Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting Started with Kubernetes

Getting Started with Kubernetes

- Chapter 1 - Overview
 - Introduction
 - Setup Solutions
 - Architecture
 - Components
 - Resources
- Chapter 2 - Hands-on
 - Setup K8s Env
 - Access K8s master
 - K8s Objects Config
 - Play with resources
  - Cluster
   - Namespace
  - Workloads
   - Pods
   - Deployments
   - DaemonSets
  - Storage & Config
   - Volume
   - ConfigMaps
   - Secrets
  - Discovery & Load Balancing
   - Services
- Chapter 3 - Dive Into K8s
 - What Happens When We Type kubectl run
- Additional
 - Helm
 - CNCF Cloud Native Interactive Landscape

Samina (Shan Jung Fu)

January 03, 2019
Tweet

More Decks by Samina (Shan Jung Fu)

Other Decks in Technology

Transcript

  1. Kubernetes Introduction • Kubernetes is Greek for captain or pilot

    • Aka K8s, replace “ubernete” with 8 • Experiences from Google & design by Google • An open-source system 6
  2. Kubernetes Introduction (Cont.) • A container platform • A microservices

    platform • A portable cloud platform & a lot more • Provide a container-centric management environment • Orchestrate computing, networking, & storage infrastructure on behalf of user workloads 7
  3. Kubernetes Setup Solutions • Local-machine solutions • Hosted solutions •

    Turnkey cloud solutions • Custom solutions • etc. 10
  4. Kubernetes Setup Solutions (Cont.) • Local-machine solutions A local, single-node

    Kubernetes cluster for development and testing ◦ Minikube ◦ microk8s ◦ etc. • Hosted solutions • Turnkey cloud solutions • Custom solutions 11
  5. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    Maintain more machines and higher availability ◦ OpenShift ◦ VMware Cloud PKS ◦ etc. • Turnkey cloud solutions • Custom solutions • ... 12
  6. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    • Turnkey cloud solutions Create K8s clusters on a range of Cloud IaaS providers with only a few commands ◦ AWS ◦ Google Compute Engine (GCE) ◦ etc. • Custom solutions • ... 13
  7. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    • Turnkey cloud solutions • On-premises turnkey cloud solutions • Custom solutions ◦ kubeadm ◦ Kubespray ◦ Kubernetes The Hard Way ◦ etc. • etc. 14
  8. Node • A worker machine in K8s • Can be

    a VM or physical machine • also called "minions" • Node components include: ◦ Kubelet ◦ Kube-proxy ◦ Container Runtime • Components run on each node Kubernetes Architecture (Cont.) Node Kubelet Container Runtime Kube-proxy Pod Pod Pod 17
  9. Kubernetes Architecture (Cont.) • The components of Control plane (its

    "brains"): ◦ API server (our point of entry to everything!) ◦ core services ▪ scheduler ▪ controller manager ◦ etcd ▪ A highly available key/value store ▪ "database" of K8s • Also called the "master" 18
  10. Node Components (Cont.) • An agent • Makes sure that

    containers are running in a pod. kubelet • Enable the K8s service abstraction by maintaining network rules. • Performing connection forwarding. kube-proxy • Responsible for running containers. • K8s supports several runtimes(software): Docker, rkt, runc & any OCI runtime-spec implementation. Container Runtime 20
  11. Master Components • Exposes the Kubernetes API. • The front-end

    for the K8s control plane. kube-apiserver • K8s’ backing store for all cluster data. • A highly-available key value store. etcd • Selects a node for them to run on. • scheduling decisions kube-scheduler • Runs controllers ◦ Node Controller: Responsible for responding when nodes go down. ◦ Endpoints Controller: Endpoints object (that is, joins Services & Pods). ◦ Service Account & Token Controllers, Replication Controller kube-controller -manager 21
  12. • Do many actions: create, update, delete ... • Contain

    a lot of objects called resources ◦ These resources are organized by type or Kind (in the API) Kubernetes API 23
  13. Kubernetes Resources (Cont.) • We can see the full list

    by running kubectl api-resources (In Kubernetes 1.10 and prior, the command to list API resources was kubectl get) 24
  14. NAME SHORTNAMES NAMESPACED KIND bindings true Binding componentstatuses cs false

