2. Agenda
● What is Kubernetes?
● Architecture
● Main concepts with hands on examples
3. Pre-check: who doesn’t know what a container is?
● “Containers are an abstraction at the app layer that packages code and
dependencies together.”
● They don’t really exist…
○ CGroups
○ Namespaces
● Docker: nice UX on top of running isolated self contained applications
● Immutable artifacts
4. Kubernetes
● Open Source container orchestration system
● Inspired by Borg, Omega, Mesos
● Started at Google, donated to CNCF
18. Pod
● The “scheduling unit” of Kubernetes
● Doesn’t get restarted when terminates (can be one shot)
● Pods are collection of one or more containers
19. Pod in one picture
Instance (node 1)
Pod 1 Pod 2
Container 1
Container 2
Container 3
Container 4
Instance (node 2)
Pod 3 Pod 4
Container 5
Container 6
Container 7
Container 8
20. Pod
● Containers in the same pod are guaranteed to be on the same host
● Containers in the same pod can talk via localhost
● Every pod gets a dedicated virtual IP address in the “pod network”
● Analogy: your application instance in AWS
22. Kubernetes patterns: reconciler
● Controllers in Kubernetes are built by implementing the reconciler pattern
○ GetCurrentState()
○ GetDesiredState()
○ Apply()
● Controller manager: enforces deployment replicas
23. Deployment
● Defines a single application in Kubernetes handled by the system
● Analogy: Autoscaling Group in AWS
○ You set the desired state, Kubernetes enforces it
24. Deployment
apiVersion: apps/v1beta1
kind: Deployment
metadata:
# Unique key of the Deploymentinstance
name: deployment-example
spec:
# 3 Pods should exist at all times.
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
# Run this image
image: nginx:1.10
26. Kubernetes’ overlay networking
● Every pod gets its own IP from a dedicated overlay network
○ Solves the problem of port mapping
○ No NAT needed
● Implemented via software solution (flannel, calico, weave, …)
● Iptables everywhere!
27. Service
● Defines how to to reach your app
● Internal Service: cluster valid IP + DNS
● Can use service as Service Discovery (DNS based)
● Label based selection of targets
30. ConfigMap & Secrets
● Object containing a K/V storage for configuration purposes
● Can be “mounted”:
○ File
○ Environment variable
● Keep your configuration for the app generic and customize via ConfigMap
● Secret: like a ConfigMap with hidden fields :-)
31. DaemonSet
● Run one instance of the pod for each node of the cluster
● Useful mostly for cluster ops
● Ideal for “system agents”