Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Avatar for Renaud Chaput Renaud Chaput
October 23, 2017
Technology
430
2

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Avatar for Renaud Chaput

Renaud Chaput

October 23, 2017

More Decks by Renaud Chaput

See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
Avatar for Renaud Chaput renchap
1
700
Autour des requêtes des TSDB
Avatar for Renaud Chaput renchap
2
690
Operate HBase clusters at Scale
Avatar for Renaud Chaput renchap
1
430
Versions (par Olivier Delhomme)
Avatar for Renaud Chaput renchap
1
470
Prevent business logic attacks using dynamic instrumentation
Avatar for Renaud Chaput renchap
1
460
Atelier Paris Web : Introduction à Docker
Avatar for Renaud Chaput renchap
0
110
Alkemics CI & CD with Jenkins and Docker
Avatar for Renaud Chaput renchap
1
330
Les containers : décryptage
Avatar for Renaud Chaput renchap
2
300
Kubernetes en production : un an après
Avatar for Renaud Chaput renchap
1
350

Other Decks in Technology

See All in Technology
Babylon.js Japan Activities (2026/4)
Avatar for Limes2018 limes2018
0
200
今年60歳のおっさんCBになる
Avatar for Hiroo Katoh kentapapa
1
340
見えない開発現場を、 見える投資に変える
Avatar for Norio Oikawa rojoudotcom
2
130
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」ご紹介資料
Avatar for Sho Nakatani laysakura
0
1.6k
AI時代に新卒採用、はじめました/junior-engineer-never-die
Avatar for dmnlk dmnlk
0
230
DIPS2.0データに基づく森林管理における無人航空機の利用状況
Avatar for Forestgeo.info naokimuroki
0
160
仕様通り動くの先へ。Claude Codeで「使える」を検証する
Avatar for Gota gotalab555
8
3.1k
Data Enabling Team立ち上げました
Avatar for SansanTech sansantech
PRO
0
290
New CBs New Challenges
Avatar for Yosuke Suzuki ysuzuki
1
160
自己組織化を試される緑茶ハイを求めて、今日も全力であそんで学ぼう / Self-Organization and Shochu Green Tea
Avatar for naiban naitosatoshi
0
310
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.4k
機能・非機能の学びを一つに!Agent Skillsで月間レポート作成始めてみた / Unifying Bug & Infra Insights — Building Monthly Quality Reports with Agent Skills
Avatar for bun bun913
5
3.8k

Featured

See All Featured
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1k
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
160
The browser strikes back
Avatar for Jono Alderson jonoalderson
0
900
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
1
330
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
260
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
82
6.2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.5k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
100

Transcript

  1. Introduction à Kubernetes

  2. Renaud Chaput @renchap

  3. Kubernetes

  4. Historique • Origine : Borg, l’orchestrateur de Google • En

    2014, début du projet “Seven”, son remplaçant • Volonté de le rendre Open Source • Kubernetes est né ! • Version 1.0 en 2015, et don à la CNCF

  5. Objectifs • Découpler infra et applications • Scale • Générique

    / Flexible • Automatisable • Extensible • Portable (cloud provider, bare metal, …)

  6. Un gros projet 1500 contributeurs 32 000 PR depuis 2014

  7. Structure • Code of Conduct et CLA • Doc claire

    sur la participation • Special Interest Groups (SIGs) • Working groups • Committees

  8. Releases

  9. Releases

  10. Features Alpha 1.5 Décembre 2016 Beta 1.7 Juin 2017 Stable

    1.8 Septembre 2017 Alpha 1.6 Mars 2017

  11. Fonctionnement

  12. Objets apiVersion: v1 kind: Pod metadata: name: <name>
 namespace: default


    spec:
 status:

  13. Un même namespace / cgroup
 IP partagée (donc localhost commun)


    Volumes communs
 IPC / … ./rails server ./log_processor.py Pod AppServer Sidecar

  14. apiVersion: v1
 kind: Pod
 metadata: name: nginx
 spec:
 containers: -

    name: nginx image: nginx:1.7.9 ports: - containerPort: 8080 Pod simple

  15. Deployment apiVersion: apps/v1beta2 kind: Deployment metadata:
 name: nginx-deployment
 labels:
 app:

    nginx spec:
 replicas: 3 selector:
 matchLabels:
 app: nginx template: metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: nginx:1.7.9
 ports:
 - containerPort: 8080

  16. Service apiVersion: v1 kind: Service metadata:
 name: nginx-svc spec: selector:


    app: nginx ports:
 - protocol: TCP
 port: 80
 targetPort: 8080

  17. db-1 volume-1 StatefulSet Db-2 Volume-2 Db-3 Volume-3

  18. DaemonSet Jobs CronJobs NetworkPolicy Secret Ingress Volume …

  19. Architecture

  20. etcd etcd etcd Key/Value store Distribué Watch

  21. etcd etcd etcd API Server Scheduler Controller manager

  22. kubelet kube-proxy Pod Pod Pod Pod Pod Pod Pod Pod

    Pod Pod

  23. Pré-requis réseau • Tous les containers peuvent communiquer avec entre-eux

    sans NAT • Tous les noeuds peuvent communiquer avec tous les containers sans NAT • L’IP d’un container vue de l’intérieur du container est la même que vu de l’extérieur

  24. Container Runtime • Docker • CRI-O : interface OCI standard

    • rkt (CoreOS) • Frakti : basé sur un hyperviseur

  25. Node 1 Node 2 Node n etcd etcd etcd API

    Server Scheduler Controller manager …

  26. Kubectl $ kubectl apply -f nginx.yaml nginx-svc.yml
 $ kubectl get

    all
 NAME READY STATUS RESTARTS AGE
 po/nginx 1/1 Running 0 12h 
 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
 svc/nginx-svc 10.0.0.116 <none> 80/TCP 7s

  27. Federation

  28. Add-ons

  29. Kube DNS nginx-svc.my-namespace.svc.cluster.local _http._tcp.nginx-svc.my-namespace.svc.cluster.local 1-2-3-4.default.pod.cluster.local

  30. Dashboard

  31. Ingress controllers • GCP / AWS / … • nginx

    • haproxy

  32. Heapster + InfluxDB, Grafana

  33. Sécurité

  34. Namespaces et quotas apiVersion: v1
 kind: ResourceQuota
 metadata:
 name: compute-resources


    spec:
 hard:
 pods: "4"
 requests.cpu: "1"
 requests.memory: 1Gi
 limits.cpu: "2"
 limits.memory: 2Gi

  35. PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: permissive spec: seLinux:

    rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny hostPorts: - min: 8000 max: 8080 volumes: - '*' allowedCapabilities: - '*'

  36. NetworkPolicy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector:

    matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true"

  37. RBAC kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 namespace: default
 name: pod-reader


    rules:
 - apiGroups: [""] resources: ["pods"]
 verbs: ["get", "watch", “list"] kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 name: read-pods
 namespace: default
 subjects:
 - kind: User
 name: jane
 apiGroup: rbac.authorization.k8s.io
 roleRef:
 kind: Role
 name: pod-reader
 apiGroup: rbac.authorization.k8s.io

  38. Projets autour • Helm • Kops / Kube-AWS / Bootkube

    / … • Træfik • Prometheus / Sysdig / Datadog / … • Kube-lego, …

  39. Ressources • Minikube! • kubernetes.io • Kubernetes the hard way

    • Slack Kubernetes • Awesome Kubernetes

  40. Questions ?