Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It was originally developed by Google based on years of experience running production workloads at scale. Kubernetes groups containers into logical units called pods and handles tasks like scheduling, health checking, scaling and rollbacks. The main components include a master node that manages the cluster and worker nodes that run application containers scheduled by the master.
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
An in depth overview of Kubernetes and it's various components.
NOTE: This is a fixed version of a previous presentation (a draft was uploaded with some errors)
Soft Introduction to Google's framework for taming containers in the cloud. For devs and architects that they just enter the world of cloud, microservices and containers
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
An in depth overview of Kubernetes and it's various components.
NOTE: This is a fixed version of a previous presentation (a draft was uploaded with some errors)
Soft Introduction to Google's framework for taming containers in the cloud. For devs and architects that they just enter the world of cloud, microservices and containers
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Accelerate your software development with DockerAndrey Hristov
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques et très organisationnel
Containers and workload security an overview Krishna-Kumar
Beginner Level Talk - Presented at Bangalore container conf 2018 - Containers and workload security an overview. Hope it get starts your container security journey :-)
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
Docker provides an integrated and opinionated toolset to build, ship and run distributed applications. Over the past year, the Docker codebase has been refactored extensively to extract infrastructure plumbing components that can be used independently, following the UNIX philosophy of small tools doing one thing well: runC, containerd, swarmkit, hyperkit, vpnkit, datakit and the newly introduced InfraKit.
This talk will give an overview of these tools and how you can use them to build your own distributed systems without Docker.
Patrick Chanezon & David Chung, Docker & Phil Estes, IBM
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques est principalement organisationnelle.
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.
Containers in depth – Understanding how containers work to better work with c...All Things Open
Presented by: Brent Laster
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Containers are all the rage these days – from Docker to Kubernetes and everywhere in-between. But to get the most out of them it can be helpful to understand how containers are constructed, how they depend and interact with the operating system, and what the differences and interactions are between layers, images, and containers. Join R&D Director, Brent Laster as he does a quick, visual overview of how containers work and how applications such as Docker work with them.
Topics to be discussed include:
• What containers are and the benefits they provide
• How containers are constructed
• The differences between layers, images, and containers
• What does immutability really mean
• The core Linux functionalities that containers are based on • How containers reuse code
• The differences between containers and VMs
• What Docker really does
• The Open Container Initiative
• A good analogy for understanding all of this
Michigan IT Symposium 2017 - Container BOFJeffrey Sica
Development with Containers
Moderator: Jeffery Sica
Orchestration and Management with Containers
Moderator: Bob Killen
The Container has revolutionized how many industries and enterprises develop and deploy software and services. While the promise of containers to improve reliability, reproducibility and sharing application is helping to drive this adoption, there are still questions and concerns that are holding back broader adoption. In this BOF we will provide an opportunity for the Michigan IT community to engage with the local leaders in this area that are developing solutions and promoting the container model in their units
This BoF has been broken into two high-level topics: Development with Containers that is geared toward developers working with and implementing containerized applications, and Orchestration and Management with Containers that is geared toward sysadmins that are hosting and maintaining production-level containers. There will be an overview followed by an interactive period where the audience can ask questions of our experts and share their experiences with others. A key goal of these sessions is to understand and develop an agenda for solving questions and concerns that are holding back broader adoption.
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
Eco System Building Presentation at SODACODE, May 2022.
URL at Sched by Linux Foundation: https://static.sched.com/hosted_files/sodacode2022/da/Day1_S12_SODACODE2022_SODAAmbassadorsEcosystem%20%281%29.pdf
This presentation is delivered as part of the Faculty training program at Kristu Jayanthi College, Bangalore. The intent was to help students build competency and contribute to open source projects. Also which will eventually help them to build professional career in open source connected domains.
This event was organized by the SODA Foundation and lots of fabulous speakers delivered the series. Thank you SODA!!!!
This work is part of the open source testbed setup for Cloud interoperability & portability. Cloud Security Workgroup will further review and generate complete working set as we move along. This is part I of the effort.
