SlideShare a Scribd company logo

Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1

Etsuji Nakai
Etsuji Nakai

2015/03/12 ver1.0 published. 2015/03/26 ver1.1 fixed: flannel's tunnel type to VXLAN. 2015/04/03 ver1.2 fixed: Flannel's mechanism for VXLAN processing.

Technology
1 of 23
Download to read offline
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K v1.2 2015/04/03
2 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 What's this document?  Kubernetes is now supported with Red Hat Enterprise Linux 7.1 (RHEL7.1) !  This documents describes the architecture overview of Kubernetes provided with RHEL7.1.  The description of OpenShift v3 is based on the Beta release. Details may change in the GA version.
3 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 $ who am i – The author of “Professional Linux Systems” series. • Translation offering from publishers are welcomed ;-) Self-study Linux Deploy and Manage by yourself Professional Linux Systems Deployment and Management Professional Linux Systems Network Management  Etsuji Nakai – Senior solution architect and cloud evangelist at Red Hat. Professional Linux Systems Technology for Next Decade
4 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Contents  Architecture of Kubernetes  Container deployment model  Definition file examples  Feature extension of OpenShift v3  References
Architecture of Kubernetes
6 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Server configuration etcd ・・・ Backend Database(KVS) Kubernetes Master Kubernetes Node (Minion) ・・・ Scale-out cluster Docker Docker Docker Add more minions if necessary. Docker Registry  Kubernetes manages multiple nodes (minions) from a single master. – Clustering of multiple masters is not available now. You may use active-standby configuration with standard HA tools for high availability. – etcd (KVS) is used as a backend database. It can be configured as a scale-out cluster.
7 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Network configuration etcd Kubernetes Master Docker Registry Configured as an overlay network. ・・・  Physical network is simple. Kubernetes works just by connecting all servers to a single service network.  However, you need to create an internal network for container communication using an overlay network. – You may use Flannel, Open vSwitch, etc. as an overlay technology. Service network 192.168.122.0/24 Minion docker0 Minion docker0 Internal network 10.1.0.0/16
8 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Internal network details  The internal network needs to be prepared independently from Kubernetes. – Flannel is the most convenient tool for this purpose.  Flannel configures an internal network as follows: – Assign non-overlapping subnets to the Linux bridge (docker0) of each minion. (eg. 10.1.x.0/24 with x=1,2,3,...) – Create a virtual interface "flannel.1" which works as a gateway to other minions. – Linux kernel on each minion transferes packets from/to flannel.1 using the VXLAN encapslation. (Flannel daemon "flanneld" provides necessary information for VXLAN processing to the kernel.) flannel.1 docker0 10.1.1.0/24 10.1.1.0 etn0 10.1.1.1 Gateway to 10.1.0.0/16 Encapsulation flannel.1 docker0 10.1.2.0/24 10.1.2.0 etn0 10.1.2.1 Gateway to 10.1.0.0/16 minion01 minion02 10.1.0.0/16 flanneld flanneld
9 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 External access etcd Kubernetes Master Minion Docker Registry Minion API requests Image upload ・・・ Service access  There are following cases for the external access. – API requests are sent to the master. – Services running on containers are accessed from minions' external IPs via proxy mechanism (described later.) – Docker registry is an independent component from Kubernetes. You may use a registry server running on a container. Service network Internal network
Container deployment model
11 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Pod  Kubernetes launches containers in the unit of Pod. You specify the container images inside a pod when launching a new pod. – You can specify a single image when you want to launch a single container. – Kubernetes monitors the status of containers inside pods, and launches a new one in the case of failure. Container A Virtual NIC Container B Pod docker0  When you launch a container using Docker, a single NIC and private IP is assigned to it. However, with some options, you can launch multiple containers sharing the same NIC and private IP.  Kubernetes supports this configuration and a group of containers sharing the same NIC is called "pod". You can aggregate containers which need to communicate via localhost into a single pod. – eg. Pod with PostgreSQL container and pgadmin container. – eg. Pod with an apllication container which sends logs to syslog, and rsyslogd container. Linux Bridge
12 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Replication Controller  Replication controller activates the specified number of pods with the same configuration. The typical usecase is to run multiple web servers for the load balancing purpose. – The scheduler decides which minions are used to launch pods. – A new pod is launched in the case of failure to keep the number of active pods. – The number of pods can be dynamically changed. You may add an auto-scale mechanism on top of this.  You can launch a single pod with or without replication controller. – If you launch a pod with relication controller (with "number = 1"), you can change the number of pods later.
