Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Avatar for Renaud Chaput Renaud Chaput
October 23, 2017
Technology
2
410

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Avatar for Renaud Chaput

Renaud Chaput

October 23, 2017
Tweet

More Decks by Renaud Chaput

See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
Avatar for Renaud Chaput renchap
1
680
Autour des requêtes des TSDB
Avatar for Renaud Chaput renchap
2
670
Operate HBase clusters at Scale
Avatar for Renaud Chaput renchap
1
410
Versions (par Olivier Delhomme)
Avatar for Renaud Chaput renchap
1
450
Prevent business logic attacks using dynamic instrumentation
Avatar for Renaud Chaput renchap
1
450
Atelier Paris Web : Introduction à Docker
Avatar for Renaud Chaput renchap
0
97
Alkemics CI & CD with Jenkins and Docker
Avatar for Renaud Chaput renchap
1
310
Les containers : décryptage
Avatar for Renaud Chaput renchap
2
290
Kubernetes en production : un an après
Avatar for Renaud Chaput renchap
1
330

Other Decks in Technology

See All in Technology
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k
Agile Leadership Summit Keynote 2026
Avatar for seki at druby.org m_seki
1
590
OCI Database Management サービス詳細
Avatar for oracle4engineer oracle4engineer
PRO
1
7.4k
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
Avatar for abemii_ abemii
0
130
超初心者からでも大丈夫!オープンソース半導体の楽しみ方〜今こそ!オレオレチップをつくろう〜
Avatar for Yamada3 keropiyo
0
110
顧客の言葉を、そのまま信じない勇気
Avatar for yamatai12 yamatai1212
1
350
学生・新卒・ジュニアから目指すSRE
Avatar for Hiroya Onoe hiroyaonoe
2
590
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
Avatar for Yudai Jinno yuu551
0
210
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
220
AWS Network Firewall Proxyを触ってみた
Avatar for nagisa_53 nagisa53
1
220
Data Hubグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
2.7k
20260208_第66回 コンピュータビジョン勉強会
Avatar for KeiichiIto1978 keiichiito1978
0
120

Featured

See All Featured
Leo the Paperboy
Avatar for Maya Tellez mayatellez
4
1.4k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
1
1.6k
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
200
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.3k
Paper Plane
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
46k
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
130
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
3k
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
120
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
320
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k

Transcript

  1. Introduction à Kubernetes

  2. Renaud Chaput @renchap

  3. Kubernetes

  4. Historique • Origine : Borg, l’orchestrateur de Google • En

    2014, début du projet “Seven”, son remplaçant • Volonté de le rendre Open Source • Kubernetes est né ! • Version 1.0 en 2015, et don à la CNCF

  5. Objectifs • Découpler infra et applications • Scale • Générique

    / Flexible • Automatisable • Extensible • Portable (cloud provider, bare metal, …)

  6. Un gros projet 1500 contributeurs 32 000 PR depuis 2014

  7. Structure • Code of Conduct et CLA • Doc claire

    sur la participation • Special Interest Groups (SIGs) • Working groups • Committees

  8. Releases

  9. Releases

  10. Features Alpha 1.5 Décembre 2016 Beta 1.7 Juin 2017 Stable

    1.8 Septembre 2017 Alpha 1.6 Mars 2017

  11. Fonctionnement

  12. Objets apiVersion: v1 kind: Pod metadata: name: <name>
 namespace: default


    spec:
 status:

  13. Un même namespace / cgroup
 IP partagée (donc localhost commun)


    Volumes communs
 IPC / … ./rails server ./log_processor.py Pod AppServer Sidecar

  14. apiVersion: v1
 kind: Pod
 metadata: name: nginx
 spec:
 containers: -

    name: nginx image: nginx:1.7.9 ports: - containerPort: 8080 Pod simple

  15. Deployment apiVersion: apps/v1beta2 kind: Deployment metadata:
 name: nginx-deployment
 labels:
 app:

    nginx spec:
 replicas: 3 selector:
 matchLabels:
 app: nginx template: metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: nginx:1.7.9
 ports:
 - containerPort: 8080

  16. Service apiVersion: v1 kind: Service metadata:
 name: nginx-svc spec: selector:


    app: nginx ports:
 - protocol: TCP
 port: 80
 targetPort: 8080

  17. db-1 volume-1 StatefulSet Db-2 Volume-2 Db-3 Volume-3

  18. DaemonSet Jobs CronJobs NetworkPolicy Secret Ingress Volume …

  19. Architecture

  20. etcd etcd etcd Key/Value store Distribué Watch

  21. etcd etcd etcd API Server Scheduler Controller manager

  22. kubelet kube-proxy Pod Pod Pod Pod Pod Pod Pod Pod

    Pod Pod

  23. Pré-requis réseau • Tous les containers peuvent communiquer avec entre-eux

    sans NAT • Tous les noeuds peuvent communiquer avec tous les containers sans NAT • L’IP d’un container vue de l’intérieur du container est la même que vu de l’extérieur

  24. Container Runtime • Docker • CRI-O : interface OCI standard

    • rkt (CoreOS) • Frakti : basé sur un hyperviseur

  25. Node 1 Node 2 Node n etcd etcd etcd API

    Server Scheduler Controller manager …

  26. Kubectl $ kubectl apply -f nginx.yaml nginx-svc.yml
 $ kubectl get

    all
 NAME READY STATUS RESTARTS AGE
 po/nginx 1/1 Running 0 12h 
 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
 svc/nginx-svc 10.0.0.116 <none> 80/TCP 7s

  27. Federation

  28. Add-ons

  29. Kube DNS nginx-svc.my-namespace.svc.cluster.local _http._tcp.nginx-svc.my-namespace.svc.cluster.local 1-2-3-4.default.pod.cluster.local

  30. Dashboard

  31. Ingress controllers • GCP / AWS / … • nginx

    • haproxy

  32. Heapster + InfluxDB, Grafana

  33. Sécurité

  34. Namespaces et quotas apiVersion: v1
 kind: ResourceQuota
 metadata:
 name: compute-resources


    spec:
 hard:
 pods: "4"
 requests.cpu: "1"
 requests.memory: 1Gi
 limits.cpu: "2"
 limits.memory: 2Gi

  35. PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: permissive spec: seLinux:

    rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny hostPorts: - min: 8000 max: 8080 volumes: - '*' allowedCapabilities: - '*'

  36. NetworkPolicy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector:

    matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true"

  37. RBAC kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 namespace: default
 name: pod-reader


    rules:
 - apiGroups: [""] resources: ["pods"]
 verbs: ["get", "watch", “list"] kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 name: read-pods
 namespace: default
 subjects:
 - kind: User
 name: jane
 apiGroup: rbac.authorization.k8s.io
 roleRef:
 kind: Role
 name: pod-reader
 apiGroup: rbac.authorization.k8s.io

  38. Projets autour • Helm • Kops / Kube-AWS / Bootkube

    / … • Træfik • Prometheus / Sysdig / Datadog / … • Kube-lego, …

  39. Ressources • Minikube! • kubernetes.io • Kubernetes the hard way

    • Slack Kubernetes • Awesome Kubernetes

  40. Questions ?