ContainerDayVietnam2016: Kubernetes State-of-the-art Container Management Platform
0 likes870 views
Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides basic mechanisms such as service discovery, load balancing, failure recovery, horizontal scaling, and self-healing. Key Kubernetes concepts include pods, labels, replication controllers, services, and namespaces. Pods are the basic building blocks that can contain one or more containers, which are scheduled together on nodes and share resources. Kubernetes handles tasks such as health checking, restarting containers, and load balancing.
![Design Overview
“ Kubernetes is primarily targeted at applications composed of
multiple containers, such as elastic, distributed micro-services.
It is also designed to facilitate migration of non-containerized
application stacks to Kubernetes.
…[Kubernetes] provides ways for containers to find and
communicate with each other in relatively familiar ways. ”
https://github.com/kubernetes/kubernetes/tree/master/docs/design](https://image.slidesharecdn.com/r02-02-kubernetes-state-of-the-artcontainermanagementplatform-160828192834/85/ContainerDayVietnam2016-Kubernetes-State-of-the-art-Container-Management-Platform-8-320.jpg)
![Secrets Management
“Secrets” like username/password, API key, SSL certificate, v.v..
Secrets only stored in Kubernetes and only used by
allowed services.
[Encrypted-] secrets no more stored in gitRepo, sysadmin’s laptop,
volume on a storage, v.v…
→More secure!
Pod can access to allowed secrets via:
Files (in pod’s mounted-volume)
ENV vars](https://image.slidesharecdn.com/r02-02-kubernetes-state-of-the-artcontainermanagementplatform-160828192834/85/ContainerDayVietnam2016-Kubernetes-State-of-the-art-Container-Management-Platform-31-320.jpg)
![Pluggability
You can choose [almost] any technology you want!
networking (Flannel, Calico, OpenContrail, Weave, Romana, v.v..)
storage (NFS, GlusterFS, amazonEBS, gcePersistentDisk, RBD, v.v..)
container (Docker, rkt, HyperContainer)
And any cloud-provider you want!
AWS / GCE / Azure
OpenStack / CloudStack
And extend K8s’s scheduler via multi mechanisms
& over multi dimensions.](https://image.slidesharecdn.com/r02-02-kubernetes-state-of-the-artcontainermanagementplatform-160828192834/85/ContainerDayVietnam2016-Kubernetes-State-of-the-art-Container-Management-Platform-37-320.jpg)
ContainerDayVietnam2016: Kubernetes State-of-the-art Container Management Platform
- 2. About me ● Name: Chu Duc Minh - Age: 32 ● Cloud Chief Architect @ VCCorp ● Head of Cloud Solutions department @ VCCloud ● Expertise: SDN, Storage, OpenStack, Kubernetes, Hashicorp tools ● Passion: Distributed System, Cloud & Infrastructure Technologies
- 3. Ok, now we have containers... Isolation: Keep services from interfering with each other Scheduling: Where should my service be run? Lifecycle: Keep my service running Discovery: Where is my job now? Constituency: Which (containers) is part of my service? Scale-up/down: Making my services bigger or smaller Auth{n,z}: Who can do things to my service? Monitoring: What’s happening with my service? Health: How is my service feeling? (well or sick?)
- 5. Kubernetes (short-name: k8s) ● Project was started by Google in 2014. ● Kubernetes is an open-source platform for automating deployment, scaling, and operations of application containers across clusters of hosts. ● Provides container grouping, load-balancing, auto-healing, scaling. ● Can run on anywhere: Public Cloud (AWS, GCE,..), Private Cloud (OpenStack), Baremetal, v.v… ● Extensible: Modular & Pluggable & Hookable architecture
- 6. Community
- 8. Design Overview “ Kubernetes is primarily targeted at applications composed of multiple containers, such as elastic, distributed micro-services. It is also designed to facilitate migration of non-containerized application stacks to Kubernetes. …[Kubernetes] provides ways for containers to find and communicate with each other in relatively familiar ways. ” https://github.com/kubernetes/kubernetes/tree/master/docs/design
- 9. How does it work?
- 11. Key concepts ● Pod - A group of co-living containers ● Labels - For identifying pods ● Replication Controller - Manages replication of pods ● Service - A logical set of pods and way to expose them ● Namespaces - Way to seperate environments, projects, applications,… ● Service Discovery - By cluster-DNS
- 13. Pod Small group of containers & volumes Tightly coupled: same node The atom of cluster scheduling & placement! Shared network namespace: share IP address & localhost Example: Pod 1: data puller & web server Pod 2: web server & log shipper
- 14. Pod
- 15. Pod
- 16. Pod networking Pod IPs are routable Docker default is private IP Pods can reach each other without NAT even across nodes No brokering of port numbers This is a fundamental requirement several SDN solutions
- 17. Labels ➢ Label is simple key/value pair ➢ Attached to any API object ➢ Generally used for represent identity ➢ Queryable by selectors: think SQL ‘select ... where ...’ ➢ The only grouping mechanism of K8s: pods under a ReplicationController pods in a Service capabilities of a node (constraints)
- 19. Replication Controller Replication Controller - Desired = 4 - Current = 4
- 20. Replication Controller Replication Controller - Desired = 4 - Current = 4
- 21. Replication Controller Replication Controller - Desired = 4 - Current = 3
- 22. Replication Controller Replication Controller - Desired = 4 - Current = 4
- 24. Service A group of pods that act as one == Service group == selector Gets a stable virtual IP and port called the service portal also a DNS name VIP is captured by kube-proxy watches the service constituency updates when backends change
- 26. ● By teams ● By projects ● By operators ● By environments ○ Dev ○ Test ○ Staging ○ Production
- 29. Rolling-update ...is a deployment pattern. Update microservices to new version gracefully! Also rollback too.
- 30. Deployment More deploy patterns is supported! Blue/Green Canary with many customizable options. Ref: http://kubernetes.io/docs/user-guide/deployments/
- 31. Secrets Management “Secrets” like username/password, API key, SSL certificate, v.v.. Secrets only stored in Kubernetes and only used by allowed services. [Encrypted-] secrets no more stored in gitRepo, sysadmin’s laptop, volume on a storage, v.v… →More secure! Pod can access to allowed secrets via: Files (in pod’s mounted-volume) ENV vars
- 37. Pluggability You can choose [almost] any technology you want! networking (Flannel, Calico, OpenContrail, Weave, Romana, v.v..) storage (NFS, GlusterFS, amazonEBS, gcePersistentDisk, RBD, v.v..) container (Docker, rkt, HyperContainer) And any cloud-provider you want! AWS / GCE / Azure OpenStack / CloudStack And extend K8s’s scheduler via multi mechanisms & over multi dimensions.
- 38. Integrate with OpenStack (/AWS/GCE/Azure) Auto-provision and configure: ❖ Load-balancer (LBaaS @ OpenStack) ❖ Volume (Cinder @ OpenStack) ❖ etc …magically!
- 39. Minikube ➢ Minikube starts a single node kubernetes cluster locally for purposes of development and testing. ➢ Packages and configures a Linux VM, Docker and all Kubernetes components, optimized for local development. ➢ Supports: ○ DNS ○ NodePorts ○ ConfigMaps and Secrets
- 40. Conclusion Kubernetes is a Toolkit for running distributed systems in production! Co-locating helper processes Naming and discovery Mounting storage systems Load balancing Distributing secrets Rolling updates Application health-checking Resource monitoring Replicating application instances Log access and ingestion Horizontal auto-scaling Support for introspection and debugging
- 41. Q & A
- 42. This page is intentionally left blank.
- 43. One last thing... Kubernetes-based PaaS