Getting Started with Kubernetes

Slide 1

Slide 1 text

Getting Started with Kubernetes Prepare Hands-On Environment: http://bit.ly/2LLVkvg All Lab base on K8s@1.12 Presenter: Shan-Jung Fu Date: 2019/01/03 1

Slide 2

Slide 2 text

Agenda Chapter 1 - Overview Chapter 2 - Hands-on Chapter 3 - Dive Into K8s 2 Additional

Slide 3

Slide 3 text

Chapter 1 - Overview 3

Slide 4

Slide 4 text

Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 4

Slide 5

Slide 5 text

Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 5

Slide 6

Slide 6 text

Kubernetes Introduction ● Kubernetes is Greek for captain or pilot ● Aka K8s, replace “ubernete” with 8 ● Experiences from Google & design by Google ● An open-source system 6

Slide 7

Slide 7 text

Kubernetes Introduction (Cont.) ● A container platform ● A microservices platform ● A portable cloud platform & a lot more ● Provide a container-centric management environment ● Orchestrate computing, networking, & storage infrastructure on behalf of user workloads 7

Slide 8

Slide 8 text

Kubernetes is becoming the Linux of the cloud Jim Zemlin, Linux Foundation 8

Slide 9

Slide 9 text

Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 9

Slide 10

Slide 10 text

Kubernetes Setup Solutions ● Local-machine solutions ● Hosted solutions ● Turnkey cloud solutions ● Custom solutions ● etc. 10

Slide 11

Slide 11 text

Kubernetes Setup Solutions (Cont.) ● Local-machine solutions A local, single-node Kubernetes cluster for development and testing ○ Minikube ○ microk8s ○ etc. ● Hosted solutions ● Turnkey cloud solutions ● Custom solutions 11

Slide 12

Slide 12 text

Kubernetes Setup Solutions (Cont.) ● Local-machine solutions ● Hosted solutions Maintain more machines and higher availability ○ OpenShift ○ VMware Cloud PKS ○ etc. ● Turnkey cloud solutions ● Custom solutions ● ... 12

Slide 13

Slide 13 text

Kubernetes Setup Solutions (Cont.) ● Local-machine solutions ● Hosted solutions ● Turnkey cloud solutions Create K8s clusters on a range of Cloud IaaS providers with only a few commands ○ AWS ○ Google Compute Engine (GCE) ○ etc. ● Custom solutions ● ... 13

Slide 14

Slide 14 text

Kubernetes Setup Solutions (Cont.) ● Local-machine solutions ● Hosted solutions ● Turnkey cloud solutions ● On-premises turnkey cloud solutions ● Custom solutions ○ kubeadm ○ Kubespray ○ Kubernetes The Hard Way ○ etc. ● etc. 14

Slide 15

Slide 15 text

Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 15

Slide 16

Slide 16 text

Kubernetes Architecture apiserver etcd scheduler controller kubelet kubelet kubelet API CLI UI Users Control plane Nodes 16

Slide 17

Slide 17 text

Node ● A worker machine in K8s ● Can be a VM or physical machine ● also called "minions" ● Node components include: ○ Kubelet ○ Kube-proxy ○ Container Runtime ● Components run on each node Kubernetes Architecture (Cont.) Node Kubelet Container Runtime Kube-proxy Pod Pod Pod 17

Slide 18

Slide 18 text

Kubernetes Architecture (Cont.) ● The components of Control plane (its "brains"): ○ API server (our point of entry to everything!) ○ core services ■ scheduler ■ controller manager ○ etcd ■ A highly available key/value store ■ "database" of K8s ● Also called the "master" 18

Slide 19

Slide 19 text

Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 19

Slide 20

Slide 20 text

Node Components (Cont.) ● An agent ● Makes sure that containers are running in a pod. kubelet ● Enable the K8s service abstraction by maintaining network rules. ● Performing connection forwarding. kube-proxy ● Responsible for running containers. ● K8s supports several runtimes(software): Docker, rkt, runc & any OCI runtime-spec implementation. Container Runtime 20

Slide 21

Slide 21 text

Master Components ● Exposes the Kubernetes API. ● The front-end for the K8s control plane. kube-apiserver ● K8s’ backing store for all cluster data. ● A highly-available key value store. etcd ● Selects a node for them to run on. ● scheduling decisions kube-scheduler ● Runs controllers ○ Node Controller: Responsible for responding when nodes go down. ○ Endpoints Controller: Endpoints object (that is, joins Services & Pods). ○ Service Account & Token Controllers, Replication Controller kube-controller -manager 21

