![Container
Container
Pod
Volume
Is [effectively] a Directory, possibly with data in it,
available to all containers in a Pod.
Usually Shares lifecycle of a Pod (Created when Pod
is created, destroyed when Pod is destroyed).
Persistent Volumes outlive Pods.
Can be mounted from local disk, or from a network
storage device such as a EBS volume, iscsi, NFS, etc.](https://image.slidesharecdn.com/k8s101-180721140106/85/Introduction-to-Kubernetes-9-320.jpg)
![Provides key-value pairs to be injected into a pod much like user-data is injected into a Virtual
Machine in the cloud.
Allows you to do last minute configuration of applications running on Kubernetes such as
setting a database host, or a admin password.
ConfigMaps store values as strings, Secrets store them as byte arrays (serialized as base64
encoded strings).
Secrets are [currently] not encrypted by default. This is likely to change.
Can be injected as files in a Volume, or as Environment Variables.
ConfigMaps/Secrets (user-data)](https://image.slidesharecdn.com/k8s101-180721140106/85/Introduction-to-Kubernetes-16-320.jpg)
Introduction to Kubernetes
- 1. Logical Kubernetes Architecture API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker
- 2. RESOURCES
- 3. POD
- 4. Container Container Pod Pod one or more application containers that are tightly coupled, sharing network and storage. Example: a web front-end Pod that consists of an NGINX container and a PHP-FPM container with a shared unix socket and a “init” container to transform their config files based on environment variables.
- 5. Container Container Pod ReplicaSet Extends Pod resource to run and maintain a specific number of copies of a pod. Container Container Pod ReplicaSet
- 6. Container Container Pod Deployment a controller that ensures a set number of replicas of a Pod is running and provides update and upgrade workflows for your Pods. Example: cloud native Node app that scales horizontally and upgrades 2 pods at a time. Container Container Pod ReplicaSet Deployment
- 7. Container Container Pod statefulset a controller that manages stateful application Deployments by providing sticky identity for pods and strict ordering and uniqueness. Example: Cassandra database. First pod is ‘cassandra-0’ thus all other pods in the set can be told to cluster to ‘cassandra-0’ and it will form a ring, plus the storage will survive pod restarts. Container Container Pod ReplicaSet Deployment Statefulset
- 8. Volume
- 9. Container Container Pod Volume Is [effectively] a Directory, possibly with data in it, available to all containers in a Pod. Usually Shares lifecycle of a Pod (Created when Pod is created, destroyed when Pod is destroyed). Persistent Volumes outlive Pods. Can be mounted from local disk, or from a network storage device such as a EBS volume, iscsi, NFS, etc.
- 10. Service
- 11. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type ClusterIP (default) exposes service on a cluster- internal IP. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7
- 12. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type NodePort extends ClusterIP to expose services on each node’s IP via a static port. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530
- 13. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type LoadBalancer extends NodePort to configure a cloud provider’s load balancer using the cloud-controller- manager. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530 Load Balancer 33.6.5.22:80
- 14. Ingress a controller that manages an external entity to provide load balancing, SSL termination and name-based virtual hosting to services based on a set of rules. Ingress Service app=bacon https://example.com Service app=eggs /bacon eggs
- 15. Config Map / Secret
- 16. Provides key-value pairs to be injected into a pod much like user-data is injected into a Virtual Machine in the cloud. Allows you to do last minute configuration of applications running on Kubernetes such as setting a database host, or a admin password. ConfigMaps store values as strings, Secrets store them as byte arrays (serialized as base64 encoded strings). Secrets are [currently] not encrypted by default. This is likely to change. Can be injected as files in a Volume, or as Environment Variables. ConfigMaps/Secrets (user-data)
- 17. Controller
- 18. Controllers are effectively a infinite loop that interacts with the kubernetes API to ensure the actual state of a resource matches the declared state. #!/bin/bash while true; do count=$(kubectl get pods | grep nginx | wc -l) if $count < 5; then kubectl run --image=nginx nginx fi sleep 120 done
- 19. Operator
- 22. Kubernetes Manifest apiVersion: v1 kind: Service metadata: name: hello-svc spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: app: hello- world type: NodePort apiVersion: apps/v1beta1 kind: Deployment metadata: labels: app: hello-world name: hello-app spec: replicas: 2 template: metadata: labels: app: hello-world spec: containers: - image: paulczar/hello- world name: hello-world hello-app Pod app=hello-world hello-app Pod app=hello-world hello-svc Service app=hello-world http 80 http 8080 - load balanced
- 23. Kubernetes Manifest https://url apiVersion: extensions/v1beta1 kind: Ingress metadata: name: hello-goodbye spec: rules: - http: paths: - path: /hello backend: serviceName: hello-svc servicePort: 80 - http: paths: - path: /goodbye backend: serviceName: goodbye-svc servicePort: 81 ingress-nginx app=hello-world hello-app Pod app=hello-world hello-svc Service app=hello-world http 8080 hello-app Pod app=goodbye-world goodbye-svc Service app=goodbye-world http 8080 http://url/hello http://url/goodbye
- 24. $ kubectl apply -f manifests/ deployment "hello-app" created service "hello-svc" created deployment "goodbye-app" created service "goodbye-svc" created ingress "hello-goodbye" created $ curl -k https://$(minikube ip)/hello Hello World! $ curl -k https://$(minikube ip)/goodbye Goodbye Cruel world!
- 25. DEMO
- 26. Just Enough Modernization for Kubernetes (JEMFORK) I. Codebase — One codebase tracked in revision control, many deploys II. Dependencies — Explicitly declare and isolate dependencies III. Config — Store config in the environment IV. Backing Services — Treat backing services as attached resources V. Build, release, run — Strictly separate build and run stages VI. Processes — Execute the app as one or more stateless processes
- 27. Just Enough Modernization for Kubernetes (JEMFORK) VII. Port binding — Export services via port binding VIII. Concurrency — Scale out via the process model IX. Disposability — Maximize robustness with fast startup and graceful shutdown X. Dev/prod parity — Keep development, staging, and production as similar as possible XI. Logs — Treat logs as event streams XII. Admin processes — Run admin/management tasks as one-off processes
- 28. Just Enough Modernization for Kubernetes (JEMFORK) III. Config — Store config in the environment
- 29. Just Enough Modernization for Kubernetes (JEMFORK) Environment Variables
- 30. Just Enough Modernization for Kubernetes (JEMFORK) Environment Variables
- 31. https://scoutapark.com ingress-nginx scout-nginx Pod app=scout-nginx scout-nginx Service app=scout-nginx http 8080 wordpress Pod app=wordpress wordpress Service app=wordpress http 8080 http://scoutapark.com/ http://scoutapark.com/blog scout-php Service app=scout-php tcp 9000 mysql Service app=mysql mysql Pod app=mysql tcp 3306 scout-php Pod app=scout-php