Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Head First to Container&Kubernetes

104 views

Published on

Introduction what is container and how to use it. staring from the comparison to virtual machine and also show how to use the persistent storage and port mapping in containers.
In the last part, shows what is kubernetes and what kind of problems kubernetes want to solve and how it solves.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Head First to Container&Kubernetes

  1. 1. Head First container&kubernetes
  2. 2. hung-wei chiu Microsoft MVP Devops @ Thundertoken Co-organizer of SDNDS-TW Co-organizer of CNTUUG Network/Kubernetes/SDN https://blog.hwchiu.com
  3. 3. Container ?
  4. 4. What ? Why ? How ?
  5. 5. Container ✖Chroot ✖LXC (Linux Container) ✖Jail ✖Docker ✖Rkt ✖CRI-O ✖…
  6. 6. https://www.youtube.com/watch?v=YkBk52MGV0Y
  7. 7. https://www.youtube.com/watch?v=YkBk52MGV0Y
  8. 8. https://www.youtube.com/watch?v=YkBk52MGV0Y
  9. 9. Container / VM https://blog.docker.com/2018/08/containers-replacing- virtual-machines/
  10. 10. Container / VM https://blog.docker.com/2018/08/containers-replacing- virtual-machines/
  11. 11. Relationship between VMs/Containers ✖Containers Are More Agile then VMs ✖Containers Enable Hybrid and Multi- Cloud Adoption ✖Integrate Containers with Your Existing IT Process ✖Containers Save on VM Licensing ✖What About Bare Metal ✖What About Security https://blog.docker.com/2018/08/containers-replacing- virtual-machines/
  12. 12. Resource isolation https://blog.docker.com/2018/08/containers-replacing- virtual-machines/
  13. 13. How Docker Works ✖Mount namespaces ✖IPC namespaces ✖PID namespaces ✖Network namespace ✖User namespaces ✖UTS namespaces
  14. 14. How to start ✖Prepare docker image ○ Pull from internet ○ Build by yourself ✖Create container based on image.
  15. 15. How to start ✖Prepare docker image ○ Pull from internet ○ Build by yourself ✖Create container based on image.
  16. 16. Sudo docker images
  17. 17. Docker run ✖docker run -d --name ubuntu hwchiu/netutils ✖docker run -d -p 6379:6379 --name redis redis:5.0 ✖ sudo bash kubeDemo/docker/run.sh
  18. 18. Docker exec ✖sudo docker exec –it ubuntu bash ✖Process ○ Ps auxw ✖Mount ○ Mount ✖Network ○ Ifconfig
  19. 19. Connect to other container. ✖ping 172.18.0.3 ✖Ping 172.18.0.2 ✖Ping 172.18.0.1 ✖redis-cli -h 172.18.0.2 ○ Connect to container directly ✖redis-cli -h 172.18.0.1 ○ Connect to host and forward by iptables
  20. 20. Storage ✖Mount data from outside ○ -v source:dest ✖ sudo docker run -d --name test -v ~/kubeDemo/:/kubeDemo hwchiu/netutils ✖sudo docker exec –it test bash ○ ls /kubeDemo
  21. 21. How to use docker ✖Prepare the image you want ✖Run container from the image ✖Connect to container by network ✖Mount directory/file
  22. 22. How Container Works ?
  23. 23. OS Docker BusyBox b1 Docker run --name b1 hwchiu/netutils OS Docker BusyBox b2 touch … apk add … empty Docker run --name b2 hwchiu/netutils
  24. 24. We Need To Know How Container Works First
  25. 25. Image, series of read-only layers
  26. 26. DockerFile Image RUN APK add …. COPY RUN Yarn … a1b2c3d3xxxxx a1b2c3d3xxxxx a1b2c3d3xxxxx
  27. 27. Image Container 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e Read Only 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e https://docs.docker.com/glossary/?term=Union%20file %20system Container Layer Read Write Storage Driver Storage Driver Storage Driver Storage Driver
  28. 28. Container https://docs.docker.com/glossary/?term=Union%20file %20system Container Layer Container Container Layer Container Container Layer Read Write Read Write Read Write Read Only 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e
  29. 29. When the container is deleted, the writable layer is also deleted.
