Interop 2018 - Understanding Kubernetes - Brian Gracely
Download as PPTX, PDF•2 likes•528 views
The document provides an overview of Kubernetes, including its history, architecture, and functionality within cloud-native applications. It discusses Kubernetes' evolution to become the industry standard for container orchestration, detailing its components such as nodes, pods, and various deployment strategies. Additionally, it offers resources for further learning about Kubernetes and highlights the importance of Kubernetes conformance across products and services.
Interop 2018 - Understanding Kubernetes - Brian Gracely
- 1. Understanding Kubernetes Brian Gracely Director Product Strategy, Red Hat OpenShift @bgracely | [email protected] May 2018
- 2. BRIAN GRACELY @openshift (Red Hat OpenShift) @bgracely @PodCTL @thecloudcastnet
- 3. Things to discuss today… • Kubernetes – How did we get here? • How does Kubernetes work? • Are all Kubernetes the same? • Who has/had a Kubernetes problem? • How can you learn more about Kubernetes?
- 4. Kubernetes – How did we get here?
- 5. “Software is Eating the World.” - Marc Andreessen, 2011
- 6. “Half of the current Fortune 500 companies will be replaced on the list within 10 years!”
- 7. How the “Platform” Market Evolved 2009-2011 ● Mix of Open + Proprietary ● Limited Languages ● Fragmented Communities 2014-15 ● Container Packaging ● Scalable Orchestration ● Open Communities ● Language Independent …..
- 8. Container Adoption Developers really liked docker containers
- 9. Container Trends vs. Platform Trends
- 10. How the “Platform” Market Evolved 2009-2011 ● Mix of Open + Proprietary ● Limited Languages ● Fragmented Communities 2014-15 ● Container Packaging ● Scalable Orchestration ● Open Communities ● Language Independent ● Strong Communities ● Broad Cloud Support ● F2000 Customers 2016-2017
- 11. STANDARDIZING ON KUBERNETES Kubernetes Others (industry has moved on) Cloud Foundry Diego AWS Blox Rancher Cattle VMware Admiral CoreOS Fleet HashiCorp Nomad Docker Swarm Mesos October 2017 ...and many more! Eventually, Kubernetes became the standard
- 12. How does Kubernetes work?
- 13. Needs in a Kubernetes environment PHYSICAL KUBERNETES CONTAINER RUNTIME | CONTAINER PACKAGING CONTAINER CONTAINERCONTAINER CONTAINER CONTAINER VIRTUAL PRIVATE PUBLIC LINUX HOST | WINDOWS HOST SECURITY REGISTRYTELEMETRY STORAGE NETWORK DEVELOPER EXPERIENCE
- 14. (CSI) STORAGE INTERFACE ORCHESTRATION CLUSTER SERVICES DEPLOYMENT STRATEGIES (CNI) NETWORK INTERFACE What does Kubernetes provide? (High-Level) HOST KUBELET HOST KUBELET KUBERNETES API Masters: Control plane for Kubernetes • Manage API Server • Manage Scheduler • Manager Cluster Services Hosts: • Run the Kubelet • Manage tasks assigned by Kubernetes Masters
- 15. Kubernetes Architecture - Basics MASTERS – 1, 2, n… Cloud Provider API kubectl Containers etcd System Services Container Runtime kubelet Containers System Services Container Runtime kubelet NODES – 1, 2, n… Pod 1 Pod 2 kube-proxy Containers Pod 1 kube-proxy System Services Container Runtime kubelet NODES – 1, 2, n… Pod 2 Load Balancerkube api- server cloud-controller-mgr kube-controller-mgr kube-scheduler kube-proxy Additional Services
- 16. Kubernetes Controllers – Many Ways to Deploy Pods Replica Sets: A ReplicaSet ensures that a specific number of pod replicas are running at a given time. Usually used in conjunction with a “Deployment”. Deployments: Defines a specific state of a Deployment object. Could be a ReplicaSet, state of a pod, Rollback, etc. StatefulSet: Used for Stateful applications. Creates a sticky identity for pods. DaemonSet: Used for ensure all Nodes run an instance of the pod. Used for cluster-wide services (e.g. Logging, Monitoring, Container Storage, Jobs: Used for “Run to Completion” tasks. CronJob: Used for time-based Jobs, “Run to Completion” tasks. Custom Resources: Collection of additional APIs used to extend existing Kubernetes functionality (also known as “CRDs”
- 17. Kubernetes NodesKubernetes Nodes Getting from Container to Kubernetes KUBERNETES USER DEVELOPER Kubernetes Manifest (YAML FILE) • DEPLOYMENT TYPE • CPU | MEMORY • CONTAINERS • NAMESPACES • LABELS • SERVICES • IP ADDR / PORTS • STORAGE VOLUMES Kubernetes Cluster Kubernetes Nodes • MANAGE RESOURCES • SCHEDULE RESOURCES • MONITOR RESOURCES Container Registry CI/CD Pipeline • KUBELET • CONTAINER RUNTIME • EXECUTE CONTAINER
- 18. Containers and Pods Kubernetes Controller PODS Single Container Multiple Containers Sidecar Containers Request Kube Proxy RequestLoad Balance Must have two services on the same node (e.g. Security Proxy). Add additional services to specific Containers (e.g. Envoy Proxy).
