Getting Started with Kubernetes

Transcript

1. Getting Started with Kubernetes Prepare Hands-On Environment: http://bit.ly/2LLVkvg All Lab

   base on [email protected] Presenter: Shan-Jung Fu Date: 2019/01/03 1

2. Agenda Chapter 1 - Overview Chapter 2 - Hands-on Chapter

   3 - Dive Into K8s 2 Additional

3. Chapter 1 - Overview 3

4. Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 4

5. Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 5

6. Kubernetes Introduction • Kubernetes is Greek for captain or pilot

   • Aka K8s, replace “ubernete” with 8 • Experiences from Google & design by Google • An open-source system 6

7. Kubernetes Introduction (Cont.) • A container platform • A microservices

   platform • A portable cloud platform & a lot more • Provide a container-centric management environment • Orchestrate computing, networking, & storage infrastructure on behalf of user workloads 7

8. Kubernetes is becoming the Linux of the cloud Jim Zemlin,

   Linux Foundation 8

9. Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 9

10. Kubernetes Setup Solutions • Local-machine solutions • Hosted solutions •

    Turnkey cloud solutions • Custom solutions • etc. 10

11. Kubernetes Setup Solutions (Cont.) • Local-machine solutions A local, single-node

    Kubernetes cluster for development and testing ◦ Minikube ◦ microk8s ◦ etc. • Hosted solutions • Turnkey cloud solutions • Custom solutions 11

12. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    Maintain more machines and higher availability ◦ OpenShift ◦ VMware Cloud PKS ◦ etc. • Turnkey cloud solutions • Custom solutions • ... 12

13. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    • Turnkey cloud solutions Create K8s clusters on a range of Cloud IaaS providers with only a few commands ◦ AWS ◦ Google Compute Engine (GCE) ◦ etc. • Custom solutions • ... 13

14. Kubernetes Setup Solutions (Cont.) • Local-machine solutions • Hosted solutions

    • Turnkey cloud solutions • On-premises turnkey cloud solutions • Custom solutions ◦ kubeadm ◦ Kubespray ◦ Kubernetes The Hard Way ◦ etc. • etc. 14

15. Introduction Setup Solutions Architecture Components Resources Chapter 1 Overview 15

16. Kubernetes Architecture apiserver etcd scheduler controller kubelet kubelet kubelet API

    CLI UI Users Control plane Nodes 16

17. Node • A worker machine in K8s • Can be

    a VM or physical machine • also called "minions" • Node components include: ◦ Kubelet ◦ Kube-proxy ◦ Container Runtime • Components run on each node Kubernetes Architecture (Cont.) Node Kubelet Container Runtime Kube-proxy Pod Pod Pod 17

18. Kubernetes Architecture (Cont.) • The components of Control plane (its

    "brains"): ◦ API server (our point of entry to everything!) ◦ core services ▪ scheduler ▪ controller manager ◦ etcd ▪ A highly available key/value store ▪ "database" of K8s • Also called the "master" 18

19. Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 19

20. Node Components (Cont.) • An agent • Makes sure that

    containers are running in a pod. kubelet • Enable the K8s service abstraction by maintaining network rules. • Performing connection forwarding. kube-proxy • Responsible for running containers. • K8s supports several runtimes(software): Docker, rkt, runc & any OCI runtime-spec implementation. Container Runtime 20

21. Master Components • Exposes the Kubernetes API. • The front-end

    for the K8s control plane. kube-apiserver • K8s’ backing store for all cluster data. • A highly-available key value store. etcd • Selects a node for them to run on. • scheduling decisions kube-scheduler • Runs controllers ◦ Node Controller: Responsible for responding when nodes go down. ◦ Endpoints Controller: Endpoints object (that is, joins Services & Pods). ◦ Service Account & Token Controllers, Replication Controller kube-controller -manager 21

22. Chapter 1 Overview Introduction Setup Solutions Architecture Components Resources 22

23. • Do many actions: create, update, delete ... • Contain

    a lot of objects called resources ◦ These resources are organized by type or Kind (in the API) Kubernetes API 23

