Slide 1

Slide 1 text

Getting Started with Kubernetes Tiffany Jernigan Senior Developer Advocate VMware tiffanyfayj

Slide 2

Slide 2 text

T I F F A N Y F A Y J People started containerizing applications

Slide 3

Slide 3 text

T I F F A N Y F A Y J Containers made it easy to build and scale cloud-native applications

Slide 4

Slide 4 text

T I F F A N Y F A Y J People needed an easier way to manage large clusters with many containers

Slide 5

Slide 5 text

T I F F A N Y F A Y J T I F F A N Y F A Y J

Slide 6

Slide 6 text

T I F F A N Y F A Y J

Slide 7

Slide 7 text

T I F F A N Y F A Y J ON-PREMISES CLOUD KUBERNETES CAN BE RUN ANYWHERE

Slide 8

Slide 8 text

CONCEPTS T I F F A N Y F A Y J

Slide 9

Slide 9 text

T I F F A N Y F A Y J CLUSTER ARCHITECTURE kubernetes.io/docs/concepts/architecture

Slide 10

Slide 10 text

T I F F A N Y F A Y J NODES • When you deploy Kubernetes, you get a cluster. These clusters consist of nodes. • Virtual or physical machines • Node Types • Control Plane • Worker kubernetes.io/docs/concepts/overview/components

Slide 11

Slide 11 text

T I F F A N Y F A Y J NODES API server controller manager scheduler etcd cloud controller manager kubelet kube-proxy container runtime control plane worker

Slide 12

Slide 12 text

T I F F A N Y F A Y J CONTROL PLANE API server controller manager scheduler etcd cloud controller manager

Slide 13

Slide 13 text

T I F F A N Y F A Y J WORKER NODES kubelet kube-proxy container runtime

Slide 14

Slide 14 text

T I F F A N Y F A Y J WORKLOADS

Slide 15

Slide 15 text

T I F F A N Y F A Y J WORKLOADS Pods • Basic execution unit of a Kubernetes application • Will not reschedule on failure Deployment • Allows scaling, rolling updates, rollbacks • Delegates pod management to ReplicaSets ReplicaSet • Maintains a stable set of replica Pods running at any given time

Slide 16

Slide 16 text

T I F F A N Y F A Y J WORKLOADS StatefulSet • Used to manage stateful applications • Manages deployment DaemonSet • Creates an instance of a pod on each worker node Job • Runs pod(s) until completion CronJob • Creates Jobs on a repeating schedule

Slide 17

Slide 17 text

T I F F A N Y F A Y J SERVICES kubernetes.io/docs/concepts/services-networking

Slide 18

Slide 18 text

T I F F A N Y F A Y J SERVICES • Services give us a stable endpoint to connect to a pod or a group of pods • Maps a fixed IP address to a logical group of pods • Different types: • ClusterIP, NodePort, LoadBalancer, ExternalName • There are more kinds and flavors of services, but we won’t get into those today

Slide 19

Slide 19 text

T I F F A N Y F A Y J BASIC SERVICE TYPES • ClusterIP (default) • A virtual IP address is allocated for the service (internal private range) • This IP is only reachable from inside the cluster • NodePort • Port allocated for the service (in 30000-32767 range) • Port is available on all node • LoadBalancer • External LB allocated (typically a cloud LB) • Typically costs a little money

Slide 20

Slide 20 text

T I F F A N Y F A Y J NETWORKING kubernetes.io/docs/concepts/services-networking

Slide 21

Slide 21 text

T I F F A N Y F A Y J KUBERNETES NETWORK MODEL • TL;DR: our cluster (nodes and pods) is one big flat IP network • In detail: ⁃ all nodes must be able to reach each other, without NAT ⁃ all pods must be able to reach each other, without NAT ⁃ pods and nodes must be able to reach each other, without NAT ⁃ each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any other particular implementation

Slide 22

Slide 22 text

T I F F A N Y F A Y J CONTAINER NETWORK INTERFACE (CNI) • When a pod is created, Kubernetes delegates the network setup to CNI plugins (it can be a single plugin, or a combination of plugins, each doing one task) • Has a well-defined specification for network plugins https://github.com/containernetworking/cni/blob/master/SP EC.md#network-configuration

Slide 23

Slide 23 text

T I F F A N Y F A Y J INGRESS

Slide 24

Slide 24 text

T I F F A N Y F A Y J CONFIGURATION kubernetes.io/docs/concepts/configuration

Slide 25

Slide 25 text

T I F F A N Y F A Y J CONFIGURATION • ConfigMaps • Stores data as key-value pairs • Allows you to decouple environment-specific configuration from your container images • Secrets • Store and manage sensitive information

Slide 26

Slide 26 text

T I F F A N Y F A Y J SECURITY kubernetes.io/docs/concepts/security/

Slide 27

Slide 27 text

T I F F A N Y F A Y J SECURITY • Namespaces • Service accounts • Role-based access control (RBAC) • Secrets • And there’s a lot more • https://kubernetes.io/docs/reference/access-authn-authz/

Slide 28

Slide 28 text

T I F F A N Y F A Y J COMMUNICATION WITH K8S API • kubectl • CLI tool used to interface with the Kubernetes API • ~/.kube/config • kubeconfig file is used for securely accessing your cluster

Slide 29

Slide 29 text

T I F F A N Y F A Y J SOME OTHER THINGS TO LOOK INTO • Volumes • Autoscaling • Role-based access control (RBAC) • Load Balancing • Custom Resource Definitions (CRD) • Ingress controllers

Slide 30

Slide 30 text

T I F F A N Y F A Y J A FEW TOOLS TO MANAGE STACKS • Shell scripts invoking kubectl • YAML resource manifests committed to a repo • Kustomize (YAML manifests + patches applied on top) https://github.com/kubernetes-sigs/kustomize • Helm (YAML manifests + templating engine) https://github.com/kubernetes/helm • Carvel https://carvel.dev/

Slide 31

Slide 31 text

T I F F A N Y F A Y J LINKS AND RESOURCES • https://kubernetes.io/ • https://tanzu.vmware.com/developer • https://tanzu.tv • https://kubernetes.io/community/ - Slack, Google Groups, meetups • Free Training: • https://kube.academy/ • https://kubernetes.io/docs/tutorials/ • https://labs.play-with-k8s.com/

Slide 32

Slide 32 text

tiffanyfayj Special thanks to: Jérôme Petazzoni @jpetazzo THANK YOU!