13 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Service  You need to define a service so that you can access the containers inside pods. An private and (optionally public) IP is assigned to each service. – You define a single service which aggregates the multiple pods running the same image. Access to the "IP + port" associated to a service is transferred to the backend pods with the round-robin manner.  When defining a service, you need to explicitly specify a port number. A "private IP" is automatically assigned. The private IP is used for accessing from other pods (not external uses.) – Access to the private IP is received by the proxy daemon running on the local minion, and transferred to the backend pods. – When launching a new pod, the private IPs and ports of existing services are set in the environment variables inside new containers. Pod ProxyThe local proxy daemon receives the packets to the private IP. Pod Proxy Round-robin access via the internal network. Pod Proxy Minion Minion Minion
14 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Minion External access to services Service access  You can specify multiple public IPs for each service. – By that, external users can access the service via multiple minions so that a specific minion does not become a SPOF. – External mechanism to select/load balance multiple minions is required. Typically, you can use the DNS load balancing. Pod Proxy The proxy daemon receives packets to service ports. Accessing to the minions' public IPs. Minion Pod Proxy Round-robin access via the internal network.  When defining a service, you need to specify "Public IPs" if you need to make it accessible from external users. – Public IPs' correspond to minions' IP addresses from which external uses can access the service. – The packets to the corresponding minions (for the service port) are received by the proxy daemon, and transferred to the backend pods.
Definition file examples
16 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Launching a single pod  The following is an example definition to launch a single pod. – Resources defined in Kubernetes can be associated with any numbers of (key, value) labels. Labels are used to refer from other resources. – Resources defined in Kubernetes are associated with a namespace. Only the resources in the same namespace can be referred each other. { "kind": "Pod", "id": "apache", "apiVersion": "v1beta1", "labels": { "name": "apache" }, "namespace": "default", "desiredState": { "manifest": { "id": "apache", "restartPolicy": { "always": {} }, "version": "v1beta1", "volumes": null, "containers": [ { "image": "fedora/apache", "name": "my-fedora-apache", "ports": [ { "containerPort": 80, "protocol": "TCP" } ] } ] } } } Containers inside pod Label Namespace
17 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Launching multiple pods using replication controller  The following is an example to launch multiple pods using replication controller. { "kind": "ReplicationController", "id": "apache-controller", "apiVersion": "v1beta1", "labels": { "name": "apache-controller" }, "namespace": "default", "desiredState": { "replicaSelector": { "name": "apache" }, "replicas": 2, "podTemplate": { "desiredState": { "manifest": { "id": "apache", "containers": [ { "image": "fedora/apache", "name": "my-fedora-apache", "ports": [ { "containerPort": 80, "protocol": "TCP" } ] } ], "restartPolicy": { "always": {} }, "version": "v1beta1", "volumes": null } }, "labels": { "name": "apache" } } } } Definition of pod The label of pods to be managed with this controller.
18 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Associating a service to existing pods  The following is an example to associate a service to existing pods. – Label is used to specify the backend pods. – You need to specify the pair of ports (an externally visible port and a corresponding container port.) – Public IPs are required if you need to make it accessible from external users. { "kind": "Service", "id": "frontend", "apiVersion": "v1beta1", "labels": { "name": "frontend" }, "namespace": "default", "selector": { "name": "apache" }, "containerPort": 80, "port": 999, "publicIPs": [ "192.168.122.10", "192.168.122.11" ] } Label of pods to associate the service. Public IPs
Feature extension of OpenShift v3
20 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Feature extensions of OpenShift v3  OpenShift v3 utilizes Kubernetes as an internal engine. It will provide the following feature extensions compared to the "bare" Kubernetes. – Internal network with Open vSwitch. • Flannel are not good at high latency communication. OpenShift v3 uses Open vSwitch to provide VXLAN overlay network for high latency communication. – Transparent service access with service URL. • External users need to use minion's IP addresses to access services running inside pods. OpenShift v3 associates an unique URL to each service, and external users can access the service via the service URL. – Multi-tenancy • OpenShift v3 provides the multi-tenant interface utilizing the namespace feature of Kubernetes. – Source to Image automation • The container images should be built and uploaded outside Kubernetes. OpenShift v3 provides the automated image build feature, like, "pushing source codes to git, running unit tests, building images, uploading to the registry."
References
22 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 References  OpenShift v3 Internal networking details – http://www.slideshare.net/enakai/openshift-45465283
EMPOWER PEOPLE, EMPOWER ENTERPRISE, OPEN INNOVATION.

