SlideShare a Scribd company logo

Containers and Kubernetes -Notes Leo

Download as PPTX, PDF
L
Léopold Gault

The document provides an overview of containers and Kubernetes. It discusses the need for containers due to microservices and infrastructure as code. It then covers technical details of containers like Dockerfiles, images, and registries. It also discusses Kubernetes and its components like kube-apiserver, etcd, and kubelet. Finally, it covers Kubernetes concepts like pods, services, deployments, and how they are configured.

Technology
1 of 56
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
Containers and Kubernetes Leo’s Notes Leopold Gault
Containers and Kubernetes -Notes Leo
Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
The need for containers 1. The need for micro-services 2. The need for infrastructure as code
Monolithic vs SOA vs Microservice
Monolithic applications VS Microservices Monolithic application Microservices (APIs)
Monolithic applications VS Microservices Monolithic cake Microservices cake
The need for containers 1. The need for micro-services 2. The need for infrastructure as code Subject covered orally
Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
Containers: what they are A container is an image of a set of applications and configuration- data. Such image is: • Immutable • Portable • Can be saved in a “photo album”: an images-repository.
Virtual Machines vs. Containers Virtual Machines ● Each virtual machine (VM) includes the app, the necessary binaries and libraries and an entire guest operating system Containers ● Containers include the app & all of its dependencies, but share the OS kernel with other containers. ● Run as an isolated process in the userspace of the host OS VMs Containers
Let’s have a look at Wikipedia’s listing Different levels of virtualization source Version of 14th Sept 2017
Different types of containers • Linux Containers (LXC) • OpenVZ • Warden Containers (used by Pivotal CloudFoundry) • RKT (developed by CoreOS) • Docker • Implementations of the Open Containers Initiative (OCI) • … OS-level virtualization solutions
Dockerfile Container image docker build Repo Docker registry docker run Container runtime: Linux kernel + Docker engine Highlight about Docker
Building container images My mongoDB : FROM ubuntu_base_image RUN apt-get update RUN apt-get install mongoDB EXPOSE 8080 ENTRY POINT /uns/binn/mongoDb DockerFile Ubuntu_base_image (from private or public registry) Docker deamon > docker build Container image Repo My Docker registry Leo’s container image
Container image Repo Docker registry docker run -p 4000 :8080 friendlyhello Container runtime: Linux kernel + Docker engine :8080 :4000
About building images on top of other images Files that are removed by subsequent layers in the system are actually still present in the images; they’re just inaccessible. E.g. In terms of building images, this also means that if server.js is changed, layer B and layer C will have to be rebuilt (so you have to order your layers from the least likely to change to most likely) Image Image Image Although “BigFile” is no longer accessible in the image ‘Layer C’, it is still present in Layer A, which Layer C is built on. With the right tools, BigFile can still be accessed by anyone having access to the image Layer C. In terms of network traffic, this also means that whenever you push or pull Layer C, BigFile is still transmitted through the network.
Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
The need for Kubernetes 1. The need for declarative infrastructure as code 2. The need for cluster management of container-engines Subject covered orally
The need for Kubernetes 1. The need for declarative infrastructure as code 2. The need for cluster management of container-engines
Containers management platforms Manage distributed containers, and their lifecycle Containers Management Platform
Containers management platforms Manage distributed containers, and their lifecycle Docker Swarm
Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
Components of a K8s cluster
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager It is the front-end for the Kubernetes control plane controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager Distributed key-value store. Provides a dynamic configuration registry. controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager Watches newly created pods that have no node assigned yet, and selects a node for them to run on. controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager controls kube-proxy Container runtime (Docker, rkt, runc, etc.) Component on the master that runs controllers. These controllers include: • Node Controller: detects when nodes go down, and responds. • Replication Controller: maintains the correct number of pods for every replication controller object (replicaset?) in the system. • Endpoints Controller: deploys the “Endpoints object” (i.e. services and pods) into the cluster. • Service Account & Token Controllers: Creates default accounts and API access tokens for new namespaces.
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager controls kube-proxy Container runtime (Docker, rkt, runc, etc.) Runs controllers that interact with the underlying cloud providers. Those controllers are specific to the cloud-provider. Those controllers are: • Node Controller: when a node stops responding, it checks with the cloud provider to determine if this node has been deleted • Route Controller: sets up routes in the underlying cloud infrastructure • Service Controller: creates, updates and deletes cloud provider load balancers • Volume Controller: creates, attaches, and mounts volumes, and interacts with the cloud provider to orchestrate volumes
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to controls Master node Worker node cloud-controller-manager Makes sure that containers are running in a pod. The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. kube-proxy Container runtime (Docker, rkt, runc, etc.)
Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to controls Master node Worker node cloud-controller-manager kube-proxy Enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding. Container runtime (Docker, rkt, runc, etc.)
Pods, services, deployments
Pods IP2 Shared storage Node 1 IP1 Shared storage (volume) Leo: You normally put in a pod just one container, or a handful of containers that are tightly coupled (e.g. a Tomcat container + a Git syncrhonizer; with both apps interacting thru a local filesystem). You achieve horizontal scaling by replicating pods; not by replicating containers within a pod. Created from an image
Example of anti-pattern Pod Node 1 IP1
Pod spec Example of pod spec
Communication between containers within a same pod Node 1 IP1 Shared storage (volume) From: localhost:8080 To: localhost:3306 Kubernetes has an “IP-per-pod model”: containers within a same pod share the same IP address, and communicate with each other using distinct ports, on localhost. I know this is anti-pattern. It is just an example.
Pods and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3IP1 IP2
The need for services Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3IP1 IP2 Weblogic cluster Managed server1 Managed server2 App which is a client of the Weblogic cluster
Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Acts like a LB between Pods
Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods.
Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Acts like a LB between Pods
Services and network Private overlay network within the Kubernetes cluster Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Port of your choosing E.g. with the service-type “NodePort”: each hosting node will act as a NAT server specifically for this IP; i.e. it will associate one of its port to the IP4 Acts like a LB between Pods Port of your choosing
Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster
Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Acts like a LB between Pods
Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster • NodePort: each node in the cluster maps an external port to the service’s private IP
Services and network Private overlay network within the Kubernetes cluster Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Port of your choosing E.g. with the service-type “NodePort”: each hosting node will act as a NAT server specifically for this IP; i.e. it will associate one of its port to the IP4 Acts like a LB between Pods Port of your choosing
Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster • NodePort: each node in the cluster maps an external port to the service’s private IP • LoadBalancer: a LB from the cloud provider will forward the traffic from the service the nodes within it. (like NodePort, but on top of this, an external LB is configured to balance the traffic between the nodes:servicePort?)
Services and network Private overlay network within the Kubernetes cluster Real (private) network IP3 ServiceA IP4 IP1 IP2 Port of your choosing Acts like a LB between Pods Port of your choosing load balancer (cloud service)
Services identify their pods (and deployments) thanks to labels
Deployment features Additional: enforce replicasets, by • deploying the pods, • monitoring them, • Stop/restart them, • redeploying them on another node if needed. • Perform rolling updates • Undo an update if requested Deployments Deployments are a declarative way to ensure that the number of Pods running is equal to what the user declared to want. Deployments keep our Pods up and running, even when the nodes they run on fail. If Pods are declaratively updated (e.g. container image changed) or scaled, the Deployment will handle that.
Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec
Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec
Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec Services identify their pods, and thus their deployments, thanks to labels
Deployments Pod deployment1 (replicas==1) Pod(s) host
E.g. of deployment spec apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 # tells deployment to run 2 pods matching the template template: # create pods using pod definition in this template metadata: # unlike pod-nginx.yaml, the name is not included in the meta data as a unique name is # generated from the deployment name labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 deployment.yaml

