SlideShare a Scribd company logo

Kubernetes

Download as PPTX, PDF
A
Anastasios Gogos

This presentation discusses the history and evolution of cloud computing models from bare metal servers to serverless computing. It begins with an overview of the different eras including IaaS, PaaS, SaaS, and the introduction of containers and Kubernetes for managing containers at scale. The presentation then discusses concepts like Docker, containers, container orchestrators, Kubernetes networking models, and conclusions about abstraction levels. It provides several links to additional resources on topics like containers, serverless computing, pets vs cattle, and Kubernetes.

Software
Related topics:
cloud-nativeSoftware Engineering
1 of 66
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Presentation by Jul 2018 | Anastasios Gogos
HISTORY IAAS PAAS SAAS BAAS MAAS FAAS CLOUD-NATIVE SERVERLESS Containers Kubernetes Conclusions PRESENTATION STRUCTURE
HISTORY IAAS PAAS SAAS BAAS MAAS FAAS CLOUD-NATIVE SERVERLESS https://loige.co/from-bare-metal-to-serverless/ https://hackernoon.com/why-the-fuss-about-serverless-4370b1596da0
THE BARE METAL AGE
THE SaaS AGE Marc Benioff, 1999 launching Salesforce 1999
MTTRmean time to recovery N+1 multiple power-sources capacity planning
2001, VMWare releases ESXi and server virtualization becomes a thing 2001
THE IaaS AGE 2002-2006 Amazon Web Services EC2 (Virtual Machine service), S3 (Scalable storage service) and SQS (message queuing system) 2006
THE PaaS AGE 2009, Adam Wiggins Heroku 2009
Database-as-a-Service 2011, James Tamplin Firebase 2011
Hype-cycle 2012
2012 Pets or Cattle?
Scale-up or Scale-out? 2012
2012
We still haven’t fixed the deployment times! apps are monoliths and this is a problem
Separation of concerns / Microservices
2013, Solomon Hykes Docker Containers… 2013
2014, Kubernetes Containers at scale: Kubernetes 2014
2014, AWS Lambda FaaS 2014
2018
2018 June #DevOpsDays
2014, AWS Lambda
What is it all about?
Kubernetes
It’s a developer-focused wave of services @samnewman follows…
Kubernetes
Containers Treating containers like a black box will eventually leave you in the dark. @kelseyhightower
@jpetazzo
@jpetazzo
Kubernetes
…is a system container runtime designed to execute "full system containers", which generally consist of a full operating system image. An LXC process, in most common use cases, will boot a full Linux distribution such as Debian, Fedora, Arch, etc, and a user will interact with it similarly to how they would with a Virtual Machine image. LXC LXD …is similar to LXC but is a REST API on top of liblxc which forks a monitor and container process. This ensures the LXD daemon is not a central point of failure and containers continue running in case of LXD daemon failure. All other details are nearly identical to LXC.
“Docker’s architecture is fundamentally flawed” At the heart of Docker is a daemon process that is the starting point of everything Docker does. The docker executable is merely a REST client that requests the Docker daemon to do its work. Critics of Docker say this is not very Linux-like. Container Wars
Container Wars runC is a low-level container runtime and an implementation of the OCI spec. runC exposes and expects a user to understand low-level details of the host operating system and configuration containerd is a daemon to control runC.
Kubernetes
Kubernetes
Kubernetes
Remember Container runtimes?
Kubernetes
Kubernetes
Kubernetes
Kubernetes
Kubernetes
Kubernetes
Though we can argue that containers at scale can be maintained manually, or with the help of some scripts, container orchestrators can make things easy for operators. Why Use Container Orchestrators?
• Bring multiple hosts together and make them part of a cluster • Schedule containers to run on different hosts • Help containers running on one host reach out to containers running on other hosts in the cluster • Bind containers and storage • Bind containers of similar type to a higher-level construct, like services, so we don't have to deal with individual containers • Keep resource usage in-check, and optimize it when necessary • Allow secure access to applications running inside containers. With all these built-in benefits, it makes sense to use container orchestrators to manage containers. Container orchestrators can:
• Start 5 containers using image atseashop/api:v1.3 • Place an internal load balancer in front of these containers • Start 10 containers using image atseashop/webfront:v1.3 • Place a public load balancer in front of these containers • It's Black Friday (or Christmas), traffic spikes, grow our cluster and add containers • New release! Replace my containers with the new image atseashop/webfront:v1.4 • Keep processing requests during the upgrade; update my containers one at a time Basic things we can ask Kubernetes to do @jpetazzo
