SlideShare a Scribd company logo

Kubernetes in kubernetes 搭建高可用環境

inwin stack
inwin stack

Kubernetes in Kubernetes: 搭建高可用環境 discusses running Kubernetes itself on Kubernetes to provide a self-hosted Kubernetes cluster with high availability. It describes how Bootkube can be used to bootstrap an initial control plane and deploy a full self-hosted control plane. It also discusses options for exposing services externally like NodePort, load balancers, Ingress, and using Keepalived for high availability virtual IPs. The document emphasizes that self-hosting Kubernetes makes operations easier and supports disaster recovery for the control plane.

Technology
1 of 42
Downloaded 67 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Kubernetes in Kubernetes: 搭建高可用環境 資訊與通訊研究所 蔣是文 Mac Chiang 交通大學資工所 鄭偉聖 Sam Zheng
Copyright 2017 ITRI 工業技術研究院 Agenda • Cluster Management Issues • Self-hosted Kubernetes • Service with High Availability • Summary 2
Copyright 2017 ITRI 工業技術研究院 Microservices Challenges 3 • A lots of microservices/components • Zero downtime deployment • Incremental roll out of features faster • Improves the ability scale efficiently
Copyright 2017 ITRI 工業技術研究院 Kubernetes Cluster 4 • Scheduling • Deployment • Healing • Discovery/Load balancing • Scaling But how about operating Kubernetes?
Copyright 2017 ITRI 工業技術研究院 Kubernetes Operation Tasks 5 • Deployment • Upgrade / rollback • Scaling • Monitoring • Healing • Security • … • A lot of manual/semi-manual work • No standard way to approach all the problems Problems! http://www.infoq.com/cn/presentations/self-hosted-infrastructure-take-kubernetes-as-an-example
Copyright 2017 ITRI 工業技術研究院 What’s Self-hosted Kubernetes? 6 • Running all required and optional components of a Kubernetes cluster on top of Kubernetes itself • Kubernetes manages own core components • Core component deployed as native API objects https://www.youtube.com/watch?v=EbNxGK9MwN4
Copyright 2017 ITRI 工業技術研究院 Why Self-hosted Kubernetes? 7 • Small Dependencies ▪ Reduce the number of components required (Kubelet and Docker) • Deployment consistency ▪ Reduce the number of moving parts relying on the host OS • Introspection ▪ Can be debugged and inspected by users using existing Kubernetes APIs • Cluster Upgrades ▪ Upgrade the components via Kubernetes APIs • Easier Highly-Available Configurations ▪ Easier to scale up and monitor an HA environment without complex external tooling https://github.com/kubernetes/community/blob/master/contributors/design-proposals/self-hosted-kubernetes.md
Copyright 2017 ITRI 工業技術研究院 Launching a Self-hosted Cluster 8 • Need an initial control plane to bootstrap a self-hosted cluster • Bootkube ▪ Provides a temporary control plane to run a full blown self-hosted control plane ▪ Run only on very first node, then not needed again https://www.youtube.com/watch?v=EbNxGK9MwN4
Copyright 2017 ITRI 工業技術研究院 Kubernetes Architecture 9 Master node etcd Scheduler Controller Manager API Server Worker node Kubelet Kube-proxy dockerPod Pod Worker node Kubelet Kube-proxy dockerPod Pod
Copyright 2017 ITRI 工業技術研究院 Spectrum of Self-hosted Ways 10 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/self-hosted-kubernetes.md • 0-4 self-hosted cluster • kubelet: daemon set • API server: pod / service • 1-4 self-hosted cluster • system installed Kubelet • 2-4 self-hosted cluster • everything except etcd self-hosted
Copyright 2017 ITRI 工業技術研究院 How bootkube works? 11 etcd Bootkube API Server Scheduler Controller Manager Kubelet
Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 12 etcd Bootkube API Server Scheduler Controller Manager Kubelet Create • Deployment • Daemonset • Service • Secret kubectl
Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 13 etcd Bootkube API Server Scheduler Controller Manager Kubelet Pods API Server Scheduler Controller Manager create
Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 14 etcd Bootkube API Server Scheduler Controller Manager Kubelet Pods API Server Scheduler Controller Manager create
Copyright 2017 ITRI 工業技術研究院 Pods How bootkube works? (cont.) 15 etcd Kubelet API Server Scheduler Controller Manager