Cloud Native Use Cases / Case Studies - KubeCon 2019 San Diego - RECAPKrishna-Kumar
From KubeCon / CloudNativeCon 2019 customer stories, case studies, use cases - RECAP. Kubernetes & CNCF project use cases summary presented in Bangalore CNCF Meetup.
Cloud interoperability and open standards for digital india open infrasummitKrishna-Kumar
Open Infrastructure Summit Shanghai 2019 Presentation - Describes Cloud interoperability efforts in Digital India with multiple uses cases. A joint Taskforce effort by TSDSI - CCICI.
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.
KubeCon + CloudNativeCon Barcelona and Shanghai 2019 - HighlightsKrishna-Kumar
Presented in Bangalore CNCF Meetup - Summary & Highlights of KubeCon + CloudNativeCon 2019 - Barcelona & Shanghai. Several resource links are provided for further exploration of both the events.
This session was part of the IEEE Bangalore Section webinar organized to orient interested parties to the standards development world. The link to this slide deck is refereed from the other slide deck posted adjacent to this.
KubeCon CloudNativeCon Seattle 2019 Recap - General overview and also summary of some of the application deployment track (App sig, Operator Framework, Helm, Kustomize, CNAB).
Open Source Edge Computing Platforms - OverviewKrishna-Kumar
IEEE 11th International Conference - COMSNETS 2019 - Last MilesTalk - Jan 2019. This talk is for Beginner or intermediate levels only. Kubernetes and related edge platforms are discussed.
cncf overview and building edge computing using kubernetesKrishna-Kumar
Open Source India Conference 2018 Presentation to the general audience - not a deep technical talk. Narrated like a story for make it interesting......
CNCF general introduction to beginners at openstack meetup Pune & Bangalore February 2018. Covers broadly the activities and structure of the Cloud Native Computing Foundation.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Evolution of containers to kubernetes
1. Evolution of Containers to
Krishna Kumar, CNCF Ambassador India & Shivram Srivastava, Open Source Maintainer k8s
A presentation at
Contents & pictures are taken from the web; Will be used for education purpose only
2. Contents
• Evolution of Containers!
• LXC to Docker …
• Kubernetes
• Architecture
• Components
• Use cases
• More…
3.
4. Where does all it comes from?
• LXC (LinuX Containers) was the first, most complete implementation of
Linux container manager. It was implemented in 2008 using cgroups
and Linux namespaces, and it works on a single Linux kernel without
requiring any patches. early stages and later replacing it with its own
implementation.
• The LXC containers that are now part of every Linux distribution were
founded on Google’s work in 2006 -
https://linuxacademy.com/blog/containers/history-of-container-
technology/
• When Docker emerged in 2013, containers exploded in popularity. It’s no
coincidence the growth of Docker and container use goes hand-in-
hand. Docker used LXC in its initial stages and later replaced that container
manager with its own library, libcontainer. But there’s no doubt that
Docker separated itself from the pack by offering an entire ecosystem for
container management.
• Brief history of Containers - https://dzone.com/articles/evolution-of-
linux-containers-future
https://content.pivotal.io/infographics/moments-in-container-history
5. Container Evolution: Moving from Chroot to Namespaces
chroot
Chroot jails were the earliest isolation
mechanisms. Chroot offers file system
level abstraction and prevents
applications from interfering with each
other.
There was problem with chroot: The
chroot can be broken by root users.
Applications in different namespaces
could still interfere in many ways. Also
Start some programs (with some
overlapping name) from two shells
chrooted to two different directories.
Execute ps –ef | grep “<overlapping
portion>” from one bash shell and kill
all the PID’s corresponding to the
matching results (a typical termination
program), will kill program in other
bash shell.
5
namespaces
The name spaces are IPC, PID, hostname, User,
Mount, network
Application isolation by manipulate certain system
attributes - e.g: clone(), unshared(), setns(), execute the
bash shell in separate PID, mount proc file system
namespaces, kill the init process of the child
namespace, etc.