Slide 22

Slide 22 text

Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 22

Slide 23

Slide 23 text

● Do many actions: create, update, delete ... ● Contain a lot of objects called resources ○ These resources are organized by type or Kind (in the API) Kubernetes API 23

Slide 24

Slide 24 text

Kubernetes Resources (Cont.) ● We can see the full list by running kubectl api-resources (In Kubernetes 1.10 and prior, the command to list API resources was kubectl get) 24

Slide 25

Slide 25 text

NAME SHORTNAMES NAMESPACED KIND bindings true Binding componentstatuses cs false ComponentStatus configmaps cm true ConfigMap endpoints ep true Endpoints events ev true Event limitranges limits true LimitRange namespaces ns false Namespace nodes no false Node persistentvolumeclaims pvc true PersistentVolumeClaim persistentvolumes pv false PersistentVolume pods po true Pod podtemplates true PodTemplate replicationcontrollers rc true ReplicationController resourcequotas quota true ResourceQuota secrets true Secret serviceaccounts sa true ServiceAccount services svc true Service initializerconfigurations false InitializerConfiguration mutatingwebhookconfigurations false MutatingWebhookConfiguration validatingwebhookconfigurations false ValidatingWebhookConfiguration customresourcedefinitions crd,crds false CustomResourceDefinition apiservices false APIService controllerrevisions true ControllerRevision daemonsets ds true DaemonSet deployments deploy true Deployment replicasets rs true ReplicaSet statefulsets sts true StatefulSet tokenreviews false TokenReview localsubjectaccessreviews true LocalSubjectAccessReview Kubernetes Resources (Cont.) 25

Slide 26

Slide 26 text

Kubernetes Resources (Cont.) NAME SHORTNAMES NAMESPACED KIND selfsubjectaccessreviews false SelfSubjectAccessReview selfsubjectrulesreviews false SelfSubjectRulesReview subjectaccessreviews false SubjectAccessReview horizontalpodautoscalers hpa true HorizontalPodAutoscaler cronjobs cj true CronJob jobs true Job certificatesigningrequests csr false CertificateSigningRequest leases true Lease events ev true Event daemonsets ds true DaemonSet deployments deploy true Deployment ingresses ing true Ingress networkpolicies netpol true NetworkPolicy podsecuritypolicies psp false PodSecurityPolicy replicasets rs true ReplicaSet networkpolicies netpol true NetworkPolicy poddisruptionbudgets pdb true PodDisruptionBudget podsecuritypolicies psp false PodSecurityPolicy clusterrolebindings false ClusterRoleBinding clusterroles false ClusterRole rolebindings true RoleBinding roles true Role priorityclasses pc false PriorityClass podpresets true PodPreset storageclasses sc false StorageClass volumeattachments false VolumeAttachment 26

Slide 27

Slide 27 text

Chapter 2 - Hands-on 27

Slide 28

Slide 28 text

Setup K8s Env Access K8s master K8s Objects Config Play with resources Chapter 2 Hands-on 28

Slide 29

Slide 29 text

Setup K8s Env Access K8s master K8s Objects Config Play with resources Chapter 2 Hands-on 29

Slide 30

Slide 30 text

kubeadm ● Prepare lab environment: ○ OS: Linux or MacOS ○ Softwares: ■ VirtualBox v5.1 ■ Vagrant v2.1.1 ○ Start the VM Refer to Vagrantfile to deploy K8s on host using kubeadm 30 cd ~/ && git clone https://github.com/sufuf3/hands-on-w-tutorials. git cd ~/hands-on-w-tutorials/2019-01-03/ && vagrant up --provider=virtualbox Node apiserver etcd scheduler controller Kubelet Container Runtime Kube-proxy Pod Pod Pod

Slide 31

Slide 31 text

Online Learning ● https://www.katacoda.com/courses/kubernetes 31

Slide 32

Slide 32 text

Online Learning (Cont.) • https://labs.play-with-k8s.com/ • GitHub Repository: https://github.com/play-with-docker/play-with-docker 32

Slide 33

Slide 33 text

Setup K8s Env Access K8s master K8s Objects Config Play with resources Chapter 2 Hands-on 33

Slide 34

Slide 34 text

Access K8s master ● CLI (Command Line Interface) ● API (Application Program Interface) ● UI (User Interface) 34

