Intro to the cloud-native world of Kubernetes -- October 2019

Intro to the cloud-native
world with Kubernetes
Lucas Käldström - CNCF Ambassador
31st of October, 2019 - Turku
Image credit: @ashleymcnamara

View Slide

$ whoami
Lucas Käldström, freshman Student at Aalto, 20 yo
CNCF Ambassador, Certiﬁed Kubernetes
Administrator and Kubernetes WG/SIG Lead
KubeCon Speaker in Berlin, Austin,
Copenhagen, Shanghai, Seattle & San Diego
KubeCon Keynote Speaker in Barcelona
Kubernetes approver and subproject owner (formerly
maintainer), active in the community for 4+ years. Got
kubeadm to GA.
Weave Ignite author, written this summer

View Slide

An intro to CNCF
Cloud Native Computing Foundation helps us all
succeed

View Slide

= OPEN SOURCE CLOUD COMPUTING FOR
APPLICATIONS

View Slide

#CloudNativeNordics
What is CNCF?
A non-proﬁt foundation for Cloud Native:
a) open source projects
b) companies
c) enthusiasts
to come together in a neutral place.
Founded in Dec 2015, part of Linux Foundation.
CNCF curates and promotes a toolkit of
trusted projects for modern applications. Helps
the hosted projects to succeed.
5

View Slide

#CloudNativeNordics
CNCF Projects

View Slide

#CloudNativeNordics

View Slide

#CloudNativeNordics
Cloud Native
Trail Map
Trail Map: l.cncf.io
Source

View Slide

WHAT IS CLOUD NATIVE?
9
Cloud native technologies empower organizations to build and run scalable applications in
modern, dynamic environments such as public, private, and hybrid clouds.
Containers, service meshes, microservices, immutable infrastructure, and declarative APIs
exemplify this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and observable.
Combined with robust automation, they allow engineers to make high-impact changes frequently
and predictably with minimal toil.
The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and
sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art
patterns to make these innovations accessible for everyone.

View Slide

10
Cloud native technologies empower organizations to build and run scalable applications in
modern, dynamic environments such as public, private, and hybrid clouds.
Containers, service meshes, microservices, immutable infrastructure, and declarative APIs
exemplify this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and
observable. Combined with robust automation, they allow engineers to make high-impact changes
frequently and predictably with minimal toil.
sustaining an ecosystem of open source, vendor neutral projects. We democratize
state-of-the-art patterns to make these innovations accessible for everyone.

View Slide

11
Cloud native technologies empower organizations to build and run scalable applications in modern,
dynamic environments such as public, private, and hybrid clouds.
Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify
this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and observable.
Combined with robust automation, they allow engineers to make high-impact changes frequently
and predictably with minimal toil.
sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art
patterns to make these innovations accessible for everyone.

View Slide

Certified Kubernetes Conformance
• CNCF runs a software conformance
program for Kubernetes
– Implementations run conformance tests
and upload results
– Mark and more flexible use of Kubernetes
trademark for conformant
implementations
– cncf.io/ck
Source

View Slide

97 Certified Kubernetes Partners
13

View Slide

© 2019 Cloud Native Computing Foundation
14
● Over 88,000 people have
registered for the free
Introduction to Kubernetes
course on edX
registered for the $299
Kubernetes Fundamentals
course
Training and Certification
registered for the
Certified Kubernetes
Administrator (CKA) online test
registered for the Certified
Kubernetes Application
Developer (CKAD) online test
Training Certification

View Slide

Kubernetes Certified Service Provider
A pre-qualified tier of vetted service providers who have deep experience helping enterprises
successfully adopt Kubernetes through support, consulting, professional services and/or training.
Benefits
• Placement at the top of https://kubernetes.io/partners/
• Monthly private meetings with cloud native project leaders, TOC members, and
representatives from the Governing Board
• Access to leads from the kubernetes.io for end users looking for support
Requirements
• Three or more certified engineers
• Business model to support enterprise end users
• Be a CNCF member
https://www.cncf.io/certification/kcsp/

View Slide

16
118 Kubernetes Certified Service Providers

View Slide

17
KubeCon + CloudNativeCon
• North America 2019
– San Diego: November 18-21, 2019
• Europe 2020
– Amsterdam: March 30 - April 2, 2020
• China 2020
– Shanghai: July 28-30, 2020
• North America 2020
– Boston: November 17-20, 2020
kubecon.io

View Slide

18
KubeCon + CloudNativeCon Attendance

View Slide

19
Prospectus
• Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019
• Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020
• 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo &
Singapore, Seoul & Sydney
• Two-day events with a target audience of 1,500

View Slide

An intro to Kubernetes
Kubernetes lets you efficiently declaratively manage your apps at any scale

View Slide

21
Most importantly: What does
“Kubernetes” mean?
Kubernetes
= Greek for “pilot” or
“helmsman of a ship”

View Slide

22
What is Kubernetes?
= A Production-Grade Container Orchestration System
Google-grown, based on Borg and Omega, systems that run inside of Google
right now and are proven to work at Google for over 10 years.
Google spawns 2 billion containers per week with these systems.
Created by three Google employees initially during the summer of 2014;
grew exponentially and became the first project to get donated to the CNCF.
Hit the first production-grade version v1.0.1 in July 2015.
Has continually released a new minor version every three months since
v1.2.0 in March 2016. Lately v1.13.0 was released in December 2018.