  30. 30. The underlying image remains unchanged
  31. 31. So, Persistent Data ?
  32. 32. https://docs.docker.com/storage/volumes/
  33. 33. Docker volume create vol Docker run –d –v vol:/app nginx Docker run –d -v /home/nginx:/app nginx
  34. 34. How about advance storage functions ?
  35. 35. Storage feature ✖Snapshot ? ✖Dedup (de duplicated) ✖Replica ✖Redundant (RAID?) ✖FileSystem (EXT4/BTRFS/ZFS?) ✖Read/Write Cache ? ✖LVM ?
  36. 36. Networking
  37. 37. Container -> WAN WAN -> Container Container -> Container
  38. 38. OS Docker Nginx OS Docker Nginx BusyBox WAN OS Docker Nginx WAN
  39. 39. Docker Use Bridge Network To Provide Network Connectivity by default.
  40. 40. Linux bridge/Kernel Routing/Gateway/Iptables …
  41. 41. br0 br0 br0br0br0 Container vth1 vth1vth1 Linux Host Linux Host Linux Host Linux HostLinux HostLinux Host ContainerContainerContainer vth0vth0vth0
  42. 42. Network namespace demo ns ns eth0eth0 br0vth0 vth0 1.2.3.4 1.2.3.1 1.2.3.5
  43. 43. Docker run –p 6379:6379 nginx
  44. 44. ✖Sudo iptables-save –t nat | grep DOCKER
  45. 45. How About Advanced Networking Features?
  46. 46. Docker provides the basic functionality of storage/network
  47. 47. Docker-compose
  48. 48. Docker compose ✖Use a YAML to configure your application’s services. ✖Running multi-container applications. ✖Friendly for VCS/CI/CD
  49. 49. Docker-compose up version: '3' services: app: image: hwchiu/netutils:latest networks: - redis-net depends_on: - redis redis: image: redis:5.0 hostname: redis networks: - redis-net networks: redis-net:
  50. 50. Containers Cluster ?
  51. 51. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Network Connectivity
  52. 52. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Shared Storage Data Sync
  53. 53. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Disaster Recovery OS Docker Nginx OS Docker Redis OS Docker Backend 2 Backend 1
  54. 54. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Load Balancing/Virtual Hosting Backend 1
  55. 55. Access Control Service Discovery Computing Resources (CPU/GPU) Service Mesh Container Deployment ……
  56. 56. Container Orchestrator ?
  57. 57. https://kubernetes.io/docs/home/
  58. 58. Kubernetes is becoming the Linux of the cloud Jim Zemlin, Linux Foundation
  59. 59. Before kubernetes ✖Google has been running containerized workloads in production. ○ Virtually everything runs as a container. ✖Borg: The predecessor to Kubernetes ○ Long-rumored internal container- oriented cluster-management system. ○ Pod ○ Services ○ Label https://kubernetes.io/blog/2015/04/borg-predecessor-to- kubernetes/
  60. 60. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH
  61. 61. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH I want to deploy a container
  62. 62. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Find a target node
  63. 63. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Dispatch Container
  64. 64. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Running Container
  65. 65. Scheduler
  66. 66. Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 2 Host 3 Host 4 Host 5 Host 6 Host 6 Predicate Priority Select
  67. 67. https://docs.google.com/presentation/d/1Gp- 2blk5WExI_QR59EUZdwfO2BWLJqa626mK2ej- huo/edit#slide=id.g1e639c415b_0_56
  68. 68. Core Primitives
  69. 69. DaemonSet Node ConfigMap StatefulSet Job Labels Replica Set Secret Deployment Ingress Service Network Policy CRD POD
  70. 70. Workloads ✖Pod ✖Deployment ✖Daemon Set ✖Job ✖Cron Job ✖Stateful Set ✖Replica Set
  71. 71. pod ✖A single instances of application in Kubernetes ✖Group of containers ✖Those containers shares ○ IP address ○ File System ○ Network namespace
  72. 72. pod https://kubernetes.io/docs/concepts/workloads/pods/po d/
  73. 73. Pod ✖cd kubeDemo/services/application ✖kubectl apply –f ubuntu.yml ✖kubectl get pods –o wide ○ Get the IP address of that pod. ✖kubectl describe pod ubuntu ○ Show pod detail ✖kubectl exec –it ubuntu bash ○ Like `docker exec …` ✖kubectl delete pod ubuntu ○ kubectl get pods
  74. 74. replica Set ✖Maintain a stable set of replica Pods running at any given time. ✖Guarantee the availability of a specified number of identical Pods.