More Related Content

What's hot (20)

PDF
Intro to Kubernetes
Joonathan Mägi
 
PDF
Kubernetes
erialc_w
 
PDF
Continuous Delivery the hard way with Kubernetes
Luke Marsden
 
PPTX
Kubernetes Introduction & Whats new in Kubernetes 1.6
Opcito Technologies
 
PPTX
Introduction to kubernetes
Rishabh Indoria
 
PPTX
Kubernetes presentation
GauranG Bajpai
 
PDF
Kubernetes in Docker
docker-athens
 
PDF
Kubernetes Node Deep Dive
Lei (Harry) Zhang
 
PPTX
Kubernetes Basics
Rishabh Kumar
 
PDF
Kubernetes Hands-On Guide
Stratoscale
 
PPTX
Kubernetes Immersion
Juan Larriba
 
PDF
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
PDF
kubernetes 101
SeungWoo Lee
 
PDF
Quick introduction to Kubernetes
Eduardo Garcia Moyano
 
PPSX
Docker Kubernetes Istio
Araf Karsh Hamid
 
PPTX
Kubernetes Introduction
Eric Gustafson
 
PDF
Introduction to kubernetes
Raffaele Di Fazio
 
PDF
What is Kubernets
Echelon Edge Pvt Ltd
 
PDF
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
PPTX
Continuous deployment of polyglot microservices: A practical approach
Juan Larriba
 