24. Kubernetes Resources (Cont.) • We can see the full list

    by running kubectl api-resources (In Kubernetes 1.10 and prior, the command to list API resources was kubectl get) 24

25. NAME SHORTNAMES NAMESPACED KIND bindings true Binding componentstatuses cs false

    ComponentStatus configmaps cm true ConfigMap endpoints ep true Endpoints events ev true Event limitranges limits true LimitRange namespaces ns false Namespace nodes no false Node persistentvolumeclaims pvc true PersistentVolumeClaim persistentvolumes pv false PersistentVolume pods po true Pod podtemplates true PodTemplate replicationcontrollers rc true ReplicationController resourcequotas quota true ResourceQuota secrets true Secret serviceaccounts sa true ServiceAccount services svc true Service initializerconfigurations false InitializerConfiguration mutatingwebhookconfigurations false MutatingWebhookConfiguration validatingwebhookconfigurations false ValidatingWebhookConfiguration customresourcedefinitions crd,crds false CustomResourceDefinition apiservices false APIService controllerrevisions true ControllerRevision daemonsets ds true DaemonSet deployments deploy true Deployment replicasets rs true ReplicaSet statefulsets sts true StatefulSet tokenreviews false TokenReview localsubjectaccessreviews true LocalSubjectAccessReview Kubernetes Resources (Cont.) 25

26. Kubernetes Resources (Cont.) NAME SHORTNAMES NAMESPACED KIND selfsubjectaccessreviews false SelfSubjectAccessReview

    selfsubjectrulesreviews false SelfSubjectRulesReview subjectaccessreviews false SubjectAccessReview horizontalpodautoscalers hpa true HorizontalPodAutoscaler cronjobs cj true CronJob jobs true Job certificatesigningrequests csr false CertificateSigningRequest leases true Lease events ev true Event daemonsets ds true DaemonSet deployments deploy true Deployment ingresses ing true Ingress networkpolicies netpol true NetworkPolicy podsecuritypolicies psp false PodSecurityPolicy replicasets rs true ReplicaSet networkpolicies netpol true NetworkPolicy poddisruptionbudgets pdb true PodDisruptionBudget podsecuritypolicies psp false PodSecurityPolicy clusterrolebindings false ClusterRoleBinding clusterroles false ClusterRole rolebindings true RoleBinding roles true Role priorityclasses pc false PriorityClass podpresets true PodPreset storageclasses sc false StorageClass volumeattachments false VolumeAttachment 26

27. Chapter 2 - Hands-on 27

28. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 28

29. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 29

30. kubeadm • Prepare lab environment: ◦ OS: Linux or MacOS

    ◦ Softwares: ▪ VirtualBox v5.1 ▪ Vagrant v2.1.1 ◦ Start the VM Refer to Vagrantfile to deploy K8s on host using kubeadm 30 cd ~/ && git clone https://github.com/sufuf3/hands-on-w-tutorials. git cd ~/hands-on-w-tutorials/2019-01-03/ && vagrant up --provider=virtualbox Node apiserver etcd scheduler controller Kubelet Container Runtime Kube-proxy Pod Pod Pod

31. Online Learning • https://www.katacoda.com/courses/kubernetes 31

32. Online Learning (Cont.) • https://labs.play-with-k8s.com/ • GitHub Repository: https://github.com/play-with-docker/play-with-docker 32

33. Setup K8s Env Access K8s master K8s Objects Config Play

    with resources Chapter 2 Hands-on 33

34. Access K8s master • CLI (Command Line Interface) • API

    (Application Program Interface) • UI (User Interface) 34

35. • Tool: kubectl • Install kubectl binary (eg. Ubuntu) •

    Syntax kubectl [command] [TYPE] [NAME] [flags] • command: create, get, describe, delete • TYPE: resource type • NAME: the name of the resource • flags: Specifies optional flags. • CLI • API • UI CLI (Command Line Interface) 35 sudo apt-get update && sudo apt-get install -y apt-transport-https curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl

36. $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS

    AGE kube-system coredns-576cbf47c7-2d4r6 1/1 Running 0 21h kube-system coredns-576cbf47c7-7vk54 1/1 Running 0 21h kube-system etcd-k8slab 1/1 Running 0 21h kube-system kube-apiserver-k8slab 1/1 Running 0 21h kube-system kube-controller-manager-k8slab 1/1 Running 0 21h kube-system kube-flannel-ds-gb5c8 1/1 Running 0 21h kube-system kube-proxy-zqn82 1/1 Running 0 21h kube-system kube-scheduler-k8slab 1/1 Running 0 21h kube-system kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 21h kube-system tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 21h • CLI • API • UI CLI (Cont.) 36

37. $ curl -s https://172.17.8.100:6443/api/ -k | jq { "kind": "APIVersions",

    "versions": [ "v1" ], "serverAddressByClientCIDRs": [ { "clientCIDR": "0.0.0.0/0", "serverAddress": "172.17.8.100:6443" } ] } • CLI • API • UI API (Application Program Interface) 37

38. $ curl -s https://172.17.8.100:6443/api/v1/nodes -k | jq $ curl -s

    https://172.17.8.100:6443/api/v1/namespaces/kub e-system/pods -k | jq ... • CLI • API • UI API (Cont.) 38

39. • CLI • API • UI UI (User Interface) 39

40. • CLI • API • UI UI (Cont.) 0. Need

    deploy dashboard before 1. Access https://172.17.8.100:32641 2. Use kubectl get the token kubectl -n kube-system describe secrets $(kubectl -n kube-system get sa dashboard -o yaml | grep dashboard-token | cut -f2 -d':') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' 3. Paste the token in web UI & click SIGN IN 40

41. Chapter 2 Hands-on Setup K8s Env Access K8s master K8s

    Objects Config Play with resources 41

42. • Describing a K8s Object • Labels • Selectors K8s

    Objects Config 42

43. apiVersion: v1 kind: RESOURCE_TYPE metadata: name: namespace: spec: ... Describing

    a K8s Object • Provide the object spec to create an object in K8s • Object spec describes: ◦ Its desired state ◦ Some basic info. about the object (such as a name) • Most often, we provide the info. to kubectl in a .yaml file. 43 • Describing a K8s Object • Labels • Selectors • apiVersion - the version of K8s API you’re using to create this object • kind - What kind of object you want to create • metadata - Data that helps uniquely identify the object • Spec - Is different for every K8s object, & contains nested fields specific to that object.

44. • Key/value pairs are attached to objects • Do not

    provide uniqueness • Are used as identifying attributes for objects • Keys & values of Valid label must be ◦ 63 characters or less ◦ beginning and ending with ▪ an alphanumeric character ([a-z0-9A-Z]) ▪ dashes (-) ▪ underscores (_) ▪ dots (.) ▪ alphanumerics between Labels 44 • Describing a K8s Object • Labels • Selectors "metadata": { "labels": { "key1" : "value1", "key2" : "value2" } }

45. Selectors • Are core grouping primitive in K8s • K8s

    API currently supports two type of selectors − ◦ Equality-based selectors ▪ Allow filtering by key & value ◦ Set-based selectors ▪ Allow filtering of keys according to a set of values. 45 • Describing a K8s Object • Labels • Selectors selector: matchLabels: component: redis nodeSelector: accelerator: nvidia-tesla-p100

46. Chapter 2 Hands-on Setup K8s Env Access K8s master K8s

    Objects Config Play with resources 46

47. Play with resources (8/54) • Cluster ◦ Namespace • Workloads

    ◦ Pods ◦ Deployments ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services 47

48. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 48

49. Namespace (NS) • Virtual clusters • Functionalities ◦ Help pod-to-pod

    communication using the same NS ◦ Can sit on top of the same physical cluster ◦ Provide logical separation between the teams & the environments • Not all objects are in a namespace 49 # In a namespace $ kubectl api-resources --namespaced=true # Not in a namespace $ kubectl api-resources --namespaced=false