• Basic autoscaling • Blue/green deployment, canary deployment • Long running services, but also batch (one-off) jobs • Overcommit our cluster and evict low-priority jobs • Run services with stateful data (databases etc.) • Fine-grained access control defining what can be done by whom on which resources • Integrating third party services (service catalog) • Automating complex tasks (operators) Other things that Kubernetes can do for us @jpetazzo
• Our container orchestrator puts a very strong emphasis on being declarative • Declarative: • I would like a cup of tea. • Imperative: • Boil some water. Pour it in a teapot. Add tea leaves. Steep for a while. Serve in cup. • Declarative seems simpler at first ... • ... As long as you know how to brew tea Declarative vs imperative @jpetazzo
• Virtually everything we create in Kubernetes is created from a spec • Watch for the spec fields in the YAML files later! • The spec describes how we want the thing to be • Kubernetes will reconcile the current state with the spec (technically, this is done by a number of controllers) • When we want to change some resource, we update the spec (desired state) • Kubernetes will then converge that resource Declarative vs imperative in Kubernetes @jpetazzo
• TL,DR: Our cluster (nodes and pods) is one big flat IP network. • In detail: • all nodes must be able to reach each other, without NAT • all pods must be able to reach each other, without NAT • pods and nodes must be able to reach each other, without NAT • each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any particular implementation Kubernetes network model @jpetazzo
• Everything can reach everything • No address translation • No port translation • No new protocol • Pods cannot move from a node to another and keep their IP address • IP addresses don't have to be "portable" from a node to another (We can use e.g. a subnet per node and use a simple routed topology) • The specification is simple enough to allow many various implementations Kubernetes network model: the good @jpetazzo
• Everything can reach everything • if you want security, you need to add network policies • the network implementation that you use needs to support them • There are literally dozens of implementations out there (15 are listed in the Kubernetes documentation) • It looks like you have a level 3 network, but it's only level 4 (The spec requires UDP and TCP, but not port ranges or arbitrary IP packets) • kube-proxy is on the data path when connecting to a pod or container, and it's not particularly fast (relies on userland proxying or iptables) Kubernetes network model: the less good @jpetazzo
• Don't worry about the warning about kube-proxy performance • Unless you: • routinely saturate 10G network interfaces • count packet rates in millions per second • run high-traffic VOIP or gaming platforms • do weird things that involve millions of simultaneous connections (in which case you're already familiar with kernel tuning) Kubernetes network model: kube-proxy @jpetazzo
Conclusions
Thoughts from one of the creators of Kubernetes
Abstractions are NOT a new thing, It’s how CS evolved BUT…
When you go too far up, abstraction- wise, you run out of oxygen. Sometimes smart thinkers just don’t know when to stop, and they create these absurd, all- encompassing, high-level pictures of the universe that are all good and fine, but don’t actually mean anything at all. Architecture Astronauts “ ”2001, Joel Spolsky Co-founder @stackoverflow @trello
(6) It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it. (6a) (corollary). It is always possible to add another level of indirection. RFC 19251 April 1996 “ ”
We can solve any problem by introducing an extra level of indirection. FTSEFundamental Theorem of Software Engineering “ ”The theorem is often expanded by the humorous clause “…except for the problem of too many levels of indirection”
too many Abstractions = may create intrinsic Complexity issues of their own
Kubernetes on Openstack
Kubernetes
Kubernetes
Kubernetes
That’s all…
Links • https://loige.co/from-bare-metal-to-serverless/ • https://hackernoon.com/why-the-fuss-about-serverless-4370b1596da0 • https://www.martinfowler.com/articles/serverless.html • https://www.slideshare.net/randybias/the-history-of-pets-vs-cattle-and-using-it-properly • https://www.slideshare.net/spnewman/what-is-this-cloud-native-thing-anyway • https://www.slideshare.net/spnewman/confusion-in-the-land-of-the-serverless • https://www.slideshare.net/JorgeMorales124/build-and-run-applications-in-a-dockerless-kubernetes-world • https://medium.com/@adriaandejonge/moving-from-docker-to-rkt-310dc9aec938 • https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html • https://www.slideshare.net/jpetazzo/anatomy-of-a-container-namespaces-cgroups-some-filesystem-magic-linuxcon

More Related Content

PPTX
Kubernetes Introduction
Martin Danielsson
 
PPTX
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
 
PDF
Velocity NYC 2016 - Containers @ Netflix
aspyker
 
PPTX
Using Containers and HPC to Solve the Mysteries of the Universe by Deborah Bard
Docker, Inc.
 
