Intro to the cloud-native world of Kubernetes -- November 2018

Intro to the cloud-native world of Kubernetes -- November 2018

An update of the similar presentation I delivered during the summer, now reflecting the current state of the ecosystem (previous slide deck at
Google Docs link to this presentation:

I gave this talk in for a meetup in Umeå in November 2018, via a video call.
The meetup link is here:
The session was not recorded.
Location: Online


Lucas Käldström

November 20, 2018


  1. 1 Intro to the cloud-native world with Kubernetes Lucas Käldström

    - CNCF Ambassador 19th of June 2018 - Umeå Image credit: @ashleymcnamara
  2. 2 $ whoami Lucas Käldström, High School Student, 19 years

    old CNCF Ambassador, Certified Kubernetes Administrator and Kubernetes SIG Lead KubeCon Speaker in Berlin, Austin, Copenhagen & Shanghai Kubernetes approver and subproject owner, active in the community for ~3 years Driving luxas labs which currently performs contracting for Weaveworks A guy that has never attended a computing class

  4. 4 Cloud Native Computing Foundation • Non-profit, part of the

    Linux Foundation; founded Dec 2015 • Platinum members: Incubating Service Mesh Storage Service Discovery Distributed Tracing Software Update Spec Storage Security Graduated Package Management Orchestration Networking API Service Proxy Logging Remote Procedure Call Distributed Tracing API Container Runtime Container Runtime Messaging Monitoring Registry Source

    “SKEPTICS” “THE CHASM” LATE MAJORITY “CONSERVATIVES” SANDBOX GRADUATED INCUBATING EARLY ADOPTERS “VISIONARIES” SANDBOX Identity Spec Identity Policy Tooling Metrics Spec Distributed K/V Monitoring Serverless Packaging Spec Container Security Image Distribution Source
  6. 6

  7. 7 What is CNCF? A non-profit foundation for getting Cloud

    Native: a) open source projects b) companies c) enthusiasts to come together in a neutral place. CNCF was founded in December 2015 and is a part of The Linux Foundation. CNCF curates and promotes a toolkit of trusted projects for modern applications. Helps hosted projects to succeed in various ways, one of them is by organizing events where the community can meet in person.
  8. 8 Cloud Native Trail Map Trail Map: Source

  9. 9 Containers Cloud Native From Virtualization to Cloud Native •Cloud

    native computing uses an open source software stack to: – segment applications into microservices, – package each part into its own container – and dynamically orchestrate those containers to optimize resource utilization Open Source IaaS PaaS Open Source PaaS Virtualiza- tion 2000 2001 2006 2009 2010 2011 Non- Virtualized Hardware 2013 2015 IaaS Source
  10. 10

  11. 11 Most importantly: What does “Kubernetes” mean? Kubernetes = Greek

    for “pilot” or “helmsman of a ship”
  12. 12 What is Kubernetes? = A Production-Grade Container Orchestration System

    Google-grown, based on Borg and Omega, systems that run inside of Google right now and are proven to work at Google for over 10 years. Google spawns 2 billion containers per week with these systems. Created by three Google employees initially during the summer of 2014; grew exponentially and became the first project to get donated to the CNCF. Hit the first production-grade version v1.0.1 in July 2015. Has continually released a new minor version every three months since v1.2.0 in March 2016. Lately v1.12.0 was released in September 2018.
  13. 13 So what does Kubernetes actually do? It abstracts away

    the underlying hardware, abstracts away the concept Node. Principle: Manage your applications like Cattle (generic, bulk operations) instead of like Pets (every operation is customized with care and love for the individual) Kubernetes is the Linux for distributed systems. In the same manner Linux (an OS) abstracts away the hardware differences (with different CPU types, etc.), Kubernetes abstracts away the fact that you have 5 000 nodes in the node pool and provides consistent UX and operation methods for apps You (the admin) declares the desired state, Kubernetes' main task is to make the desired state the actual state.
  14. 14 Kubernetes in Search Trends WeChat Kubernetes OpenStack Google Trends