- 19. 19 PODPOD Containers are wrapped in Pods which are units of deployment and management CONTAINER CONTAINERCONTAINER IP: 10.1.0.11 IP: 10.1.0.55
- 20. 20 POD Services provide internal load-balancing and service discovery across pods CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backendrole: backendrole: backendrole: frontend
- 21. 21 POD Service Discovery – Apps can talk to each other via “Services” CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backendrole: backendrole: backendrole: frontend Invoke Backend API
- 22. 22 Built-In Service Discovery and Load-Balancing SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backendversion=2.0 version=1.0 version=1.0
- 23. SERVICE POD POD ROUTER | LOAD-BALANCER POD EXTERNAL TRAFFIC INTERNAL TRAFFIC Routing Traffic to Services and Pods
- 24. Kubernetes Networking – CNI (Container Native Interface) KUBERNETES KUBERNETES CNI OpenShift Plugin Flannel Plugin* Nuage Plugin Essentials (Calico) Plugin OpenContrai Plugin Cisco Contiv Plugin Big Switch Plugin VMware NSX-T Plugin Open Daylight Plugin …and many other SDN options
- 25. NAMESPACE POOL OF PERSISTENT VOLUMES (PV) 25 Persistent Storage NFS PV iSCSI PV NFS PV Admin User Register PV Create PV Claim NFS PV GlusterFS PV Pod claim Pod claim Pod claim Cep h RBD PV
- 26. 26 Dynamic Volume Provisioning Admin User define StorageClass create claim: Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV Kubernetes PV Controller provision Azure Provisioner bound
- 27. Are all Kubernetes the same?
- 28. Kubernetes Conformant vs. Kubernetes Products/Services https://www.cncf.io/certification/software-conformance/ Certified Kubernetes Conformance Program • Validated against Kubernetes Test • Ensures Kubernetes API compliance • Doesn’t test elements outside Kubernetes PHYSICAL KUBERNETES CONTAINER RUNTIME | CONTAINER PACKAGING CONTAINER CONTAINERCONTAINER CONTAINER CONTAINER VIRTUAL PRIVATE PUBLIC LINUX SECURITY REGISTRYTELEMETRY STORAGE NETWORK DEVELOPER EXPERIENCE Vendor Products and Cloud-Provider Services • Should certify to Kubernetes Conformance • Different elements included or optional • Different operational models
- 29. Who has/had a Kubernetes problem?
- 30. Every Industry and Every Geography 15+ Industries IoT APPS CLOUD NATIVE APPS BIG DATA APPS HPC APPS MOBILE APPS EXISTING APPS KUBERNETES UNIFIED ORCHESTRATION OPERATORS - IMMUTABLE INFRASTRUCTURE APPLICATION OPERATORS (ALM) SERVICE MESH SECURITY DEVELOPER TOOLS BROKERS PIPELINES CUSTOM RESOURCE DEFINITIONS
- 31. How can you learn more about Kubernetes?