6. Container Evolution: cgroups – Resource Limiting
• Handles resource quota allocation. It associates “subsystems” – which are kernel modules
that meter the system resources such as (cpu and memory) to “hierarchies of ‘cgroups’” –
which are user-defined rules to restrict resource usage of processes. Some of the cgroup
subsystems are:
o blkio — this subsystem sets limits on input/output access to and from block devices
such as physical drives (disk, solid state, or USB).
o cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU.
o cpuacct — this subsystem generates automatic reports on CPU resources used by
tasks in a cgroup.
o cpuset — this subsystem assigns individual CPUs (on a multicore system) and
memory nodes to tasks in a cgroup.
o devices — this subsystem allows or denies access to devices by tasks in a cgroup.
o freezer — this subsystem suspends or resumes tasks in a cgroup.
o memory — this subsystem sets limits on memory use by tasks in a cgroup and
generates automatic reports on memory resources used by those tasks.
o net_cls — this subsystem tags network packets with a class identifier (classid) that
allows the Linux traffic controller (tc) to identify packets originating from a particular
cgroup task.
o net_prio — this subsystem provides a way to dynamically set the priority of network
traffic per network interface.
o ns — the namespace subsystem.
o perf_event — this subsystem identifies cgroup membership of tasks and can be used
for performance analysis.
6
A cgroup example:
7. Container Evolution: LXC Architecture
7
- LXC abstracts the complexities of configuring the cgroups
and namespaces and helps to automate the process.
- LXC (Linux Containers) is an operating-system-level
virtualization method for running multiple isolated Linux
systems (containers) on a control host using a single Linux
kernel. “LXC” refers to capabilities of the Linux kernel (specifically
namespaces and control groups) which allow sandboxing
processes from one another, and controlling their resource
allocations.
- Kernel features for containers: Isolated Namespaces: (Audit,
System, Device, Time, Taskcount), Watch mount points, root level
permissions, file system read only privilege for Copy-on-write, Use
resource limitation feature, Avoid running container with User ID
= 0; harden OS,
8. Major Container Types….
Docker: The most popular container OS - a lightweight, portable, self sufficient LXC container that can run virtually anywhere. It has layered container
image, global container registry, Cluster management, CLI/Rest API connections.
Rocket: From CoreOS/RedHat, Rocket has more rigorous security, app container specifications. Also developed flannel, etcd to support container
orchestration.
Photon: Photon OS is a minimal Linux container host, optimized to run on VMware platforms. Compatible withDocker, and Kubernetes.
Garden: From Pivotal Cloud Foundry. Garden (Warden) is a platform-agnostic Go API for container creation and management, with pluggable back ends
for different platforms and runtimes.
Mesos Containers: MesosContainerizer provides lightweight containerization and resource isolation of executors using Linux-specific functionality such
as control cgroups and namespaces.
Windows Containers: Two different run times - Windows Server Containers which uses shared kernel space and Hyper-V Isolation Containers which run
each container in a optimized virtual machine (e.g: Windows 10 containers)
IBM Nabla Container: Cut down OS system calls to a bare minimum with as little code as possible. This is expected to decrease the surface area available
for an attack. Make use of Library OS (unikernel techniques) and use only 9 system calls; the rest are blocked through linux seccomp policy.
Google gVisor: User-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an OCI runtime
called runsc that provides an isolation boundary between the application and the host kernel.
Kata Containers: standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload
isolation and security advantages of VMs. It is designed to be architecture agnostic, run on multiple hypervisors and be compatible with the OCI.
ConrtainerD: It is an industry-standard core container runtime available as a daemon for Linux and Windows, which can manage the complete container
lifecycle of its host system. It uses runC to run containers according to the OCI specification.
OCI: Open Container Initiative -currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec).
The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an
OCI Image then unpack that image into an OCI Runtime filesystem bundle. 8
9. Container Platform - Docker
Docker is a platform and tool for building, distributing,
and running container.