    ComponentStatus configmaps cm true ConfigMap endpoints ep true Endpoints events ev true Event limitranges limits true LimitRange namespaces ns false Namespace nodes no false Node persistentvolumeclaims pvc true PersistentVolumeClaim persistentvolumes pv false PersistentVolume pods po true Pod podtemplates true PodTemplate replicationcontrollers rc true ReplicationController resourcequotas quota true ResourceQuota secrets true Secret serviceaccounts sa true ServiceAccount services svc true Service initializerconfigurations false InitializerConfiguration mutatingwebhookconfigurations false MutatingWebhookConfiguration validatingwebhookconfigurations false ValidatingWebhookConfiguration customresourcedefinitions crd,crds false CustomResourceDefinition apiservices false APIService controllerrevisions true ControllerRevision daemonsets ds true DaemonSet deployments deploy true Deployment replicasets rs true ReplicaSet statefulsets sts true StatefulSet tokenreviews false TokenReview localsubjectaccessreviews true LocalSubjectAccessReview Kubernetes Resources (Cont.) 25
  15. Kubernetes Resources (Cont.) NAME SHORTNAMES NAMESPACED KIND selfsubjectaccessreviews false SelfSubjectAccessReview

    selfsubjectrulesreviews false SelfSubjectRulesReview subjectaccessreviews false SubjectAccessReview horizontalpodautoscalers hpa true HorizontalPodAutoscaler cronjobs cj true CronJob jobs true Job certificatesigningrequests csr false CertificateSigningRequest leases true Lease events ev true Event daemonsets ds true DaemonSet deployments deploy true Deployment ingresses ing true Ingress networkpolicies netpol true NetworkPolicy podsecuritypolicies psp false PodSecurityPolicy replicasets rs true ReplicaSet networkpolicies netpol true NetworkPolicy poddisruptionbudgets pdb true PodDisruptionBudget podsecuritypolicies psp false PodSecurityPolicy clusterrolebindings false ClusterRoleBinding clusterroles false ClusterRole rolebindings true RoleBinding roles true Role priorityclasses pc false PriorityClass podpresets true PodPreset storageclasses sc false StorageClass volumeattachments false VolumeAttachment 26
  16. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 28
  17. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 29
  18. kubeadm • Prepare lab environment: ◦ OS: Linux or MacOS

    ◦ Softwares: ▪ VirtualBox v5.1 ▪ Vagrant v2.1.1 ◦ Start the VM Refer to Vagrantfile to deploy K8s on host using kubeadm 30 cd ~/ && git clone https://github.com/sufuf3/hands-on-w-tutorials. git cd ~/hands-on-w-tutorials/2019-01-03/ && vagrant up --provider=virtualbox Node apiserver etcd scheduler controller Kubelet Container Runtime Kube-proxy Pod Pod Pod
  19. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 33
  20. Access K8s master • CLI (Command Line Interface) • API

    (Application Program Interface) • UI (User Interface) 34
  21. • Tool: kubectl • Install kubectl binary (eg. Ubuntu) •

    Syntax kubectl [command] [TYPE] [NAME] [flags] • command: create, get, describe, delete • TYPE: resource type • NAME: the name of the resource • flags: Specifies optional flags. • CLI • API • UI CLI (Command Line Interface) 35 sudo apt-get update && sudo apt-get install -y apt-transport-https curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl
  22. $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS

    AGE kube-system coredns-576cbf47c7-2d4r6 1/1 Running 0 21h kube-system coredns-576cbf47c7-7vk54 1/1 Running 0 21h kube-system etcd-k8slab 1/1 Running 0 21h kube-system kube-apiserver-k8slab 1/1 Running 0 21h kube-system kube-controller-manager-k8slab 1/1 Running 0 21h kube-system kube-flannel-ds-gb5c8 1/1 Running 0 21h kube-system kube-proxy-zqn82 1/1 Running 0 21h kube-system kube-scheduler-k8slab 1/1 Running 0 21h kube-system kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 21h kube-system tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 21h • CLI • API • UI CLI (Cont.) 36
  23. $ curl -s https://172.17.8.100:6443/api/ -k | jq { "kind": "APIVersions",