Recommended

A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
Ramit Surana
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
Kubernetes
KubernetesKubernetes
Kubernetes
erialc_w
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 

Recommended

A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
Ramit Surana
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
Kubernetes
KubernetesKubernetes
Kubernetes
erialc_w
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Peng Xiao
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
ssuser0cc9131
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
Bob Killen
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Kubernetes fundamentals
Kubernetes fundamentalsKubernetes fundamentals
Kubernetes fundamentals
Victor Morales
 
What Is Helm
What Is Helm What Is Helm
What Is Helm
AMELIAOLIVIA2
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
DongHyeon Kim
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
Swapnil Jain
 
Kubernetes
KubernetesKubernetes
Kubernetes
Lhouceine OUHAMZA
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Helm intro
Helm introHelm intro
Helm intro
Haggai Philip Zagury
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
Bob Killen
 
Achieving CI/CD with Kubernetes
Achieving CI/CD with KubernetesAchieving CI/CD with Kubernetes
Achieving CI/CD with Kubernetes
Ramit Surana
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
The top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorThe top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitor
Sysdig
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
Etsuji Nakai
 

More Related Content

What's hot

What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 

What's hot (20)

Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Kubernetes fundamentals
Kubernetes fundamentalsKubernetes fundamentals
Kubernetes fundamentals
 
What Is Helm
What Is Helm What Is Helm
What Is Helm
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Helm intro
Helm introHelm intro
Helm intro
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
 
Achieving CI/CD with Kubernetes
Achieving CI/CD with KubernetesAchieving CI/CD with Kubernetes
Achieving CI/CD with Kubernetes
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
 

Viewers also liked

Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
Greg Hoelzer
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and Jenkins
Red Hat Developers
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red Hat
Amazon Web Services
 
Resilient microservices with Kubernetes - Mete Atamel
Resilient microservices with Kubernetes - Mete AtamelResilient microservices with Kubernetes - Mete Atamel
Resilient microservices with Kubernetes - Mete Atamel
ITCamp
 

Viewers also liked (10)

The top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorThe top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitor
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container Engine
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and Jenkins
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red Hat
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
 
OpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesOpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetes
 
Resilient microservices with Kubernetes - Mete Atamel
Resilient microservices with Kubernetes - Mete AtamelResilient microservices with Kubernetes - Mete Atamel
Resilient microservices with Kubernetes - Mete Atamel
 

Similar to Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1

Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
Etsuji Nakai
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Scaling Docker with Kubernetes
Scaling Docker with KubernetesScaling Docker with Kubernetes
Scaling Docker with Kubernetes
Carlos Sanchez
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
Gayan Gunarathne
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
Gayan Gunarathne
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 

Similar to Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 (20)

Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Containers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes LeoContainers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes Leo
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
 
Kubernetes Immersion
Kubernetes ImmersionKubernetes Immersion
Kubernetes Immersion
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.
 
Scaling Docker with Kubernetes
Scaling Docker with KubernetesScaling Docker with Kubernetes
Scaling Docker with Kubernetes
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
DevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesDevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to Kubernetes
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptx
 
Container Orchestration using kubernetes
Container Orchestration using kubernetesContainer Orchestration using kubernetes
Container Orchestration using kubernetes
 

More from Etsuji Nakai

TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
Etsuji Nakai
 

More from Etsuji Nakai (20)

