Kubernetes Basics - ICP Workshop Batch II

Everyone’s container journey starts with one container…. 2

At first the growth is easy to handle…. 3

But soon you have many applications, many instances… 4

And that is why there is container orchestration 5

What is container orchestration? 6 Cluster management creates unified targets for varied workload Scheduling intelligently distributes containers across nodes Service discovery knows where containers are located and provides a method to direct requests to them Replication allows the workload to be scaled Health management creates a method to ensure the application is assured to be viable by allowing unhealthy containers to be replaced Container Orchestrator Manager Scheduler Replicator Node Daemon Containers Node Daemon Containers Node Daemon Containers Image repository Discovery DB Management of the deployment, placement, and lifecycle of workload containers

Container ecosystem © Copyright IBM Corporation 2017 Container scheduling Container orchestration Virtual infrastructure Container engine Physical infrastructure Operating system Application workflow 1 2 3 4 5 6 7 Kubernetes, Docker Swarm, Apache Mesos Docker VMWare, AWS Ubuntu, RedHat, CoreOS

What is Kubernetes? Fully open source container orchestrator inspired and informed by Google's experiences and internal systems Unified API for deploying web applications, batch jobs, and databases maintaining and tracking the global view of the cluster Supports multiple cloud and bare-metal environments Manage applications, not machines providing a better framework to support rolling updates, canary deploys, and blue-green deployments Designed for extensibility Rich ecosystem of plug-ins for scheduling, storage, and networking Open source project managed by the Linux Foundation

Kubernetes strengths Clear governance model ‒ Managed by the Linux Foundation. ‒ Google is driving the product features and roadmap, while allowing the rest of the ecosystem to participate. Growing and vibrant ecosystem ‒ IBM, Huawei, Intel, and Red Hat are among the companies making prominent contributions to the project. Avoid dependency and vendor lock-in ‒ Active community participation and ecosystem support. Support for a wide range of deployment options ‒ Customers can choose between bare metal, virtualization, private, public, and hybrid cloud deployments ‒ Wide range of delivery models across on-premises and cloud-based services. Design is more operations-centric ‒ First choice of DevOps teams.

10 Kubernetes The Building Blocks

Immutability Build Once - Deploy Everywhere The same container image is built once and is moved between environments

Pod A single unit of work in Kubernetes, which may consist of one or more containers All containers in a pod are co-located and co- scheduled, and share the kernel namespace (process, storage, network, etc.)

Pod Health Checking Pods are automatically kept alive by “process check” checking the basic status of the main process for the application To go beyond this Kubernetes allows you to create a liveness probe to provide additional means for identifying health.

Config Maps & Secrets Share and store configurations, credentials and more Store the configurations and secrets (credentials, certificates) in the K8s environment and mount them to the local filesystem within container(s) The container image can move un-changed between environments (i.e. container immutability)

Replicaset Replicasets run one-to- many instances of the desired pod When possible the replica pod should be stateless or near-stateless Scale pods horizontally and provide resiliency

Service Discovery Kubernetes has an internal DNS that is used as a Service Registry. A Service resource in Kubernetes results in an entry in the internal DNS By default, a Service points to an internal Cluster IP that load balances between a set of healthy running pods

Ingress Resources External access to applications running in Kubernetes may be enabled through Ingress resources and proxy nodes The proxy node(s) in ICP expose services defined in Kubernetes

More on Scaling More on Scaling Allows you to scale the number of running pods in a replicaset based upon resource (or application custom) metrics Horizontal Pod Auto-scaling (HPA)

Statefulsets Similar to replicaset for the purpose of scale or redundancy and/or, statefulsets run one-to- many instances of the desired pod Unlike replicasets the are intended for applications requiring state. Valuable for applications that require: • Stable, unique network identifiers • Stable persistent storage • Ordered graceful deployment and scaling • Ordered graceful deletion and termination • Ordered automated rolling updates

Persistence & Storage There are many types of persistent storage and many provider options Some pods must be able to persist data so that if Kubernetes restarts them on the same or another node data loss is avoided Kubernetes will re-attach the shared storage when the pod (re)starts Storage providers support different retention and recycling policies and the definitions of these are not universal

21 Kubernetes More on Persistent Storage

We strive to simplify our configuration management by moving towards immutability It is about STATE not STORAGE 22 IBM Cloud / © 2018 IBM Corporation Stateless Applications that containerize the best tend to be stateless with a small number of configuration parameters required for personalization Containers are purposefully not Virtual Machines and do not carry the burden of a VMs resource management Containers Pervasive As orchestration is used to place containerized workload throughout the private cloud it becomes important that the persistent storage is equally mobile State Some services require backing storage to maintain the current operating state such as a database or an applications that persist transactions