    "versions": [ "v1" ], "serverAddressByClientCIDRs": [ { "clientCIDR": "0.0.0.0/0", "serverAddress": "172.17.8.100:6443" } ] } • CLI • API • UI API (Application Program Interface) 37
  24. $ curl -s https://172.17.8.100:6443/api/v1/nodes -k | jq $ curl -s

    https://172.17.8.100:6443/api/v1/namespaces/kub e-system/pods -k | jq ... • CLI • API • UI API (Cont.) 38
  25. • CLI • API • UI UI (Cont.) 0. Need

    deploy dashboard before 1. Access https://172.17.8.100:32641 2. Use kubectl get the token kubectl -n kube-system describe secrets $(kubectl -n kube-system get sa dashboard -o yaml | grep dashboard-token | cut -f2 -d':') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' 3. Paste the token in web UI & click SIGN IN 40
  26. Chapter 2 Hands-on Setup K8s Env Access K8s master K8s

    Objects Config Play with resources 41
  27. apiVersion: v1 kind: RESOURCE_TYPE metadata: name: namespace: spec: ... Describing

    a K8s Object • Provide the object spec to create an object in K8s • Object spec describes: ◦ Its desired state ◦ Some basic info. about the object (such as a name) • Most often, we provide the info. to kubectl in a .yaml file. 43 • Describing a K8s Object • Labels • Selectors • apiVersion - the version of K8s API you’re using to create this object • kind - What kind of object you want to create • metadata - Data that helps uniquely identify the object • Spec - Is different for every K8s object, & contains nested fields specific to that object.
  28. • Key/value pairs are attached to objects • Do not

    provide uniqueness • Are used as identifying attributes for objects • Keys & values of Valid label must be ◦ 63 characters or less ◦ beginning and ending with ▪ an alphanumeric character ([a-z0-9A-Z]) ▪ dashes (-) ▪ underscores (_) ▪ dots (.) ▪ alphanumerics between Labels 44 • Describing a K8s Object • Labels • Selectors "metadata": { "labels": { "key1" : "value1", "key2" : "value2" } }
  29. Selectors • Are core grouping primitive in K8s • K8s

    API currently supports two type of selectors − ◦ Equality-based selectors ▪ Allow filtering by key & value ◦ Set-based selectors ▪ Allow filtering of keys according to a set of values. 45 • Describing a K8s Object • Labels • Selectors selector: matchLabels: component: redis nodeSelector: accelerator: nvidia-tesla-p100
  30. Chapter 2 Hands-on Setup K8s Env Access K8s master K8s

    Objects Config Play with resources 46
  31. Play with resources (8/54) • Cluster ◦ Namespace • Workloads

    ◦ Pods ◦ Deployments ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services 47
  32. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 48
  33. Namespace (NS) • Virtual clusters • Functionalities ◦ Help pod-to-pod

    communication using the same NS ◦ Can sit on top of the same physical cluster ◦ Provide logical separation between the teams & the environments • Not all objects are in a namespace 49 # In a namespace $ kubectl api-resources --namespaced=true # Not in a namespace $ kubectl api-resources --namespaced=false
  34. Namespace (Cont.) Hands-on 1. Create a namespace(ns) 2. Viewing namespaces(ns)

    3. Viewing resources under a namespace(ns) 4. Using Namespace in pod - Example 50
  35. 1. Create a namespace(ns) Namespace (Cont.) 51 apiVersion: v1 kind:

    Namespace metadata: name: my-ns $ kubectl create -f namespace/ns.yaml
  36. 2. Viewing namespaces(ns) Namespace (Cont.) 52 $ kubectl get namespaces

    NAME STATUS AGE default Active 1d kube-system Active 1d kube-public Active 1d
  37. Namespace (Cont.) 53 $ kubectl get pods -n kube-system NAME

    READY STATUS RESTARTS AGE coredns-576cbf47c7-2d4r6 1/1 Running 0 25h coredns-576cbf47c7-7vk54 1/1 Running 0 25h etcd-k8slab 1/1 Running 0 25h kube-apiserver-k8slab 1/1 Running 0 25h kube-controller-manager-k8slab 1/1 Running 0 25h kube-flannel-ds-gb5c8 1/1 Running 0 25h kube-proxy-zqn82 1/1 Running 0 25h kube-scheduler-k8slab 1/1 Running 0 25h kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 25h tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 25h 3. Viewing resources under a namespace(ns)
  38. 4. Using Namespace in pod - Example (namespace/pod.yaml) Namespace (Cont.)