50. Namespace (Cont.) Hands-on 1. Create a namespace(ns) 2. Viewing namespaces(ns)

    3. Viewing resources under a namespace(ns) 4. Using Namespace in pod - Example 50

51. 1. Create a namespace(ns) Namespace (Cont.) 51 apiVersion: v1 kind:

    Namespace metadata: name: my-ns $ kubectl create -f namespace/ns.yaml

52. 2. Viewing namespaces(ns) Namespace (Cont.) 52 $ kubectl get namespaces

    NAME STATUS AGE default Active 1d kube-system Active 1d kube-public Active 1d

53. Namespace (Cont.) 53 $ kubectl get pods -n kube-system NAME

    READY STATUS RESTARTS AGE coredns-576cbf47c7-2d4r6 1/1 Running 0 25h coredns-576cbf47c7-7vk54 1/1 Running 0 25h etcd-k8slab 1/1 Running 0 25h kube-apiserver-k8slab 1/1 Running 0 25h kube-controller-manager-k8slab 1/1 Running 0 25h kube-flannel-ds-gb5c8 1/1 Running 0 25h kube-proxy-zqn82 1/1 Running 0 25h kube-scheduler-k8slab 1/1 Running 0 25h kubernetes-dashboard-65c76f6c97-977ps 1/1 Running 0 25h tiller-deploy-694dc94c65-bk6wl 1/1 Running 0 25h 3. Viewing resources under a namespace(ns)

54. 4. Using Namespace in pod - Example (namespace/pod.yaml) Namespace (Cont.)

    54 apiVersion: v1 kind: Pod metadata: name: nginx-demo namespace: my-ns spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80

55. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 55

56. Pod • A group of one or more application containers

    • Shared resources for those containers ◦ Shared storage, as Volumes ◦ Networking, as a unique cluster IP address ◦ Information about how to run each container 56 • Pods • Deployments • DaemonSets

57. Pod (Cont.) Hands-on 1. Create a pod 2. Get pods

    3. Get the description of pod 4. Get logs of pod 5. Start a bash session in the pod’s container 6. Delete the pod 57 • Pods • Deployments • DaemonSets

58. 1. Create a pod Pod (Cont.) 58 • Pods •

    Deployments • DaemonSets apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: mycontainer image: busybox command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600'] $ kubectl create -f pod/pod.yaml

59. 2. Get pods $ kubectl get pod NAME READY STATUS

    RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 3m27s $ kubectl get po -n default -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE myapp-pod 1/1 Running 0 3m27s 10.244.0.6 k8slab <none> Pod (Cont.) 59 • Pods • Deployments • DaemonSets

60. 3. Get the description of pod $ kubectl describe pod

    myapp-pod Name: myapp-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8slab/10.0.2.15 Start Time: Mon, 31 Dec 2018 17:30:58 +0000 Labels: app=myapp Annotations: <none> Status: Running IP: 10.244.0.6 ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 5m49s default-scheduler Successfully assigned default/myapp-pod to k8slab Normal Pulling 5m48s kubelet, k8slab pulling image "busybox" Normal Pulled 5m43s kubelet, k8slab Successfully pulled image "busybox" Normal Created 5m43s kubelet, k8slab Created container Normal Started 5m43s kubelet, k8slab Started container Pod (Cont.) 60 • Pods • Deployments • DaemonSets

61. 4. Get logs of pod $ kubectl logs myapp-pod Hello

    Kubernetes! $ kubectl logs -f myapp-pod Hello Kubernetes! ^C Pod (Cont.) 61 • Pods • Deployments • DaemonSets

62. 5. Start a sh session in the pod’s container $

    kubectl exec -it myapp-pod -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit $ kubectl exec -it myapp-pod -c mycontainer -- sh / # ls bin dev etc home proc root sys tmp usr var / # exit Pod (Cont.) 62 • Pods • Deployments • DaemonSets

63. Pod (Cont.) 63 • Pods • Deployments • DaemonSets 6.

    Delete the pod $ kubectl delete po myapp-pod pod "myapp-pod" deleted $ kubectl delete -f pod/pod.yaml pod "myapp-pod" deleted • Force delete a pod on a dead node $ kubectl delete po myapp-pod --grace-period=0 --force