Copyright 2017 ITRI 工業技術研究院 Self-hosted Control Plane 16 [root@centos7 ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE kube-apiserver-kkxq9 1/1 Running 0 1d kube-controller-manager-2953862963-t7m1q 1/1 Running 0 1d kube-controller-manager-2953862963-wlsjp 1/1 Running 0 1d kube-dns-2431531914-gqnnd 3/3 Running 0 1d kube-flannel-wnk1j 2/2 Running 0 1d kube-flannel-xcsx2 2/2 Running 0 1d kube-flannel-xrksj 2/2 Running 1 1d kube-proxy-04x11 1/1 Running 0 1d kube-proxy-11n6t 1/1 Running 0 1d kube-proxy-1zlgz 1/1 Running 0 1d kube-scheduler-1873817829-4c7mm 1/1 Running 1 1d kube-scheduler-1873817829-pmp0n 1/1 Running 0 1d pod-checkpointer-11q7g 1/1 Running 0 1d pod-checkpointer-11q7g-10.201.3.6 1/1 Running 0 1d
Copyright 2017 ITRI 工業技術研究院 Self-hosted Control Plane (cont.) 17 [root@centos7 ~]# kubectl get deployment -n kube-system NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kube-controller-manager 2 2 2 2 2d kube-dns 1 1 1 1 2d kube-scheduler 2 2 2 2 2d [root@centos7 ~]# kubectl get svc -n kube-system NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns 10.3.0.10 <none> 53/UDP,53/TCP 2d [root@centos7 ~]# kubectl get ds -n kube-system NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE-SELECTOR AGE kube-apiserver 1 1 1 1 1 node-role.kubernetes.io/master= 2d kube-flannel 3 3 3 3 3 <none> 2d kube-proxy 3 3 3 3 3 <none> 2d pod-checkpointer 1 1 1 1 1 node-role.kubernetes.io/master= 2d [root@centos7 ~]# kubectl get secret -n kube-system NAME TYPE DATA AGE kube-apiserver Opaque 7 2d kube-controller-manager Opaque 2 2d
Copyright 2017 ITRI 工業技術研究院 Disaster Recovery 18 • Node failure in HA deployments (Kubernetes) • Partial loss of control plane components (Kubernetes) • Power cycling the entire control plane (Kubernetes) • Permanent loss of control plane (External tool) http://www.infoq.com/cn/presentations/self-hosted-infrastructure-take-kubernetes-as-an-example
Copyright 2015 ITRI 工業技術研究院 Service with High Availability 19
Copyright 2017 ITRI 工業技術研究院 Kubernetes Networking 20
Copyright 2017 ITRI 工業技術研究院 21
Copyright 2017 ITRI 工業技術研究院 22
Copyright 2017 ITRI 工業技術研究院 How do we to export the service IP to public network on bare metal? • In kubernetes we have some existed solution  NodePort  CloudProvider Load Balancer  Ingress • But it is enough? 23
Copyright 2017 ITRI 工業技術研究院 NodePort 24 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Pod Pod Pod
Copyright 2017 ITRI 工業技術研究院 NodePort 25 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Pod Pod Pod
Copyright 2017 ITRI 工業技術研究院 Load Balancer • Cloud Provider e.g. AWS , GCP, OpenStack • Load Balancer is created by Cloud Provider, and provide the external IP to for service • But it is only for Cloud Provider, the bare metal cannot do this 26
Copyright 2017 ITRI 工業技術研究院 Load Balancer 27 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Cloud LoadBalancer Pod Pod Pod
Copyright 2017 ITRI 工業技術研究院 28
Copyright 2017 ITRI 工業技術研究院 Ingress 29 • HTTP Load Balancing • SSL Termination • Content-base Routing • Not fully for external network
Copyright 2017 ITRI 工業技術研究院 Ingress 30 Ingress nginx.com echoheaders.com ServiceA ServiceB 10.0.0.1:80
Copyright 2017 ITRI 工業技術研究院 Ingress 31 Ingress Controller Ingress Resource Load Balancer watches configure
Copyright 2017 ITRI 工業技術研究院 Ingress 32 kubeProxy kubeProxy kubeProxy Pod PodPodPod PodPod Momo.foo.com Jojo.foo.com yoyo.foo.com hostnetwork
Copyright 2017 ITRI 工業技術研究院 Ingress 33 kubeProxy kubeProxy kubeProxy Pod PodPodPod PodPod DNS
Copyright 2017 ITRI 工業技術研究院 34
Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP • Real High-Availability • Virtual IP Address • IP to Service • Configmap • DaemonSet 35 Ref : - https://github.com/kubernetes/contrib/tree/master/keepalived-vip
Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 36 kubeProxy kubeProxy kubeProxy Pod PodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50
Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 37 kubeProxy kubeProxy kubeProxy PodPodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50 Pod
Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 38 kubeProxy kubeProxy kubeProxy PodPodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50
Copyright 2017 ITRI 工業技術研究院 39
Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP + Ingress 40 kubeProxy kubeProxy kubeProxy PodPod Pod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50 Momo.foo.com Jojo.foo.com
Copyright 2017 ITRI 工業技術研究院 Summary • Self-hosted K8S ▪ Make K8S operations more easier ▪ Bootkube is still a incubator project ▪ Support disaster recovery • Service with High Availability ▪ Using DNS to provide your service – Ingress ▪ More vip – keepalived-VIP ▪ Using cloud to build your kubernetes – cloud Load Balancer ▪ Test – NodePort 41
Thank you! macchiang@itri.org.tw kweisamx.cs05g@g2.nctu.edu.tw Kubernetes Taiwan User Group