Slide 35

Slide 35 text

● Tool: kubectl ● Install kubectl binary (eg. Ubuntu) ● Syntax kubectl [command] [TYPE] [NAME] [flags] ● command: create, get, describe, delete ● TYPE: resource type ● NAME: the name of the resource ● flags: Specifies optional flags. ● CLI ● API ● UI CLI (Command Line Interface) 35 sudo apt-get update && sudo apt-get install -y apt-transport-https curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl

Slide 36

Slide 36 text

$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-576cbf47c7-2d4r6 1/1 Running 0 21h kube-system coredns-576cbf47c7-7vk54 1/1 Running 0 21h kube-system etcd-k8slab 1/1 Running 0 21h kube-system kube-apiserver-k8slab 1/1 Running 0 21h kube-system kube-controller-manager-k8slab 1/1 Running 0 21h kube-system kube-flannel-ds-gb5c8 1/1 Running 0 21h kube-system kube-proxy-zqn82 1/1 Running 0 21h kube-system kube-scheduler-k8slab 1/1 Running 0 21h kube-system kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 21h kube-system tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 21h ● CLI ● API ● UI CLI (Cont.) 36

Slide 37

Slide 37 text

$ curl -s https://172.17.8.100:6443/api/ -k | jq { "kind": "APIVersions", "versions": [ "v1" ], "serverAddressByClientCIDRs": [ { "clientCIDR": "0.0.0.0/0", "serverAddress": "172.17.8.100:6443" } ] } ● CLI ● API ● UI API (Application Program Interface) 37

Slide 38

Slide 38 text

$ curl -s https://172.17.8.100:6443/api/v1/nodes -k | jq $ curl -s https://172.17.8.100:6443/api/v1/namespaces/kub e-system/pods -k | jq ... ● CLI ● API ● UI API (Cont.) 38

Slide 39

Slide 39 text

● CLI ● API ● UI UI (User Interface) 39

Slide 40

Slide 40 text

● CLI ● API ● UI UI (Cont.) 0. Need deploy dashboard before 1. Access https://172.17.8.100:32641 2. Use kubectl get the token kubectl -n kube-system describe secrets $(kubectl -n kube-system get sa dashboard -o yaml | grep dashboard-token | cut -f2 -d':') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' 3. Paste the token in web UI & click SIGN IN 40

Slide 41

Slide 41 text

Chapter 2 Hands-on Setup K8s Env Access K8s master K8s Objects Config Play with resources 41

Slide 42

Slide 42 text

● Describing a K8s Object ● Labels ● Selectors K8s Objects Config 42

Slide 43

Slide 43 text

apiVersion: v1 kind: RESOURCE_TYPE metadata: name: namespace: spec: ... Describing a K8s Object ● Provide the object spec to create an object in K8s ● Object spec describes: ○ Its desired state ○ Some basic info. about the object (such as a name) ● Most often, we provide the info. to kubectl in a .yaml file. 43 ● Describing a K8s Object ● Labels ● Selectors ● apiVersion - the version of K8s API you’re using to create this object ● kind - What kind of object you want to create ● metadata - Data that helps uniquely identify the object ● Spec - Is different for every K8s object, & contains nested fields specific to that object.

Slide 44

Slide 44 text

● Key/value pairs are attached to objects ● Do not provide uniqueness ● Are used as identifying attributes for objects ● Keys & values of Valid label must be ○ 63 characters or less ○ beginning and ending with ■ an alphanumeric character ([a-z0-9A-Z]) ■ dashes (-) ■ underscores (_) ■ dots (.) ■ alphanumerics between Labels 44 ● Describing a K8s Object ● Labels ● Selectors "metadata": { "labels": { "key1" : "value1", "key2" : "value2" } }

Slide 45

Slide 45 text

Selectors ● Are core grouping primitive in K8s ● K8s API currently supports two type of selectors − ○ Equality-based selectors ■ Allow filtering by key & value ○ Set-based selectors ■ Allow filtering of keys according to a set of values. 45 ● Describing a K8s Object ● Labels ● Selectors selector: matchLabels: component: redis nodeSelector: accelerator: nvidia-tesla-p100

Slide 46

Slide 46 text

Chapter 2 Hands-on Setup K8s Env Access K8s master K8s Objects Config Play with resources 46

