Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes from a Box Mix

123 views

Published on

A tutorial guiding you through setting up a minimal Kubernetes cluster.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Kubernetes from a Box Mix

  1. 1. @stillinbeta // #SREcon Americas 2019 While you’re waiting... http://bit.ly/srecon-cake0
  2. 2. @stillinbeta // #SREcon Americas 2019 Kubernetes From A Cake Mix Liz Frost
  3. 3. @stillinbeta // #SREcon Americas 2019 Who am I? Liz Frost Twitter: @stillinbeta slack.k8s.io: @liz
  4. 4. @stillinbeta // #SREcon Americas 2019 Who am I?
  5. 5. @stillinbeta // #SREcon Americas 2019 Who am I?
  6. 6. @stillinbeta // #SREcon Americas 2019 Who am I? It’s pronounced “kube-cuddle”
  7. 7. @stillinbeta // #SREcon Americas 2019 Why should you listen to me? ● sig-cluster-lifecycle member ● kubernetes contributor ● kubeadm developer
  8. 8. @stillinbeta // #SREcon Americas 2019 What is Kubernetes?
  9. 9. @stillinbeta // #SREcon Americas 2019
  10. 10. @stillinbeta // #SREcon Americas 2019
  11. 11. @stillinbeta // #SREcon Americas 2019
  12. 12. @stillinbeta // #SREcon Americas 2019 Node Pod Pod Pod Node Pod Pod Pod User
  13. 13. @stillinbeta // #SREcon Americas 2019 Node Pod Pod Pod Node Pod Pod Pod User
  14. 14. @stillinbeta // #SREcon Americas 2019 Kubernetes API User
  15. 15. @stillinbeta // #SREcon Americas 2019 Kubernetes APIConformance Tests
  16. 16. @stillinbeta // #SREcon Americas 2019 Kubernetes APIConformance Tests
  17. 17. @stillinbeta // #SREcon Americas 2019 Kubernetes APIConformance Tests
  18. 18. @stillinbeta // #SREcon Americas 2019 Kubernetes APIConformance Tests
  19. 19. @stillinbeta // #SREcon Americas 2019 Kubernetes API A wizard did itConformance Tests
  20. 20. @stillinbeta // #SREcon Americas 2019 We got Opinions
  21. 21. @stillinbeta // #SREcon Americas 2019 Kubeadm™ brand Kubernetes
  22. 22. @stillinbeta // #SREcon Americas 2019 kubeadm init
  23. 23. @stillinbeta // #SREcon Americas 2019 $ kubeadm init --help Run this command in order to set up the Kubernetes master. The "init" command executes the following phases: ``` preflight Run master pre-flight checks kubelet-start Writes kubelet settings and (re)starts the kubelet certs Certificate generation /etcd-ca Generates the self-signed CA to provision identities for etcd /etcd-server Generates the certificate for serving etcd /etcd-healthcheck-client Generates the client certificate for liveness probes to healtcheck etcd /apiserver-etcd-client Generates the client apiserver uses to access etcd /etcd-peer Generates the credentials for etcd nodes to communicate with each other /ca Generates the self-signed Kubernetes CA to provision identities for other Kubernetes components /apiserver Generates the certificate for serving the Kubernetes API /apiserver-kubelet-client Generates the Client certificate for the API server to connect to kubelet /front-proxy-ca Generates the self-signed CA to provision identities for front proxy /front-proxy-client Generates the client for the front proxy /sa Generates a private key for signing service account tokens along with its public key kubeconfig Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file /admin Generates a kubeconfig file for the admin to use and for kubeadm itself /kubelet Generates a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes /controller-manager Generates a kubeconfig file for the controller manager to use /scheduler Generates a kubeconfig file for the scheduler to use control-plane Generates all static Pod manifest files necessary to establish the control plane /apiserver Generates the kube-apiserver static Pod manifest /controller-manager Generates the kube-controller-manager static Pod manifest /scheduler Generates the kube-scheduler static Pod manifest etcd Generates static Pod manifest file for local etcd. /local Generates the static Pod manifest file for a local, single-node local etcd instance. upload-config Uploads the kubeadm and kubelet configuration to a ConfigMap /kubeadm Uploads the kubeadm ClusterConfiguration to a ConfigMap /kubelet Uploads the kubelet component config to a ConfigMap mark-control-plane Mark a node as a control-plane bootstrap-token Generates bootstrap tokens used to join a node to a cluster addon Installs required addons for passing Conformance tests /coredns Installs the CoreDNS addon to a Kubernetes cluster /kube-proxy Installs the kube-proxy addon to a Kubernetes cluster