View Slide

23
So what does Kubernetes actually do?
It abstracts away the underlying hardware, abstracts away the concept Node.
Principle: Manage your applications like Cattle (generic, bulk operations) instead of
like Pets (every operation is customized with care and love for the individual)
Kubernetes is the Linux for distributed systems.
In the same manner Linux (an OS) abstracts away the hardware differences (with
different CPU types, etc.), Kubernetes abstracts away the fact that you have 5 000
nodes in the node pool and provides consistent UX and operation methods for apps
You (the admin) declares the desired state, Kubernetes' main task is to make the
desired state the actual state.

View Slide

24
Nodes
Control Plane
Kubernetes’ high-level component architecture
Node 3
OS
Container
Runtime
Kubelet
Networking
Node 2
OS
Container
Runtime
Kubelet
Networking
Node 1
OS
Container
Runtime
Kubelet
Networking
API Server (REST API)
Controller Manager
(Controller Loops)
Scheduler
(Bind Pod to Node)
etcd (key-value DB, SSOT)
User
Legend:
CNI
CRI
OCI
Protobuf
gRPC
JSON

View Slide

25
kubeadm
= A tool that sets up a minimum viable, best-practice Kubernetes cluster
Master 1 Master N Node 1 Node N
kubeadm kubeadm kubeadm kubeadm
Cloud Provider Load Balancers Monitoring Logging
Cluster API Spec
Cluster API Cluster API Implementation
Addons
Kubernetes API
Bootstrapping
Machines
Infrastructure
Layer 2
The scope of
kubeadm
Layer 3
Layer 1

View Slide

26
kubeadm vs kops or kubespray
Two different projects, two different scopes
Master 1 Master N Node 1 Node N
kubeadm kubeadm kubeadm kubeadm
Cloud Provider Load Balancers Monitoring Logging
Cluster API Spec
Cluster API Cluster API Implementation
Addons
Kubernetes API
Bootstrapping
Machines
Infrastructure
kops

View Slide

27
Create a cluster with kubeadm
1. Provision a Linux machine with Ubuntu, Debian, RHEL, CentOS or Fedora
2. Install kubeadm:
3. Make kubeadm set up a master node for you:
4. Install a Pod Network solution from a third-party provider:
5. Repeat step 1 & 2 on an other node and join the cluster:
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo “deb http://apt.kubernetes.io/ kubernetes-xenial main” > /etc/apt/sources.list.d/kubernetes.list
apt-get update && apt-get install -y kubeadm docker.io
kubeadm init
kubectl apply -f https://git.io/weave-kube-1.6
kubeadm join --token :6443

View Slide

28
Fresh docs on how to extend Kubernetes
Brand new docs on how to extend Kubernetes
Kubernetes has many extension mechanisms:
● API Aggregation (GA)
● kubectl plugins (beta)
● CustomResourceDefinitions, Example intro (beta)
● Container Network Interface plugins (stable)
● Scheduler webhook & multiple (beta)
● Device plugins (GA)
● Admission webhooks (beta)
● External Cloud Provider Integrations (beta)
● API Server authn / authz webhooks (stable)
● Container Runtime Interface plugins (alpha)
● Container Storage Interface plugins (GA)

View Slide

29
Kubernetes in Search Trends
WeChat
Kubernetes OpenStack
Google Trends
Kubernetes OpenStack Mesos Docker Swarm Cloud Foundry
July-18 Aug-18 Sept-18 Oct-18
Source

View Slide

30
Everything is done in Special Interest Groups
Special Interest Groups (SIGs)
manage Kubernetes’ various
components and features.
All code in the Kubernetes Github
organization should be owned by one
or more SIGs; with directory-level
granularity.
SIGs have regular (often weekly)
video meetings where the attendees
discuss design decisions, new
features, bugs, testing, onboarding or
whatever else that is relevant to the
group. Attending these meetings is
the best way to get to know the
project
Image source

View Slide

31
Kubernetes’ incredible velocity (last 365 days!)
32 000+
human commits
15 000+
contributors
51 000+
opened
Pull Requests
73 000+
opened issues
88 000+
Kubernetes
professionals
35 000+
Kubernetes jobs
55 000+
users on Slack
50 000+
edX course enrolls
Source 5
Source 4
Last updated: 09.01.2019
Source 2
318 000+
Github comments
Source 1 Source 3