Slide 47

Slide 47 text

Play with resources (8/54) ● Cluster ○ Namespace ● Workloads ○ Pods ○ Deployments ○ DaemonSets ● Storage & Config ○ Volume ○ ConfigMaps ○ Secrets ● Discovery & Load Balancing ○ Services 47

Slide 48

Slide 48 text

● Cluster ○ Namespace ● Workloads ○ Pods ○ Deployments ○ DaemonSets ● Storage & Config ○ Volume ○ ConfigMaps ○ Secrets ● Discovery & Load Balancing ○ Services Play with resources (8/54) 48

Slide 49

Slide 49 text

Namespace (NS) ● Virtual clusters ● Functionalities ○ Help pod-to-pod communication using the same NS ○ Can sit on top of the same physical cluster ○ Provide logical separation between the teams & the environments ● Not all objects are in a namespace 49 # In a namespace $ kubectl api-resources --namespaced=true # Not in a namespace $ kubectl api-resources --namespaced=false

Slide 50

Slide 50 text

Namespace (Cont.) Hands-on 1. Create a namespace(ns) 2. Viewing namespaces(ns) 3. Viewing resources under a namespace(ns) 4. Using Namespace in pod - Example 50

Slide 51

Slide 51 text

1. Create a namespace(ns) Namespace (Cont.) 51 apiVersion: v1 kind: Namespace metadata: name: my-ns $ kubectl create -f namespace/ns.yaml

Slide 52

Slide 52 text

2. Viewing namespaces(ns) Namespace (Cont.) 52 $ kubectl get namespaces NAME STATUS AGE default Active 1d kube-system Active 1d kube-public Active 1d

Slide 53

Slide 53 text

Namespace (Cont.) 53 $ kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-576cbf47c7-2d4r6 1/1 Running 0 25h coredns-576cbf47c7-7vk54 1/1 Running 0 25h etcd-k8slab 1/1 Running 0 25h kube-apiserver-k8slab 1/1 Running 0 25h kube-controller-manager-k8slab 1/1 Running 0 25h kube-flannel-ds-gb5c8 1/1 Running 0 25h kube-proxy-zqn82 1/1 Running 0 25h kube-scheduler-k8slab 1/1 Running 0 25h kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 25h tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 25h 3. Viewing resources under a namespace(ns)

Slide 54

Slide 54 text

4. Using Namespace in pod - Example (namespace/pod.yaml) Namespace (Cont.) 54 apiVersion: v1 kind: Pod metadata: name: nginx-demo namespace: my-ns spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80

Slide 55

Slide 55 text

Slide 56

Slide 56 text

Pod ● A group of one or more application containers ● Shared resources for those containers ○ Shared storage, as Volumes ○ Networking, as a unique cluster IP address ○ Information about how to run each container 56 ● Pods ● Deployments ● DaemonSets

Slide 57

Slide 57 text

Pod (Cont.) Hands-on 1. Create a pod 2. Get pods 3. Get the description of pod 4. Get logs of pod 5. Start a bash session in the pod’s container 6. Delete the pod 57 ● Pods ● Deployments ● DaemonSets

Slide 58

Slide 58 text

1. Create a pod Pod (Cont.) 58 ● Pods ● Deployments ● DaemonSets apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: mycontainer image: busybox command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600'] $ kubectl create -f pod/pod.yaml

Slide 59

Slide 59 text

2. Get pods $ kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE myapp-pod 1/1 Running 0 3m27s 10.244.0.6 k8slab Pod (Cont.) 59 ● Pods ● Deployments ● DaemonSets

Slide 60

Slide 60 text

3. Get the description of pod $ kubectl describe pod myapp-pod Name: myapp-pod Namespace: default Priority: 0 PriorityClassName: Node: k8slab/10.0.2.15 Start Time: Mon, 31 Dec 2018 17:30:58 +0000 Labels: app=myapp Annotations: Status: Running IP: 10.244.0.6 ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 5m49s default-scheduler Successfully assigned default/myapp-pod to k8slab Normal Pulling 5m48s kubelet, k8slab pulling image "busybox" Normal Pulled 5m43s kubelet, k8slab Successfully pulled image "busybox" Normal Created 5m43s kubelet, k8slab Created container Normal Started 5m43s kubelet, k8slab Started container Pod (Cont.) 60 ● Pods ● Deployments ● DaemonSets

Slide 61

Slide 61 text

4. Get logs of pod $ kubectl logs myapp-pod Hello Kubernetes! $ kubectl logs -f myapp-pod Hello Kubernetes! ^C Pod (Cont.) 61 ● Pods ● Deployments ● DaemonSets