More Related Content

What's hot (20)

PDF
Using source code management patterns to configure and secure your Kubernetes...
Giovanni Galloro
 
PDF
Kubernetes scheduling and QoS
Cloud Technology Experts
 
PDF
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
PDF
Open Source at Zalando - OSB Open Source Day 2019
Henning Jacobs
 
PDF
利用K8S實現高可靠應用
inwin stack
 
PDF
23 meetup rancher
Juraj Hantak
 
PDF
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 
PDF
Openshift argo cd_v1_2
RastinKenarsari
 
PDF
Mirantis Contributions to Kubernetes Ecosystem
MoscowKubernetes
 
PPTX
Kubernetes in Highly Restrictive Environments
Kublr
 
PDF
Kubernetes on the Edge / 在邊緣的K8S
Yi-Fu Ciou
 
PDF
DevOps Fest 2020. Дмитрий Кудрявцев. Реализация GitOps на Kubernetes. ArgoCD
DevOps_Fest
 
PDF
쿠버네티스를 이용한 기능 브랜치별 테스트 서버 만들기 (GitOps CI/CD)
충섭 김
 
PDF
KubeCon EU 2021 Recap - Running Cache-Efficient Builds at Scale on Kubernetes...
Preferred Networks
 
PPTX
OpenShift 5 Drop5 demo
Glenn West
 
PDF
GitOps A/B testing with Istio and Helm
Weaveworks
 
PDF
Cloud Native CI/CD with GitOps
Kasper Nissen
 
PDF
Kubernetes Monitoring & Best Practices
Ajeet Singh Raina
 
PDF
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
smalltown
 
PDF
Kubecon seattle 2018 workshop slides
Weaveworks
 
Using source code management patterns to configure and secure your Kubernetes...
Giovanni Galloro
 
Kubernetes scheduling and QoS
Cloud Technology Experts
 
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
Open Source at Zalando - OSB Open Source Day 2019
Henning Jacobs
 
利用K8S實現高可靠應用
inwin stack
 
23 meetup rancher
Juraj Hantak
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 
Openshift argo cd_v1_2
RastinKenarsari
 
Mirantis Contributions to Kubernetes Ecosystem
MoscowKubernetes
 
Kubernetes in Highly Restrictive Environments
Kublr
 
Kubernetes on the Edge / 在邊緣的K8S
Yi-Fu Ciou
 
DevOps Fest 2020. Дмитрий Кудрявцев. Реализация GitOps на Kubernetes. ArgoCD
DevOps_Fest
 