Intro to Kubernetes
Joonathan Mägi
 
Kubernetes
erialc_w
 
Continuous Delivery the hard way with Kubernetes
Luke Marsden
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Opcito Technologies
 
Introduction to kubernetes
Rishabh Indoria
 
Kubernetes presentation
GauranG Bajpai
 
Kubernetes in Docker
docker-athens
 
Kubernetes Node Deep Dive
Lei (Harry) Zhang
 
Kubernetes Basics
Rishabh Kumar
 
Kubernetes Hands-On Guide
Stratoscale
 
Kubernetes Immersion
Juan Larriba
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
kubernetes 101
SeungWoo Lee
 
Quick introduction to Kubernetes
Eduardo Garcia Moyano
 
Docker Kubernetes Istio
Araf Karsh Hamid
 
Kubernetes Introduction
Eric Gustafson
 
Introduction to kubernetes
Raffaele Di Fazio
 
What is Kubernets
Echelon Edge Pvt Ltd
 
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
Continuous deployment of polyglot microservices: A practical approach
Juan Larriba
 

Similar to Containers and Kubernetes -Notes Leo (20)

PPTX
Container Orchestration using kubernetes
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
PDF
DevJam 2019 - Introduction to Kubernetes
Ronny Trommer
 
PPTX
Docker and kubernetes
Meiyappan Kannappa
 
PDF
Introduction to Kubernetes Workshop
Bob Killen
 
PDF
Kubernetes Basics
Eueung Mulyana
 
PDF
Kubernetes for Java developers
Robert Barr
 
PPTX
Introducing Kubernetes
VikRam S
 
PPTX
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
PDF
Getting started with google kubernetes engine
Shreya Pohekar
 
PPTX
Containers kuberenetes
Gayan Gunarathne
 
PPTX
Containers kuberenetes
Gayan Gunarathne
 
PDF
Containers kuberenetes
csegayan
 
PDF
Best Docker Kubernetes Training - Docker Kubernetes Online.pdf
venkatakrishnavisual
 
PDF
Kubernetes-Meetup
Vaibhav Kohli
 
PPTX
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
 
PPTX
Kubernetes slides with master and node components
waleedghumandevops
 
PPTX
Kubernetes #1 intro
Terry Cho
 
PDF
Containerize! Between Docker and Jube.
Henryk Konsek
 
PPTX
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
PPTX
Introduction to Containers & Diving a little deeper into the benefits of Con...
Synergetics Learning and Cloud Consulting
 
Container Orchestration using kubernetes
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
DevJam 2019 - Introduction to Kubernetes
Ronny Trommer
 
Docker and kubernetes
Meiyappan Kannappa
 
Introduction to Kubernetes Workshop
Bob Killen
 
Kubernetes Basics
Eueung Mulyana
 
Kubernetes for Java developers
Robert Barr
 
Introducing Kubernetes
VikRam S
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
Getting started with google kubernetes engine
Shreya Pohekar
 
Containers kuberenetes
Gayan Gunarathne
 
Containers kuberenetes
Gayan Gunarathne
 
Containers kuberenetes
csegayan
 
Best Docker Kubernetes Training - Docker Kubernetes Online.pdf
venkatakrishnavisual
 
Kubernetes-Meetup
Vaibhav Kohli
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
 
Kubernetes slides with master and node components
waleedghumandevops
 
Kubernetes #1 intro
Terry Cho
 
Containerize! Between Docker and Jube.
Henryk Konsek
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Introduction to Containers & Diving a little deeper into the benefits of Con...
Synergetics Learning and Cloud Consulting
 
Ad

More from Léopold Gault (7)

PDF
OAuth OpenID Connect
Léopold Gault
 
PDF
SAML
Léopold Gault
 
PPTX
Notes leo kafka
Léopold Gault
 
PPTX
NoSQL - Leo's notes
Léopold Gault
 
PPTX
Leo's Notes about Apache Kafka
Léopold Gault
 
PPTX
Leo's notes - Oracle DBA 2 Days
Léopold Gault
 
ODP
Application Continuity with Oracle DB 12c
Léopold Gault
 
OAuth OpenID Connect
Léopold Gault
 
SAML
Léopold Gault
 
Notes leo kafka
Léopold Gault
 
NoSQL - Leo's notes
Léopold Gault
 
Leo's Notes about Apache Kafka
Léopold Gault
 
Leo's notes - Oracle DBA 2 Days
Léopold Gault
 
Application Continuity with Oracle DB 12c
Léopold Gault
 
Ad

Recently uploaded (20)

PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 

Containers and Kubernetes -Notes Leo

  • 1. Containers and Kubernetes Leo’s Notes Leopold Gault
  • 3. Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
  • 4. Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
  • 5. The need for containers 1. The need for micro-services 2. The need for infrastructure as code
  • 6. Monolithic vs SOA vs Microservice
  • 7. Monolithic applications VS Microservices Monolithic application Microservices (APIs)
  • 8. Monolithic applications VS Microservices Monolithic cake Microservices cake
  • 9. The need for containers 1. The need for micro-services 2. The need for infrastructure as code Subject covered orally
  • 10. Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
  • 11. Containers: what they are A container is an image of a set of applications and configuration- data. Such image is: • Immutable • Portable • Can be saved in a “photo album”: an images-repository.
  • 12. Virtual Machines vs. Containers Virtual Machines ● Each virtual machine (VM) includes the app, the necessary binaries and libraries and an entire guest operating system Containers ● Containers include the app & all of its dependencies, but share the OS kernel with other containers. ● Run as an isolated process in the userspace of the host OS VMs Containers
  • 13. Let’s have a look at Wikipedia’s listing Different levels of virtualization source Version of 14th Sept 2017
  • 14. Different types of containers • Linux Containers (LXC) • OpenVZ • Warden Containers (used by Pivotal CloudFoundry) • RKT (developed by CoreOS) • Docker • Implementations of the Open Containers Initiative (OCI) • … OS-level virtualization solutions
  • 15. Dockerfile Container image docker build Repo Docker registry docker run Container runtime: Linux kernel + Docker engine Highlight about Docker
  • 16. Building container images My mongoDB : FROM ubuntu_base_image RUN apt-get update RUN apt-get install mongoDB EXPOSE 8080 ENTRY POINT /uns/binn/mongoDb DockerFile Ubuntu_base_image (from private or public registry) Docker deamon > docker build Container image Repo My Docker registry Leo’s container image
  • 17. Container image Repo Docker registry docker run -p 4000 :8080 friendlyhello Container runtime: Linux kernel + Docker engine :8080 :4000
  • 18. About building images on top of other images Files that are removed by subsequent layers in the system are actually still present in the images; they’re just inaccessible. E.g. In terms of building images, this also means that if server.js is changed, layer B and layer C will have to be rebuilt (so you have to order your layers from the least likely to change to most likely) Image Image Image Although “BigFile” is no longer accessible in the image ‘Layer C’, it is still present in Layer A, which Layer C is built on. With the right tools, BigFile can still be accessed by anyone having access to the image Layer C. In terms of network traffic, this also means that whenever you push or pull Layer C, BigFile is still transmitted through the network.
  • 19. Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
  • 20. The need for Kubernetes 1. The need for declarative infrastructure as code 2. The need for cluster management of container-engines Subject covered orally
  • 21. The need for Kubernetes 1. The need for declarative infrastructure as code 2. The need for cluster management of container-engines
  • 22. Containers management platforms Manage distributed containers, and their lifecycle Containers Management Platform
  • 23. Containers management platforms Manage distributed containers, and their lifecycle Docker Swarm
  • 24. Program Agenda 1. Containers: 1. The need for containers 2. Technical overview of containers 2. Kubernetes: 1. The need for Kubernetes 2. Technical overview of Kubernetes
  • 25. Components of a K8s cluster
  • 26. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager It is the front-end for the Kubernetes control plane controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
  • 27. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager Distributed key-value store. Provides a dynamic configuration registry. controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
  • 28. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager Watches newly created pods that have no node assigned yet, and selects a node for them to run on. controls kube-proxy Container runtime (Docker, rkt, runc, etc.)
  • 29. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager controls kube-proxy Container runtime (Docker, rkt, runc, etc.) Component on the master that runs controllers. These controllers include: • Node Controller: detects when nodes go down, and responds. • Replication Controller: maintains the correct number of pods for every replication controller object (replicaset?) in the system. • Endpoints Controller: deploys the “Endpoints object” (i.e. services and pods) into the cluster. • Service Account & Token Controllers: Creates default accounts and API access tokens for new namespaces.
  • 30. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to Master node Worker node cloud-controller-manager controls kube-proxy Container runtime (Docker, rkt, runc, etc.) Runs controllers that interact with the underlying cloud providers. Those controllers are specific to the cloud-provider. Those controllers are: • Node Controller: when a node stops responding, it checks with the cloud provider to determine if this node has been deleted • Route Controller: sets up routes in the underlying cloud infrastructure • Service Controller: creates, updates and deletes cloud provider load balancers • Volume Controller: creates, attaches, and mounts volumes, and interacts with the cloud provider to orchestrate volumes