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1

  • 1. Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K v1.2 2015/04/03
  • 2. 2 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 What's this document?  Kubernetes is now supported with Red Hat Enterprise Linux 7.1 (RHEL7.1) !  This documents describes the architecture overview of Kubernetes provided with RHEL7.1.  The description of OpenShift v3 is based on the Beta release. Details may change in the GA version.
  • 3. 3 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 $ who am i – The author of “Professional Linux Systems” series. • Translation offering from publishers are welcomed ;-) Self-study Linux Deploy and Manage by yourself Professional Linux Systems Deployment and Management Professional Linux Systems Network Management  Etsuji Nakai – Senior solution architect and cloud evangelist at Red Hat. Professional Linux Systems Technology for Next Decade
  • 4. 4 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Contents  Architecture of Kubernetes  Container deployment model  Definition file examples  Feature extension of OpenShift v3  References
  • 6. 6 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Server configuration etcd ・・・ Backend Database(KVS) Kubernetes Master Kubernetes Node (Minion) ・・・ Scale-out cluster Docker Docker Docker Add more minions if necessary. Docker Registry  Kubernetes manages multiple nodes (minions) from a single master. – Clustering of multiple masters is not available now. You may use active-standby configuration with standard HA tools for high availability. – etcd (KVS) is used as a backend database. It can be configured as a scale-out cluster.
  • 7. 7 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Network configuration etcd Kubernetes Master Docker Registry Configured as an overlay network. ・・・  Physical network is simple. Kubernetes works just by connecting all servers to a single service network.  However, you need to create an internal network for container communication using an overlay network. – You may use Flannel, Open vSwitch, etc. as an overlay technology. Service network 192.168.122.0/24 Minion docker0 Minion docker0 Internal network 10.1.0.0/16
  • 8. 8 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Internal network details  The internal network needs to be prepared independently from Kubernetes. – Flannel is the most convenient tool for this purpose.  Flannel configures an internal network as follows: – Assign non-overlapping subnets to the Linux bridge (docker0) of each minion. (eg. 10.1.x.0/24 with x=1,2,3,...) – Create a virtual interface "flannel.1" which works as a gateway to other minions. – Linux kernel on each minion transferes packets from/to flannel.1 using the VXLAN encapslation. (Flannel daemon "flanneld" provides necessary information for VXLAN processing to the kernel.) flannel.1 docker0 10.1.1.0/24 10.1.1.0 etn0 10.1.1.1 Gateway to 10.1.0.0/16 Encapsulation flannel.1 docker0 10.1.2.0/24 10.1.2.0 etn0 10.1.2.1 Gateway to 10.1.0.0/16 minion01 minion02 10.1.0.0/16 flanneld flanneld
  • 9. 9 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 External access etcd Kubernetes Master Minion Docker Registry Minion API requests Image upload ・・・ Service access  There are following cases for the external access. – API requests are sent to the master. – Services running on containers are accessed from minions' external IPs via proxy mechanism (described later.) – Docker registry is an independent component from Kubernetes. You may use a registry server running on a container. Service network Internal network
  • 11. 11 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Pod  Kubernetes launches containers in the unit of Pod. You specify the container images inside a pod when launching a new pod. – You can specify a single image when you want to launch a single container. – Kubernetes monitors the status of containers inside pods, and launches a new one in the case of failure. Container A Virtual NIC Container B Pod docker0  When you launch a container using Docker, a single NIC and private IP is assigned to it. However, with some options, you can launch multiple containers sharing the same NIC and private IP.  Kubernetes supports this configuration and a group of containers sharing the same NIC is called "pod". You can aggregate containers which need to communicate via localhost into a single pod. – eg. Pod with PostgreSQL container and pgadmin container. – eg. Pod with an apllication container which sends logs to syslog, and rsyslogd container. Linux Bridge
  • 12. 12 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Replication Controller  Replication controller activates the specified number of pods with the same configuration. The typical usecase is to run multiple web servers for the load balancing purpose. – The scheduler decides which minions are used to launch pods. – A new pod is launched in the case of failure to keep the number of active pods. – The number of pods can be dynamically changed. You may add an auto-scale mechanism on top of this.  You can launch a single pod with or without replication controller. – If you launch a pod with relication controller (with "number = 1"), you can change the number of pods later.