    Kubernetes OpenStack Mesos Docker Swarm Cloud Foundry July-18 Aug-18 Sept-18 Oct-18 Source
  15. 15 Kubernetes’ incredible velocity (last 365 days!) 20 000+ human

    commits 25 000+ contributors 40 000+ opened Pull Requests 58 000+ opened issues 75 000+ Kubernetes professionals 35 000+ Kubernetes jobs 51 000+ users on Slack 50 000+ edX course enrolls Source 5 Source 4 Last updated: 19.11.2018 Source 2 310 000+ Github comments Source 1 Source 3
  16. 16 Nodes Control Plane Kubernetes’ high-level component architecture Node 3

    OS Container Runtime Kubelet Networking Node 2 OS Container Runtime Kubelet Networking Node 1 OS Container Runtime Kubelet Networking API Server (REST API) Controller Manager (Controller Loops) Scheduler (Bind Pod to Node) etcd (key-value DB, SSOT) User Legend: CNI CRI OCI Protobuf gRPC JSON
  17. 17 Fresh docs on how to extend Kubernetes Brand new

    docs on how to extend Kubernetes Kubernetes has many extension mechanisms: • API Aggregation (beta) • kubectl plugins (alpha) • CustomResourceDefinitions, Example intro (beta) • Container Network Interface plugins (stable) • Scheduler webhook & multiple (beta) • Device plugins (alpha) • Initializers & Admission webhook (beta) • External Cloud Provider Integrations (alpha) • API Server authn / authz webhooks (stable) • Container Runtime Interface plugins (alpha) • Container Storage Interface plugins (alpha)
  18. 18 The core primitive: A Pod The basic, atomically deployable

    unit in Kubernetes. A Pod consists of one or many co-located containers. A Pod represents a single instance of an application. The containers in a Pod share the loopback interface (localhost) and can share mounted directories. Each Pod has it’s own, uniquely assigned and internal IP. Pods are mortal, which means that if the node the Pod runs on becomes unavailable, the workload also goes unavailable. apiVersion: v1 kind: Pod metadata: name: nginx namespace: default labels: app: nginx spec: containers: - image: nginx:1.13.9 name: nginx ports: - name: http containerPort: 80
  19. 19 A replicated, upgradeable set of Pods: A Deployment With

    a Deployment, you can manage Pods in a declarative and upgradable manner. Note the replicas field. Kubernetes will make sure that amount of Pods created from the template always are available. When the Deployment is updated, Kubernetes will perform an rolling update of the Pods running in the cluster. Kubernetes will create one new Pod, and remove an old until all Pods are new. apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx:1.13.9-alpine name: nginx ports: - name: http containerPort: 80 The Pod Template
  20. 20 Various possible Deployment upgrade strategies The built-in Deployment behavior

    The other strategies can be implemented fairly easily by talking to the API. Picture source: Kubernetes effect by Bilgin Ibryam
  21. 21 Access your replicated Pods via a Service A Service

    exposes one or many Pods via a stable, immortal, internal IP address. It’s also accessible via cluster-internal DNS: {service}.{namespace}.svc.cluster.local, e.g. nginx.default.svc.cluster.local The Service selects Pods based on the label key-value selectors (here app=nginx) A Service may expose multiple ports. This ClusterIP can be declaratively specified, or dynamically allocated. apiVersion: v1 kind: Service metadata: name: nginx namespace: default labels: app: nginx spec: type: ClusterIP ports: - name: http port: 80 targetPort: 80 selector: app: nginx The Pod Selector
  22. 22 Expose your Service to the world with an Ingress

    A Service is only accessible inside of the cluster. In order to expose the Service to the internet, you must deploy an Ingress controller, like Traefik, and create an Ingress Rule The Ingress rule is the Kubernetes-way of mapping hostnames and paths from internet requests to cluster-internal Services. The Ingress controller is a loadbalancer that’s creating forwarding rules based on the Ingress Rules in the Kubernetes API. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx namespace: default labels: app: nginx spec: rules: - host: http: paths: - path: / backend: serviceName: nginx servicePort: 80 The Service reference
  23. 23 Isolate your stuff in a Namespace Internet Traefik

    as Ingress Controller Namespace: default nginx Ingress Rule nginx Service nginx Pod 1 nginx Pod 2 nginx Pod 3 nginx Deployment A Namespace is a logical isolation method, most resources are namespace-scoped. You can group logically similar workloads in one namespace and enforce different policies. You can e.g. have one namespace per team, and let them play in their own virtual environment. Role Based Access Control (RBAC) can be used to control what Kubernetes users can do, and what resources in what namespaces an user can access is one of the parameters to play with there.
  24. 24 How do I kick the tires with Kubernetes? Play