    54 apiVersion: v1 kind: Pod metadata: name: nginx-demo namespace: my-ns spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80
  39. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 55
  40. Pod • A group of one or more application containers

    • Shared resources for those containers ◦ Shared storage, as Volumes ◦ Networking, as a unique cluster IP address ◦ Information about how to run each container 56 • Pods • Deployments • DaemonSets
  41. Pod (Cont.) Hands-on 1. Create a pod 2. Get pods

    3. Get the description of pod 4. Get logs of pod 5. Start a bash session in the pod’s container 6. Delete the pod 57 • Pods • Deployments • DaemonSets
  42. 1. Create a pod Pod (Cont.) 58 • Pods •

    Deployments • DaemonSets apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: mycontainer image: busybox command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600'] $ kubectl create -f pod/pod.yaml
  43. 2. Get pods $ kubectl get pod NAME READY STATUS

    RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE myapp-pod 1/1 Running 0 3m27s 10.244.0.6 k8slab <none> Pod (Cont.) 59 • Pods • Deployments • DaemonSets
  44. 3. Get the description of pod $ kubectl describe pod

    myapp-pod Name: myapp-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8slab/10.0.2.15 Start Time: Mon, 31 Dec 2018 17:30:58 +0000 Labels: app=myapp Annotations: <none> Status: Running IP: 10.244.0.6 ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 5m49s default-scheduler Successfully assigned default/myapp-pod to k8slab Normal Pulling 5m48s kubelet, k8slab pulling image "busybox" Normal Pulled 5m43s kubelet, k8slab Successfully pulled image "busybox" Normal Created 5m43s kubelet, k8slab Created container Normal Started 5m43s kubelet, k8slab Started container Pod (Cont.) 60 • Pods • Deployments • DaemonSets
  45. 4. Get logs of pod $ kubectl logs myapp-pod Hello

    Kubernetes! $ kubectl logs -f myapp-pod Hello Kubernetes! ^C Pod (Cont.) 61 • Pods • Deployments • DaemonSets
  46. 5. Start a sh session in the pod’s container $

    kubectl exec -it myapp-pod -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit $ kubectl exec -it myapp-pod -c mycontainer -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit Pod (Cont.) 62 • Pods • Deployments • DaemonSets
  47. Pod (Cont.) 63 • Pods • Deployments • DaemonSets 6.

    Delete the pod $ kubectl delete po myapp-pod pod "myapp-pod" deleted $ kubectl delete -f pod/pod.yaml pod "myapp-pod" deleted • Force delete a pod on a dead node $ kubectl delete po myapp-pod --grace-period=0 --force
  48. Deployment • Is responsible for creating & updating instances of

    the application. • Support rolling update & recreate to update pod template. 64 • Pods • Deployments • DaemonSets
  49. 1. $ 2. $ $ 3. $ Deployment (Cont.) Create

    a deployment kubectl create -f deployment/nginx-deploy.yaml Get the deployment kubectl get deploy -o wide kubectl get all -l app=nginx -o wide NAME READY STATUS RESTARTS AGE ... pod/nginx-deployment-d55b94fd-gnm89 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-jqkvx 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-rtp4f 1/1 Running 1 34h ... NAME DESIRED CURRENT UP-TO-DATE AVAILABLE deployment.apps/nginx-deployment 3 3 3 3 NAME DESIRED CURRENT READY AGE ... replicaset.apps/nginx-deployment-d55b94fd 3 3 3 34h ... Delete the deployment kubectl delete deploy nginx-deployment 65 • Pods • Deployments • DaemonSets Hands-on
  50. Deployment (Cont.) 66 • Pods • Deployments • DaemonSets apiVersion:

    apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 #creates three replicated Pods selector: #defines how Deploy finds which Pods to manage matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.15.4 ports: - containerPort: 80
  51. DaemonSet • Manage groups of replicated Pods • Ensures that

    all (or some) Nodes run a copy of a Pod • Typical uses ◦ A cluster storage daemon ◦ A logs collection daemon ◦ A node monitoring daemon 67 • Pods • Deployments • DaemonSets
  52. Hands-on DaemonSet (Cont.) 68 • Pods • Deployments • DaemonSets