쿠버네티스를 이용한 기능 브랜치별 테스트 서버 만들기 (GitOps CI/CD)
충섭 김
 
KubeCon EU 2021 Recap - Running Cache-Efficient Builds at Scale on Kubernetes...
Preferred Networks
 
OpenShift 5 Drop5 demo
Glenn West
 
GitOps A/B testing with Istio and Helm
Weaveworks
 
Cloud Native CI/CD with GitOps
Kasper Nissen
 
Kubernetes Monitoring & Best Practices
Ajeet Singh Raina
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
smalltown
 
Kubecon seattle 2018 workshop slides
Weaveworks
 

Similar to Kubernetes in kubernetes 搭建高可用環境 (20)

PDF
Kubernetes deployment on bare metal with container linux
macchiang
 
PPTX
Kubernetes day 2 Operations
Paul Czarkowski
 
PDF
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
PPTX
Fabio rapposelli pks-vmug
VMUG IT
 
PDF
Kubernetes extensibility
Docker, Inc.
 
PPTX
OSDN: Serverless technologies with Kubernetes
Provectus
 
PPTX
What is serveless?
Provectus
 
PDF
Cncf k8s_network_03 (Ingress introduction)
Erhwen Kuo
 
PDF
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Laure Vergeron
 
PDF
Kubermatic CNCF Webinar - start.kubermatic.pdf
LibbySchulze
 
PDF
Kubermatic.pdf
LibbySchulze
 
PPTX
20191201 kubernetes managed weblogic revival - part 2
makker_nl
 
PDF
'DOCKER' & CLOUD: ENABLERS For DEVOPS
ACA IT-Solutions
 
PDF
Docker and Cloud - Enables for DevOps - by ACA-IT
Stijn Wijndaele
 
PPTX
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 
PDF
The ultimate Kubernetes Deployment Checklist - Infra to Microservices
Prakarsh -
 
PDF
Red Hat and kubernetes: awesome stuff coming your way
Johannes Brännström
 
PDF
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
PDF
The Kubernetes WebLogic revival (part 2)
Simon Haslam
 
PDF
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
Kubernetes deployment on bare metal with container linux
macchiang
 
Kubernetes day 2 Operations
Paul Czarkowski
 
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
Fabio rapposelli pks-vmug
VMUG IT
 
Kubernetes extensibility
Docker, Inc.
 
OSDN: Serverless technologies with Kubernetes
Provectus
 
What is serveless?
Provectus
 
Cncf k8s_network_03 (Ingress introduction)
Erhwen Kuo
 
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Laure Vergeron
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
LibbySchulze
 
Kubermatic.pdf
LibbySchulze
 
20191201 kubernetes managed weblogic revival - part 2
makker_nl
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
ACA IT-Solutions
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Stijn Wijndaele
 
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 
The ultimate Kubernetes Deployment Checklist - Infra to Microservices
Prakarsh -
 
Red Hat and kubernetes: awesome stuff coming your way
Johannes Brännström
 
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
The Kubernetes WebLogic revival (part 2)
Simon Haslam
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
Ad

More from inwin stack (20)

PDF
Migrating to Cloud Native Solutions
inwin stack
 
PDF
Cloud Native 下的應用網路設計
inwin stack
 
PDF
當電子發票遇見 Google Cloud Function
inwin stack
 
PDF
運用高效、敏捷全新平台極速落實雲原生開發
inwin stack
 
PDF
The last mile of digital transformation AI大眾化:數位轉型的最後一哩
inwin stack
 
PDF
整合Cloud Foundry 和 Kubernetes 技術打造企業級雲應用平台解決方案
inwin stack
 
PDF
An Open, Open source way to enable your Cloud Native Journey
inwin stack
 
PDF
維運Kubernetes的兩三事
inwin stack
 
PDF
Serverless framework on kubernetes
inwin stack
 
PDF
Train.IO 【第六期-OpenStack 二三事】
inwin stack
 
PDF
Web後端技術的演變
inwin stack
 
PDF
以 Kubernetes 部屬 Spark 大數據計算環境
inwin stack
 
PDF
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
PDF
基於 K8S 開發的 FaaS 專案 - riff
inwin stack
 
