Getting Started with Kubernetes 2020-6-11

Slide 1

Slide 1 text

Getting Started with Kubernetes Tiffany Jernigan Senior Developer Advocate VMware tiffanyfayj

Slide 2

Slide 2 text

T I F F A N Y F A Y J DOCKER People started containerizing applications

Slide 3

Slide 3 text

T I F F A N Y F A Y J Containers made it easy to build and scale cloud-native applications

Slide 4

Slide 4 text

T I F F A N Y F A Y J People needed an easier way to manage large clusters with many containers

Slide 5

Slide 5 text

T I F F A N Y F A Y J T I F F A N Y F A Y J

Slide 6

Slide 6 text

T I F F A N Y F A Y J Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications WHAT IS KUBERNETES?

Slide 7

Slide 7 text

T I F F A N Y F A Y J A SINGLE EXTENSIBLE API SCALE PERFORMANCE BREADTH

Slide 8

Slide 8 text

T I F F A N Y F A Y J

Slide 9

Slide 9 text

T I F F A N Y F A Y J ON-PREMISES CLOUD KUBERNETES CAN BE RUN ANYWHERE

Slide 10

Slide 10 text

CONCEPTS T I F F A N Y F A Y J

Slide 11

Slide 11 text

T I F F A N Y F A Y J CLUSTER COMPONENTS

Slide 12

Slide 12 text

T I F F A N Y F A Y J NODES • When you deploy Kubernetes, you get a cluster. These clusters consist of nodes. • Virtual or physical machines • Node Types • Control Plane/Master • Worker

Slide 13

Slide 13 text

T I F F A N Y F A Y J NODES API server controller manager scheduler etcd cloud controller manager kubelet kube-proxy container runtime control plane worker

Slide 14

Slide 14 text

T I F F A N Y F A Y J CONTROL PLANE API server controller manager scheduler etcd cloud controller manager

Slide 15

Slide 15 text

T I F F A N Y F A Y J WORKER NODES kubelet kube-proxy container runtime

Slide 16

Slide 16 text

T I F F A N Y F A Y J OBJECTS

Slide 17

Slide 17 text

T I F F A N Y F A Y J OBJECTS Pods • Basic execution unit of a Kubernetes application • Will not reschedule on failure Deployment • Allows scaling, rolling updates, rollbacks • Delegates pod management to ReplicaSets ReplicaSet • Maintains a stable set of replica Pods running at any given time

Slide 18

Slide 18 text

T I F F A N Y F A Y J OBJECTS StatefulSet • Used to manage stateful applications • Manages deployment DaemonSet • Creates an instance of a pod on each worker node Job • Runs pod(s) until completion CronJob • Creates Jobs on a repeating schedule

Slide 19

Slide 19 text

T I F F A N Y F A Y J SERVICES

Slide 20

Slide 20 text

T I F F A N Y F A Y J SERVICES • Services give us a stable endpoint to connect to a pod or a group of pods • Maps a fixed IP address to a logical group of pods • Different types: • ClusterIP, NodePort, LoadBalancer, ExternalName • There are more kinds and flavors of services, but we won’t get into those today

Slide 21

Slide 21 text

T I F F A N Y F A Y J BASIC SERVICE TYPES • ClusterIP (default) • A virtual IP address is allocated for the service (internal private range) • This IP is only reachable from inside the cluster • NodePort • Port allocated for the service (in 30000-32767 range) • Port is available on all node • LoadBalancer • External LB allocated (typically a cloud LB) • Typically costs a little money

Slide 22

Slide 22 text

T I F F A N Y F A Y J NETWORKING

Slide 23

Slide 23 text

T I F F A N Y F A Y J KUBERNETES NETWORK MODEL • TL;DR: our cluster (nodes and pods) is one big flat IP network • In detail: ⁃ all nodes must be able to reach each other, without NAT ⁃ all pods must be able to reach each other, without NAT ⁃ pods and nodes must be able to reach each other, without NAT ⁃ each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any other particular implementation

Slide 24

Slide 24 text

T I F F A N Y F A Y J CONTAINER NETWORK INTERFACE (CNI) • Has a well-defined specification for network plugins https://github.com/containernetworking/cni/blob/master/SP EC.md#network-configuration • When a pod is created, Kubernetes delegates the network setup to CNI plugins (it can be a single plugin, or a combination of plugins, each doing one task)

Slide 25

Slide 25 text

T I F F A N Y F A Y J SECURITY

Slide 26

Slide 26 text

T I F F A N Y F A Y J SECURITY • Namespaces • Service accounts • Role-based access control (RBAC) • Secrets • And there’s a lot more • https://kubernetes.io/docs/reference/access-authn-authz/

Slide 27

Slide 27 text

T I F F A N Y F A Y J COMMUNICATION WITH K8S API • kubectl • CLI tool used to interface with the Kubernetes API • ~/.kube/config • Kubeconfig file is used for securely accessing your cluster

Slide 28

Slide 28 text

DEMO T I F F A N Y F A Y J

Slide 29

Slide 29 text

T I F F A N Y F A Y J SOME OTHER THINGS TO LOOK INTO • ConfigMaps • Volumes • Autoscaling • Role-based access control (RBAC) • Secrets

Slide 30

Slide 30 text

T I F F A N Y F A Y J A FEW TOOLS TO MANAGE STACKS • Shell scripts invoking kubectl • YAML resource manifests committed to a repo • Kustomize (YAML manifests + patches applied on top) https://github.com/kubernetes-sigs/kustomize • Helm (YAML manifests + templating engine) https://github.com/kubernetes/helm • K14s https://k14s.io/

Slide 31

Slide 31 text

T I F F A N Y F A Y J LINKS AND RESOURCES • https://kubernetes.io/ • https://tanzu.vmware.com/ • https://container.training/ - @jpetazzo’s awesome workshops • https://kubernetes.io/community/ - Slack, Google Groups, meetups • Free Training: • https://kube.academy/ • https://kubernetes.io/docs/tutorials/ • https://labs.play-with-k8s.com/

Slide 32

Slide 32 text

tiffanyfayj Special thanks to: Jérôme Petazzoni @jpetazzo THANK YOU!