INTRODUCTION TO KUBERNETES Topics Overview Docker containers Container
INTRODUCTION TO KUBERNETES
Topics ► Overview ● Docker containers ● Container orchestration ● Kubernetes project ► Architecture ● PODs ● Cluster architecture ► Concepts and Features ● Concepts (Services, Labels/Selectors) ● Container Network Interface (CNI) ► Links Northforge Innovations 2
Overview: Docker Containers Container Application KERNEL RAM Network CPU Hard drive segment • • bin dev etc home proc root. . . Northforge Innovations Benefits of using containers ► Rapid deployment ► Sharing ► Portability ► Version control and component reuse ► Lightweight footprint ► Simpler maintenance 3
Overview: Container Orchestration ► The Orchestrator Container Node orchestrator intelligently installs, starts, and stops containers on multiple nodes. ► This is where Kubernetes comes into the picture Node Container Node Northforge Innovations 4
Overview: Kubernetes ► http: //kubernetes. io ► Latest stable release 1. 14 ► Originally designed by Google ► Maintained by the Cloud Native Computing Foundation (https: //www. cncf. io/) ► Open. Source Written in Go (https: //github. com/kubernetes/ku bernetes) Northforge Innovations 5
Overview: Why is Kubernetes needed? Isolation: Keep jobs from interfering with each other ► Scheduling: Where should my job be run? ► Lifecycle: Keep my job running ► Health: How is my job feeling? ► Monitoring: What’s happening with my job? ► Discovery: Where is my job now? ► Constituency: Who is part of my job? ► Scale-up: Making my jobs bigger or smaller ► Auth{n, z}: Who can do things to my Northforge Innovations 6 ►
Architecture: PODs POD Container 1 Container 2 POSIX IPC Container 3 Volume Network (localhost) Northforge Innovations POD ► Grouping of containers with common purpose ► All containers in a POD need to be tightly dependent on each other ► Smallest unit that Kubernetes can deploy ► Set of metadata (name, labels) for the POD ► Shared Volume (persistent for container only, not for POD) ► Inter-Process communication (POSIX queues, shared memories) ► Inter-container network 7
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations Master Components Cluster’s control plane ► These components make global decisions about the cluster, detecting and responding to cluster events. Components Worker ► Run on every node ► Maintaining running pods and providing the runtime environment ► 8
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations etcd ► etcd is a distributed and consistent keyvalue store ► The only storage backend currently supported by Kubernetes ► Primary store for all Kubernetes API objects and their configuration ► The etcd database also stores the actual state of the system and the desired state of the system. ► Etcd has a watch functionality to monitor any changes. It monitors if actual and desired states diverge, Kubernetes will make the appropriate changes to the system. ► For a demo of etcd: http: //play. etcd. io/ 9
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations API Server ► It is the entry point to the system. It processes REST operations, validates them, and updates the corresponding objects in etcd ► kubectl CLI communicate with the API Server. ► Responsible for authentication and authorization mechanism. All API clients should be authenticated in order to interact with the API Server. 10
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations Controller Manager ► Watches the state of the cluster through the API Server watch feature ► when it gets notified, it makes the necessary changes attempting to move the current state towards the desired state. ► Example: Replication Controller, Endpoints Controller, and Namespace Controller. 11
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations Scheduler ► The Kubernetes scheduler is in charge of scheduling pods onto nodes • Every pod that needs scheduling gets added to a queue • When new pods are created, they also get added to the queue • The scheduler continuously takes pods off that queue and binds them to nodes. ► It schedules according to the availability of the requested resources, quality of service requirements, affinity and other constraints. ► Once the pod has a node assigned, the regular behavior of the Kubelet is triggered and the pod and its containers are created 12
Architecture: Create POD flow Northforge Innovations 13
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Scheduler etcd HTTPS Kube Proxy ► Window to the outside world ► Inspect the requests and route to the appropriate service HTTPS Kubelet POD Kube Proxy POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations 14
Architecture: Kubernetes Cluster Kubernetes Master Controller Manager API Server Kubelet ► Scheduler etcd HTTPS ► Kubelet POD Kube Proxy POD • Http (code 2 xx or 3 xx) • tcp. Socket (tries tcp connection to port) • Exec POD Container Engine Worker 1 Worker 2 Worker 3 Northforge Innovations The kubelet uses liveness probes to know when to restart a Container. The kubelet uses readiness probes to know when a Container is ready to start accepting traffic. Check types include: ► Probe is configurable: • • • timeout. Seconds (timeout of check in seconds) failure. Threshold (min consec failure till give up) initial. Delay. Seconds (start check x seconds) period. Seconds (check every x seconds) success. Threshold 15
Architecture: Multi-Master Cluster Master 1 Master 2 Master 3 etcd API Server Scheduler Controller Manager Cluster Auto-scaler Etcd Cluster Load Balancer Kubelet POD Kube Proxy POD ► POD Container Engine Worker 1 ► ► All etcd instances will be clustered Each API server will talk to the local etcd Only one instance of the controllers, schedulers and auto-scaler will be active in the cluster. A load balancer containing the replicas is created and the IP address of the first replica will be promoted to IP address of load balancer. Kubelets connect to the load balancer Worker 2 Worker 3 Northforge Innovations 16
Concepts/Features: Services User Node. Port Kube Proxy Service Node. Port (Selector: example 1) Target. Port Y Target. Port X Container POD (Label: example 2) POD (Label: example 1) Node Northforge Innovations Service ► The types of Services that can be created are: Cluster. IP, Node. Port, Load. Balancer, Ingress (The example on the left is for Node. Port) ► Node. Port: Expose a container to the outside world ► Nodeport: high value 30000 -32767 Labels/Selectors ► A service is identified by a selector ► The service routes to PODs with labels matching the selector 17
Concepts/Features: Networking Plugins ► Calico (https: //www. projectcalico. org/) ► Flanel (https: //coreos. com/flannel/) ► Weave (https: //www. weave. works/) ► Cilium (https: //cilium. io/) Northforge Innovations 18
Links https: //kubernetes. io/docs/home/ ► https: //www. udemy. com/docker-and-kubernetes -the-complete-guide/ ► https: //github. com/kelseyhightower/kubernetesthe-hard-way ► https: //github. com/fabiosvaz/playground/tree/m aster/k 8 s ► https: //github. com/fabiosvaz/playground/tree/m aster/vagrant ► Northforge Innovations 19
- Slides: 19
