Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Renaud Chaput
October 23, 2017
Technology
2
190

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Renaud Chaput

October 23, 2017
Tweet

More Decks by Renaud Chaput

See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
renchap
1
480
Autour des requêtes des TSDB
renchap
2
280
Operate HBase clusters at Scale
renchap
1
220
Versions (par Olivier Delhomme)
renchap
1
220
Prevent business logic attacks using dynamic instrumentation
renchap
1
240
Atelier Paris Web : Introduction à Docker
renchap
0
50
Alkemics CI & CD with Jenkins and Docker
renchap
1
190
Les containers : décryptage
renchap
2
200
Kubernetes en production : un an après
renchap
1
230

Other Decks in Technology

See All in Technology
チーム開発における様々なボトルネックの整理 / Organization of bottlenecks in Team Development
stefafafan
0
540
ZOZOTOWNの裏側に迫る! Javaで作られたBFFの開発事例を紹介
yutaro527
0
200
関数型で表現するイベントソーシングの実装とその教育
tomohisa
0
170
軽率に休学したら Babylon.js×WebARで 夢を3つ叶えてた / my dreams with babylon.js and WebAR
drumath2237
0
120
人生がときめく自宅ネットワークの魔法
tatematsu_san
1
580
QMファンネルとQAキャリア
gen519
PRO
1
160
AWS CDKで作るCloudWatch Dashboard
harukasakihara
3
550
Race Conditions em Microsserviços: Desmistificando um Problema Comum em Arquiteturas Distribuídas
jordihofc
0
290
BUILD UP for Web3 engineer
aramaki
0
280
自分のデータは自分で守る - あなたのCI/CDパイプラインをセキュアにする処方箋
jacopen
4
450
ジョブキューシステムFireworqのアーキテクチャ設計と運用時のベストプラクティス
tarao
1
810
ローコードで改革!End to Endテストの再定義!
odasho
0
130

Featured

See All Featured
A Tale of Four Properties
chriscoyier
149
21k
What's in a price? How to price your products and services
michaelherold
233
9.8k
Design by the Numbers
sachag
271
18k
Six Lessons from altMBA
skipperchong
15
2.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
A better future with KSS
kneath
230
16k
Web Components: a chance to create the future
zenorocha
304
41k
Rails Girls Zürich Keynote
gr2m
87
12k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
470
Unsuck your backbone
ammeep
659
56k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
KATA
mclloyd
12
10k

Transcript

  1. Introduction à
    Kubernetes

    View Slide

  2. Renaud Chaput
    @renchap

    View Slide

  3. Kubernetes

    View Slide

  4. Historique
    • Origine : Borg, l’orchestrateur de Google

    • En 2014, début du projet “Seven”, son remplaçant

    • Volonté de le rendre Open Source

    • Kubernetes est né !

    • Version 1.0 en 2015, et don à la CNCF

    View Slide

  5. Objectifs
    • Découpler infra et applications

    • Scale

    • Générique / Flexible

    • Automatisable

    • Extensible

    • Portable (cloud provider, bare metal, …)

    View Slide

  6. Un gros projet
    1500 contributeurs

    32 000 PR depuis 2014

    View Slide

  7. Structure
    • Code of Conduct et CLA

    • Doc claire sur la participation

    • Special Interest Groups (SIGs)

    • Working groups

    • Committees

    View Slide

  8. Releases

    View Slide

  9. Releases

    View Slide

  10. Features
    Alpha
    1.5
    Décembre 2016
    Beta
    1.7
    Juin 2017
    Stable
    1.8
    Septembre 2017
    Alpha
    1.6
    Mars 2017

    View Slide

  11. Fonctionnement

    View Slide

  12. Objets
    apiVersion: v1
    kind: Pod
    metadata:
    name: 

    namespace: default

    spec:

    status:

    View Slide

  13. Un même namespace / cgroup

    IP partagée (donc localhost commun)

    Volumes communs

    IPC / …
    ./rails server
    ./log_processor.py
    Pod AppServer
    Sidecar

    View Slide

  14. apiVersion: v1

    kind: Pod

    metadata:
    name: nginx

    spec:

    containers:
    - name: nginx
    image: nginx:1.7.9
    ports:
    - containerPort: 8080
    Pod simple

    View Slide

  15. Deployment
    apiVersion: apps/v1beta2
    kind: Deployment
    metadata:

    name: nginx-deployment

    labels:

    app: nginx
    spec:

    replicas: 3
    selector:

    matchLabels:

    app: nginx
    template:
    metadata:

    labels:

    app: nginx

    spec:

    containers:

    - name: nginx

    image: nginx:1.7.9

    ports:

    - containerPort: 8080

    View Slide

  16. Service
    apiVersion: v1
    kind: Service
    metadata:

    name: nginx-svc
    spec:
    selector:

    app: nginx
    ports:

    - protocol: TCP

    port: 80

    targetPort: 8080

    View Slide

  17. db-1
    volume-1
    StatefulSet
    Db-2
    Volume-2
    Db-3
    Volume-3

    View Slide

  18. DaemonSet Jobs
    CronJobs
    NetworkPolicy
    Secret
    Ingress
    Volume

    View Slide

  19. Architecture

    View Slide

  20. etcd etcd
    etcd
    Key/Value store
    Distribué
    Watch

    View Slide

  21. etcd etcd
    etcd
    API Server
    Scheduler
    Controller
    manager

    View Slide

  22. kubelet
    kube-proxy
    Pod Pod Pod Pod Pod
    Pod Pod Pod Pod Pod

    View Slide

  23. Pré-requis réseau
    • Tous les containers peuvent communiquer avec entre-eux
    sans NAT

    • Tous les noeuds peuvent communiquer avec tous les
    containers sans NAT

    • L’IP d’un container vue de l’intérieur du container est la
    même que vu de l’extérieur

    View Slide

  24. Container Runtime
    • Docker

    • CRI-O : interface OCI standard

    • rkt (CoreOS)

    • Frakti : basé sur un hyperviseur

    View Slide

  25. Node 1 Node 2 Node n
    etcd etcd
    etcd
    API Server
    Scheduler
    Controller
    manager

    View Slide

  26. Kubectl
    $ kubectl apply -f nginx.yaml nginx-svc.yml

    $ kubectl get all

    NAME READY STATUS RESTARTS AGE

    po/nginx 1/1 Running 0 12h

    NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE

    svc/nginx-svc 10.0.0.116 80/TCP 7s

    View Slide

  27. Federation

    View Slide

  28. Add-ons

    View Slide

  29. Kube DNS
    nginx-svc.my-namespace.svc.cluster.local
    _http._tcp.nginx-svc.my-namespace.svc.cluster.local
    1-2-3-4.default.pod.cluster.local

    View Slide

  30. Dashboard

    View Slide

  31. Ingress controllers
    • GCP / AWS / …

    • nginx

    • haproxy

    View Slide

  32. Heapster
    + InfluxDB, Grafana

    View Slide

  33. Sécurité

    View Slide

  34. Namespaces et quotas
    apiVersion: v1

    kind: ResourceQuota

    metadata:

    name: compute-resources

    spec:

    hard:

    pods: "4"

    requests.cpu: "1"

    requests.memory: 1Gi

    limits.cpu: "2"

    limits.memory: 2Gi

    View Slide

  35. PodSecurityPolicy
    apiVersion: extensions/v1beta1
    kind: PodSecurityPolicy
    metadata:
    name: permissive
    spec:
    seLinux:
    rule: RunAsAny
    supplementalGroups:
    rule: RunAsAny
    runAsUser:
    rule: RunAsAny
    fsGroup:
    rule: RunAsAny
    hostPorts:
    - min: 8000
    max: 8080
    volumes:
    - '*'
    allowedCapabilities:
    - '*'

    View Slide

  36. NetworkPolicy
    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
    name: access-nginx
    spec:
    podSelector:
    matchLabels:
    run: nginx
    ingress:
    - from:
    - podSelector:
    matchLabels:
    access: "true"

    View Slide

  37. RBAC
    kind: Role

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    namespace: default

    name: pod-reader

    rules:

    - apiGroups: [""] resources: ["pods"]

    verbs: ["get", "watch", “list"]
    kind: RoleBinding

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    name: read-pods

    namespace: default

    subjects:

    - kind: User

    name: jane

    apiGroup: rbac.authorization.k8s.io

    roleRef:

    kind: Role

    name: pod-reader

    apiGroup: rbac.authorization.k8s.io

    View Slide

  38. Projets autour
    • Helm

    • Kops / Kube-AWS / Bootkube / …

    • Træfik

    • Prometheus / Sysdig / Datadog / …

    • Kube-lego, …

    View Slide

  39. Ressources
    • Minikube!

    • kubernetes.io

    • Kubernetes the hard way

    • Slack Kubernetes

    • Awesome Kubernetes

    View Slide

  40. Questions ?

    View Slide