Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Renaud Chaput

October 23, 2017
Tweet

More Decks by Renaud Chaput

Other Decks in Technology

Transcript

  1. Introduction à
    Kubernetes

    View Slide

  2. Renaud Chaput
    @renchap

    View Slide

  3. Kubernetes

    View Slide

  4. Historique
    • Origine : Borg, l’orchestrateur de Google

    • En 2014, début du projet “Seven”, son remplaçant

    • Volonté de le rendre Open Source

    • Kubernetes est né !

    • Version 1.0 en 2015, et don à la CNCF

    View Slide

  5. Objectifs
    • Découpler infra et applications

    • Scale

    • Générique / Flexible

    • Automatisable

    • Extensible

    • Portable (cloud provider, bare metal, …)

    View Slide

  6. Un gros projet
    1500 contributeurs

    32 000 PR depuis 2014

    View Slide

  7. Structure
    • Code of Conduct et CLA

    • Doc claire sur la participation

    • Special Interest Groups (SIGs)

    • Working groups

    • Committees

    View Slide

  8. Releases

    View Slide

  9. Releases

    View Slide

  10. Features
    Alpha
    1.5
    Décembre 2016
    Beta
    1.7
    Juin 2017
    Stable
    1.8
    Septembre 2017
    Alpha
    1.6
    Mars 2017

    View Slide

  11. Fonctionnement

    View Slide

  12. Objets
    apiVersion: v1
    kind: Pod
    metadata:
    name: 

    namespace: default

    spec:

    status:

    View Slide

  13. Un même namespace / cgroup

    IP partagée (donc localhost commun)

    Volumes communs

    IPC / …
    ./rails server
    ./log_processor.py
    Pod AppServer
    Sidecar

    View Slide

  14. apiVersion: v1

    kind: Pod

    metadata:
    name: nginx

    spec:

    containers:
    - name: nginx
    image: nginx:1.7.9
    ports:
    - containerPort: 8080
    Pod simple

    View Slide

  15. Deployment
    apiVersion: apps/v1beta2
    kind: Deployment
    metadata:

    name: nginx-deployment

    labels:

    app: nginx
    spec:

    replicas: 3
    selector:

    matchLabels:

    app: nginx
    template:
    metadata:

    labels:

    app: nginx

    spec:

    containers:

    - name: nginx

    image: nginx:1.7.9

    ports:

    - containerPort: 8080

    View Slide

  16. Service
    apiVersion: v1
    kind: Service
    metadata:

    name: nginx-svc
    spec:
    selector:

    app: nginx
    ports:

    - protocol: TCP

    port: 80

    targetPort: 8080

    View Slide

  17. db-1
    volume-1
    StatefulSet
    Db-2
    Volume-2
    Db-3
    Volume-3

    View Slide

  18. DaemonSet Jobs
    CronJobs
    NetworkPolicy
    Secret
    Ingress
    Volume

    View Slide

  19. Architecture

    View Slide

  20. etcd etcd
    etcd
    Key/Value store
    Distribué
    Watch

    View Slide

  21. etcd etcd
    etcd
    API Server
    Scheduler
    Controller
    manager

    View Slide

  22. kubelet
    kube-proxy
    Pod Pod Pod Pod Pod
    Pod Pod Pod Pod Pod

    View Slide

  23. Pré-requis réseau
    • Tous les containers peuvent communiquer avec entre-eux
    sans NAT

    • Tous les noeuds peuvent communiquer avec tous les
    containers sans NAT

    • L’IP d’un container vue de l’intérieur du container est la
    même que vu de l’extérieur

    View Slide

  24. Container Runtime
    • Docker

    • CRI-O : interface OCI standard

    • rkt (CoreOS)

    • Frakti : basé sur un hyperviseur

    View Slide

  25. Node 1 Node 2 Node n
    etcd etcd
    etcd
    API Server
    Scheduler
    Controller
    manager

    View Slide

  26. Kubectl
    $ kubectl apply -f nginx.yaml nginx-svc.yml

    $ kubectl get all

    NAME READY STATUS RESTARTS AGE

    po/nginx 1/1 Running 0 12h

    NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE

    svc/nginx-svc 10.0.0.116 80/TCP 7s

    View Slide

  27. Federation

    View Slide

  28. Add-ons

    View Slide

  29. Kube DNS
    nginx-svc.my-namespace.svc.cluster.local
    _http._tcp.nginx-svc.my-namespace.svc.cluster.local
    1-2-3-4.default.pod.cluster.local

    View Slide

  30. Dashboard

    View Slide

  31. Ingress controllers
    • GCP / AWS / …

    • nginx

    • haproxy

    View Slide

  32. Heapster
    + InfluxDB, Grafana

    View Slide

  33. Sécurité

    View Slide

  34. Namespaces et quotas
    apiVersion: v1

    kind: ResourceQuota

    metadata:

    name: compute-resources

    spec:

    hard:

    pods: "4"

    requests.cpu: "1"

    requests.memory: 1Gi

    limits.cpu: "2"

    limits.memory: 2Gi

    View Slide

  35. PodSecurityPolicy
    apiVersion: extensions/v1beta1
    kind: PodSecurityPolicy
    metadata:
    name: permissive
    spec:
    seLinux:
    rule: RunAsAny
    supplementalGroups:
    rule: RunAsAny
    runAsUser:
    rule: RunAsAny
    fsGroup:
    rule: RunAsAny
    hostPorts:
    - min: 8000
    max: 8080
    volumes:
    - '*'
    allowedCapabilities:
    - '*'

    View Slide

  36. NetworkPolicy
    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
    name: access-nginx
    spec:
    podSelector:
    matchLabels:
    run: nginx
    ingress:
    - from:
    - podSelector:
    matchLabels:
    access: "true"

    View Slide

  37. RBAC
    kind: Role

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    namespace: default

    name: pod-reader

    rules:

    - apiGroups: [""] resources: ["pods"]

    verbs: ["get", "watch", “list"]
    kind: RoleBinding

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    name: read-pods

    namespace: default

    subjects:

    - kind: User

    name: jane

    apiGroup: rbac.authorization.k8s.io

    roleRef:

    kind: Role

    name: pod-reader

    apiGroup: rbac.authorization.k8s.io

    View Slide

  38. Projets autour
    • Helm

    • Kops / Kube-AWS / Bootkube / …

    • Træfik

    • Prometheus / Sysdig / Datadog / …

    • Kube-lego, …

    View Slide

  39. Ressources
    • Minikube!

    • kubernetes.io

    • Kubernetes the hard way

    • Slack Kubernetes

    • Awesome Kubernetes

    View Slide

  40. Questions ?

    View Slide