Slide 62

Slide 62 text

5. Start a sh session in the pod’s container $ kubectl exec -it myapp-pod -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit $ kubectl exec -it myapp-pod -c mycontainer -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit Pod (Cont.) 62 ● Pods ● Deployments ● DaemonSets

Slide 63

Slide 63 text

Pod (Cont.) 63 ● Pods ● Deployments ● DaemonSets 6. Delete the pod $ kubectl delete po myapp-pod pod "myapp-pod" deleted $ kubectl delete -f pod/pod.yaml pod "myapp-pod" deleted ● Force delete a pod on a dead node $ kubectl delete po myapp-pod --grace-period=0 --force

Slide 64

Slide 64 text

Deployment ● Is responsible for creating & updating instances of the application. ● Support rolling update & recreate to update pod template. 64 ● Pods ● Deployments ● DaemonSets

Slide 65

Slide 65 text

1. $ 2. $ $ 3. $ Deployment (Cont.) Create a deployment kubectl create -f deployment/nginx-deploy.yaml Get the deployment kubectl get deploy -o wide kubectl get all -l app=nginx -o wide NAME READY STATUS RESTARTS AGE ... pod/nginx-deployment-d55b94fd-gnm89 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-jqkvx 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-rtp4f 1/1 Running 1 34h ... NAME DESIRED CURRENT UP-TO-DATE AVAILABLE deployment.apps/nginx-deployment 3 3 3 3 NAME DESIRED CURRENT READY AGE ... replicaset.apps/nginx-deployment-d55b94fd 3 3 3 34h ... Delete the deployment kubectl delete deploy nginx-deployment 65 ● Pods ● Deployments ● DaemonSets Hands-on

Slide 66

Slide 66 text

Deployment (Cont.) 66 ● Pods ● Deployments ● DaemonSets apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 #creates three replicated Pods selector: #defines how Deploy finds which Pods to manage matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.15.4 ports: - containerPort: 80

Slide 67

Slide 67 text

DaemonSet ● Manage groups of replicated Pods ● Ensures that all (or some) Nodes run a copy of a Pod ● Typical uses ○ A cluster storage daemon ○ A logs collection daemon ○ A node monitoring daemon 67 ● Pods ● Deployments ● DaemonSets

Slide 68

Slide 68 text

Hands-on DaemonSet (Cont.) 68 ● Pods ● Deployments ● DaemonSets 1. $ 2. $ 3. $ Create a daemonset kubectl create -f daemonset/fluentd-ds.yaml Get the daemonset kubectl get ds -n kube-system -l k8s-app=fluentd-logging Delete the daemonset kubectl delete ds fluentd -n kube-system

Slide 69

Slide 69 text

DaemonSet (Cont.) apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace: kube-system labels: k8s-app: fluentd-logging spec: selector: matchLabels: name: fluentd # Label selector that determines which Pods belong to the DaemonSet template: metadata: labels: name: fluentd # Pod template's label selector spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule containers: - name: fluentd image: gcr.io/google-containers/fluentd-elasticsearch:1.20 ... 69 ● Pods ● Deployments ● DaemonSets

Slide 70

Slide 70 text

Slide 71

Slide 71 text

● A directory which is accessible to the containers in a pod ● Types ○ emptyDir ○ hostPath ○ configMap ○ secret ○ nfs ○ cephfs ○ persistentVolumeClaim ○ … etc. Volume 71 ● Volume ● ConfigMaps ● Secrets

Slide 72

Slide 72 text

● Types ○ emptyDir ■ Is created when a Pod is first assigned to a Node ■ The Pod is removed from the node, the data in the emptyDir is erased ○ hostPath ■ Mounts a file or directory from the host node’s file system into the pod ○ configMap ■ Inject configuration data into Pods ○ secret ■ Are backed by tmpfs (a RAM-backed filesystem) ■ Never written to non-volatile storage Volume (Cont.) 72 ● Volume ● ConfigMaps ● Secrets

Slide 73

Slide 73 text

● Types ○ nfs (Network File System) ■ Unlike emptyDir ■ Allows an existing NFS share to be mounted into Pod ■ The data in an NFS volume is not erased when the Pod is removed from the node ○ cephfs ■ Unlike emptyDir ■ Allows an existing CephFS volume to be mounted into Pod ■ Data remains intact after the Pod is removed from node Volume (Cont.) 73 ● Volume ● ConfigMaps ● Secrets