    with Kubernetes right away in your browser! Create a single-node cluster on your workstation with minikube Create a production-ready cluster on any machines with kubeadm Create a production-ready cluster on AWS with kops Explore Kubernetes Certified Service Providers’ solutions
  25. 25 Create a cluster with kubeadm 1. Provision a Linux

    machine with Ubuntu, Debian, RHEL, CentOS or Fedora 2. Install kubeadm: 3. Make kubeadm set up a master node for you: 4. Install a Pod Network solution from a third-party provider: 5. Repeat step 1 & 2 on an other node and join the cluster: curl -s | apt-key add - echo “deb kubernetes-xenial main” > /etc/apt/sources.list.d/kubernetes.list apt-get update && apt-get install -y kubeadm kubeadm init kubectl apply -f kubeadm join --token <token> <master-ip>:6443
  26. 26 Everything is done in Special Interest Groups Special Interest

    Groups (SIGs) manage Kubernetes’ various components and features. All code in the Kubernetes Github organization should be owned by one or more SIGs; with directory-level granularity. SIGs have regular (often weekly) video meetings where the attendees discuss design decisions, new features, bugs, testing, onboarding or whatever else that is relevant to the group. Attending these meetings is the best way to get to know the project Image source
  27. 27 Certified Kubernetes Conformance • CNCF runs a software conformance

    program for Kubernetes – Implementations run conformance tests and upload results – New mark and more flexible use of Kubernetes trademark for conformant implementations – Source
  28. 28 CNCF MOOC and Online Training • Free Introduction to

    Kubernetes self-paced course offered with edX • Kubernetes Fundamentals course – Content maps to Certified Kubernetes Administrator (CKA) exam – $299, intermediate level • Open source curriculum available for companies offering training – CKA Exam coupons available with a bulk discount Source
  29. 29 Online, Proctored Kubernetes Exams • Certified Kubernetes Administrator (CKA)

    – Over 1,500 registrations already – • Certified Kubernetes Application Developer (CKAD) – Certifies that users can design, build, configure, and expose cloud native applications for Kubernetes – • Both tests – Tests consist of a set of scenarios to resolve from the command line over 3 hours; there is no multiple choice – Each exam is $300 – Quarterly exam updates to match K8s releases` Source
  30. 30 Kubernetes Certified Service Provider A pre-qualified tier of vetted

    service providers who have deep experience helping enterprises successfully adopt Kubernetes through support, consulting, professional services and/or training. Benefits • Placement at the top of • Monthly private meetings with cloud native project leaders, TOC members, and representatives from the Governing Board • Access to leads from the for end users looking for support Requirements • Three or more certified engineers • Demonstrable activity in the Kubernetes community including active contribution • Business model to support enterprise end users Source
  31. 31 71 Kubernetes Certified Service Providers Source

  32. 32 KubeCon + CloudNativeCon • North America 2018 – Seattle:

    December 10-13, 2018 • Europe 2019 (sponsorships open) – Barcelona: May 20-23, 2019 • China 2019 (sponsorships open) – Shanghai: June 24-26, 2019 • North America 2019 (sponsorships open) – San Diego: November 18-21, 2019 Source
  33. 33 KubeCon + CloudNativeCon Attendance First CNCF-organized event Source

  34. 34 Follow the Kubernetes blog, YouTube channel & Twitter feed

    Do as 50 000+ others and take the free edX "Introduction to Kubernetes" course Join 51 000+ others in the Kubernetes Slack: Prep for and take the Certified Kubernetes Administrator or Certified Kubernetes Application Developer exam Join a Special Interest Group and attend the weekly meetings Kick the tires with Kubernetes on your machines with minikube or kubeadm Check out the weekly Kubernetes Community Meeting or Kubernetes Office Hours on Zoom Next steps?
  35. 35 Join the community in Seattle & Barcelona!

  36. Thank you! @luxas on Github @luxas on Kubernetes’ Slack @kubernetesonarm

    on Twitter