64. Deployment • Is responsible for creating & updating instances of

    the application. • Support rolling update & recreate to update pod template. 64 • Pods • Deployments • DaemonSets

65. 1. $ 2. $ $ 3. $ Deployment (Cont.) Create

    a deployment kubectl create -f deployment/nginx-deploy.yaml Get the deployment kubectl get deploy -o wide kubectl get all -l app=nginx -o wide NAME READY STATUS RESTARTS AGE ... pod/nginx-deployment-d55b94fd-gnm89 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-jqkvx 1/1 Running 1 34h ... pod/nginx-deployment-d55b94fd-rtp4f 1/1 Running 1 34h ... NAME DESIRED CURRENT UP-TO-DATE AVAILABLE deployment.apps/nginx-deployment 3 3 3 3 NAME DESIRED CURRENT READY AGE ... replicaset.apps/nginx-deployment-d55b94fd 3 3 3 34h ... Delete the deployment kubectl delete deploy nginx-deployment 65 • Pods • Deployments • DaemonSets Hands-on

66. Deployment (Cont.) 66 • Pods • Deployments • DaemonSets apiVersion:

    apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 #creates three replicated Pods selector: #defines how Deploy finds which Pods to manage matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.15.4 ports: - containerPort: 80

67. DaemonSet • Manage groups of replicated Pods • Ensures that

    all (or some) Nodes run a copy of a Pod • Typical uses ◦ A cluster storage daemon ◦ A logs collection daemon ◦ A node monitoring daemon 67 • Pods • Deployments • DaemonSets

68. Hands-on DaemonSet (Cont.) 68 • Pods • Deployments • DaemonSets

    1. $ 2. $ 3. $ Create a daemonset kubectl create -f daemonset/fluentd-ds.yaml Get the daemonset kubectl get ds -n kube-system -l k8s-app=fluentd-logging Delete the daemonset kubectl delete ds fluentd -n kube-system

69. DaemonSet (Cont.) apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace:

    kube-system labels: k8s-app: fluentd-logging spec: selector: matchLabels: name: fluentd # Label selector that determines which Pods belong to the DaemonSet template: metadata: labels: name: fluentd # Pod template's label selector spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule containers: - name: fluentd image: gcr.io/google-containers/fluentd-elasticsearch:1.20 ... 69 • Pods • Deployments • DaemonSets

70. • Cluster ◦ Namespace • Workloads ◦ Pods ◦ Deployments

    ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services Play with resources (8/54) 70

71. • A directory which is accessible to the containers in

    a pod • Types ◦ emptyDir ◦ hostPath ◦ configMap ◦ secret ◦ nfs ◦ cephfs ◦ persistentVolumeClaim ◦ … etc. Volume 71 • Volume • ConfigMaps • Secrets

72. • Types ◦ emptyDir ▪ Is created when a Pod

    is first assigned to a Node ▪ The Pod is removed from the node, the data in the emptyDir is erased ◦ hostPath ▪ Mounts a file or directory from the host node’s file system into the pod ◦ configMap ▪ Inject configuration data into Pods ◦ secret ▪ Are backed by tmpfs (a RAM-backed filesystem) ▪ Never written to non-volatile storage Volume (Cont.) 72 • Volume • ConfigMaps • Secrets

73. • Types ◦ nfs (Network File System) ▪ Unlike emptyDir

    ▪ Allows an existing NFS share to be mounted into Pod ▪ The data in an NFS volume is not erased when the Pod is removed from the node ◦ cephfs ▪ Unlike emptyDir ▪ Allows an existing CephFS volume to be mounted into Pod ▪ Data remains intact after the Pod is removed from node Volume (Cont.) 73 • Volume • ConfigMaps • Secrets