  75. 75. Replica Set replica=3 Node Node Node Node Pod Pod Pod
  76. 76. deployment ✖Rollouts as a Service ✖Update ○ Rolling update ○ Recreate ✖Manage Replica Set and Pod
  77. 77. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment
  78. 78. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment Deployment - replicas: 0 - version: v2 Replica Set replica=0 Deployment
  79. 79. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment Deployment - replicas: 1 - version: v2 Replica Set replica=1 Pod Deployment
  80. 80. Deployment - replicas: 2 - version: v1 Replica Set replica=2 Pod Pod Deployment Deployment - replicas: 1 - version: v2 Replica Set replica=1 Pod Deployment
  81. 81. Deployment - replicas: 2 - version: v1 Replica Set replica=3 Pod Pod Deployment Deployment - replicas: 2 - version: v2 Replica Set replica=2 Pod Pod Deployment
  82. 82. Deployment - replicas: 1 - version: v1 Replica Set replica=1 Pod Deployment Deployment - replicas: 2 - version: v2 Replica Set replica=2 Pod Pod Deployment
  83. 83. Deployment - replicas: 1 - version: v1 Replica Set replica=1 Pod Deployment Deployment - replicas: 3 - version: v2 Replica Set replica=3 Pod Pod Pod Deployment
  84. 84. Deployment - replicas: 0 - version: v1 Replica Set replica=0 Deployment Deployment - replicas: 3 - version: v2 Replica Set replica=3 Pod Pod Pod Deployment
  85. 85. Deployment ✖cd kubeDemo/services/deployment ✖kubectl apply –f redis.yml ✖kubectl get pods –o wide ○ Get the IP address of all pod. ✖kubectl exec –it redis-xxx bash ○ Like `docker exec …` ✖kubectl delete pod redis-xxxx ○ kubectl get pods ✖kubectl get pods –o wide ○ Get the IP address of all pod.
  86. 86. Network
  87. 87. network ✖Network Connectivity ○ Container to Container (Same Node) ○ Container to Container (Cross Node) ✖Service ○ Wan to Container ✖Ingress ○ Wan to Container ✖Network Policy
  88. 88. Network connectivity ✖Container Network Plugin (CNI) ✖Container to Container (Same Node) ○ Simplest approach is bridge mode ○ Same as Docker default network ✖Container to Container (Cross Node) ○ Overlay Network (VXLAN/GRE) ○ L3 Routing ○ … etc
  89. 89. Pod network ✖Group of Containers share same network environment ✖Communicate by localhost ○ Use same IP address ○ Port conflict ✖How does it works ?
  90. 90. Pod network Container Nginx Container Redis Pod eth0 172.17.17.2 :80 :1234
  91. 91. Pod infrastructure Pod 172.17.17.2 PID/Network/UTC Namespace Container Pause eth0
  92. 92. Pod infrastructure Pod 172.17.17.2 PID/Network/UTC Namespace Container Pause eth0 Container Nginx Container Redis All user-defined containers are attached to Pause container.
  93. 93. Kubernetes Service
  94. 94. Kubernetes Service
  95. 95. Before We Talk About Service, We Must Know Why Service Exist.