PPTX
Container orchestration overview
Wyn B. Van Devanter
 
PDF
Build cloud like Rackspace with OpenStack Ansible
Jirayut Nimsaeng
 
PDF
The new Netflix API
Katharina Probst
 
PPTX
The container revolution, and what it means to operators open stack southba...
Robert Starmer
 
Kubernetes Introduction
Martin Danielsson
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
 
Velocity NYC 2016 - Containers @ Netflix
aspyker
 
Using Containers and HPC to Solve the Mysteries of the Universe by Deborah Bard
Docker, Inc.
 
Container orchestration overview
Wyn B. Van Devanter
 
Build cloud like Rackspace with OpenStack Ansible
Jirayut Nimsaeng
 
The new Netflix API
Katharina Probst
 
The container revolution, and what it means to operators open stack southba...
Robert Starmer
 

What's hot (20)

PPTX
Netflix0SS Services on Docker
Docker, Inc.
 
PPTX
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
PDF
Introduction and Overview of OpenStack for IaaS
Keith Basil
 
PPTX
On Docker and its use for LHC at CERN
Sebastien Goasguen
 
PDF
Kubernetes "Ubernetes" Cluster Federation by Quinton Hoole (Google, Inc) Huaw...
Quinton Hoole
 
PDF
Cassandra and Docker Lessons Learned
DataStax Academy
 
PPTX
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 
PPTX
The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...
Docker, Inc.
 
PDF
Kubernetes 101
Crevise Technologies
 
PDF
Container World 2018
aspyker
 
PPTX
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
PDF
Cloud Architect Alliance #15: Openstack
Microsoft
 
PDF
Dockerizing OpenStack for High Availability
Daniel Krook
 
PDF
NATS Connect Live | Serverless on Kubernetes with OpenFaaS & NATS
NATS
 
PPTX
Monitoring Docker containers - Docker NYC Feb 2015
Datadog
 
PPTX
OpenStack High Availability
Jakub Pavlik
 
PDF
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
PPTX
Cloud Computing Open Stack Compute Node
Palak Sood
 
PPTX
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
 
PPTX
Pairs OpenStack Summit Summary
Guangya Liu
 
Netflix0SS Services on Docker
Docker, Inc.
 
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Introduction and Overview of OpenStack for IaaS
Keith Basil
 
On Docker and its use for LHC at CERN
Sebastien Goasguen
 
Kubernetes "Ubernetes" Cluster Federation by Quinton Hoole (Google, Inc) Huaw...
Quinton Hoole
 
Cassandra and Docker Lessons Learned
DataStax Academy
 
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 
The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...
Docker, Inc.
 
Kubernetes 101
Crevise Technologies
 
Container World 2018
aspyker
 
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
Cloud Architect Alliance #15: Openstack
Microsoft
 
Dockerizing OpenStack for High Availability
Daniel Krook
 
NATS Connect Live | Serverless on Kubernetes with OpenFaaS & NATS
NATS
 
Monitoring Docker containers - Docker NYC Feb 2015
Datadog
 
OpenStack High Availability
Jakub Pavlik
 
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
Cloud Computing Open Stack Compute Node
Palak Sood
 
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
 
Pairs OpenStack Summit Summary
Guangya Liu
 
Ad

Similar to Kubernetes (20)

PPTX
Introduction to Kubernetes
Paris Apostolopoulos
 
PPTX
Kubernetes Manchester - 6th December 2018
David Stockton
 
PPTX
Introduction to Kubernetes
Vishal Biyani
 
PDF
Chicago Microservices Integration Talk
Christian Posta
 
PDF
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
PPTX
Kubernetes Internals
Shimi Bandiel
 
PPTX
Database as a Service (DBaaS) on Kubernetes
ObjectRocket
 
PDF
Latest (storage IO) patterns for cloud-native applications
OpenEBS
 
PPTX
To Build My Own Cloud with Blackjack…
Sergey Dzyuban
 
PDF
DevJam 2019 - Introduction to Kubernetes
Ronny Trommer
 
PPTX
Sanger, upcoming Openstack for Bio-informaticians
Peter Clapham
 
PPTX
Flexible compute
Peter Clapham
 
PDF
Kubernetes in 15 minutes
rhirschfeld
 
PPTX
Brief Introduction To Kubernetes
Avinash Ketkar
 
PDF
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Omar Al-Safi
 
PPTX
OpenStack: Toward a More Resilient Cloud
Mark Voelker
 
PPTX
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
PPTX
State of the Container Ecosystem
Vinay Rao
 