Slide 74

Slide 74 text

● Persistent Volume (PV) ○ A piece of network storage that has been provisioned by the administrator ○ Is independent of any individual pod that uses the PV ● Persistent Volume Claim (PVC) ○ The storage requested by Kubernetes for its pods ○ Users don’t need to know the underlying provisioning ○ The claims must be created in the same namespace where the pod is created. Volume (Cont.) 74 ● Volume ● ConfigMaps ● Secrets $ kubectl create -f pv-pvc/ $ kubectl get pv,pvc,po

Slide 75

Slide 75 text

ConfigMap ● Configure a Pod ● Decouple configuration artifacts from image content ● Keep containerized applications portable ● Useful for storing & sharing non-sensitive, unencrypted configuration information 75 ● Volume ● ConfigMaps ● Secrets

Slide 76

Slide 76 text

ConfigMap (Cont.) Hands-on 1. Create configmap.yaml 2. Create configmap via kubectl 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume 76 ● Volume ● ConfigMaps ● Secrets

Slide 77

Slide 77 text

1. Create configmap.yaml ConfigMap (Cont.) 77 ● Volume ● ConfigMaps ● Secrets kind: ConfigMap apiVersion: v1 metadata: name: example-config namespace: default data: # example of using --from-literal example.property.1: hello example.property.2: world # example of defined using --from-file example.property.file: |- property.1=value-1 property.2=value-2 property.3=value-3

Slide 78

Slide 78 text

ConfigMap (Cont.) 2. Create configMap via kubectl 78 ● Volume ● ConfigMaps ● Secrets kubectl create -f configmap/example-config.yaml kubectl get cm example-config kubectl get cm example-config -o yaml

Slide 79

Slide 79 text

ConfigMap (Cont.) 79 ● Volume ● ConfigMaps ● Secrets apiVersion: v1 kind: Pod metadata: name: test-cm-pod1 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: - name: EXAMPLE_KEY2 valueFrom: configMapKeyRef: name: example-config key: example.property.2 restartPolicy: Never $ kubectl create -f configmap/env-pod1.yaml $ kubectl logs test-cm-pod1 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume

Slide 80

Slide 80 text

ConfigMap (Cont.) 80 ● Volume ● ConfigMaps ● Secrets $ kubectl create -f configmap/env-pod2.yaml $ kubectl logs test-cm-pod2 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume apiVersion: v1 kind: Pod metadata: name: test-cm-pod2 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "echo EXAMPLE_KEY1 is $(EXAMPLE_KEY1)" ] env: - name: EXAMPLE_KEY1 valueFrom: configMapKeyRef: name: example-config key: example.property.1 restartPolicy: Never

Slide 81

Slide 81 text

ConfigMap (Cont.) 81 ● Volume ● ConfigMaps ● Secrets apiVersion: v1 kind: Pod metadata: name: test-cm-pod3 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh","-c","cat /etc/config/myconfig" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: # Provide the name of the ConfigMap containing the files you want # to add to the container name: example-config items: - key: example.property.file path: myconfig restartPolicy: Never $ kubectl create -f configmap/env-pod3.yaml $ kubectl logs test-cm-pod3 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume

Slide 82

Slide 82 text

● Similar to ConfigMap ● Using Base64 to encode strings ● Are intended to hold sensitive information, such as: ○ Passwords ○ OAuth tokens ○ ssh keys Secrets 82 ● Volume ● ConfigMaps ● Secrets

Slide 83

Slide 83 text

Hands-on 1. Convert strings to base64 2. Write a Secret file 3. Create the Secret using kubectl Secrets (Cont.) 83 ● Volume ● ConfigMaps ● Secrets

Slide 84

Slide 84 text

1. Convert strings to base64 Secrets (Cont.) 84 ● Volume ● ConfigMaps ● Secrets $ echo -n 'admin' | base64 YWRtaW4= $ echo -n '1f2d1e2e67df' | base64 MWYyZDFlMmU2N2Rm

Slide 85

Slide 85 text

Secrets (Cont.) 85 ● Volume ● ConfigMaps ● Secrets 2. Write a Secret file apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm

Slide 86

Slide 86 text

Secrets (Cont.) 86 ● Volume ● ConfigMaps ● Secrets 3. Create the Secret using kubectl $ kubectl create -f ./secret.yaml secret "mysecret" created

