Getting Started with Kubernetes Tiffany Jernigan Senior Developer Advocate VMware tiffanyfayj

T I F F A N Y F A Y J People started containerizing applications

T I F F A N Y F A Y J Containers made it easy to build and scale cloud-native applications

T I F F A N Y F A Y J People needed an easier way to manage large clusters with many containers

T I F F A N Y F A Y J T I F F A N Y F A Y J

T I F F A N Y F A Y J

T I F F A N Y F A Y J ON-PREMISES CLOUD KUBERNETES CAN BE RUN ANYWHERE

CONCEPTS T I F F A N Y F A Y J

T I F F A N Y F A Y J CLUSTER ARCHITECTURE kubernetes.io/docs/concepts/architecture

T I F F A N Y F A Y J NODES • When you deploy Kubernetes, you get a cluster. These clusters consist of nodes. • Virtual or physical machines • Node Types • Control Plane • Worker kubernetes.io/docs/concepts/overview/components

T I F F A N Y F A Y J NODES API server controller manager scheduler etcd cloud controller manager kubelet kube-proxy container runtime control plane worker

T I F F A N Y F A Y J CONTROL PLANE API server controller manager scheduler etcd cloud controller manager

T I F F A N Y F A Y J WORKER NODES kubelet kube-proxy container runtime

T I F F A N Y F A Y J WORKLOADS

T I F F A N Y F A Y J WORKLOADS Pods • Basic execution unit of a Kubernetes application • Will not reschedule on failure Deployment • Allows scaling, rolling updates, rollbacks • Delegates pod management to ReplicaSets ReplicaSet • Maintains a stable set of replica Pods running at any given time

T I F F A N Y F A Y J WORKLOADS StatefulSet • Used to manage stateful applications • Manages deployment DaemonSet • Creates an instance of a pod on each worker node Job • Runs pod(s) until completion CronJob • Creates Jobs on a repeating schedule

T I F F A N Y F A Y J SERVICES kubernetes.io/docs/concepts/services-networking

T I F F A N Y F A Y J SERVICES • Services give us a stable endpoint to connect to a pod or a group of pods • Maps a fixed IP address to a logical group of pods • Different types: • ClusterIP, NodePort, LoadBalancer, ExternalName • There are more kinds and flavors of services, but we won’t get into those today

T I F F A N Y F A Y J BASIC SERVICE TYPES • ClusterIP (default) • A virtual IP address is allocated for the service (internal private range) • This IP is only reachable from inside the cluster • NodePort • Port allocated for the service (in 30000-32767 range) • Port is available on all node • LoadBalancer • External LB allocated (typically a cloud LB) • Typically costs a little money

T I F F A N Y F A Y J NETWORKING kubernetes.io/docs/concepts/services-networking

T I F F A N Y F A Y J KUBERNETES NETWORK MODEL • TL;DR: our cluster (nodes and pods) is one big flat IP network • In detail: ⁃ all nodes must be able to reach each other, without NAT ⁃ all pods must be able to reach each other, without NAT ⁃ pods and nodes must be able to reach each other, without NAT ⁃ each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any other particular implementation

T I F F A N Y F A Y J CONTAINER NETWORK INTERFACE (CNI) • When a pod is created, Kubernetes delegates the network setup to CNI plugins (it can be a single plugin, or a combination of plugins, each doing one task) • Has a well-defined specification for network plugins https://github.com/containernetworking/cni/blob/master/SP EC.md#network-configuration

T I F F A N Y F A Y J INGRESS

T I F F A N Y F A Y J CONFIGURATION kubernetes.io/docs/concepts/configuration

T I F F A N Y F A Y J CONFIGURATION • ConfigMaps • Stores data as key-value pairs • Allows you to decouple environment-specific configuration from your container images • Secrets • Store and manage sensitive information

T I F F A N Y F A Y J SECURITY kubernetes.io/docs/concepts/security/

T I F F A N Y F A Y J SECURITY • Namespaces • Service accounts • Role-based access control (RBAC) • Secrets • And there’s a lot more • https://kubernetes.io/docs/reference/access-authn-authz/

T I F F A N Y F A Y J COMMUNICATION WITH K8S API • kubectl • CLI tool used to interface with the Kubernetes API • ~/.kube/config • kubeconfig file is used for securely accessing your cluster

T I F F A N Y F A Y J SOME OTHER THINGS TO LOOK INTO • Volumes • Autoscaling • Role-based access control (RBAC) • Load Balancing • Custom Resource Definitions (CRD) • Ingress controllers

T I F F A N Y F A Y J A FEW TOOLS TO MANAGE STACKS • Shell scripts invoking kubectl • YAML resource manifests committed to a repo • Kustomize (YAML manifests + patches applied on top) https://github.com/kubernetes-sigs/kustomize • Helm (YAML manifests + templating engine) https://github.com/kubernetes/helm • Carvel https://carvel.dev/

T I F F A N Y F A Y J LINKS AND RESOURCES • https://kubernetes.io/ • https://tanzu.vmware.com/developer • https://tanzu.tv • https://kubernetes.io/community/ - Slack, Google Groups, meetups • Free Training: • https://kube.academy/ • https://kubernetes.io/docs/tutorials/ • https://labs.play-with-k8s.com/

tiffanyfayj Special thanks to: Jérôme Petazzoni @jpetazzo THANK YOU!