PPTX
OpenStack & the Evolving Cloud Ecosystem
Mark Voelker
 
PDF
Five Years of EC2 Distilled
Grig Gheorghiu
 
Introduction to Kubernetes
Paris Apostolopoulos
 
Kubernetes Manchester - 6th December 2018
David Stockton
 
Introduction to Kubernetes
Vishal Biyani
 
Chicago Microservices Integration Talk
Christian Posta
 
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
Kubernetes Internals
Shimi Bandiel
 
Database as a Service (DBaaS) on Kubernetes
ObjectRocket
 
Latest (storage IO) patterns for cloud-native applications
OpenEBS
 
To Build My Own Cloud with Blackjack…
Sergey Dzyuban
 
DevJam 2019 - Introduction to Kubernetes
Ronny Trommer
 
Sanger, upcoming Openstack for Bio-informaticians
Peter Clapham
 
Flexible compute
Peter Clapham
 
Kubernetes in 15 minutes
rhirschfeld
 
Brief Introduction To Kubernetes
Avinash Ketkar
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Omar Al-Safi
 
OpenStack: Toward a More Resilient Cloud
Mark Voelker
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
State of the Container Ecosystem
Vinay Rao
 
OpenStack & the Evolving Cloud Ecosystem
Mark Voelker
 
Five Years of EC2 Distilled
Grig Gheorghiu
 
Ad

Recently uploaded (20)

PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
System and Network Administraation Chapter 3
jaramharo
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 

