Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Renaud Chaput
October 23, 2017
Technology
2
310

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Renaud Chaput

October 23, 2017
Tweet

More Decks by Renaud Chaput

See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
renchap
1
640
Autour des requêtes des TSDB
renchap
2
530
Operate HBase clusters at Scale
renchap
1
360
Versions (par Olivier Delhomme)
renchap
1
390
Prevent business logic attacks using dynamic instrumentation
renchap
1
410
Atelier Paris Web : Introduction à Docker
renchap
0
80
Alkemics CI & CD with Jenkins and Docker
renchap
1
270
Les containers : décryptage
renchap
2
240
Kubernetes en production : un an après
renchap
1
270

Other Decks in Technology

See All in Technology
はてなの開発20年史と DevOpsの歩み / DevOpsDays Tokyo 2025 Keynote
daiksy
6
1.5k
アセスメントで紐解く、10Xのデータマネジメントの軌跡
10xinc
1
400
【日本Zabbixユーザー会】LLDを理解するときの勘所 〜LLDのある世界を楽しもう!〜
yoshitake945
0
130
Would you THINK such a demonstration interesting ?
shumpei3
1
190
MCPを活用した検索システムの作り方/How to implement search systems with MCP #catalks
quiver
11
5.9k
GitHub MCP Serverを使って Pull Requestを作る、レビューする
hiyokose
2
740
От ручной разметки к LLM: как мы создавали облако тегов в Lamoda. Анастасия Ангелова, Data Scientist, Lamoda Tech
lamodatech
0
640
20250408 AI Agent workshop
sakana_ai
PRO
15
3.7k
こんなデータマートは嫌だ。どんな? / waiwai-data-meetup-202504
shuntak
6
1.8k
大AI時代で輝くために今こそドメインにディープダイブしよう / Deep Dive into Domain in AI-Agent-Era
yuitosato
1
320
JPOUG Tech Talk #12 UNDO Tablespace Reintroduction
nori_shinoda
1
130
Spring Bootで実装とインフラをこれでもかと分離するための試み
shintanimoto
7
720

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
178
53k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k
It's Worth the Effort
3n
184
28k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
5.3k
YesSQL, Process and Tooling at Scale
rocio
172
14k
The Cult of Friendly URLs
andyhume
78
6.3k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.6k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
Gamification - CAS2011
davidbonilla
81
5.2k
Thoughts on Productivity
jonyablonski
69
4.6k
The Pragmatic Product Professional
lauravandoore
33
6.5k
Six Lessons from altMBA
skipperchong
27
3.7k

Transcript

  1. Introduction à Kubernetes

  2. Renaud Chaput @renchap

  3. Kubernetes

  4. Historique • Origine : Borg, l’orchestrateur de Google • En

    2014, début du projet “Seven”, son remplaçant • Volonté de le rendre Open Source • Kubernetes est né ! • Version 1.0 en 2015, et don à la CNCF

  5. Objectifs • Découpler infra et applications • Scale • Générique

    / Flexible • Automatisable • Extensible • Portable (cloud provider, bare metal, …)

  6. Un gros projet 1500 contributeurs 32 000 PR depuis 2014

  7. Structure • Code of Conduct et CLA • Doc claire

    sur la participation • Special Interest Groups (SIGs) • Working groups • Committees

  8. Releases

  9. Releases

  10. Features Alpha 1.5 Décembre 2016 Beta 1.7 Juin 2017 Stable

    1.8 Septembre 2017 Alpha 1.6 Mars 2017

  11. Fonctionnement

  12. Objets apiVersion: v1 kind: Pod metadata: name: <name>
 namespace: default


    spec:
 status:

  13. Un même namespace / cgroup
 IP partagée (donc localhost commun)


    Volumes communs
 IPC / … ./rails server ./log_processor.py Pod AppServer Sidecar

  14. apiVersion: v1
 kind: Pod
 metadata: name: nginx
 spec:
 containers: -

    name: nginx image: nginx:1.7.9 ports: - containerPort: 8080 Pod simple

  15. Deployment apiVersion: apps/v1beta2 kind: Deployment metadata:
 name: nginx-deployment
 labels:
 app:

    nginx spec:
 replicas: 3 selector:
 matchLabels:
 app: nginx template: metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: nginx:1.7.9
 ports:
 - containerPort: 8080

  16. Service apiVersion: v1 kind: Service metadata:
 name: nginx-svc spec: selector:


    app: nginx ports:
 - protocol: TCP
 port: 80
 targetPort: 8080

  17. db-1 volume-1 StatefulSet Db-2 Volume-2 Db-3 Volume-3

  18. DaemonSet Jobs CronJobs NetworkPolicy Secret Ingress Volume …

  19. Architecture

  20. etcd etcd etcd Key/Value store Distribué Watch

  21. etcd etcd etcd API Server Scheduler Controller manager

  22. kubelet kube-proxy Pod Pod Pod Pod Pod Pod Pod Pod

    Pod Pod

  23. Pré-requis réseau • Tous les containers peuvent communiquer avec entre-eux

    sans NAT • Tous les noeuds peuvent communiquer avec tous les containers sans NAT • L’IP d’un container vue de l’intérieur du container est la même que vu de l’extérieur

  24. Container Runtime • Docker • CRI-O : interface OCI standard

    • rkt (CoreOS) • Frakti : basé sur un hyperviseur

  25. Node 1 Node 2 Node n etcd etcd etcd API

    Server Scheduler Controller manager …

  26. Kubectl $ kubectl apply -f nginx.yaml nginx-svc.yml
 $ kubectl get

    all
 NAME READY STATUS RESTARTS AGE
 po/nginx 1/1 Running 0 12h 
 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
 svc/nginx-svc 10.0.0.116 <none> 80/TCP 7s

  27. Federation

  28. Add-ons

  29. Kube DNS nginx-svc.my-namespace.svc.cluster.local _http._tcp.nginx-svc.my-namespace.svc.cluster.local 1-2-3-4.default.pod.cluster.local

  30. Dashboard

  31. Ingress controllers • GCP / AWS / … • nginx

    • haproxy

  32. Heapster + InfluxDB, Grafana

  33. Sécurité

  34. Namespaces et quotas apiVersion: v1
 kind: ResourceQuota
 metadata:
 name: compute-resources


    spec:
 hard:
 pods: "4"
 requests.cpu: "1"
 requests.memory: 1Gi
 limits.cpu: "2"
 limits.memory: 2Gi

  35. PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: permissive spec: seLinux:

    rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny hostPorts: - min: 8000 max: 8080 volumes: - '*' allowedCapabilities: - '*'

  36. NetworkPolicy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector:

    matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true"

  37. RBAC kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 namespace: default
 name: pod-reader


    rules:
 - apiGroups: [""] resources: ["pods"]
 verbs: ["get", "watch", “list"] kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 name: read-pods
 namespace: default
 subjects:
 - kind: User
 name: jane
 apiGroup: rbac.authorization.k8s.io
 roleRef:
 kind: Role
 name: pod-reader
 apiGroup: rbac.authorization.k8s.io

  38. Projets autour • Helm • Kops / Kube-AWS / Bootkube

    / … • Træfik • Prometheus / Sysdig / Datadog / … • Kube-lego, …

  39. Ressources • Minikube! • kubernetes.io • Kubernetes the hard way

    • Slack Kubernetes • Awesome Kubernetes

  40. Questions ?