Slide 87

Slide 87 text

Play with resources (8/54) 87 ● Cluster ○ Namespace ● Workloads ○ Pods ○ Deployments ○ DaemonSets ● Storage & Config ○ Volume ○ ConfigMaps ○ Secrets ● Discovery & Load Balancing ○ Services

Slide 88

Slide 88 text

Services 88 ● Service ● Kube-proxy modes ● Type of Services ● To group a set of Pod endpoints into a single resource ● An abstraction which defines a logical set of Pods & a policy ● “layer 4” (TCP/UDP over IP) construct ● kube-proxy is responsible for implementing a form of virtual IP for Services of type (ClusterIP, LoadBalancer, NodePort) Source: https://kubernetes.io/docs/tutorials/kubernetes-basics/expose/expose-intro/

Slide 89

Slide 89 text

● userspace ● iptables ● ipvs Source: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies kube-proxy mode 89 ● Service ● Kube-proxy modes ● Type of Services

Slide 90

Slide 90 text

kube-proxy mode (Cont.) 90 ● Service ● Kube-proxy modes ● Type of Services ● userspace ● iptables ● ipvs

Slide 91

Slide 91 text

kube-proxy mode (Cont.) 91 ● Service ● Kube-proxy modes ● Type of Services ● userspace ● iptables ● ipvs

Slide 92

Slide 92 text

Type of Services ● ClusterIP (default) ● NodePort ● LoadBalancer ● ExternalName ● External IPs 92 ● Service ● Kube-proxy modes ● Type of Services

Slide 93

Slide 93 text

Type of Services ● ClusterIP (default) Internal clients send requests to a stable internal IP address. Note: The member Pod must have a container that is listening on TCP port 8080. Else, clients will see a message like "Failed to connect" or "This site can't be reached". ● NodePort ● LoadBalancer ● ExternalName ● External IPs 93 ● Service ● Kube-proxy modes ● Type of Services apiVersion: v1 kind: Service metadata: name: my-cip-service labels: app: my-nginx Spec: type: ClusterIP ports: - port: 80 protocol: TCP selector: app: my-nginx

Slide 94

Slide 94 text

● ClusterIP (default) Type of Services 94 ● Service ● Kube-proxy modes ● Type of Services kubectl create deployment --image nginx my-nginx kubectl create -f service/service-cip.yaml kubectl get all -o wide curl service_ip kubectl delete service/my-cip-service kubectl delete deployment my-nginx $ $ $ $ $ $

Slide 95

Slide 95 text

Type of Services ● ClusterIP (default) ● NodePort Clients send requests to the IP address of a node on one or more nodePort values that are specified by the Service. (default: 30000-32767) ● LoadBalancer ● ExternalName ● External IPs 95 ● Service ● Kube-proxy modes ● Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: NodePort ports: - name: http nodePort: 32660 port: 80 targetPort: 80 protocol: TCP selector: app: my-nginx

Slide 96

Slide 96 text

● NodePort Type of Services 96 ● Service ● Kube-proxy modes ● Type of Services $ $ $ $ $ $ $ kubectl create deployment --image nginx my-nginx kubectl create -f service/service-np.yaml kubectl get all -o wide curl service_ip curl 172.17.8.100:32660 kubectl delete service/my-np-service kubectl delete deployment my-nginx

Slide 97

Slide 97 text

Type of Services ● ClusterIP (default) ● NodePort ● LoadBalancer Clients send requests to the IP address of a External network load balancer. ● ExternalName ● External IPs 97 ● Service ● Kube-proxy modes ● Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: LoadBalancer ports: - name: http port: 80 targetPort: 80 protocol: TCP loadBalancerIP: external_IP selector: app: my-nginx

Slide 98

Slide 98 text

Type of Services ● ClusterIP (default) ● NodePort ● LoadBalancer ● ExternalName Internal clients use the DNS name of a Service as an alias for an external DNS name. ● External IPs 98 ● Service ● Kube-proxy modes ● Type of Services kind: Service apiVersion: v1 metadata: name: my-service namespace: prod spec: type: ExternalName externalName: my.database.example.com

Slide 99

Slide 99 text

Type of Services ● ClusterIP (default) ● NodePort ● LoadBalancer ● ExternalName ● External IPs If there are external IPs that route to one or more cluster nodes, Kubernetes services can be exposed on those externalIPs 99 ● Service ● Kube-proxy modes ● Type of Services kind: Service apiVersion: v1 metadata: name: my-service spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80 targetPort: 9376 externalIPs: - 80.11.12.10