74. • Persistent Volume (PV) ◦ A piece of network storage

    that has been provisioned by the administrator ◦ Is independent of any individual pod that uses the PV • Persistent Volume Claim (PVC) ◦ The storage requested by Kubernetes for its pods ◦ Users don’t need to know the underlying provisioning ◦ The claims must be created in the same namespace where the pod is created. Volume (Cont.) 74 • Volume • ConfigMaps • Secrets $ kubectl create -f pv-pvc/ $ kubectl get pv,pvc,po

75. ConfigMap • Configure a Pod • Decouple configuration artifacts from

    image content • Keep containerized applications portable • Useful for storing & sharing non-sensitive, unencrypted configuration information 75 • Volume • ConfigMaps • Secrets

76. ConfigMap (Cont.) Hands-on 1. Create configmap.yaml 2. Create configmap via

    kubectl 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume 76 • Volume • ConfigMaps • Secrets

77. 1. Create configmap.yaml ConfigMap (Cont.) 77 • Volume • ConfigMaps

    • Secrets kind: ConfigMap apiVersion: v1 metadata: name: example-config namespace: default data: # example of using --from-literal example.property.1: hello example.property.2: world # example of defined using --from-file example.property.file: |- property.1=value-1 property.2=value-2 property.3=value-3

78. ConfigMap (Cont.) 2. Create configMap via kubectl 78 • Volume

    • ConfigMaps • Secrets kubectl create -f configmap/example-config.yaml kubectl get cm example-config kubectl get cm example-config -o yaml

79. ConfigMap (Cont.) 79 • Volume • ConfigMaps • Secrets apiVersion:

    v1 kind: Pod metadata: name: test-cm-pod1 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: - name: EXAMPLE_KEY2 valueFrom: configMapKeyRef: name: example-config key: example.property.2 restartPolicy: Never $ kubectl create -f configmap/env-pod1.yaml $ kubectl logs test-cm-pod1 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume

80. ConfigMap (Cont.) 80 • Volume • ConfigMaps • Secrets $

    kubectl create -f configmap/env-pod2.yaml $ kubectl logs test-cm-pod2 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume apiVersion: v1 kind: Pod metadata: name: test-cm-pod2 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "echo EXAMPLE_KEY1 is $(EXAMPLE_KEY1)" ] env: - name: EXAMPLE_KEY1 valueFrom: configMapKeyRef: name: example-config key: example.property.1 restartPolicy: Never

81. ConfigMap (Cont.) 81 • Volume • ConfigMaps • Secrets apiVersion:

    v1 kind: Pod metadata: name: test-cm-pod3 spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh","-c","cat /etc/config/myconfig" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: # Provide the name of the ConfigMap containing the files you want # to add to the container name: example-config items: - key: example.property.file path: myconfig restartPolicy: Never $ kubectl create -f configmap/env-pod3.yaml $ kubectl logs test-cm-pod3 3. Using ConfigMap data 3.1. Define container ENV variables 3.2. in Pod commands 3.3. To a Volume

82. • Similar to ConfigMap • Using Base64 to encode strings

    • Are intended to hold sensitive information, such as: ◦ Passwords ◦ OAuth tokens ◦ ssh keys Secrets 82 • Volume • ConfigMaps • Secrets

83. Hands-on 1. Convert strings to base64 2. Write a Secret

    file 3. Create the Secret using kubectl Secrets (Cont.) 83 • Volume • ConfigMaps • Secrets

84. 1. Convert strings to base64 Secrets (Cont.) 84 • Volume

    • ConfigMaps • Secrets $ echo -n 'admin' | base64 YWRtaW4= $ echo -n '1f2d1e2e67df' | base64 MWYyZDFlMmU2N2Rm

85. Secrets (Cont.) 85 • Volume • ConfigMaps • Secrets 2.

    Write a Secret file apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm

86. Secrets (Cont.) 86 • Volume • ConfigMaps • Secrets 3.

    Create the Secret using kubectl $ kubectl create -f ./secret.yaml secret "mysecret" created

87. Play with resources (8/54) 87 • Cluster ◦ Namespace •

    Workloads ◦ Pods ◦ Deployments ◦ DaemonSets • Storage & Config ◦ Volume ◦ ConfigMaps ◦ Secrets • Discovery & Load Balancing ◦ Services

