2. Who’s this?!
@MilosZubal
Software Engineer at
(we’re hiring! ;) )
10+ years of backend Java happiness
https://www.linkedin.com/in/miloszubal/
https://github.com/mzubal
https://twitter.com/MilosZubal
3. What are we
going to cover
today?
● Big Picture of Kubernetes (k8s)
● History and main features of k8s
● Small recap of containers
● Architecture of k8s
● Main k8s primitives + examples
● Other features
● Running Kubernetes
● Demo
● Bonus: Czech accent all along the
way! :)
(all of that in 30-35 minutes - managers would
call this “ambitious plan”)
4. Why Microservices? To tame the kludgy Monolith?
(the whole story at: https://cloud.google.com/kubernetes-engine/kubernetes-comic/)
5. Let’s go Microservices, but what about...
● Service Discovery
● Load Balancing
● Networking
● Storage
● Monitoring
● Clustering
● Logs
● Many other things...
7. Is this like Serverless?
● Better term would be “Server-agnostic”
● K8s API tries to be as server-agnostic
as possible
● K8s API is declarative
○ You defined the desired state
rather than actions
8. Kubernetes - few facts
● Open-source container orchestration platform
● Kubernetes == greek for “Helmsman” or “Pilot”
● Often abbreviated as k8s
● Based on Google’s internal system (Borg), which reflects their experience of running
containers for more than 15 years
● First released in 2015 and later donated to the Cloud Native Computing Foundation
● Big and vibrant community
● Biggest contributors - Google and RedHat
10. Containers recap
● Containers == lightweight “VMs”
● They are basically cleverly isolated
processes running on the same
OS/kernel (using
cgroups/namespaces)
● You can adjust networking/volumes
between host and containers
● Current container techs. - docker,
rkt, lmctfy
12. Kubernetes - Architecture
● Master - a node holding the configuration and managing the cluster
● Node - a worker machine (bare metal, virtual, cloud) hosting Pods
● Kubectl - console for the API, allows modifying/uploading configuration
● API - REST api to modify the configuration (which is stored in etcd)
● Scheduler - gathers info about Nodes (utilisation) and decides where to spawn new
Pods
● Controller Manager - Checks and enforces the current config in the cluster (e.g.
ReplicaSet)
● Kubelet - agent running on each Node, providing info to master, creating Pods
● Kube-proxy - serves for inter-Pod and inter-Node communication
● Pod - container(s) running the actual application
13. Pod - contains the app
● Basic unit in k8s, can expose ports
● One or more containers sharing the same
namespace, resources, volumes, network
(localhost), ports, etc.
● Each container is defined by its image
● Limits for CPU / RAM
● Set of labels (we will learn more about them later)
● Can have health / readiness checks
● Containers in pod get automatically restarted in case
they crash or fail the health check
● Pod might get rescheduled to other Node
● You can also mount Volumes to Pods or inject
some configuration (via ConfigMaps and Secrets)
14. ReplicaSet - scaling / self-healing
● A set of Pods based on a Number of Pods, Pod Template and a Selector
● Allows defining clusters of the same Pod (application)
● Number of Pods - the desired number of replicas to be running in cluster
● Pod Template - basically the same like Pod definition (image, labels, resources)
● Selector - a set of matchers to match the Pods in cluster by labels
○ E.g. “app: elastic AND version: 6.1.2 AND env: prod”
○ Usually matches the labels defined in the Pod Template
● Kubernetes makes sure there is the exact number of defined Pods in the cluster
20. Service - service discover / load-balancing
● Addresses/ports of Pods are dynamically assigned every time a Pod is created
○ You cannot rely on them when trying to call an app running in other Pod
● Service solves the problem by providing a stable clusterIp/port for Pod(s)
● The Service is defined by a selector (the same as in ReplicaSet) and a port
● E.g. “app: elastic AND version: 6.1.2 AND env: prod” + port: 9200
● 3 modes of operation to choose from: userspace, iptables (default) and ipvs
○ K8s will alter the iptables accordingly on all the Nodes
● The Service Discovery is implemented either by injecting variables or using DNS
○ E.g. ELASTIC_SERVICE_HOST / ELASTIC_SERVICE_PORT get injected into
every Pod
○ Or there is ‘elastic’ DNS record, so all the other Pods can rely on that
22. Volumes / Persistent Volumes - Storage
● Not exactly the same thing as Docker volumes
● Volume - tight to a Pod lifecycle (survives container restarts)
● Persistent Volumes - can be reused by another Pod (of the same type)
● Many adapters supported - local volumes, AWS EBS, GCEPersistentDisk, Ceph,
Gluster, ScaleIO and many others
● Persistent Volume Claim - a way to decouple the definition of storage and apps
claiming that storage (claim can be reused)
● Storage Class - a way to define properties of the storage (IOPS, zone, etc.) - the
claim can be based on these (e.g. demanding a fast volume in us-east)
23. Deployments
● Deployments provide a way to define a deployment strategy for a Pod
● Its definition is very similar to ReplicaSet, but it adds the strategy
● 2 strategies - Recreate and RollingUpdate
● RollingUpdate
○ maxUnavailable - max. number or percentage of Pods unavailable during update
○ maxSurge - max. number or percentage to create over the replica count
○ You can also define a time period for which the Pod must be healthy before
moving to another
27. Some of the other Primitives
● Network Policies - defining access in the cluster and to/from outside
● Ingress - inbound http rules, TLS termination, external loadbalancing, etc.
● Jobs - one-time jobs
● StatefulSet - solution to master/slave stores (e.g. MySQL, Redis, etc.)
● Namespaces - means to separate different “parts” of cluster (e.g. by environment)
28. Deployment Options
● Local - minikube (used in the demo later)
● Hosted - Google (GKE), RedHat (OpenShift), Microsoft (Azure CS), AWS (EKS) and
many others
● VMs - Vagrant, vSphere (Vmware), oVirt
● Bare Metal - CentOS, Fedora, Ubuntu, CoreOS