View Slide

Kubernetes’ Essential
Concepts
Dive into how to use Kubernetes for real

View Slide

33
The core primitive: A Pod
The basic, atomically deployable unit in Kubernetes.
A Pod consists of one or many co-located containers.
A Pod represents a single instance of an application.
The containers in a Pod share the loopback interface
(localhost) and can share mounted directories.
Each Pod has it’s own, uniquely assigned and internal IP.
Pods are mortal, which means that if the node the Pod runs on
becomes unavailable, the workload also goes unavailable.
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
containers:
- image: nginx:1.13.9
name: nginx
ports:
- name: http
containerPort: 80

View Slide

34
A replicated, upgradeable set of Pods: A
Deployment
With a Deployment, you can manage Pods in a
declarative and upgradable manner.
Note the replicas field. Kubernetes will make sure
that amount of Pods created from the template
always are available.
When the Deployment is updated, Kubernetes will
perform an rolling update of the Pods running in
the cluster. Kubernetes will create one new Pod,
and remove an old until all Pods are new.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx:1.13.9-alpine
name: nginx
ports:
- name: http
containerPort: 80
The Pod Template

View Slide

35
Various possible Deployment upgrade strategies
The built-in Deployment
behavior
The other strategies
can be implemented
fairly easily by talking to
the API.
Picture source: Kubernetes effect by Bilgin Ibryam

View Slide

36
Access your replicated Pods via a Service
A Service exposes one or many Pods via a stable, immortal,
internal IP address.
It’s also accessible via cluster-internal DNS:
{service}.{namespace}.svc.cluster.local, e.g.
nginx.default.svc.cluster.local
The Service selects Pods based on the label key-value
selectors (here app=nginx)
A Service may expose multiple ports. This ClusterIP can be
declaratively specified, or dynamically allocated.
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
selector:
app: nginx
The Pod Selector

View Slide

37
Expose your Service to the world with an Ingress
A Service is only accessible inside of the cluster.
In order to expose the Service to the internet, you
must deploy an Ingress controller, like Traefik,
and create an Ingress Rule
The Ingress rule is the Kubernetes-way of mapping
hostnames and paths from internet requests to
cluster-internal Services.
The Ingress controller is a loadbalancer that’s
creating forwarding rules based on the Ingress
Rules in the Kubernetes API.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
rules:
- host: nginx.demo.kubernetesfinland.com
http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80
The Service reference

View Slide

38
Isolate your stuff in a Namespace
Internet
nginx.demo.kubernetesfinland.com
Traeﬁk as Ingress Controller
Namespace: default
nginx Ingress Rule
nginx Service
nginx
Pod 1
nginx
Pod 2
nginx
Pod 3
nginx Deployment
A Namespace is a logical isolation method, most resources
are namespace-scoped.
You can group logically similar workloads in one
namespace and enforce different policies.
You can e.g. have one namespace per team, and let them
play in their own virtual environment.
Role Based Access Control (RBAC) can be used to control
what Kubernetes users can do, and what resources in what
namespaces an user can access is one of the parameters
to play with there.

View Slide

Thank you!
@luxas on Github
@luxas on Kubernetes’ Slack
@kubernetesonarm on Twitter
[email protected]

View Slide

40
Reference Slides below:
40

View Slide

41
Where is the community doing work?
1. On Slack: https://kubernetes.slack.com & http://slack.k8s.io
2. On Github: https://github.com/kubernetes (in ~150 repositories)
3. In weekly Special Interest Group (SIG), Working Group (WG) and Subproject meetings
Check out the community repo: https://github.com/kubernetes/community
Youtube archive of ALL meetings available in the Kubernetes Youtube channel
4. In the Kubernetes Community Meeting every Thursday 6pm - 7pm UTC
https://github.com/kubernetes/community/blob/master/events/community-meeting.md
5. On the Discuss Kubernetes site: https://discuss.kubernetes.io/
6. In Google Groups in #kubernetes-*, e.g. https://groups.google.com/forum/#!forum/kubernetes-dev
7. At meetups worldwide (~170 meetups / ~40 countries): https://www.meetup.com/pro/cncf/
8. In the community Office Hours and Meet Our Contributors - Ask Us Anything series

View Slide

42
How to start contributing?
1. Read as much of https://github.com/kubernetes/community as you can!!
2. Read the CONTRIBUTORS GUIDE
3. Find a SIG you’re interested to contribute to (e.g. SIG Cluster Lifecycle)
4. Create a Github account if you haven’t done so and sign up to the Kubernetes Slack: slack.k8s.io
5. Join the #sig-foo channels in Slack you’re interested in and #kubernetes-dev
6. Sign up to the #kubernetes-dev, #kubernetes-announce and #kubernetes-sig-foo mailing lists
7. Watch the New Contributor Series on Youtube from a New Contributor Summit
8. Check out the Codebase Tour in the “Meet Our Contributors” Youtube series
9. Learn how to use Kubernetes in more detail in this Free Kubernetes Course on edx.org
10. Join a weekly SIG meeting using Zoom and let them know you’d like to contribute :)

View Slide

Intro to the cloud-native world of Kubernetes -- October 2019

Intro to the cloud-native world of Kubernetes -- October 2019

Lucas Käldström

More Decks by Lucas Käldström

Other Decks in Technology

Featured

Transcript