PPTX
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
PDF
Extend the Kubernetes API with CRD and Custom API Server
inwin stack
 
PDF
Build your own kubernetes apiserver and resource type
inwin stack
 
PDF
Virtualization inside kubernetes
inwin stack
 
PDF
Build the Blockchain as service (BaaS) Using Ethereum on Kubernetes
inwin stack
 
PDF
How to integrate Kubernetes in OpenStack: You need to know these project
inwin stack
 
Migrating to Cloud Native Solutions
inwin stack
 
Cloud Native 下的應用網路設計
inwin stack
 
當電子發票遇見 Google Cloud Function
inwin stack
 
運用高效、敏捷全新平台極速落實雲原生開發
inwin stack
 
The last mile of digital transformation AI大眾化:數位轉型的最後一哩
inwin stack
 
整合Cloud Foundry 和 Kubernetes 技術打造企業級雲應用平台解決方案
inwin stack
 
An Open, Open source way to enable your Cloud Native Journey
inwin stack
 
維運Kubernetes的兩三事
inwin stack
 
Serverless framework on kubernetes
inwin stack
 
Train.IO 【第六期-OpenStack 二三事】
inwin stack
 
Web後端技術的演變
inwin stack
 
以 Kubernetes 部屬 Spark 大數據計算環境
inwin stack
 
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
基於 K8S 開發的 FaaS 專案 - riff
inwin stack
 
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
Extend the Kubernetes API with CRD and Custom API Server
inwin stack
 
Build your own kubernetes apiserver and resource type
inwin stack
 
Virtualization inside kubernetes
inwin stack
 
Build the Blockchain as service (BaaS) Using Ethereum on Kubernetes
inwin stack
 
How to integrate Kubernetes in OpenStack: You need to know these project
inwin stack
 
Ad

Recently uploaded (20)

PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
July Patch Tuesday
Ivanti
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
July Patch Tuesday
Ivanti
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 