88. Services 88 • Service • Kube-proxy modes • Type of

    Services • To group a set of Pod endpoints into a single resource • An abstraction which defines a logical set of Pods & a policy • “layer 4” (TCP/UDP over IP) construct • kube-proxy is responsible for implementing a form of virtual IP for Services of type (ClusterIP, LoadBalancer, NodePort) Source: https://kubernetes.io/docs/tutorials/kubernetes-basics/expose/expose-intro/

89. • userspace • iptables • ipvs Source: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies kube-proxy mode

    89 • Service • Kube-proxy modes • Type of Services

90. kube-proxy mode (Cont.) 90 • Service • Kube-proxy modes •

    Type of Services • userspace • iptables • ipvs

91. kube-proxy mode (Cont.) 91 • Service • Kube-proxy modes •

    Type of Services • userspace • iptables • ipvs

92. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName • External IPs 92 • Service • Kube-proxy modes • Type of Services

93. Type of Services • ClusterIP (default) Internal clients send requests

    to a stable internal IP address. Note: The member Pod must have a container that is listening on TCP port 8080. Else, clients will see a message like "Failed to connect" or "This site can't be reached". • NodePort • LoadBalancer • ExternalName • External IPs 93 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-cip-service labels: app: my-nginx Spec: type: ClusterIP ports: - port: 80 protocol: TCP selector: app: my-nginx

94. • ClusterIP (default) Type of Services 94 • Service •

    Kube-proxy modes • Type of Services kubectl create deployment --image nginx my-nginx kubectl create -f service/service-cip.yaml kubectl get all -o wide curl service_ip kubectl delete service/my-cip-service kubectl delete deployment my-nginx $ $ $ $ $ $

95. Type of Services • ClusterIP (default) • NodePort Clients send

    requests to the IP address of a node on one or more nodePort values that are specified by the Service. (default: 30000-32767) • LoadBalancer • ExternalName • External IPs 95 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: NodePort ports: - name: http nodePort: 32660 port: 80 targetPort: 80 protocol: TCP selector: app: my-nginx

96. • NodePort Type of Services 96 • Service • Kube-proxy

    modes • Type of Services $ $ $ $ $ $ $ kubectl create deployment --image nginx my-nginx kubectl create -f service/service-np.yaml kubectl get all -o wide curl service_ip curl 172.17.8.100:32660 kubectl delete service/my-np-service kubectl delete deployment my-nginx

97. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    Clients send requests to the IP address of a External network load balancer. • ExternalName • External IPs 97 • Service • Kube-proxy modes • Type of Services apiVersion: v1 kind: Service metadata: name: my-np-service labels: app: my-nginx spec: type: LoadBalancer ports: - name: http port: 80 targetPort: 80 protocol: TCP loadBalancerIP: external_IP selector: app: my-nginx

98. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName Internal clients use the DNS name of a Service as an alias for an external DNS name. • External IPs 98 • Service • Kube-proxy modes • Type of Services kind: Service apiVersion: v1 metadata: name: my-service namespace: prod spec: type: ExternalName externalName: my.database.example.com

99. Type of Services • ClusterIP (default) • NodePort • LoadBalancer

    • ExternalName • External IPs If there are external IPs that route to one or more cluster nodes, Kubernetes services can be exposed on those externalIPs 99 • Service • Kube-proxy modes • Type of Services kind: Service apiVersion: v1 metadata: name: my-service spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80 targetPort: 9376 externalIPs: - 80.11.12.10

100. Chapter 3 - Dive Into K8s 100

101. What Happens When We Type kubectl run Chapter 3 -

     Dive Into K8s 101

102. What Happens When We Type kubectl run • Please refer

     to ◦ https://github.com/jamiehannaford/what-happens- when-k8s ◦ https://github.com/kubernetes/website/blob/maste r/static/images/docs/architecture.png 102

103. Simplify process when we create a deployment 1. User send

     a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 6. Scheduler let each Pod was scheduled to a suitable node 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container What Happens When We Type kubectl run (Cont.) 103