Docker means a person who docks, shipping docks.
Docker Inc is a private company which handles all
aspects of Docker. https://www.docker.com/
Docker's open source components are
generally licensed under the Apache 2.0 license. Written in
GO language.
Docker also has Enterprise commercial product.
In 2008, Solomon Hykes and few others started
dotcloud and eventually it becomes Docker, Inc. the
company revolutionize the cloud industry.
9
10. How to Build Docker Image
• An image is an inert, immutable, file that's
essentially a snapshot of a
container.Images are created with the build
command, and they'll produce a container
when started with run. Images are stored in
a Docker registry such as
registry.hub.docker.com
• Docker can build images automatically by
reading the instructions from a Dockerfile, a
text document that contains all the
commands you would normally execute
manually in order to build a Docker image.
• https://docs.docker.com/engine/reference/co
mmandline/images/
12
FROM keyword tells which image is your image based on
COPY instruction copies new files/directories from <src> and
adds to the filesystem of the container at the path <dest>
EXPOSE listens on the specified network ports at runtime
(does not make the ports of the container accessible to the
host)
CMD provide defaults for an executing container. There can be
only one cmd in a Dockerfile. If multiple CMDs are there, then
only the last cmd will take effect
To build the image name “nginx:latest_image “ from current
directory where dockerfile is residing; run
docker build –t nginx:latest_image .
Sample Docker File
11. Docker Registry
• Create an account in Docker Hub. Push the image which you tagged. Docker hub account would contain the pushed image.
• One can pull the image and run a container using the image.
• https://docs.docker.com/registry/
• https://blog.octo.com/en/docker-registry-first-steps/
13
14. From Virtualization to Cloud Native
16
Containers
Cloud
Native
Open
Source
IaaS
PaaS
Open
Source
PaaS
Virtualiza-
tion
2000 2001 2006 2009 2010 2011
Non-
Virtualized
Hardware
2013 2015
IaaS
15. Container Orchestration Engines
Kubernetes is a orchestration system for running Docker and
other containers.
Some other leading container orchestration Engines (like Kubernetes):
Mesosphere Mesos
Docker Swarm
Hashicorp Nomad
Netflix Titus
Racher Cattle
Pivotal Cloud Foundry
Amazon ECS
Deis (Microsoft acquired it)
Cisco Mantl
Kontena Pharos
https://medium.freecodecamp.org/how-to-choose-the-right-container-orchestration-and-how-to-deploy-it-41844021c241
16. CNCF is an open source software foundation (under Linux foundation) dedicated to making cloud native computing universal and sustainable. Cloud
native computing uses an open source software stack to deploy applications as microservices, packaging each part into its own container, and
dynamically orchestrating those containers to optimize resource utilization. Cloud native technologies enable software developers to build great
products faster. The following projects are under the foundation:
18
• Platinum members:
Orchestration
Incubating Sandbox
Service
Mesh
Storage
Networking
API
Service
Discovery
Distributed
Tracing
Service Mesh
Software
Update Spec
StorageSecurity
Logging Remote
Procedure Call
Monitoring
Distributed
Tracing API
Container
Runtime
Messa
ging
Iden
tity
Spec
Identit
y
Poli
cy
Graduated
Server
less Tooling
Container
Runtime
Package
Manageme
nt
Harbor
Registry
Open
Metrics
TIKV
Key-Value
Store
20. Evolution of Kubernetes!!
• Borg – original paper -
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43438.pd
f
• Omega – original paper -
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/41684.pd
f
• Borg: The Predecessor to Kubernetes - https://kubernetes.io/blog/2015/04/borg-predecessor-
to-kubernetes/
• Lessons learned from three container management system over a decade at Google - Borg,
Omega, and Kubernetes - https://storage.googleapis.com/pub-tools-public-publication-
data/pdf/44843.pdf
• Kubernetes (κυβερνήτης, Greek for "governor", "helmsman" or "captain") was founded by Joe
Beda, Brendan Burns and Craig McLuckie, was quickly joined by other Google engineers
including Brian Grant and Tim Hockin, and was first announced by Google in mid-2014.
