Kubernetes training
1 like1,118 views
This document provides an overview of a Kubernetes training session. It introduces the trainer's background and experience with Kubernetes. The training covers Kubernetes concepts, production capabilities, workflows, includes a demo, and ends with a question and answer session. Key areas that will be reviewed include security, observability, package management, jobs, and additional capabilities needed for production deployments. Workflows that may be discussed include those for developers, operators, and testers.
Kubernetes training
- 2. KUBERNETES TRAINING WHO AM I? ▸ Over 25 years experience working with datacentre and development technologies. ▸ Adopter of Kubernetes from soon after it was released. ▸ Creator of Open Datacentre. A Kubernetes distribution and datacentre workloads. ▸ https://opendatacentre.io ▸ Co-organiser of the Melbourne Kubernetes Meetup. ▸ https://melbkubernetes.org ▸ Director of Cito Pro. Helping companies to understand and adopt Kubernetes based datacentre and developer technologies. ▸ https://citopro.com ▸ Photographer. ▸ https://desdrury.com
- 3. KUBERNETES TRAINING OVERVIEW ▸ Kubernetes Review ▸ Production Capabilities ▸ Workflows ▸ Demo ▸ Wrap Up ▸ Questions
- 5. KUBERNETES TRAINING WHY USE KUBERNETES? ▸ Manage containers at scale. ▸ Declarative. ▸ Self healing. ▸ Service discovery. ▸ Run anywhere. ▸ https://kubernetes.io
- 6. KUBERNETES TRAINING WHO IS USING KUBERNETES? ▸ Australia Post ▸ ANZ ▸ NBN ▸ MYOB ▸ Fairfax ▸ CBA ▸ ME Bank ▸ Victorian government. ▸ NSW government. ▸ Many others.
- 7. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Fundamental unit of deployment and scaling. ▸ Has one or more containers. ▸ Pod is allocated an IP address. ▸ Containers share the network interface. ▸ Storage volumes are mapped into the containers. PODS
- 8. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Initialisation Containers. ▸ Set host kernel settings. ▸ Configure a database. ▸ Sidecar Containers. ▸ Ship logs. ▸ Configure secrets. ▸ Service mesh. ▸ Application Containers. ▸ Microservice. ▸ Database server. PODS Pod Init Container Sidecar Container Application Container
- 9. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Labels are used to identify resources, such as Pods. ▸ Selectors group resources by selecting one of more labels. ▸ An example is a Service selecting the Pods for a particular application. LABELS AND SELECTORS Pod labels name App-1 version 10.0.3 system core Service selectors … … … … Pod labels … … … …
- 10. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Deployments ▸ Replica Sets ▸ Daemon Sets ▸ Stateful Sets ▸ Cron Jobs ▸ Jobs ▸ Replication Controllers (deprecated) WORKLOADS ▸ Wrappers for Pods
- 11. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Manages the lifecycle of Pods through ReplicaSets. ▸ Controls Pod upgrades / rollbacks. ▸ Allows Pods to be scaled. DEPLOYMENT Deployment ReplicaSet Pod
- 12. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Runs a Pod on each node by default. ▸ Nodes to run a Pod can be explicitly defined. ▸ Great for things like log / metric collectors, storage daemons, etc. DAEMONSET NodeNodeNode daemonset Pod Pod Pod
- 13. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Manages sets of Pods that use storage. ▸ Gives each Pod a strong identity / name. ▸ Manages the order of Pod startup / teardown. STATEFULSET statefulset Pod 1 Pod 2 Pod 3
- 14. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Runs Pod(s) to completion. ▸ Ensures a specified number of Pods complete successfully. JOB Pod Job PodPod
- 15. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ On a defined schedule. ▸ Runs a Job. ▸ Uses the Cron format to define the schedule. CRONJOB CronJob schedule 0 * * * * Pod
- 16. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Service ▸ Ingress DISCOVERY & LOAD BALANCING
- 17. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Groups a set of Pods using a label selector. ▸ Provides a ClusterIP. ▸ Provides a DNS name. ▸ Configures routing so that clients can communicate with the Service endpoint. ▸ Balances requests to the Pods. SERVICE Service selectors … … … … Pod labels … … … …
- 18. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ An Ingress resource configures an Ingress Controller. ▸ Provides external access to a Service. INGRESS Ingress Ingress Controller Service
- 19. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Config Maps ▸ Persistent Volumes and Claims ▸ Secrets CONFIG & STORAGE
- 20. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Allows configuration files to be stored independent of a container image. ▸ Is mapped into a Pod. CONFIGMAP Pod ConfigMap app.yml … … …
- 21. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ A Persistent Volume (PV) represents some distributed storage volume. ▸ A Persistent Volume Claim (PVC) claims a PV for a Pod. ▸ Storage can come from a cloud provider or a storage provider such as Ceph. PERSISTENT VOLUMES & CLAIMS Pod Persistent Volume Claim Persistent Volume
- 22. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ Allows secrets to be stored independent of a container image. ▸ Is mapped into a Pod as either files or environment variables. SECRET Pod Secret password XXXX private.key … …
- 23. KUBERNETES TRAINING KUBERNETES CONCEPTS ▸ A NameSpace contains one or more Pods and / or other Kubernetes resource types. ▸ A NameSpace can be thought of as like an environment. NAMESPACE Development Staging Production Ingress Service PodPod Persistent Volume Claim Persistent Volume Claim Persistent Volume Persistent Volume
- 24. KUBERNETES TRAINING CLUSTERS ▸ A cluster is composed of: ▸ A control plane that hosts the Kubernetes master components and the Etcd key / value store. ▸ Worker nodes. COMPONENTS ControlPlaneWorkers Worker AZ 1 AZ 2 AZ 3 Master Etcd Master Etcd Master Etcd Worker Worker
- 25. KUBERNETES TRAINING CLUSTERS ▸ Cloud ▸ AWS ▸ Google ▸ Azure ▸ Bare Metal (on-premise) ▸ KaaS (Kubernetes as a Service) ▸ GKE ▸ ACS ▸ EKS (in beta) ▸ Federated TYPES
- 26. KUBERNETES TRAINING CLUSTERS ▸ 1 cluster for Production / DR / Performance Testing. ▸ 1 cluster for Everything else. ▸ Or any other suitable configuration. HOW MANY?