    1. $ 2. $ 3. $ Create a daemonset kubectl create -f daemonset/fluentd-ds.yaml Get the daemonset kubectl get ds -n kube-system -l k8s-app=fluentd-logging Delete the daemonset kubectl delete ds fluentd -n kube-system
  53. DaemonSet (Cont.) apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace:

    kube-system labels: k8s-app: fluentd-logging spec: selector: matchLabels: name: fluentd # Label selector that determines which Pods belong to the DaemonSet template: metadata: labels: name: fluentd # Pod template's label selector spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule containers: - name: fluentd image: gcr.io/google-containers/fluentd-elasticsearch:1.20 ... 69 • Pods • Deployments • DaemonSets
  54. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 70
  55. • A directory which is accessible to the containers in

    a pod • Types ◦ emptyDir ◦ hostPath ◦ configMap ◦ secret ◦ nfs ◦ cephfs ◦ persistentVolumeClaim ◦ … etc. Volume 71 • Volume • ConfigMaps • Secrets
  56. • Types ◦ emptyDir ▪ Is created when a Pod

    is first assigned to a Node ▪ The Pod is removed from the node, the data in the emptyDir is erased ◦ hostPath ▪ Mounts a file or directory from the host node’s file system into the pod ◦ configMap ▪ Inject configuration data into Pods ◦ secret ▪ Are backed by tmpfs (a RAM-backed filesystem) ▪ Never written to non-volatile storage Volume (Cont.) 72 • Volume • ConfigMaps • Secrets
  57. • Types ◦ nfs (Network File System) ▪ Unlike emptyDir

    ▪ Allows an existing NFS share to be mounted into Pod ▪ The data in an NFS volume is not erased when the Pod is removed from the node ◦ cephfs ▪ Unlike emptyDir ▪ Allows an existing CephFS volume to be mounted into Pod ▪ Data remains intact after the Pod is removed from node Volume (Cont.) 73 • Volume • ConfigMaps • Secrets
  58. • Persistent Volume (PV) ◦ A piece of network storage

    that has been provisioned by the administrator ◦ Is independent of any individual pod that uses the PV • Persistent Volume Claim (PVC) ◦ The storage requested by Kubernetes for its pods ◦ Users don’t need to know the underlying provisioning ◦ The claims must be created in the same namespace where the pod is created. Volume (Cont.) 74 • Volume • ConfigMaps • Secrets $ kubectl create -f pv-pvc/ $ kubectl get pv,pvc,po
  59. ConfigMap • Configure a Pod • Decouple configuration artifacts from

    image content • Keep containerized applications portable • Useful for storing & sharing non-sensitive, unencrypted configuration information 75 • Volume • ConfigMaps • Secrets
  60. ConfigMap (Cont.) Hands-on 1. Create configmap.yaml 2. Create configmap via

    kubectl 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume 76 • Volume • ConfigMaps • Secrets
  61. 1. Create configmap.yaml ConfigMap (Cont.) 77 • Volume • ConfigMaps

    • Secrets kind: ConfigMap apiVersion: v1 metadata: name: example-config namespace: default data: # example of using --from-literal example.property.1: hello example.property.2: world # example of defined using --from-file example.property.file: |- property.1=value-1 property.2=value-2 property.3=value-3
  62. ConfigMap (Cont.) 2. Create configMap via kubectl 78 • Volume