• Kubernetes is also referred to as k8s, as there are 8 characters between k and s.
• Kubernetes celebrates its birthday every year on 21st July. Kubernetes 1.0 was released on July
21 2015. Generally licensed under the Apache 2.0 license. Written in GO language.
• In July 2015, Google along with Twitter, IBM, Intel, Cisco, and Goldman Sachs, among others
announced creating CNCF and inducted kubernetes as the first project in it.
• Aug 2018, Google sets Kubernetes free with $9m in its pocket for expenses - Google shifting
the ownership of Kubernetes cloud resources to CNCF.
“Kubernetes is an open-source system for automating deployment, scaling, and
management of containerized applications. It groups containers that make up an
application into logical units for easy management and discovery.”
21. K8s - Main features
23
• Open source & run anywhere
• Group containers in to logical units
• Easy management & Discovery
• Self healing
• Scaling – Planet size (billions of containers in a week)
• Serverless with server
• Optimize resource usage
• Multi Clouds
Automatic bin-packing
Kubernetes automatically schedules the containers based on resource usage and constraints, without sacrificing the availability.
Self-healing
Kubernetes automatically replaces and reschedules the containers from failed nodes. It also kills and restarts the containers which do not respond to health checks, based on
existing rules/policy.
Horizontal scaling
Kubernetes can automatically scale applications based on resource usage like CPU and memory. In some cases, it also supports dynamic scaling based on customer metrics.
Service discovery and Load balancing
Kubernetes groups sets of containers and refers to them via a Domain Name System (DNS). This DNS is also called a Kubernetes service. Kubernetes can discover these services
automatically, and load-balance requests between containers of a given service
Automated rollouts and rollbacks
Kubernetes can roll out and roll back new versions/configurations of an application, without introducing any downtime.
Secrets and configuration management
Kubernetes can manage secrets and configuration details for an application without re-building the respective images. With secrets, we can share confidential information to
our application without exposing it to the stack configuration, like on GitHub.
Storage orchestration
With Kubernetes and its plugins, we can automatically mount local, external, and storage solutions to the containers in a seamless manner, based on software-defined storage
(SDS).
Batch execution
Besides long running jobs, Kubernetes also supports batch execution.
Every 3 months there is one release.
https://kubernetes.io/docs/setup/release/
notes/
22. K8s Architecture
One or more master nodes
One or more worker nodes
Distributed key-value store, like etcd
https://kubernetes.io/docs/concepts/
https://kubernetes.io/docs/home/
https://www.slideshare.net/RedHatDevelopers/kubernetes-introduction-86540172 24
23. Pod Concept…
25
• Pod – Multiple containers share
IP/storagevolume/resources/secrets/
labels/Lifecycle – Define as a YAML
• Service – Groups of pods act as one
service with IP and DNS name
• Label – Key/value pair associated
with k8s objects like Pod.
• https://kubernetes.io/docs/concepts
/workloads/pods/pod-overview/
24. 26
The master node is responsible for managing the Kubernetes cluster, and it
is the entry point for all administrative tasks.
1. API server
2. Scheduler
3. Controller manager
4. etcd.
A worker node is a machine (VM, physical server, etc.) which runs the
applications using Pods and is controlled by the master node. Pods are
scheduled on the worker nodes, which have the necessary tools to run and
connect them. A Pod is the scheduling unit in Kubernetes. It is a logical
collection of one or more containers which are always scheduled together.
To run and manage a container's lifecycle, we need a container runtime on
the worker node. Some container runtimes are: containerd, rkt, lxd, docker.
We will explore them further in later chapters.
1. Container runtime
2. kubelet
3. kube-proxy
kubectl – Command Line interface (CLI)
K8s Components
25. Master Node Components
27
1. API server
• All the administrative tasks are performed via the API
server within the master node. A user/operator sends REST
commands to the API server, which then validates and
processes the requests. After executing the requests, the
resulting state of the cluster is stored in the distributed key-
value store.