Slide 100

Slide 100 text

Chapter 3 - Dive Into K8s 100

Slide 101

Slide 101 text

What Happens When We Type kubectl run Chapter 3 - Dive Into K8s 101

Slide 102

Slide 102 text

What Happens When We Type kubectl run ● Please refer to ○ https://github.com/jamiehannaford/what-happens- when-k8s ○ https://github.com/kubernetes/website/blob/maste r/static/images/docs/architecture.png 102

Slide 103

Slide 103 text

Simplify process when we create a deployment 1. User send a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 6. Scheduler let each Pod was scheduled to a suitable node 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container What Happens When We Type kubectl run (Cont.) 103

Slide 104

Slide 104 text

What Happens When We Type kubectl run (Cont.) 104 API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 1. User send a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 1 2 3

Slide 105

Slide 105 text

What Happens When We Type kubectl run (Cont.) 105 API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 4 4

Slide 106

Slide 106 text

What Happens When We Type kubectl run (Cont.) 106 API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 5

Slide 107

Slide 107 text

What Happens When We Type kubectl run (Cont.) 107 Deployment ReplicaSet Pod Pod Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/

Slide 108

Slide 108 text

What Happens When We Type kubectl run (Cont.) 108 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx

Slide 109

Slide 109 text

What Happens When We Type kubectl run (Cont.) 109 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Deployment Controller

Slide 110

Slide 110 text

What Happens When We Type kubectl run (Cont.) 110 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Create

Slide 111

Slide 111 text

What Happens When We Type kubectl run (Cont.) 111 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx

Slide 112

Slide 112 text

What Happens When We Type kubectl run (Cont.) 112 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet C reate Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx

Slide 113

Slide 113 text

What Happens When We Type kubectl run (Cont.) 113 API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 6. Scheduler let each Pod was scheduled to a suitable node 6

Slide 114

Slide 114 text

What Happens When We Type kubectl run (Cont.) 114 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler

Slide 115

Slide 115 text

What Happens When We Type kubectl run (Cont.) 115 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler Assign to Node

Slide 116

Slide 116 text

What Happens When We Type kubectl run (Cont.) 116 Node API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container Node Kubelet Container Runtime Pod Pod Pod 7 8

Slide 117

Slide 117 text

What Happens When We Type kubectl run (Cont.) 117 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ...

Slide 118

Slide 118 text

What Happens When We Type kubectl run (Cont.) 118 Deployment Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ... Update status

Slide 119

Slide 119 text

Additional 119

Slide 120

Slide 120 text

Additional 120 Helm CNCF Cloud Native Interactive Landscape

Slide 121

Slide 121 text

Helm CNCF Cloud Native Interactive Landscape Additional 121

Slide 122

Slide 122 text

● The package manager for Kubernetes ● Three concepts ○ Chart ■ A bundle of information necessary to create an instance of a K8s application. ○ Config ■ Contains configuration information ■ Can be merged into a packaged chart to create a releasable object ○ Release ■ Is a running instance of a chart ■ combined with a specific config ● Ref: https://docs.helm.sh/architecture/ 122 Helm

Slide 123

Slide 123 text

● Two components ○ Helm Client ■ A command-line tool ■ Is responsible for ● Local chart development ● Interacting with the Tiller server ○ Tiller Server ■ An in-cluster server ■ Interacts w/ Helm client, & interfaces w/ K8s API server ■ Is responsible for ● Listening for incoming requests from Helm client ● Combining a chart & config to build a release ● Installing charts into K8s, and then tracking the subsequent release ● Upgrading & uninstalling charts by interacting w/ K8s123 Helm (Cont.)

Slide 124

Slide 124 text

$ helm delete RELEASE_NAME ● Example 1. Initialize the local CLI 2. See which charts are available 3. Install a chart 4. Show a list of all deployed releases 5. Uninstall a release 124 Helm (Cont.) $ helm init $ helm search mysql $ helm install stable/mysql $ helm ls

Slide 125

Slide 125 text

Helm CNCF Cloud Native Interactive Landscape Additional 125

Slide 126

Slide 126 text

126 CNCF Cloud Native Interactive Landscape https://landscape.cncf.io/format=landscape

Slide 127

Slide 127 text

Thank you 127