Getting Started with Kubernetes - 30min

Transcript

1. Getting Started with Kubernetes Tiffany Jernigan Senior Developer Advocate VMware

   tiffanyfayj

2. T I F F A N Y F A Y

   J People started containerizing applications

3. T I F F A N Y F A Y

   J Containers made it easy to build and scale cloud-native applications

4. T I F F A N Y F A Y

   J People needed an easier way to manage large clusters with many containers

5. T I F F A N Y F A Y

   J T I F F A N Y F A Y J

6. T I F F A N Y F A Y

   J

7. T I F F A N Y F A Y

   J ON-PREMISES CLOUD KUBERNETES CAN BE RUN ANYWHERE

8. CONCEPTS T I F F A N Y F A

   Y J

9. T I F F A N Y F A Y

   J CLUSTER ARCHITECTURE kubernetes.io/docs/concepts/architecture

10. T I F F A N Y F A Y

    J NODES • When you deploy Kubernetes, you get a cluster. These clusters consist of nodes. • Virtual or physical machines • Node Types • Control Plane • Worker kubernetes.io/docs/concepts/overview/components

11. T I F F A N Y F A Y

    J NODES API server controller manager scheduler etcd cloud controller manager kubelet kube-proxy container runtime control plane worker

12. T I F F A N Y F A Y

    J CONTROL PLANE API server controller manager scheduler etcd cloud controller manager

13. T I F F A N Y F A Y

    J WORKER NODES kubelet kube-proxy container runtime

14. T I F F A N Y F A Y

    J WORKLOADS

15. T I F F A N Y F A Y

    J WORKLOADS Pods • Basic execution unit of a Kubernetes application • Will not reschedule on failure Deployment • Allows scaling, rolling updates, rollbacks • Delegates pod management to ReplicaSets ReplicaSet • Maintains a stable set of replica Pods running at any given time

16. T I F F A N Y F A Y

    J WORKLOADS StatefulSet • Used to manage stateful applications • Manages deployment DaemonSet • Creates an instance of a pod on each worker node Job • Runs pod(s) until completion CronJob • Creates Jobs on a repeating schedule

17. T I F F A N Y F A Y

    J SERVICES kubernetes.io/docs/concepts/services-networking

18. T I F F A N Y F A Y

    J SERVICES • Services give us a stable endpoint to connect to a pod or a group of pods • Maps a fixed IP address to a logical group of pods • Different types: • ClusterIP, NodePort, LoadBalancer, ExternalName • There are more kinds and flavors of services, but we won’t get into those today

19. T I F F A N Y F A Y

    J BASIC SERVICE TYPES • ClusterIP (default) • A virtual IP address is allocated for the service (internal private range) • This IP is only reachable from inside the cluster • NodePort • Port allocated for the service (in 30000-32767 range) • Port is available on all node • LoadBalancer • External LB allocated (typically a cloud LB) • Typically costs a little money

20. T I F F A N Y F A Y

    J NETWORKING kubernetes.io/docs/concepts/services-networking

21. T I F F A N Y F A Y

    J KUBERNETES NETWORK MODEL • TL;DR: our cluster (nodes and pods) is one big flat IP network • In detail: ⁃ all nodes must be able to reach each other, without NAT ⁃ all pods must be able to reach each other, without NAT ⁃ pods and nodes must be able to reach each other, without NAT ⁃ each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any other particular implementation

22. T I F F A N Y F A Y

    J CONTAINER NETWORK INTERFACE (CNI) • When a pod is created, Kubernetes delegates the network setup to CNI plugins (it can be a single plugin, or a combination of plugins, each doing one task) • Has a well-defined specification for network plugins https://github.com/containernetworking/cni/blob/master/SP EC.md#network-configuration

23. T I F F A N Y F A Y

    J INGRESS

24. T I F F A N Y F A Y

    J CONFIGURATION kubernetes.io/docs/concepts/configuration

25. T I F F A N Y F A Y

    J CONFIGURATION • ConfigMaps • Stores data as key-value pairs • Allows you to decouple environment-specific configuration from your container images • Secrets • Store and manage sensitive information

26. T I F F A N Y F A Y

    J SECURITY kubernetes.io/docs/concepts/security/

27. T I F F A N Y F A Y

    J SECURITY • Namespaces • Service accounts • Role-based access control (RBAC) • Secrets • And there’s a lot more • https://kubernetes.io/docs/reference/access-authn-authz/

28. T I F F A N Y F A Y

    J COMMUNICATION WITH K8S API • kubectl • CLI tool used to interface with the Kubernetes API • ~/.kube/config • kubeconfig file is used for securely accessing your cluster

29. T I F F A N Y F A Y

    J SOME OTHER THINGS TO LOOK INTO • Volumes • Autoscaling • Role-based access control (RBAC) • Load Balancing • Custom Resource Definitions (CRD) • Ingress controllers

30. T I F F A N Y F A Y

    J A FEW TOOLS TO MANAGE STACKS • Shell scripts invoking kubectl • YAML resource manifests committed to a repo • Kustomize (YAML manifests + patches applied on top) https://github.com/kubernetes-sigs/kustomize • Helm (YAML manifests + templating engine) https://github.com/kubernetes/helm • Carvel https://carvel.dev/

31. T I F F A N Y F A Y

    J LINKS AND RESOURCES • https://kubernetes.io/ • https://tanzu.vmware.com/developer • https://tanzu.tv • https://kubernetes.io/community/ - Slack, Google Groups, meetups • Free Training: • https://kube.academy/ • https://kubernetes.io/docs/tutorials/ • https://labs.play-with-k8s.com/

32. tiffanyfayj Special thanks to: Jérôme Petazzoni @jpetazzo THANK YOU!