Kubernetes

  • 1. Presentation by Jul 2018 | Anastasios Gogos
  • 2. HISTORY IAAS PAAS SAAS BAAS MAAS FAAS CLOUD-NATIVE SERVERLESS Containers Kubernetes Conclusions PRESENTATION STRUCTURE
  • 3. HISTORY IAAS PAAS SAAS BAAS MAAS FAAS CLOUD-NATIVE SERVERLESS https://loige.co/from-bare-metal-to-serverless/ https://hackernoon.com/why-the-fuss-about-serverless-4370b1596da0
  • 6. MTTRmean time to recovery N+1 multiple power-sources capacity planning
  • 7. 2001, VMWare releases ESXi and server virtualization becomes a thing 2001
  • 8. THE IaaS AGE 2002-2006 Amazon Web Services EC2 (Virtual Machine service), S3 (Scalable storage service) and SQS (message queuing system) 2006
  • 14. 2012
  • 15. We still haven’t fixed the deployment times! apps are monoliths and this is a problem
  • 16. Separation of concerns / Microservices
  • 18. 2014, Kubernetes Containers at scale: Kubernetes 2014
  • 20. 2018
  • 23. What is it all about?
  • 25. It’s a developer-focused wave of services @samnewman follows…
  • 27. Containers Treating containers like a black box will eventually leave you in the dark. @kelseyhightower
  • 31. …is a system container runtime designed to execute "full system containers", which generally consist of a full operating system image. An LXC process, in most common use cases, will boot a full Linux distribution such as Debian, Fedora, Arch, etc, and a user will interact with it similarly to how they would with a Virtual Machine image. LXC LXD …is similar to LXC but is a REST API on top of liblxc which forks a monitor and container process. This ensures the LXD daemon is not a central point of failure and containers continue running in case of LXD daemon failure. All other details are nearly identical to LXC.
  • 32. “Docker’s architecture is fundamentally flawed” At the heart of Docker is a daemon process that is the starting point of everything Docker does. The docker executable is merely a REST client that requests the Docker daemon to do its work. Critics of Docker say this is not very Linux-like. Container Wars
  • 33. Container Wars runC is a low-level container runtime and an implementation of the OCI spec. runC exposes and expects a user to understand low-level details of the host operating system and configuration containerd is a daemon to control runC.
  • 44. Though we can argue that containers at scale can be maintained manually, or with the help of some scripts, container orchestrators can make things easy for operators. Why Use Container Orchestrators?
  • 45. • Bring multiple hosts together and make them part of a cluster • Schedule containers to run on different hosts • Help containers running on one host reach out to containers running on other hosts in the cluster • Bind containers and storage • Bind containers of similar type to a higher-level construct, like services, so we don't have to deal with individual containers • Keep resource usage in-check, and optimize it when necessary • Allow secure access to applications running inside containers. With all these built-in benefits, it makes sense to use container orchestrators to manage containers. Container orchestrators can:
  • 46. • Start 5 containers using image atseashop/api:v1.3 • Place an internal load balancer in front of these containers • Start 10 containers using image atseashop/webfront:v1.3 • Place a public load balancer in front of these containers • It's Black Friday (or Christmas), traffic spikes, grow our cluster and add containers • New release! Replace my containers with the new image atseashop/webfront:v1.4 • Keep processing requests during the upgrade; update my containers one at a time Basic things we can ask Kubernetes to do @jpetazzo
  • 47. • Basic autoscaling • Blue/green deployment, canary deployment • Long running services, but also batch (one-off) jobs • Overcommit our cluster and evict low-priority jobs • Run services with stateful data (databases etc.) • Fine-grained access control defining what can be done by whom on which resources • Integrating third party services (service catalog) • Automating complex tasks (operators) Other things that Kubernetes can do for us @jpetazzo
  • 48. • Our container orchestrator puts a very strong emphasis on being declarative • Declarative: • I would like a cup of tea. • Imperative: • Boil some water. Pour it in a teapot. Add tea leaves. Steep for a while. Serve in cup. • Declarative seems simpler at first ... • ... As long as you know how to brew tea Declarative vs imperative @jpetazzo
  • 49. • Virtually everything we create in Kubernetes is created from a spec • Watch for the spec fields in the YAML files later! • The spec describes how we want the thing to be • Kubernetes will reconcile the current state with the spec (technically, this is done by a number of controllers) • When we want to change some resource, we update the spec (desired state) • Kubernetes will then converge that resource Declarative vs imperative in Kubernetes @jpetazzo
  • 50. • TL,DR: Our cluster (nodes and pods) is one big flat IP network. • In detail: • all nodes must be able to reach each other, without NAT • all pods must be able to reach each other, without NAT • pods and nodes must be able to reach each other, without NAT • each pod is aware of its IP address (no NAT) • Kubernetes doesn't mandate any particular implementation Kubernetes network model @jpetazzo
  • 51. • Everything can reach everything • No address translation • No port translation • No new protocol • Pods cannot move from a node to another and keep their IP address • IP addresses don't have to be "portable" from a node to another (We can use e.g. a subnet per node and use a simple routed topology) • The specification is simple enough to allow many various implementations Kubernetes network model: the good @jpetazzo
  • 52. • Everything can reach everything • if you want security, you need to add network policies • the network implementation that you use needs to support them • There are literally dozens of implementations out there (15 are listed in the Kubernetes documentation) • It looks like you have a level 3 network, but it's only level 4 (The spec requires UDP and TCP, but not port ranges or arbitrary IP packets) • kube-proxy is on the data path when connecting to a pod or container, and it's not particularly fast (relies on userland proxying or iptables) Kubernetes network model: the less good @jpetazzo
  • 53. • Don't worry about the warning about kube-proxy performance • Unless you: • routinely saturate 10G network interfaces • count packet rates in millions per second • run high-traffic VOIP or gaming platforms • do weird things that involve millions of simultaneous connections (in which case you're already familiar with kernel tuning) Kubernetes network model: kube-proxy @jpetazzo
  • 55. Thoughts from one of the creators of Kubernetes
  • 56. Abstractions are NOT a new thing, It’s how CS evolved BUT…
  • 57. When you go too far up, abstraction- wise, you run out of oxygen. Sometimes smart thinkers just don’t know when to stop, and they create these absurd, all- encompassing, high-level pictures of the universe that are all good and fine, but don’t actually mean anything at all. Architecture Astronauts “ ”2001, Joel Spolsky Co-founder @stackoverflow @trello
  • 58. (6) It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it. (6a) (corollary). It is always possible to add another level of indirection. RFC 19251 April 1996 “ ”
  • 59. We can solve any problem by introducing an extra level of indirection. FTSEFundamental Theorem of Software Engineering “ ”The theorem is often expanded by the humorous clause “…except for the problem of too many levels of indirection”
  • 60. too many Abstractions = may create intrinsic Complexity issues of their own
  • 66. Links • https://loige.co/from-bare-metal-to-serverless/ • https://hackernoon.com/why-the-fuss-about-serverless-4370b1596da0 • https://www.martinfowler.com/articles/serverless.html • https://www.slideshare.net/randybias/the-history-of-pets-vs-cattle-and-using-it-properly • https://www.slideshare.net/spnewman/what-is-this-cloud-native-thing-anyway • https://www.slideshare.net/spnewman/confusion-in-the-land-of-the-serverless • https://www.slideshare.net/JorgeMorales124/build-and-run-applications-in-a-dockerless-kubernetes-world • https://medium.com/@adriaandejonge/moving-from-docker-to-rkt-310dc9aec938 • https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html • https://www.slideshare.net/jpetazzo/anatomy-of-a-container-namespaces-cgroups-some-filesystem-magic-linuxcon