    • ConfigMaps • Secrets kubectl create -f configmap/example-config.yaml kubectl get cm example-config kubectl get cm example-config -o yaml
  63. ConfigMap (Cont.) 79 • Volume • ConfigMaps • Secrets apiVersion:

    v1 kind: Pod metadata: name: test-cm-pod1 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: - name: EXAMPLE_KEY2 valueFrom: configMapKeyRef: name: example-config key: example.property.2 restartPolicy: Never $ kubectl create -f configmap/env-pod1.yaml $ kubectl logs test-cm-pod1 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume
  64. ConfigMap (Cont.) 80 • Volume • ConfigMaps • Secrets $

    kubectl create -f configmap/env-pod2.yaml $ kubectl logs test-cm-pod2 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume apiVersion: v1 kind: Pod metadata: name: test-cm-pod2 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "echo EXAMPLE_KEY1 is $(EXAMPLE_KEY1)" ] env: - name: EXAMPLE_KEY1 valueFrom: configMapKeyRef: name: example-config key: example.property.1 restartPolicy: Never
  65. ConfigMap (Cont.) 81 • Volume • ConfigMaps • Secrets apiVersion:

    v1 kind: Pod metadata: name: test-cm-pod3 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh","-c","cat /etc/config/myconfig" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: # Provide the name of the ConfigMap containing the files you want # to add to the container name: example-config items: - key: example.property.file path: myconfig restartPolicy: Never $ kubectl create -f configmap/env-pod3.yaml $ kubectl logs test-cm-pod3 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume
  66. • Similar to ConfigMap • Using Base64 to encode strings

    • Are intended to hold sensitive information, such as: ◦ Passwords ◦ OAuth tokens ◦ ssh keys Secrets 82 • Volume • ConfigMaps • Secrets
  67. Hands-on 1. Convert strings to base64 2. Write a Secret

    file 3. Create the Secret using kubectl Secrets (Cont.) 83 • Volume • ConfigMaps • Secrets
  68. 1. Convert strings to base64 Secrets (Cont.) 84 • Volume

    • ConfigMaps • Secrets $ echo -n 'admin' | base64 YWRtaW4= $ echo -n '1f2d1e2e67df' | base64 MWYyZDFlMmU2N2Rm
  69. Secrets (Cont.) 85 • Volume • ConfigMaps • Secrets 2.

    Write a Secret file apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm
  70. Secrets (Cont.) 86 • Volume • ConfigMaps • Secrets 3.

    Create the Secret using kubectl $ kubectl create -f ./secret.yaml secret "mysecret" created
  71. Play with resources (8/54) 87 • Cluster ◦ Namespace •

    Workloads ◦ Pods ◦ Deployments ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services
  72. Services 88 • Service • Kube-proxy modes • Type of

    Services • To group a set of Pod endpoints into a single resource • An abstraction which defines a logical set of Pods & a policy • “layer 4” (TCP/UDP over IP) construct • kube-proxy is responsible for implementing a form of virtual IP for Services of type (ClusterIP, LoadBalancer, NodePort) Source: https://kubernetes.io/docs/tutorials/kubernetes-basics/expose/expose-intro/
  73. kube-proxy mode (Cont.) 90 • Service • Kube-proxy modes •

    Type of Services • userspace • iptables • ipvs
  74. kube-proxy mode (Cont.) 91 • Service • Kube-proxy modes •

    Type of Services • userspace • iptables • ipvs
  75. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName • External IPs 92 • Service • Kube-proxy modes • Type of Services
  76. Type of Services • ClusterIP (default) Internal clients send requests

    to a stable internal IP address. Note: The member Pod must have a container that is listening on TCP port 8080. Else, clients will see a message like "Failed to connect" or "This site can't be reached". • NodePort • LoadBalancer • ExternalName • External IPs 93 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-cip-service labels: app: my-nginx Spec: type: ClusterIP ports: - port: 80 protocol: TCP selector: app: my-nginx
  77. • ClusterIP (default) Type of Services 94 • Service •

    Kube-proxy modes • Type of Services kubectl create deployment --image nginx my-nginx kubectl create -f service/service-cip.yaml kubectl get all -o wide curl service_ip kubectl delete service/my-cip-service kubectl delete deployment my-nginx $ $ $ $ $ $
  78. Type of Services • ClusterIP (default) • NodePort Clients send

    requests to the IP address of a node on one or more nodePort values that are specified by the Service. (default: 30000-32767) • LoadBalancer • ExternalName • External IPs 95 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: NodePort ports: - name: http nodePort: 32660 port: 80 targetPort: 80 protocol: TCP selector: app: my-nginx
  79. • NodePort Type of Services 96 • Service • Kube-proxy