2. Scheduler
• schedules the work to different worker nodes. The scheduler
has the resource usage information for each worker node. It
also knows about the constraints that users/operators may
have set, such as scheduling work on a node that has the
label disk==ssd set. Before scheduling the work, the scheduler
also takes into account the quality of the service requirements,
data locality, affinity, anti-affinity, etc. The scheduler schedules
the work in terms of Pods and Services.
3. Controller manager
• Manages different non-terminating control loops, which
regulate the state of the Kubernetes cluster. Each one of these
control loops knows about the desired state of the objects it
manages, and watches their current state through the API
server. In a control loop, if the current state of the objects it
manages does not meet the desired state, then the control
loop takes corrective steps to make sure that the current state
is the same as the desired state.
4. etcd
• Is a distributed key-value store which is used to store the
cluster state. It can be part of the Kubernetes Master, or, it can
be configured externally, in which case, master nodes would
connect to it.
26. K8s etcd – more.…
28
• State Management with etcd
• Kubernetes uses etcd to store the cluster state.
• etcd is a distributed key-value store based on the Raft
Consensus Algorithm.
• Raft allows a collection of machines to work as a coherent
group that can survive the failures of some of its members.
• At any given time, one of the nodes in the group will be the
master, and the rest of them will be the followers. Any node
can be treated as a master
• etcd is written in the Go programming language.
• In Kubernetes, besides storing the cluster state, etcd is also
used to store configuration details such as subnets,
ConfigMaps, Secrets, etc.
27. Worker Node Components
29
1. The kubelet is an agent which runs on each worker node and
communicates with the master node. It receives the Pod definition via
various means (primarily, through the API server), and runs the
containers associated with the Pod. It also makes sure that the
containers which are part of the Pods are healthy at all times. The
kubelet connects to the container runtime using Container Runtime
Interface (CRI).
2. The Container Runtime Interface consists of protocol buffers, gRPC
API, and libraries.
3. Kube-proxy Instead of connecting directly to Pods to access the
applications, we use a logical construct called a Service as a
connection endpoint. A Service groups related Pods and, when
accessed, load balances to them. kube-proxy is the network proxy
which runs on each worker node and listens to the API server for each
Service endpoint creation/deletion. For each Service endpoint, kube-
proxy sets up the routes so that it can reach to it.
1. dockershim
• With dockershim, containers are created using Docker installed on the
worker nodes. Internally, Docker uses containerd to create and manage
containers.
2. cri-containerd
• With cri-containerd, we can directly use Docker's smaller offspring
containerd to create and manage containers
3. CRI-O
• CRI-O enables using any Open Container Initiative (OCI) compatible
runtimes with Kubernetes. Supports runC and Clear Containers as
container runtimes now.
28. Kubectl
• kubectl create -f is what we call Imperative
Management. On this approach you tell the
Kubernetes API what you want to create, replace
or delete, not how you want your K8s cluster
world to look like.
• kubectl apply is part of the Declarative
Management approach, where changes that you
may have applied to a live object (i.e. through
scale) are maintained even if you apply other
changes to the object.
• https://kubernetes.io/docs/reference/kubectl/o
verview/
30
31. K8s - Storage & Networking
33
Persistent Volume Providers
• GCE
• AWS
• Rook
• Glusterfs
• OpenStack Cinder
• CephRBD
• QuoByte
• Kube-Aliyun
• Portworx
• Rancher Longhorn
• Stork
• OpenEBS
• StorageOS
Networking Stacks
• Weave Net
• Canal by Tigera
• OpenContrail
• Nuage
• Kuryr
• Contiv
• Calico
• OpenVSwitch
• Kube-router
• Cilium
• Linen
• CNI-Genie
• Romana
• Infoblox
• External DNS - To control DNS records dynamically via Kube
resources
• cni-ipvlan-vpc-k8s
• kubernetes-network-policy-recipes
• Multus-cni - Multi-homed pod cni
• Network-Controller - Open vSwitch, Multiple network interfaces that
associate with Kubernetes pods
• AWS VPC CNI - Networking plugin using Elastic Network Interfaces
• NSX-T - CNI plugin supporting load balancing and distributed
firewalls.
