If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
6. T I F F A N Y F A Y J
Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
WHAT IS KUBERNETES?
7. T I F F A N Y F A Y J
A SINGLE EXTENSIBLE API
SCALE PERFORMANCE BREADTH
13. T I F F A N Y F A Y J
OBJECTS
Pods
• Basic execution unit of a Kubernetes application
• Will not reschedule on failure
Deployment
• Allows scaling, rolling updates, rollbacks
• Delegates pod management to ReplicaSets
ReplicaSet
• Maintains a stable set of replica Pods running at any
given time
14. T I F F A N Y F A Y J
OBJECTS
StatefulSet
• Used to manage stateful applications
• Manages deployment
DaemonSet
• Creates an instance of a pod on each worker node
Job
• Runs pod(s) until completion
CronJob
• Creates Jobs on a repeating schedule
16. T I F F A N Y F A Y J
NODES
API server
controller
manager
scheduler
etcd
cloud controller
manager
kubelet
kube-proxy
container
runtime
control plane worker
17. T I F F A N Y F A Y J
CONTROL PLANE
API server
controller
manager
scheduler
etcd
cloud controller
manager
18. T I F F A N Y F A Y J
WORKER NODES
kubelet
kube-proxy
container runtime
20. T I F F A N Y F A Y J
SERVICES
• Services give us a stable endpoint to connect to a pod or a
group of pods
• Maps a fixed IP address to a logical group of pods
• Different types:
• ClusterIP, NodePort, LoadBalancer, ExternalName
• There are more kinds and flavors of services, but we won’t
get into those today
22. T I F F A N Y F A Y J
KUBERNETES NETWORK MODEL
• TL;DR: our cluster (nodes and pods) is one big flat IP network
• In detail:
⁃ all nodes must be able to reach each other, without NAT
⁃ all pods must be able to reach each other, without NAT
⁃ pods and nodes must be able to reach each other,
without NAT
⁃ each pod is aware of its IP address (no NAT)
• Kubernetes doesn't mandate any other particular
implementation
23. T I F F A N Y F A Y J
CONTAINER NETWORK INTERFACE (CNI)
• Has a well-defined specification for network plugins
https://github.com/containernetworking/cni/blob/master/SP
EC.md#network-configuration
• When a pod is created, Kubernetes delegates the network
setup to CNI plugins (it can be a single plugin, or a
combination of plugins, each doing one task)
25. T I F F A N Y F A Y J
SECURITY
• Namespaces
• Service accounts
• Role-based access control (RBAC)
• Secrets
• And there’s a lot more
• https://kubernetes.io/docs/reference/access-authn-authz/
26. T I F F A N Y F A Y J
COMMUNICATION WITH K8S API
• kubectl
• CLI tool used to interface with the Kubernetes API
• ~/.kube/config
• Kubeconfig file is used for securely accessing your
cluster
28. T I F F A N Y F A Y J
SOME OTHER THINGS TO LOOK INTO
• ConfigMaps
• Volumes
• Autoscaling
29. T I F F A N Y F A Y J
A FEW TOOLS TO MANAGE STACKS
• Shell scripts invoking kubectl
• YAML resource manifests committed to a repo
• Carvel carvel.dev
• Kustomize (YAML manifests + patches applied on top)
https://github.com/kubernetes-sigs/kustomize
• Helm (YAML manifests + templating engine)
https://github.com/kubernetes/helm
30. T I F F A N Y F A Y J
LINKS AND RESOURCES
• https://kubernetes.io/
• https://tanzu.vmware.com/
• https://container.training/ - @jpetazzo’s awesome workshops
• https://kubernetes.io/community/ - Slack, Google Groups,
meetups
• Free Training:
• https://kube.academy/
• https://kubernetes.io/docs/tutorials/
• https://labs.play-with-k8s.com/