- 28. CORE
- 29. KUBERNETES TRAINING CORE PRODUCTION CAPABILITIES ▸ Security ▸ Administration ▸ Observability ▸ Package management ▸ Ingress ▸ Distributed storage ▸ Jobs ▸ Artefact storage OVERVIEW
- 30. KUBERNETES TRAINING SECURITY ▸ Authn ▸ Authz ▸ RBAC ▸ OIDC ▸ Identity store ▸ Secrets ▸ Network ▸ TLS ▸ SSO ▸ Vulnerability scanning OVERVIEW
- 31. KUBERNETES TRAINING ADMINISTRATION ▸ Dashboard ▸ Kubectl ▸ Backups ▸ Conformance OVERVIEW
- 32. KUBERNETES TRAINING OBSERVABILITY ▸ Metrics ▸ Logging ▸ Alerting ▸ Tracing OVERVIEW
- 33. KUBERNETES TRAINING OBSERVABILITY ▸ Prometheus and Grafana work great with Kubernetes ▸ Prometheus is the time series database. ▸ Grafana provides the dashboards. METRICS NodeNodeNodeNode daemonset Node Exporter deployment Prometheus deployment Grafana deployment Alert Manager Node Exporter Node Exporter Node Exporter
- 34. KUBERNETES TRAINING OBSERVABILITY ▸ Elasticsearch, Fluentbit and Kibana make for a great centralised logging solution. LOGGING NodeNodeNodeNode daemonset Fluentbit deployment Kibana Fluentbit Fluentbit Fluentbit statefulset Elasticsearch Master Elasticsearch Master statefulset Elasticsearch Data Elasticsearch Data deployment Elasticsearch Client Elasticsearch Client
- 35. KUBERNETES TRAINING PACKAGE MANAGEMENT ▸ Helm is the official Kubernetes package manager. ▸ https://helm.sh ▸ https://github.com/kubernetes/charts ▸ https://hub.kubeapps.com OVERVIEW
- 36. KUBERNETES TRAINING INGRESS ▸ An Ingress Controller routes traffic to a Service based on the configuration provided by an Ingress. OVERVIEW Pod Ingress Ingress Controller Service Pod
- 37. KUBERNETES TRAINING STORAGE ▸ Needed for stateful workloads. ▸ Can be provided by a cloud. ▸ Or a storage provider such as Ceph. ▸ The storage provider can be hyperconverged, i.e. also running as a workload on the cluster. OVERVIEW
- 38. KUBERNETES TRAINING JOBS ▸ There are many possible solutions for running CI/CD Jobs within Kubernetes. ▸ Jenkins has great integration with Kubernetes. ▸ And can create dynamic build agents defined either through configuration or by scripted pipelines. OVERVIEW checkout code build image push image package chart publish chart deploy
- 39. KUBERNETES TRAINING ARTEFACTS ▸ Docker registry ▸ Helm Charts ▸ Binaries ▸ Binary caches OVERVIEW
- 40. ADDITIONAL
- 41. KUBERNETES TRAINING ADDITIONAL PRODUCTION CAPABILITIES ▸ Secrets management ▸ Service mesh ▸ Testing as a service ▸ Serverless ▸ Custom Operators ▸ Node autoscaling ▸ Etc OVERVIEW
- 42. OTHER
- 44. WORKFLOWS
- 45. KUBERNETES TRAINING WORKFLOWS OVERVIEW ▸ Simple instructions / documentation on how to achieve a specific goal. ▸ For: ▸ Developers; ▸ Operators; ▸ Testers; ▸ Etc.
- 46. KUBERNETES TRAINING WORKFLOWS DEVELOPERS ▸ Local development and testing; ▸ Remote development and testing; ▸ How to use the CI/CD capability; ▸ Using Pull Requests (PRs); ▸ Release management; ▸ Creating dashboards; ▸ Etc.
- 47. KUBERNETES TRAINING WORKFLOWS OPERATORS ▸ Upgrades; ▸ Debugging; ▸ Restores (backups should be automatic); ▸ Creating dashboards; ▸ Supporting cluster services; ▸ Developing Operators; ▸ Etc.
- 48. KUBERNETES TRAINING WORKFLOWS TESTERS ▸ Setting up a representative environment; ▸ Running tests; ▸ Generating load; ▸ Tracing components; ▸ Creating dashboards; ▸ Etc.
- 49. DEMO
- 50. WRAP UP
- 51. KUBERNETES TRAINING SUMMARY ▸ A Kubernetes cluster can be deployed to many different destinations. ▸ But that is just the start. ▸ Then you need to deploy production quality workloads. ▸ And create simple workflows.
- 52. KUBERNETES TRAINING NEXT STEPS ▸ Initial discovery. What needs to be built? ▸ Create a POC. ▸ Identity the gaps. ▸ Refine the solution. ▸ Ongoing training throughout the entire process.
- 53. QUESTIONS