104. What Happens When We Type kubectl run (Cont.) 104 API

     Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 1. User send a request to K8s apiserver 2. kube-apiserver authenticate requests to verify identity 3. kube-apiserver authorize the request by authorizers (Node, RBAC...) 1 2 3

105. What Happens When We Type kubectl run (Cont.) 105 API

     Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 4. kube-apiserver deserializes the HTTP request & persists objects to the datastore (etcd) 4 4

106. What Happens When We Type kubectl run (Cont.) 106 API

     Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 5. Into control loops (Run controllers) & a Deployment, ReplicaSet, and Pod resources were persisted to etcd 5

107. What Happens When We Type kubectl run (Cont.) 107 Deployment

     ReplicaSet Pod Pod Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/

108. What Happens When We Type kubectl run (Cont.) 108 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx

109. What Happens When We Type kubectl run (Cont.) 109 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Deployment Controller

110. What Happens When We Type kubectl run (Cont.) 110 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx Create

111. What Happens When We Type kubectl run (Cont.) 111 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-1234 spec: replicas: 2 template: ... spec: containers: - name: nginx image: nginx

112. What Happens When We Type kubectl run (Cont.) 112 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet C reate Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx

113. What Happens When We Type kubectl run (Cont.) 113 API

     Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 6. Scheduler let each Pod was scheduled to a suitable node 6

114. What Happens When We Type kubectl run (Cont.) 114 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler

115. What Happens When We Type kubectl run (Cont.) 115 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Scheduler Assign to Node

116. What Happens When We Type kubectl run (Cont.) 116 Node

     API Authentication Authorization REST Scheduling actuator Scheduler Controller managers etcd kubectl 7. Kubelet queries Pods from kube-apiserver every 20 seconds (this is configurable) & get the new Pod which need to be created 8. Container runtime then runs the container Node Kubelet Container Runtime Pod Pod Pod 7 8

117. What Happens When We Type kubectl run (Cont.) 117 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ...

118. What Happens When We Type kubectl run (Cont.) 118 Deployment

     Ref: https://saturnism.me/talk/beyond-kubernetes-with-knative/ Deployment Controller ReplicaSet Create Replication Controller Pod Pod Create apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-q7jd spec: ... containers: - name: nginx image: nginx Status: ... Scheduler Assign to Node kubelet Start the Container! apiVersion: apps/v1 kind: Pod metadata: name: nginx-1234-k5jv spec: ... containers: - name: nginx image: nginx Status: ... Update status

119. Additional 119

120. Additional 120 Helm CNCF Cloud Native Interactive Landscape

121. Helm CNCF Cloud Native Interactive Landscape Additional 121

122. • The package manager for Kubernetes • Three concepts ◦

     Chart ▪ A bundle of information necessary to create an instance of a K8s application. ◦ Config ▪ Contains configuration information ▪ Can be merged into a packaged chart to create a releasable object ◦ Release ▪ Is a running instance of a chart ▪ combined with a specific config • Ref: https://docs.helm.sh/architecture/ 122 Helm

123. • Two components ◦ Helm Client ▪ A command-line tool

     ▪ Is responsible for • Local chart development • Interacting with the Tiller server ◦ Tiller Server ▪ An in-cluster server ▪ Interacts w/ Helm client, & interfaces w/ K8s API server ▪ Is responsible for • Listening for incoming requests from Helm client • Combining a chart & config to build a release • Installing charts into K8s, and then tracking the subsequent release • Upgrading & uninstalling charts by interacting w/ K8s123 Helm (Cont.)

124. $ helm delete RELEASE_NAME • Example 1. Initialize the local

     CLI 2. See which charts are available 3. Install a chart 4. Show a list of all deployed releases 5. Uninstall a release 124 Helm (Cont.) $ helm init $ helm search mysql $ helm install stable/mysql $ helm ls

125. Helm CNCF Cloud Native Interactive Landscape Additional 125

126. 126 CNCF Cloud Native Interactive Landscape https://landscape.cncf.io/format=landscape

127. Thank you 127