Getting Started with Kubernetes 2020-6-11

Transcript

1. Getting Started with Kubernetes Tiffany Jernigan Senior Developer Advocate VMware

   tiffanyfayj

2. T I F F A N Y F A Y

   J DOCKER People started containerizing applications

3. T I F F A N Y F A Y

   J Containers made it easy to build and scale cloud-native applications

4. T I F F A N Y F A Y

   J People needed an easier way to manage large clusters with many containers

5. T I F F A N Y F A Y

   J T I F F A N Y F A Y J

6. T I F F A N Y F A Y

   J Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications WHAT IS KUBERNETES?

7. T I F F A N Y F A Y

   J A SINGLE EXTENSIBLE API SCALE PERFORMANCE BREADTH

8. T I F F A N Y F A Y

   J

9. T I F F A N Y F A Y

   J ON-PREMISES CLOUD KUBERNETES CAN BE RUN ANYWHERE

10. CONCEPTS T I F F A N Y F A

    Y J

11. T I F F A N Y F A Y

    J CLUSTER COMPONENTS

12. T I F F A N Y F A Y

    J NODES • When you deploy Kubernetes, you get a cluster. These clusters consist of nodes. • Virtual or physical machines • Node Types • Control Plane/Master • Worker

13. T I F F A N Y F A Y

    J NODES API server controller manager scheduler etcd cloud controller manager kubelet kube-proxy container runtime control plane worker

14. T I F F A N Y F A Y

    J CONTROL PLANE API server controller manager scheduler etcd cloud controller manager

15. T I F F A N Y F A Y

    J WORKER NODES kubelet kube-proxy container runtime

16. T I F F A N Y F A Y

    J OBJECTS

17. T I F F A N Y F A Y

    J OBJECTS Pods • Basic execution unit of a Kubernetes application • Will not reschedule on failure Deployment • Allows scaling, rolling updates, rollbacks • Delegates pod management to ReplicaSets ReplicaSet • Maintains a stable set of replica Pods running at any given time

18. T I F F A N Y F A Y

    J OBJECTS StatefulSet • Used to manage stateful applications • Manages deployment DaemonSet • Creates an instance of a pod on each worker node Job • Runs pod(s) until completion CronJob • Creates Jobs on a repeating schedule

19. T I F F A N Y F A Y

    J SERVICES

20. T I F F A N Y F A Y

    J SERVICES • Services give us a stable endpoint to connect to a pod or a group of pods • Maps a fixed IP address to a logical group of pods • Different types: • ClusterIP, NodePort, LoadBalancer, ExternalName • There are more kinds and flavors of services, but we won’t get into those today

21. T I F F A N Y F A Y

    J BASIC SERVICE TYPES • ClusterIP (default) • A virtual IP address is allocated for the service (internal private range) • This IP is only reachable from inside the cluster • NodePort • Port allocated for the service (in 30000-32767 range) • Port is available on all node • LoadBalancer • External LB allocated (typically a cloud LB) • Typically costs a little money

22. T I F F A N Y F A Y

    J NETWORKING

23. T I F F A N Y F A Y

    J KUBERNETES NETWORK MODEL • TL;DR: our cluster (nodes and pods) is one big flat IP network • In detail: ⁃ all nodes must be able to reach each other, without NAT ⁃ all pods must be able to reach each other, without NAT ⁃ pods and nodes must be able to reach each other, without NAT ⁃ each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any other particular implementation

24. T I F F A N Y F A Y

    J CONTAINER NETWORK INTERFACE (CNI) • Has a well-defined specification for network plugins https://github.com/containernetworking/cni/blob/master/SP EC.md#network-configuration • When a pod is created, Kubernetes delegates the network setup to CNI plugins (it can be a single plugin, or a combination of plugins, each doing one task)

25. T I F F A N Y F A Y

    J SECURITY

26. T I F F A N Y F A Y

    J SECURITY • Namespaces • Service accounts • Role-based access control (RBAC) • Secrets • And there’s a lot more • https://kubernetes.io/docs/reference/access-authn-authz/

27. T I F F A N Y F A Y

    J COMMUNICATION WITH K8S API • kubectl • CLI tool used to interface with the Kubernetes API • ~/.kube/config • Kubeconfig file is used for securely accessing your cluster

28. DEMO T I F F A N Y F A

    Y J

29. T I F F A N Y F A Y

    J SOME OTHER THINGS TO LOOK INTO • ConfigMaps • Volumes • Autoscaling • Role-based access control (RBAC) • Secrets

30. T I F F A N Y F A Y

    J A FEW TOOLS TO MANAGE STACKS • Shell scripts invoking kubectl • YAML resource manifests committed to a repo • Kustomize (YAML manifests + patches applied on top) https://github.com/kubernetes-sigs/kustomize • Helm (YAML manifests + templating engine) https://github.com/kubernetes/helm • K14s https://k14s.io/

31. T I F F A N Y F A Y

    J LINKS AND RESOURCES • https://kubernetes.io/ • https://tanzu.vmware.com/ • https://container.training/ - @jpetazzo’s awesome workshops • https://kubernetes.io/community/ - Slack, Google Groups, meetups • Free Training: • https://kube.academy/ • https://kubernetes.io/docs/tutorials/ • https://labs.play-with-k8s.com/

32. tiffanyfayj Special thanks to: Jérôme Petazzoni @jpetazzo THANK YOU!