  • 13. 13 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Service  You need to define a service so that you can access the containers inside pods. An private and (optionally public) IP is assigned to each service. – You define a single service which aggregates the multiple pods running the same image. Access to the "IP + port" associated to a service is transferred to the backend pods with the round-robin manner.  When defining a service, you need to explicitly specify a port number. A "private IP" is automatically assigned. The private IP is used for accessing from other pods (not external uses.) – Access to the private IP is received by the proxy daemon running on the local minion, and transferred to the backend pods. – When launching a new pod, the private IPs and ports of existing services are set in the environment variables inside new containers. Pod ProxyThe local proxy daemon receives the packets to the private IP. Pod Proxy Round-robin access via the internal network. Pod Proxy Minion Minion Minion
  • 14. 14 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Minion External access to services Service access  You can specify multiple public IPs for each service. – By that, external users can access the service via multiple minions so that a specific minion does not become a SPOF. – External mechanism to select/load balance multiple minions is required. Typically, you can use the DNS load balancing. Pod Proxy The proxy daemon receives packets to service ports. Accessing to the minions' public IPs. Minion Pod Proxy Round-robin access via the internal network.  When defining a service, you need to specify "Public IPs" if you need to make it accessible from external users. – Public IPs' correspond to minions' IP addresses from which external uses can access the service. – The packets to the corresponding minions (for the service port) are received by the proxy daemon, and transferred to the backend pods.
  • 16. 16 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Launching a single pod  The following is an example definition to launch a single pod. – Resources defined in Kubernetes can be associated with any numbers of (key, value) labels. Labels are used to refer from other resources. – Resources defined in Kubernetes are associated with a namespace. Only the resources in the same namespace can be referred each other. { "kind": "Pod", "id": "apache", "apiVersion": "v1beta1", "labels": { "name": "apache" }, "namespace": "default", "desiredState": { "manifest": { "id": "apache", "restartPolicy": { "always": {} }, "version": "v1beta1", "volumes": null, "containers": [ { "image": "fedora/apache", "name": "my-fedora-apache", "ports": [ { "containerPort": 80, "protocol": "TCP" } ] } ] } } } Containers inside pod Label Namespace
  • 17. 17 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Launching multiple pods using replication controller  The following is an example to launch multiple pods using replication controller. { "kind": "ReplicationController", "id": "apache-controller", "apiVersion": "v1beta1", "labels": { "name": "apache-controller" }, "namespace": "default", "desiredState": { "replicaSelector": { "name": "apache" }, "replicas": 2, "podTemplate": { "desiredState": { "manifest": { "id": "apache", "containers": [ { "image": "fedora/apache", "name": "my-fedora-apache", "ports": [ { "containerPort": 80, "protocol": "TCP" } ] } ], "restartPolicy": { "always": {} }, "version": "v1beta1", "volumes": null } }, "labels": { "name": "apache" } } } } Definition of pod The label of pods to be managed with this controller.
  • 18. 18 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Associating a service to existing pods  The following is an example to associate a service to existing pods. – Label is used to specify the backend pods. – You need to specify the pair of ports (an externally visible port and a corresponding container port.) – Public IPs are required if you need to make it accessible from external users. { "kind": "Service", "id": "frontend", "apiVersion": "v1beta1", "labels": { "name": "frontend" }, "namespace": "default", "selector": { "name": "apache" }, "containerPort": 80, "port": 999, "publicIPs": [ "192.168.122.10", "192.168.122.11" ] } Label of pods to associate the service. Public IPs
  • 19. Feature extension of OpenShift v3
  • 20. 20 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 Feature extensions of OpenShift v3  OpenShift v3 utilizes Kubernetes as an internal engine. It will provide the following feature extensions compared to the "bare" Kubernetes. – Internal network with Open vSwitch. • Flannel are not good at high latency communication. OpenShift v3 uses Open vSwitch to provide VXLAN overlay network for high latency communication. – Transparent service access with service URL. • External users need to use minion's IP addresses to access services running inside pods. OpenShift v3 associates an unique URL to each service, and external users can access the service via the service URL. – Multi-tenancy • OpenShift v3 provides the multi-tenant interface utilizing the namespace feature of Kubernetes. – Source to Image automation • The container images should be built and uploaded outside Kubernetes. OpenShift v3 provides the automated image build feature, like, "pushing source codes to git, running unit tests, building images, uploading to the registry."
  • 22. 22 Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 References  OpenShift v3 Internal networking details – http://www.slideshare.net/enakai/openshift-45465283