  24. 24. @stillinbeta // #SREcon Americas 2019 $ kubeadm init --help Run this command in order to set up the Kubernetes master. The "init" command executes the following phases: ``` preflight Run master pre-flight checks kubelet-start Writes kubelet settings and (re)starts the kubelet certs Certificate generation kubeconfig Generates all kubeconfig files necessary control-plane Generates all static Pod manifest files necessary to establish the /apiserver Generates the kube-apiserver static Pod manifest /controller-manager Generates the kube-controller-manager static Pod manifest /scheduler Generates the kube-scheduler static Pod manifest etcd Generates static Pod manifest file for local etcd. /local Generates the static Pod manifest file for a local etcd instance. upload-config Uploads the kubeadm and kubelet configuration to a ConfigMap /kubeadm Uploads the kubeadm ClusterConfiguration to a ConfigMap /kubelet Uploads the kubelet component config to a ConfigMap mark-control-plane Mark a node as a control-plane bootstrap-token Generates bootstrap tokens used to join a node to a cluster addon Installs required addons for passing Conformance tests /coredns Installs the CoreDNS addon to a Kubernetes cluster /kube-proxy Installs the kube-proxy addon to a Kubernetes cluster
  25. 25. @stillinbeta // #SREcon Americas 2019 preflight kubelet-start certs kubeconfig control-plane /apiserver /controller-manager /scheduler etcd /local upload-config /kubeadm /kubelet mark-control-plane bootstrap-token addon /coredns /kube-proxy
  26. 26. @stillinbeta // #SREcon Americas 2019 What are we making? ● kubelet ● etcd ● kube-apiserver ● kube-contoller-manager ● kube-scheduler
  27. 27. @stillinbeta // #SREcon Americas 2019 master kubelet etcd kube- apiserver kube- scheduler kube- controller- manager docker process container Node (VM / physical Machine) https IPC
  28. 28. @stillinbeta // #SREcon Americas 2019 kubelet etcd docker kube- apiserver kube- scheduler kube- controller -manager process container Node (VM / physical Machine)
  29. 29. @stillinbeta // #SREcon Americas 2019 kubelet etcd docker kube- apiserver kube- scheduler kube- controller -manager process Kubernetes pod Node (VM / physical Machine)
  30. 30. @stillinbeta // #SREcon Americas 2019 kubelet etcd docker kube- apiserver kube- scheduler kube- controller -manager process container Node (VM / physical Machine)
  31. 31. @stillinbeta // #SREcon Americas 2019 kubelet
  32. 32. @stillinbeta // #SREcon Americas 2019 What will we need locally? ● kubelet ● kubeadm ● docker
  33. 33. @stillinbeta // #SREcon Americas 2019 kubelet connects to API server... ...but the API server is run by the kubelet
  34. 34. @stillinbeta // #SREcon Americas 2019
  35. 35. @stillinbeta // #SREcon Americas 2019 Kubelet boot Start static pods Try to connect to API server
  36. 36. @stillinbeta // #SREcon Americas 2019 Kubelet boot Start static pods Try to connect to API server
  37. 37. @stillinbeta // #SREcon Americas 2019 Kubelet boot Start static pods
  38. 38. @stillinbeta // #SREcon Americas 2019 Tutorial 1! http://bit.ly/srecon-cake1
  39. 39. @stillinbeta // #SREcon Americas 2019 kubeadm
  40. 40. @stillinbeta // #SREcon Americas 2019 kubeadm REMOVE BEFORE FLIGHT
  41. 41. @stillinbeta // #SREcon Americas 2019 Preflight Checks ● Avoid common problems ● Handy guard-rails ● Ignore at your own peril!
  42. 42. @stillinbeta // #SREcon Americas 2019 Tutorial 2! http://bit.ly/srecon-cake2
  43. 43. @stillinbeta // #SREcon Americas 2019
