Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction à Kubernetes

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Renaud Chaput Renaud Chaput
October 23, 2017
Technology
2
420

Introduction à Kubernetes

Présenté à Sysadmin Days #7 : https://sysadmindays.fr

Avatar for Renaud Chaput

Renaud Chaput

October 23, 2017
Tweet

More Decks by Renaud Chaput

See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
Avatar for Renaud Chaput renchap
1
700
Autour des requêtes des TSDB
Avatar for Renaud Chaput renchap
2
680
Operate HBase clusters at Scale
Avatar for Renaud Chaput renchap
1
420
Versions (par Olivier Delhomme)
Avatar for Renaud Chaput renchap
1
460
Prevent business logic attacks using dynamic instrumentation
Avatar for Renaud Chaput renchap
1
460
Atelier Paris Web : Introduction à Docker
Avatar for Renaud Chaput renchap
0
100
Alkemics CI & CD with Jenkins and Docker
Avatar for Renaud Chaput renchap
1
320
Les containers : décryptage
Avatar for Renaud Chaput renchap
2
290
Kubernetes en production : un an après
Avatar for Renaud Chaput renchap
1
340

Other Decks in Technology

See All in Technology
組織全体で実現する標準監視設計
Avatar for Yuto Obayashi yuobayashi
3
500
【Oracle Cloud ウェビナー】【入門編】はじめてのOracle AI Data Platform - AIのためのデータ準備&自社用AIエージェントをワンストップで実現
Avatar for oracle4engineer oracle4engineer
PRO
1
170
"作る"から"使われる"へ:Backstage 活用の現在地
Avatar for SoftBank Tech Night sbtechnight
0
190
今のWordPress の制作手法ってなにがあんねん?(改) / What’s the Deal with WordPress Development These Days?
Avatar for tbshiki tbshiki
0
510
Everything Claude Code を眺める
Avatar for Oikon oikon48
12
7.9k
楽しく学ぼう!ネットワーク入門
Avatar for Shota Shiratori shotashiratori
1
480
Mitigating geopolitical risks with local-first software and atproto
Avatar for Martin Kleppmann ept
0
120
アーキテクチャモダナイゼーションを実現する組織
Avatar for SatohJohn satohjohn
1
1.1k
AI時代のSaaSとETL
Avatar for Shu Suzuki shoe116
1
190
AIエージェント、 社内展開の前に知っておきたいこと
Avatar for oracle4engineer oracle4engineer
PRO
2
160
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
Avatar for GMO Flatt Security flatt_security
0
1.8k
20260311 技術SWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
Avatar for OpenID Foundation Japan oidfj
0
370

Featured

See All Featured
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
220
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
32
2.8k
Collaborative Software Design: How to facilitate domain modelling decisions
Avatar for Kenny Baas-Schwegler baasie
0
160
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
0
290
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
60
43k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
82
6.2k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
75
11k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
110k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
1
3.5k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
2.5k

Transcript

  1. Introduction à Kubernetes

  2. Renaud Chaput @renchap

  3. Kubernetes

  4. Historique • Origine : Borg, l’orchestrateur de Google • En

    2014, début du projet “Seven”, son remplaçant • Volonté de le rendre Open Source • Kubernetes est né ! • Version 1.0 en 2015, et don à la CNCF

  5. Objectifs • Découpler infra et applications • Scale • Générique

    / Flexible • Automatisable • Extensible • Portable (cloud provider, bare metal, …)

  6. Un gros projet 1500 contributeurs 32 000 PR depuis 2014

  7. Structure • Code of Conduct et CLA • Doc claire

    sur la participation • Special Interest Groups (SIGs) • Working groups • Committees

  8. Releases

  9. Releases

  10. Features Alpha 1.5 Décembre 2016 Beta 1.7 Juin 2017 Stable

    1.8 Septembre 2017 Alpha 1.6 Mars 2017

  11. Fonctionnement

  12. Objets apiVersion: v1 kind: Pod metadata: name: <name>
 namespace: default


    spec:
 status:

  13. Un même namespace / cgroup
 IP partagée (donc localhost commun)


    Volumes communs
 IPC / … ./rails server ./log_processor.py Pod AppServer Sidecar

  14. apiVersion: v1
 kind: Pod
 metadata: name: nginx
 spec:
 containers: -

    name: nginx image: nginx:1.7.9 ports: - containerPort: 8080 Pod simple

  15. Deployment apiVersion: apps/v1beta2 kind: Deployment metadata:
 name: nginx-deployment
 labels:
 app:

    nginx spec:
 replicas: 3 selector:
 matchLabels:
 app: nginx template: metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: nginx:1.7.9
 ports:
 - containerPort: 8080

  16. Service apiVersion: v1 kind: Service metadata:
 name: nginx-svc spec: selector:


    app: nginx ports:
 - protocol: TCP
 port: 80
 targetPort: 8080

  17. db-1 volume-1 StatefulSet Db-2 Volume-2 Db-3 Volume-3

  18. DaemonSet Jobs CronJobs NetworkPolicy Secret Ingress Volume …

  19. Architecture

  20. etcd etcd etcd Key/Value store Distribué Watch

  21. etcd etcd etcd API Server Scheduler Controller manager

  22. kubelet kube-proxy Pod Pod Pod Pod Pod Pod Pod Pod

    Pod Pod

  23. Pré-requis réseau • Tous les containers peuvent communiquer avec entre-eux

    sans NAT • Tous les noeuds peuvent communiquer avec tous les containers sans NAT • L’IP d’un container vue de l’intérieur du container est la même que vu de l’extérieur

  24. Container Runtime • Docker • CRI-O : interface OCI standard

    • rkt (CoreOS) • Frakti : basé sur un hyperviseur

  25. Node 1 Node 2 Node n etcd etcd etcd API

    Server Scheduler Controller manager …

  26. Kubectl $ kubectl apply -f nginx.yaml nginx-svc.yml
 $ kubectl get

    all
 NAME READY STATUS RESTARTS AGE
 po/nginx 1/1 Running 0 12h 
 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
 svc/nginx-svc 10.0.0.116 <none> 80/TCP 7s

  27. Federation

  28. Add-ons

  29. Kube DNS nginx-svc.my-namespace.svc.cluster.local _http._tcp.nginx-svc.my-namespace.svc.cluster.local 1-2-3-4.default.pod.cluster.local

  30. Dashboard

  31. Ingress controllers • GCP / AWS / … • nginx

    • haproxy

  32. Heapster + InfluxDB, Grafana

  33. Sécurité

  34. Namespaces et quotas apiVersion: v1
 kind: ResourceQuota
 metadata:
 name: compute-resources


    spec:
 hard:
 pods: "4"
 requests.cpu: "1"
 requests.memory: 1Gi
 limits.cpu: "2"
 limits.memory: 2Gi

  35. PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: permissive spec: seLinux:

    rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny hostPorts: - min: 8000 max: 8080 volumes: - '*' allowedCapabilities: - '*'

  36. NetworkPolicy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector:

    matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true"

  37. RBAC kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 namespace: default
 name: pod-reader


    rules:
 - apiGroups: [""] resources: ["pods"]
 verbs: ["get", "watch", “list"] kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 name: read-pods
 namespace: default
 subjects:
 - kind: User
 name: jane
 apiGroup: rbac.authorization.k8s.io
 roleRef:
 kind: Role
 name: pod-reader
 apiGroup: rbac.authorization.k8s.io

  38. Projets autour • Helm • Kops / Kube-AWS / Bootkube

    / … • Træfik • Prometheus / Sysdig / Datadog / … • Kube-lego, …

  39. Ressources • Minikube! • kubernetes.io • Kubernetes the hard way

    • Slack Kubernetes • Awesome Kubernetes

  40. Questions ?