  • 31. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to controls Master node Worker node cloud-controller-manager Makes sure that containers are running in a pod. The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. kube-proxy Container runtime (Docker, rkt, runc, etc.)
  • 32. Components of a cluster kube-apiserver etcd kube-scheduler kube-controller-manager Kubelet connected to controls Master node Worker node cloud-controller-manager kube-proxy Enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding. Container runtime (Docker, rkt, runc, etc.)
  • 34. Pods IP2 Shared storage Node 1 IP1 Shared storage (volume) Leo: You normally put in a pod just one container, or a handful of containers that are tightly coupled (e.g. a Tomcat container + a Git syncrhonizer; with both apps interacting thru a local filesystem). You achieve horizontal scaling by replicating pods; not by replicating containers within a pod. Created from an image
  • 35. Example of anti-pattern Pod Node 1 IP1
  • 37. Communication between containers within a same pod Node 1 IP1 Shared storage (volume) From: localhost:8080 To: localhost:3306 Kubernetes has an “IP-per-pod model”: containers within a same pod share the same IP address, and communicate with each other using distinct ports, on localhost. I know this is anti-pattern. It is just an example.
  • 38. Pods and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3IP1 IP2
  • 39. The need for services Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3IP1 IP2 Weblogic cluster Managed server1 Managed server2 App which is a client of the Weblogic cluster
  • 40. Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Acts like a LB between Pods
  • 41. Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods.
  • 42. Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Acts like a LB between Pods
  • 43. Services and network Private overlay network within the Kubernetes cluster Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Port of your choosing E.g. with the service-type “NodePort”: each hosting node will act as a NAT server specifically for this IP; i.e. it will associate one of its port to the IP4 Acts like a LB between Pods Port of your choosing
  • 44. Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster
  • 45. Services and network Private overlay network within the Kubernetes cluster Node 1 Node 2 Real network IP3 ServiceA IP4 IP1 IP2 Acts like a LB between Pods
  • 46. Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster • NodePort: each node in the cluster maps an external port to the service’s private IP
  • 47. Services and network Private overlay network within the Kubernetes cluster Real network IP3 ServiceA IP4 IP1 IP2 Can optionally be made reachable from the real network Port of your choosing E.g. with the service-type “NodePort”: each hosting node will act as a NAT server specifically for this IP; i.e. it will associate one of its port to the IP4 Acts like a LB between Pods Port of your choosing
  • 48. Service A level of abstraction providing an external and durable access to a set of pods. A service : • encompasses serval Pods, • has its own (private) IP (thus allowing consuming services to use the Service’s IP, instead of the Pod’s, which may change frequently), • load balances the IP packets it receives to its Pods. • Provides 3 types of access: • ClusterIP: the service is only visible from inside the cluster • NodePort: each node in the cluster maps an external port to the service’s private IP • LoadBalancer: a LB from the cloud provider will forward the traffic from the service the nodes within it. (like NodePort, but on top of this, an external LB is configured to balance the traffic between the nodes:servicePort?)
  • 49. Services and network Private overlay network within the Kubernetes cluster Real (private) network IP3 ServiceA IP4 IP1 IP2 Port of your choosing Acts like a LB between Pods Port of your choosing load balancer (cloud service)
  • 50. Services identify their pods (and deployments) thanks to labels
  • 51. Deployment features Additional: enforce replicasets, by • deploying the pods, • monitoring them, • Stop/restart them, • redeploying them on another node if needed. • Perform rolling updates • Undo an update if requested Deployments Deployments are a declarative way to ensure that the number of Pods running is equal to what the user declared to want. Deployments keep our Pods up and running, even when the nodes they run on fail. If Pods are declaratively updated (e.g. container image changed) or scaled, the Deployment will handle that.
  • 52. Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec
  • 53. Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec
  • 54. Deployment spec vs Pod spec Example of deployment Example of pod The same as a pod spec Specific to deployment spec Services identify their pods, and thus their deployments, thanks to labels
  • 56. E.g. of deployment spec apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 # tells deployment to run 2 pods matching the template template: # create pods using pod definition in this template metadata: # unlike pod-nginx.yaml, the name is not included in the meta data as a unique name is # generated from the deployment name labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 deployment.yaml

Editor's Notes

  • #14: https://en.wikipedia.org/wiki/Template:Virtualization_software
  • #35: Kubernetes applies IP addresses at the Pod scope - containers within a Pod share their network namespaces - including their IP address. This means that containers within a Pod can all reach each other’s ports on localhost. This does imply that containers within a Pod must coordinate port usage, but this is no different than processes in a VM. This is called the “IP-per-pod” model. https://kubernetes.io/docs/concepts/cluster-administration/networking/