  44. 44. @stillinbeta // #SREcon Americas 2019 From the Website ● Simple: well-defined, user-facing API (gRPC) ● Secure: automatic TLS with optional client cert authentication ● Fast: benchmarked 10,000 writes/sec ● Reliable: properly distributed using Raft
  45. 45. @stillinbeta // #SREcon Americas 2019 What you care about ● Key/value store ● Optionally distributed ● Only stateful part of kubernetes ● Secured by client certificates
  46. 46. @stillinbeta // #SREcon Americas 2019 Where do we put it? ● External? ● HA? ● Self-Hosted ● Single Node
  47. 47. @stillinbeta // #SREcon Americas 2019 Setting up etcd Generate Certificates Create Pod Manifest Run Healthcheck
  48. 48. @stillinbeta // #SREcon Americas 2019 Tutorial 3! http://bit.ly/srecon-cake3
  49. 49. @stillinbeta // #SREcon Americas 2019 apiserver
  50. 50. @stillinbeta // #SREcon Americas 2019 master kubelet etcd kube- apiserver kube- scheduler kube- controller- manager docker process container Node (VM / physical Machine) https IPC User
  51. 51. @stillinbeta // #SREcon Americas 2019 The centre of everything
  52. 52. @stillinbeta // #SREcon Americas 2019 kube-apiserver
  53. 53. @stillinbeta // #SREcon Americas 2019 kube-apiserver ● Exclusive control of etcd ● Handles all access control ● Stores some (but not all!) APIs ● Proxies everything
  54. 54. @stillinbeta // #SREcon Americas 2019 API Groups? GET /apis/apps/v1/namespaces/default/deployments/myapp API Group API Version Namespace Resource Resource Name
  55. 55. @stillinbeta // #SREcon Americas 2019 Custom Resource Definitions API Request MyCRD Watch NotificationMyCRD Response User (kubectl, curl) kube-apiserver CRD controller
  56. 56. @stillinbeta // #SREcon Americas 2019 kubectl exec Command Command Command output User (kubectl, curl) kube-apiserver Running Pod Command Output
  57. 57. @stillinbeta // #SREcon Americas 2019 Tutorial 4! http://bit.ly/srecon-cake4
  58. 58. @stillinbeta // #SREcon Americas 2019 kube-controller-manager
  59. 59. @stillinbeta // #SREcon Americas 2019 ...that could mean anything
  60. 60. @stillinbeta // #SREcon Americas 2019 Controller State Changes Desired State Reactions
  61. 61. @stillinbeta // #SREcon Americas 2019 ReplicaSetController Pod Created / Destroyed List of ReplicaSets Create / Destroy Pods
  62. 62. @stillinbeta // #SREcon Americas 2019 NodeController Node Health Changes List of Pods Destroy Pods
  63. 63. @stillinbeta // #SREcon Americas 2019 kube-controller-manager Controller goroutineController goroutineController goroutineController goroutineController goroutine Controller goroutineController goroutineController goroutineController goroutineController goroutine Controller goroutineController goroutineController goroutineController goroutineController goroutine Controller goroutineController goroutineController goroutineController goroutineController goroutine
  64. 64. @stillinbeta // #SREcon Americas 2019 Tutorial 5! http://bit.ly/srecon-cake5
  65. 65. @stillinbeta // #SREcon Americas 2019 Scheduler
  66. 66. @stillinbeta // #SREcon Americas 2019 kube-schedulerPods Nodes Assignments
  67. 67. @stillinbeta // #SREcon Americas 2019 I need a GPU I’m out of disk I’m running Solaris I’m in Europe I can’t be on Node17 I want to be in us-east-1c
  68. 68. @stillinbeta // #SREcon Americas 2019 I prefer Europe I prefer not to run on the same node as pod17
  69. 69. @stillinbeta // #SREcon Americas 2019 Bin Packing
  70. 70. @stillinbeta // #SREcon Americas 2019 Tutorial 6! http://bit.ly/srecon-cake6
  71. 71. @stillinbeta // #SREcon Americas 2019 What would be next? ● DNS ● Container Networking ● Proxying ● Multiple Nodes
  72. 72. @stillinbeta // #SREcon Americas 2019 Your Cluster is Not: ● Secure ● Production-Ready ● Resilient ● High-Availability ● Certified Kubernetes
  73. 73. @stillinbeta // #SREcon Americas 2019 But it is yours.
  74. 74. @stillinbeta / #Kubecon Seattle 2018 Questions? Concerns? Come find me! I’m the one with pink hair! Twitter: @stillinbeta slack.k8s.io: @liz Github: github.com/stillinbeta

×