- 32. Kubernetes Learning Resources • Kubernetes Homepage - https://kubernetes.io/docs/concepts/ • Kubernetes Tutorials - https://kubernetes.io/docs/tutorials/ • Certified Kubernetes Administrator (CNCF) - https://www.cncf.io/certification/expert/cka/ • Katacoda (Tutorials) - https://katacoda.com/courses/kubernetes • OpenShift (Tutorials) - https://learn.openshift.com/ • “Kubernetes the Hard Way” (Kelsey Hightower, Google) – https://github.com/kelseyhightower/kubernetes-the-hard-way • Kubernetes Up and Running (O’Reilly book) – Brendan Burns, Joe Beda, Kelsey Hightower • Kubernetes – A Comprehensive Overview (Bob Killen, CNCF Ambassador) - https://www.slideshare.net/BobKillen/kubernetes-a-comprehensive-overview-updated • Kubernetes People to Follow (Scott Lowe’s List) - https://blog.scottlowe.org/2018/04/18/list- of-kubernetes-folks-on-twitter/
- 33. THANK YOU!
Editor's Notes
- #8: Now that we have a sense of the market size and trajectory, let’s look at some of the things that have been shaping this market for the last 5-6 years. 2009-2011: This market began with a number of offerings, both public cloud and open-source based. They were limited in functionality and often limited in the size of the open communities that supported them. 2014: Several big (new) trends emerged, especially in the open source communities. Docker spun out of dotCloud and established a new way to look at containers. Mesos and Kubernetes emerged as scalable container orchestration/scheduling systems. They both came out of existing webscale environments (e.g. Twitter, Google - respectively), and this lead alot of existing platforms to reconsider their technology architecture and strategy. 2016-2017: Where we are today is a very vibrant ecosystem of platform choices, both as open source communities, commercial software offerings and public cloud services.
- #11: Now that we have a sense of the market size and trajectory, let’s look at some of the things that have been shaping this market for the last 5-6 years. 2009-2011: This market began with a number of offerings, both public cloud and open-source based. They were limited in functionality and often limited in the size of the open communities that supported them. 2014: Several big (new) trends emerged, especially in the open source communities. Docker spun out of dotCloud and established a new way to look at containers. Mesos and Kubernetes emerged as scalable container orchestration/scheduling systems. They both came out of existing webscale environments (e.g. Twitter, Google - respectively), and this lead alot of existing platforms to reconsider their technology architecture and strategy. 2016-2017: Where we are today is a very vibrant ecosystem of platform choices, both as open source communities, commercial software offerings and public cloud services.
- #17: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
- #20: A pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage/network, and a specification for how to run the containers. A pod’s contents are always co-located and co-scheduled, and run in a shared context. A pod models an application-specific “logical host” - it contains one or more application containers which are relatively tightly coupled. In a pre-container world, they would have executed on the same physical or virtual machine. Containers within a pod share an IP address and port space, and can find each other via localhost Applications within a pod also have access to shared volumes, which are defined as part of a pod and are made available to be mounted into each application’s filesystem.
- #21: A service is a grouping of pods that are running on the cluster based on a set of labels (selector). Services provide important features that are standardized across the cluster: internal load-balancing, service discovery between applications, and features to support zero-downtime application deployments. Backing pods can be added to or removed from a service arbitrarily while the service remains consistently available, enabling anything that depends on the service to refer to it at a consistent address. Services are assigned an IP address and port pair that, when accessed, proxy to an appropriate backing pod.
- #23: A router uses the service selector to find the service and the endpoints backing the service. When both router and service provide load balancing, OpenShift Container Platform uses the router load balancing. A router detects relevant changes in the IP addresses of its services and adapts its configuration accordingly A built-in router comes with OpenShift however it can be replaced by external load-balancers like F5
- #26: Administrators define a pool of Persistent Volumes (PV) which are backed by network storage solutions like NFS, iSCSO, AWS EBS, etc and make them globally available in the OpenShift cluster. Users within their projects can create a Persistent Volume Claim (PVC) in order to request a PV to be available within their pods. In the pod definition, a developer can refer to the PVC and mount the requested persistent volume inside the pod at an arbitrary path. If a pod gets restarted, OpenShift mounts the same persistent volume into the pod again so that the pod data is available. PVs outlive the containers that were using them.
- #27: Dynamic provisioning allows provisioning persistent volumes on-demand when users request it rather than admins predefining them in advance StorageClass is a blueprint of how to provision persistent volumes on a network storage. OpenShift provides a set of provisioners that determine what volume plugins should be used for provisioning the volumes. OpenShift also supports third-party plugins that are not part of Kubernetes, such as NetApp Trident Admins creates a catalog of StorageClasses available in the OpenShift cluster. StorageClass names are arbitrary names to communicate their characteristics Users can create a Persistent Volume Claim and specify the name of a StorageClass to instruct OpenShift on the type of persistent volume that should be provisioned for the them