    modes • Type of Services $ $ $ $ $ $ $ kubectl create deployment --image nginx my-nginx kubectl create -f service/service-np.yaml kubectl get all -o wide curl service_ip curl 172.17.8.100:32660 kubectl delete service/my-np-service kubectl delete deployment my-nginx
  80. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    Clients send requests to the IP address of a External network load balancer. • ExternalName • External IPs 97 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: LoadBalancer ports: - name: http port: 80 targetPort: 80 protocol: TCP loadBalancerIP: external_IP selector: app: my-nginx
  81. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName Internal clients use the DNS name of a Service as an alias for an external DNS name. • External IPs 98 • Service • Kube-proxy modes • Type of Services kind: Service apiVersion: v1 metadata: name: my-service namespace: prod spec: type: ExternalName externalName: my.database.example.com
  82. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName • External IPs If there are external IPs that route to one or more cluster nodes, Kubernetes services can be exposed on those externalIPs 99 • Service • Kube-proxy modes • Type of Services kind: Service apiVersion: v1 metadata: name: my-service spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80 targetPort: 9376 externalIPs: - 80.11.12.10
  83. What Happens When We Type kubectl run • Please refer

    to ◦ https://github.com/jamiehannaford/what-happens- when-k8s ◦ https://github.com/kubernetes/website/blob/maste r/static/images/docs/architecture.png 102
  84. Simplify process when we create a deployment 1. User send

    a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 6. Scheduler let each Pod was scheduled to a suitable node 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container What Happens When We Type kubectl run (Cont.) 103
  85. What Happens When We Type kubectl run (Cont.) 104 API

    Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 1. User send a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 1 2 3
  86. What Happens When We Type kubectl run (Cont.) 105 API

    Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 4 4
  87. What Happens When We Type kubectl run (Cont.) 106 API

    Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 5
  88. What Happens When We Type kubectl run (Cont.) 107 Deployment

    ReplicaSet Pod Pod Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/
  89. What Happens When We Type kubectl run (Cont.) 108 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx
  90. What Happens When We Type kubectl run (Cont.) 109 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Deployment Controller
  91. What Happens When We Type kubectl run (Cont.) 110 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Create
  92. What Happens When We Type kubectl run (Cont.) 111 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx
  93. What Happens When We Type kubectl run (Cont.) 112 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet C reate Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx
  94. What Happens When We Type kubectl run (Cont.) 113 API

    Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 6. Scheduler let each Pod was scheduled to a suitable node 6
  95. What Happens When We Type kubectl run (Cont.) 114 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler
  96. What Happens When We Type kubectl run (Cont.) 115 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler Assign to Node
  97. What Happens When We Type kubectl run (Cont.) 116 Node

    API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container Node Kubelet Container Runtime Pod Pod Pod 7 8
  98. What Happens When We Type kubectl run (Cont.) 117 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ...
  99. What Happens When We Type kubectl run (Cont.) 118 Deployment

    Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ... Update status
  100. • The package manager for Kubernetes • Three concepts ◦

    Chart ▪ A bundle of information necessary to create an instance of a K8s application. ◦ Config ▪ Contains configuration information ▪ Can be merged into a packaged chart to create a releasable object ◦ Release ▪ Is a running instance of a chart ▪ combined with a specific config • Ref: https://docs.helm.sh/architecture/ 122 Helm
  101. • Two components ◦ Helm Client ▪ A command-line tool

    ▪ Is responsible for • Local chart development • Interacting with the Tiller server ◦ Tiller Server ▪ An in-cluster server ▪ Interacts w/ Helm client, & interfaces w/ K8s API server ▪ Is responsible for • Listening for incoming requests from Helm client • Combining a chart & config to build a release • Installing charts into K8s, and then tracking the subsequent release • Upgrading & uninstalling charts by interacting w/ K8s123 Helm (Cont.)
  102. $ helm delete RELEASE_NAME • Example 1. Initialize the local

    CLI 2. See which charts are available 3. Install a chart 4. Show a list of all deployed releases 5. Uninstall a release 124 Helm (Cont.) $ helm init $ helm search mysql $ helm install stable/mysql $ helm ls