Kubernetes in kubernetes 搭建高可用環境

  • 1. Kubernetes in Kubernetes: 搭建高可用環境 資訊與通訊研究所 蔣是文 Mac Chiang 交通大學資工所 鄭偉聖 Sam Zheng
  • 2. Copyright 2017 ITRI 工業技術研究院 Agenda • Cluster Management Issues • Self-hosted Kubernetes • Service with High Availability • Summary 2
  • 3. Copyright 2017 ITRI 工業技術研究院 Microservices Challenges 3 • A lots of microservices/components • Zero downtime deployment • Incremental roll out of features faster • Improves the ability scale efficiently
  • 4. Copyright 2017 ITRI 工業技術研究院 Kubernetes Cluster 4 • Scheduling • Deployment • Healing • Discovery/Load balancing • Scaling But how about operating Kubernetes?
  • 5. Copyright 2017 ITRI 工業技術研究院 Kubernetes Operation Tasks 5 • Deployment • Upgrade / rollback • Scaling • Monitoring • Healing • Security • … • A lot of manual/semi-manual work • No standard way to approach all the problems Problems! http://www.infoq.com/cn/presentations/self-hosted-infrastructure-take-kubernetes-as-an-example
  • 6. Copyright 2017 ITRI 工業技術研究院 What’s Self-hosted Kubernetes? 6 • Running all required and optional components of a Kubernetes cluster on top of Kubernetes itself • Kubernetes manages own core components • Core component deployed as native API objects https://www.youtube.com/watch?v=EbNxGK9MwN4
  • 7. Copyright 2017 ITRI 工業技術研究院 Why Self-hosted Kubernetes? 7 • Small Dependencies ▪ Reduce the number of components required (Kubelet and Docker) • Deployment consistency ▪ Reduce the number of moving parts relying on the host OS • Introspection ▪ Can be debugged and inspected by users using existing Kubernetes APIs • Cluster Upgrades ▪ Upgrade the components via Kubernetes APIs • Easier Highly-Available Configurations ▪ Easier to scale up and monitor an HA environment without complex external tooling https://github.com/kubernetes/community/blob/master/contributors/design-proposals/self-hosted-kubernetes.md
  • 8. Copyright 2017 ITRI 工業技術研究院 Launching a Self-hosted Cluster 8 • Need an initial control plane to bootstrap a self-hosted cluster • Bootkube ▪ Provides a temporary control plane to run a full blown self-hosted control plane ▪ Run only on very first node, then not needed again https://www.youtube.com/watch?v=EbNxGK9MwN4
  • 9. Copyright 2017 ITRI 工業技術研究院 Kubernetes Architecture 9 Master node etcd Scheduler Controller Manager API Server Worker node Kubelet Kube-proxy dockerPod Pod Worker node Kubelet Kube-proxy dockerPod Pod
  • 10. Copyright 2017 ITRI 工業技術研究院 Spectrum of Self-hosted Ways 10 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/self-hosted-kubernetes.md • 0-4 self-hosted cluster • kubelet: daemon set • API server: pod / service • 1-4 self-hosted cluster • system installed Kubelet • 2-4 self-hosted cluster • everything except etcd self-hosted
  • 11. Copyright 2017 ITRI 工業技術研究院 How bootkube works? 11 etcd Bootkube API Server Scheduler Controller Manager Kubelet
  • 12. Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 12 etcd Bootkube API Server Scheduler Controller Manager Kubelet Create • Deployment • Daemonset • Service • Secret kubectl
  • 13. Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 13 etcd Bootkube API Server Scheduler Controller Manager Kubelet Pods API Server Scheduler Controller Manager create
  • 14. Copyright 2017 ITRI 工業技術研究院 How bootkube works? (cont.) 14 etcd Bootkube API Server Scheduler Controller Manager Kubelet Pods API Server Scheduler Controller Manager create
  • 15. Copyright 2017 ITRI 工業技術研究院 Pods How bootkube works? (cont.) 15 etcd Kubelet API Server Scheduler Controller Manager
  • 16. Copyright 2017 ITRI 工業技術研究院 Self-hosted Control Plane 16 [root@centos7 ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE kube-apiserver-kkxq9 1/1 Running 0 1d kube-controller-manager-2953862963-t7m1q 1/1 Running 0 1d kube-controller-manager-2953862963-wlsjp 1/1 Running 0 1d kube-dns-2431531914-gqnnd 3/3 Running 0 1d kube-flannel-wnk1j 2/2 Running 0 1d kube-flannel-xcsx2 2/2 Running 0 1d kube-flannel-xrksj 2/2 Running 1 1d kube-proxy-04x11 1/1 Running 0 1d kube-proxy-11n6t 1/1 Running 0 1d kube-proxy-1zlgz 1/1 Running 0 1d kube-scheduler-1873817829-4c7mm 1/1 Running 1 1d kube-scheduler-1873817829-pmp0n 1/1 Running 0 1d pod-checkpointer-11q7g 1/1 Running 0 1d pod-checkpointer-11q7g-10.201.3.6 1/1 Running 0 1d