23 Persistent Storage Persistent Volume is a storage resource within the cluster. PVs have a lifecycle independent of any individual pod that uses it. This API object encapsulates the details of the storage implementation or cloud-provider-specific storage system. A Persistent Volume Claim is a storage request, or claim, made by the developer. Claims request specific sizes of storage, as well as other aspects such as access modes. A StorageClass describes an offering of storage and allow for the dynamically provisioning of PVs and PVCs based upon these controlled definitions. Solution components

24 Kubernetes Deploying Applications

Deployments Deployments manage rolling updates to ReplicaSets and StatefulSets When a new version of the application is available, the Deployment provides the ability to scale down the previous version of the application and scale up the new version in a controlled fashion with zero downtime Enables rollback in the case of failure

CI / CD with Jenkins Build artifacts from Jenkins (the container image) are continuously built and deployed in ICP The same image is promoted between each environment (dev, QA, stage, prod)

Worker node Kubernetes cluster architecture Worker node Master node Docker pod pod Docker pod pod Kubernetes cluster kubelet kubelet Kubernetes API kubectl controller 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 .yaml scheduler

Master Node components • Make scheduling decisions for the cluster, and respond to cluster events, like a node failure • Can run on any node in the cluster, but typically all master components run on the same virtual machine (vm), and do not run any container apps on that vm Master node etcd kube-controller-manager Node controller Replication controller Endpoints controller Service account & token controller Kubernetes API scheduler DNS

Master Node Components Etcd – A highly-available key value store – Stores all cluster data API Server – Exposes API for managing Kubernetes – Used by kubectl CLI Scheduler – Selects the worker node for each pods runs Controller manager – Daemon that runs controllers (background threads that handle routine tasks in the cluster) – Node Controller – Responsible for noticing and responding when nodes go down – Endpoints Controller – Populates the Endpoints object (joins services and pods) – Service Account and Token Controllers – Create default accounts and API access tokens for new namespaces

Worker Node Components • Provide the Kubernetes runtime environment; run on every node • Maintain running pods Worker node kubelet kube-proxy Docker pod pod 10.0.0.3 10.0.0.3

32 Kubernetes Further Concepts

Naming in Kubernetes Name – Each resource object by type has a unique name Namespace – Resource isolation: Each namespace is a virtual cluster within the physical cluster • Resource objects are scoped within namespaces • Low-level resources are not in namespaces: nodes, persistent volumes, and namespaces themselves • Names of resources need to be unique within a namespace, but not across namespaces – Resource quotas: Namespaces can divide cluster resources – Initial namespaces • default – The default namespace for objects with no other namespace • kube-system – The namespace for objects created by the Kubernetes system

Kubernetes configuring Containers and Resources Label • Metadata assigned to Kubernetes resources (pods, services, etc.) • Key-value pairs for identification • Critical to Kubernetes Selector • An expression that matches labels to identify related resources

Kubectl commands Support different approaches to working with Kubernetes objects: • Imperative commands on live objects. • Individual configuration files or directories of files. Important: maintain a consistent approach when working with the same object; do not mix approaches. Basic syntax: <verb> <objecttype> [<subtype>] <instancename> • Where the <verb> is an action such as: create, run, expose, autoscale. • <objecttype> is the object type, such as a service. • Some objects have subtypes. For example, a service has ClusterIP, LoadBalancer, NodePort. • Use the -h flag to find the arguments and flags supported by a subtype • <instancename> specifies the name of the object © Copyright IBM Corporation 2018

Kubectl command useful examples Get the state of a cluster $ kubectl cluster-info Get all the nodes of a cluster $ kubectl get nodes -o wide Get info about the pods of a cluster $ kubectl get pods -o wide Get info about the replication controllers of a cluster $ kubectl get rc -o wide Get info about the services of a cluster $ kubectl get services Get full config info about a Service $ kubectl get service NAME_OF_SERVICE -o json Get the IP of a Pod $ kubectl get pod NAME_OF_POD - template={{.status.podIP}} Delete a Pod $ kubectl delete pod NAME Delete a Service $ kubectl delete service NAME_OF_SERVICE

Resources Kubernetes tutorial – https://kubernetes.io/docs/tutorials/kubernetes-basics/ Introduction to container orchestration – https://www.exoscale.ch/syslog/2016/07/26/container-orch/ TNS Research: The Present State of Container Orchestration – https://thenewstack.io/tns-research-present-state-container-orchestration/ Large-scale cluster management at Google with Borg – https://research.google.com/pubs/pub43438.html

Kubernetes Basics - ICP Workshop Batch II

More Related Content

What's hot

Similar to Kubernetes Basics - ICP Workshop Batch II

More from PT Datacomm Diangraha

Recently uploaded

Kubernetes Basics - ICP Workshop Batch II