kubectl delete -f pod.yml

21. ReplicaSet • Ensures the desired number of pods matching the

    label-selector and are operational. • Declarative de fi nition of what a Pod should be and how many of it should be running at a time.

22. ReplicaSet Manifest

23. ReplicaSet Operations • kubetctl create -f replica_set.yml • kubectl get

    rs —watch • kubectl describe rs time-app • kubectl scale rs time-app —replicas=5 • kubectl delete rs time-app

24. Deployment • Provides declarative updates for Pods and ReplicaSets. •

    Creates ReplicaSet, which creates Pods. • Updating the deployment creates new ReplicaSet and revision. • During update, pods for the initial RS are scaled down, while pods from the new RS are scaled up. • Rollback to an earlier revision, will update the revision. • Current command can be recorded in the annotation of the resources. • Deployment strategy • Rolling update • Recreate

25. Deployment Manifest

26. Deployment Operations • kubectl apply -f deployment.yml • kubectl get

    deployment time-app • kubectl describe deployment nginx • kubectl scale deployment nginx —replicas=4 • kubectl set image deployment/time-app time-app=itsgg/sinatra-docker:0.2 —all=true • kubectl rollout status deployment time-app • kubectl rollout history deployment time-app • kubectl rollout undo deployment/time-app —to-revision=2

27. Job • Creates one or more pods and ensures that

    a speci fi ed number of them successfully terminate. • Reliably run a Pod to completion the speci fi ed number of times. • Run multiple Pods in parallel. • If Pods fail, the Job will create new Pods forever. • CronJobs create jobs once or repeatedly at speci fi ed times. • Concurrency policy can be con fi gured.

28. Job Manifest

29. Job Operations • kubectl apply -f job.yml • kubect describe

    job time-app • kubectl delete -f job.yml

30. DaemonSets • All or some nodes run a copy of

    a pod. • When nodes are added to the cluster, pods are added to them. • When nodes are removed from the cluster, those pods are garbage collected. • Node selection: nodeSelector, a ffi nity • Deleting a DaemonSet will delete the pods. • Update strategy. • OnDelete • RollingUpdate

31. Kubernetes Services • De fi nes a logical set of

    Pods and Policy by which to access them. • Maps an incoming port to a target port. • Endpoint: Pods targeted by the selector. • Service discovery • Environment variables: Services should be de fi ned fi rst • DNS: No ordering is required

32. Service Types • ClusterIP: Exposes the service on a cluster

    internal IP. Only reachable from within the cluster - Default • NodePort: Exposes the service on each Node’s IP at a static port. Accesible from outside using NodeIP:NodePort • LoadBalancer: Exposes the service externally using a Cloud Providers’ load balancer. • ExernalName: Maps the service to the contents of the externalName fi eld, by returning the CNAME.

33. Service Manifests

34. Service Operations • kubectl get service • kubectl describe service

    time-app • kubectl exec -it time-app-xx — env • kubectl exec -it time-app-xx — nslookup time-app

35. Kubernetes Persistent Storage • Volumes • Persistnent Volumes and Volume

    Claims • Secrets • Con fi gMaps

36. Volume • Container fi lesystem is ephemeral. • Just a

    directory which is accessible to the containers in a pod. • Type of the volume determines the backend. • Pod de fi nition speci fi es which volumes are mounted at which path. • Each container can independently mount a volume.

37. Volume Types • emptyDir: Delete when pod is deleted (survices

    crashes) • hostPath: Mounts a directory from host into the pod. • gcePersistentDisk: Mounts GCE Persistent Disk into the Pod. • awsElasticBlockStore: Mounts AWS EBS into the pod. • nfs: Mounts existing NFS into the POD. • secret • PersistentVolumeClaim

38. Persistent Volumes • PersistantVolume(PV): Hides the details of storage implementation

    of the pod. • HostPath, NFS, etc • PersistentVolumeClaim(PVC): Request for storage by a pod. • Size, Access Mode, Storage Class • Storage Class • QoS levels, backup policies • Allows dynamic provisioning using provisioner and parameter fi elds

39. Persistent Volume Manifest

40. Secret • Hold sensitive information. • Safer than putting sensitive

    information in pod de fi nition or docker images. • Can be used as fi les in a volume, or injected by the kubelet. • Can be loaded as environment variable o • kubectl create secret generic test-app —from- literal=password=FOOPASS

41. Secret Manifests

42. Con fi gMaps • Intended for passing information that are

    stored in a single con fi g fi le. • Can be created from literal or fi le. • kubectl create con fi gmap time-app-con fi gmap —from- [email protected]