  • 17. Copyright 2017 ITRI 工業技術研究院 Self-hosted Control Plane (cont.) 17 [root@centos7 ~]# kubectl get deployment -n kube-system NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kube-controller-manager 2 2 2 2 2d kube-dns 1 1 1 1 2d kube-scheduler 2 2 2 2 2d [root@centos7 ~]# kubectl get svc -n kube-system NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns 10.3.0.10 <none> 53/UDP,53/TCP 2d [root@centos7 ~]# kubectl get ds -n kube-system NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE-SELECTOR AGE kube-apiserver 1 1 1 1 1 node-role.kubernetes.io/master= 2d kube-flannel 3 3 3 3 3 <none> 2d kube-proxy 3 3 3 3 3 <none> 2d pod-checkpointer 1 1 1 1 1 node-role.kubernetes.io/master= 2d [root@centos7 ~]# kubectl get secret -n kube-system NAME TYPE DATA AGE kube-apiserver Opaque 7 2d kube-controller-manager Opaque 2 2d
  • 18. Copyright 2017 ITRI 工業技術研究院 Disaster Recovery 18 • Node failure in HA deployments (Kubernetes) • Partial loss of control plane components (Kubernetes) • Power cycling the entire control plane (Kubernetes) • Permanent loss of control plane (External tool) http://www.infoq.com/cn/presentations/self-hosted-infrastructure-take-kubernetes-as-an-example
  • 19. Copyright 2015 ITRI 工業技術研究院 Service with High Availability 19
  • 20. Copyright 2017 ITRI 工業技術研究院 Kubernetes Networking 20
  • 21. Copyright 2017 ITRI 工業技術研究院 21
  • 22. Copyright 2017 ITRI 工業技術研究院 22
  • 23. Copyright 2017 ITRI 工業技術研究院 How do we to export the service IP to public network on bare metal? • In kubernetes we have some existed solution  NodePort  CloudProvider Load Balancer  Ingress • But it is enough? 23
  • 24. Copyright 2017 ITRI 工業技術研究院 NodePort 24 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Pod Pod Pod
  • 25. Copyright 2017 ITRI 工業技術研究院 NodePort 25 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Pod Pod Pod
  • 26. Copyright 2017 ITRI 工業技術研究院 Load Balancer • Cloud Provider e.g. AWS , GCP, OpenStack • Load Balancer is created by Cloud Provider, and provide the external IP to for service • But it is only for Cloud Provider, the bare metal cannot do this 26
  • 27. Copyright 2017 ITRI 工業技術研究院 Load Balancer 27 kubeProxy kubeProxy kubeProxy NodePort NodePort NodePort Cloud LoadBalancer Pod Pod Pod
  • 28. Copyright 2017 ITRI 工業技術研究院 28
  • 29. Copyright 2017 ITRI 工業技術研究院 Ingress 29 • HTTP Load Balancing • SSL Termination • Content-base Routing • Not fully for external network
  • 30. Copyright 2017 ITRI 工業技術研究院 Ingress 30 Ingress nginx.com echoheaders.com ServiceA ServiceB 10.0.0.1:80
  • 31. Copyright 2017 ITRI 工業技術研究院 Ingress 31 Ingress Controller Ingress Resource Load Balancer watches configure
  • 32. Copyright 2017 ITRI 工業技術研究院 Ingress 32 kubeProxy kubeProxy kubeProxy Pod PodPodPod PodPod Momo.foo.com Jojo.foo.com yoyo.foo.com hostnetwork
  • 33. Copyright 2017 ITRI 工業技術研究院 Ingress 33 kubeProxy kubeProxy kubeProxy Pod PodPodPod PodPod DNS
  • 34. Copyright 2017 ITRI 工業技術研究院 34
  • 35. Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP • Real High-Availability • Virtual IP Address • IP to Service • Configmap • DaemonSet 35 Ref : - https://github.com/kubernetes/contrib/tree/master/keepalived-vip
  • 36. Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 36 kubeProxy kubeProxy kubeProxy Pod PodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50
  • 37. Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 37 kubeProxy kubeProxy kubeProxy PodPodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50 Pod
  • 38. Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP 38 kubeProxy kubeProxy kubeProxy PodPodPod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50
  • 39. Copyright 2017 ITRI 工業技術研究院 39
  • 40. Copyright 2017 ITRI 工業技術研究院 Keep-Alived VIP + Ingress 40 kubeProxy kubeProxy kubeProxy PodPod Pod Keepalived Keepalived Keepalived 140.113.1.1 140.113.1.2 140.113.1.3 Vip: 140.113.1.50 Momo.foo.com Jojo.foo.com
  • 41. Copyright 2017 ITRI 工業技術研究院 Summary • Self-hosted K8S ▪ Make K8S operations more easier ▪ Bootkube is still a incubator project ▪ Support disaster recovery • Service with High Availability ▪ Using DNS to provide your service – Ingress ▪ More vip – keepalived-VIP ▪ Using cloud to build your kubernetes – cloud Load Balancer ▪ Test – NodePort 41