  96. 96. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.58
  97. 97. Access ✖How does application access those Nginx servers? ✖IP address ○ 10.123.234.56:80 ○ 10.123.234.57:80 ○ 10.123.234.58:80
  98. 98. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.58
  99. 99. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.75
  100. 100. That’s Why We Need Service
  101. 101. Service Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster 10.123.234.56 10.123.234.57 10.123.234.58 App Service Nginx
  102. 102. Service ✖Application to Service ○ We use the DNS to access the service. ○ $(service).$(namespace).cluster.local ✖Service to Pods ○ Service maintains all IP addresses of all Pods. ○ We call it endpoints
  103. 103. services ✖cd kubeDemo/services/service ✖kubectl apply –f redis-cluster ✖kubectl get svc ○ Get service detail ✖kubectl exec –it ubuntu bash ○ Like `docker exec …` ○ nslookup redis-cluster
  104. 104. summary ✖Kubernetes use CNI to provide the basic network function for Pods ✖Service provide a DNS entry for all backend servers
  105. 105. Kubernetes Limitation
  106. 106. Ask Yourself Before Using it
  107. 107. Do I Really Need Kubernetes ?
  108. 108. How Powerful Kubernetes Is ?
  109. 109. Flexible Infrastructure ✖Plugin Based ○ Container Runtime Interface ○ Device Plugin ○ Container Storage Interface ○ Container Network Interface ✖Developing life cycle ✖Support by third-party
  110. 110. https://docs.google.com/presentation/d/1Gp- 2blk5WExI_QR59EUZdwfO2BWLJqa626mK2ej- huo/edit#slide=id.g1e639c415b_0_56
  111. 111. Container Runtime Interface
  112. 112. CRI ✖Is container omniscient ? ✖Containerlized applications ○ Dockerfile ? ○ Refactor? ✖Treat container as Virtual Machine ✖Micro Service ?
  113. 113. Device Plugin ✖Third-party plugin ○ Nvidia GPU ○ RDMA ○ SRIOV ○ AMD GPU ○ Intel GPU/FPGA/Quick-Assist ✖Are those plugin production-ready ? ○ Stable?
  114. 114. GPU ✖GPU Device Plugin ✖GPU virtualization ✖GPU Dispatches ○ Node1: 1 ○ Node2: 1 ○ Node3: 0 ✖Pod require 2 GPU ○ ? ✖Two Pods use 1 GPU in Node 1 ○ ?
  115. 115. GPU ✖https://github.com/AliyunContainerS ervice/gpushare-scheduler-extender ✖https://github.com/NVIDIA/k8s- device-plugin
  116. 116. Storage ✖Container Storage Interface ✖Connect to storage provider ✖Can kubernetes handle all storage issues ?
  117. 117. Storage ✖FileSystem ○ Zfs/ext4/btrfs/…etc ✖Block Device ✖Distributed FS ○ Ceph/GlusterFS/BeeGFS ✖RAID/LVM ✖Read/Write Cache
  118. 118. Summary ✖Kubernetes doesn’t provide any storage function. ✖It rely on backend storage provider. ✖Choose a proper storage to meet your requirement ✖Learn the concept/knowledge about storage
  119. 119. Network ✖Container Container Interface ✖A binary to setup the networking function ✖Can kubernetes handle all networking issues ?
  120. 120. Network ✖Network Topology ○ Fat-Tree, Leaf-Spine, ○ LAG, MC-LAG, Bonding ✖Routing related ○ BGP, OSPF, DSR, RIP ○ ECMP ✖Network protocol ○ IPv4/IPv6/Multicast/Broadcast/TCP/UDP /MPTCP/STCP/QUIC ✖Network tools ○ Iptables/tun/tap
  121. 121. Network ✖SDN concept ○ Switch ○ Controller ✖Logical Network ○ VLAN/VXLAN/GRE/NVGRE ✖High Performance Network ○ DPDK/RDMA/Smart NIC
  122. 122. What you want? ✖IPv4 Address ○ Multiple addresses? ✖Connect to Host ○ Veth ○ Host-local ○ SRIOV ? ✖Routing ○ Static/Dynamic ✖Overlay network
  123. 123. summary ✖CNI provide the network connectivity ✖Service/Ingress may conflict with CNI ✖Need experience to debug networking issues
  124. 124. summary ✖Know what you want first ✖Evaluation ✖Check third-party solution ○ Production Ready? ○ Testing? ✖Check your resources
  125. 125. https://blog.coscup.org/2019/04/2019-cfp-open.html#sdncloudnativego

×