• Container Network Model (CNM) - proposed by Docker
• Container Network Interface (CNI) - proposed by CoreOS.
32. K8s - Installers & Monitoring
34
Installers
• Minikube - Run Kubernetes locally
• Kops - OS Agnostique - AWS
• Kube-deploy
• Kubeadm - OS Agnostique - Cloud Agnostique
• Kubespray - OS Agnostique - Cloud Agnostique
• Bootkube - CoreOS - Cloud Agnostique
• Kube-aws - CoreOS - AWS
• Kismatic - CentOS - Cloud Agnostique
• Juju - Ubuntu - Cloud Agnostique
• Terraform - CoreOS - AWS
• Supergiant - CoreOS - Cloud Agnostique
• Archon - OS Agnostique - Cloud Agnostique
• KubeNow - Ubuntu - Cloud Agnostique
• Kubicorn - OS Agnostique - Cloud Agnostique
• Simplekube - systemd OS - Cloud Agnostique
• Conjure-up - Ubuntu - Cloud Agnostique
• Kube-ansible - OS Agnostique - Cloud Agnostique
• Kubernetes-Saltstack - systemD OS - Cloud Agnostique
• matchbox - CoreOS - Network boot and provision Container Linux clusters
(e.g. etcd3, Kubernetes, more).
• RKE - OS Agnostique - Cloud Agnostique
• Typhoon - Container Linux - Cloud Agnostique
• Docker for Windows - Run Kubernetes and Docker locally on your Windows
PC (Edge Channel)
• Docker for MAC - Run Kubernetes and Docker locally on your MAC (Edge
Channel)
• MetalK8s - CentOS - On-Prem - Cloud Agnostique - Apache-2.0
Monitoring
• Console
• Datadog
• eventrouter - simple introspective kubernetes service that forwards events
to a specified sink.
• Grafana Kubernetes App
• Heapster
• Instana
• Kubebox - Terminal console for Kubernetes
• Kubedash
• Kubernetes Operational View - read-only system dashboard for multiple
K8s clusters
• Kubetail
• Kubewatch
• Netsil
• Outcold Solutions - monitoring Kubernetes, OpenShift and Docker in Splunk
Enterprise and Splunk Cloud (metrics and log forwarding)
• Prometheus
• Sysdig Monitoring
• Sysdig Open Source
• Weave Scope
• Searchlight
• Ingress Monitor Controller - A Kubernetes Controller to watch your
ingresses and create liveness alerts for your endpoints
33. K8s - more elements…
35
Operators
• Prometheus
• Kong API
• Kubernetes Operators
• K8s Operator Workshop
• Cert Operator
• Cert manager
• cert-manager
• Operator Kit
• Container Linux Update Operator
• DB Operator
• KubeVirt
• Operator SDK
• kooper - Simple Go library to create
Kubernetes operators and controllers
CI / CD
•Jenkins X - CI/CD for Kubernetes using
Jenkins
•kb8or
•Wercker
•Shippable
•GitLab
•Kontinuous
•Kit
•Spinnaker
•CircleCI
•KubeCI
•Vili
•Keel
•Apollo - Open Source application
providing teams with self service UI for
creating and deploying their services to
Kubernetes.
•Weave Flux – GitOps reconcoliation
operator
•Codefresh - Kubernetes CI/CD platform
(with private Docker and Helm Chart
repositories)
Some Related Software..
•Argo The Workflow Engine for
Kubernetes
•Hypernetes
•Kubernetes Cluster Federation
(previously Ubernetes)
•kmachine
•Kubefuse
•KubeSpray
•Kubernetes Ec2 Autoscaler
•Kubeform
•kube-openvpn
•Archon
•Client Libraries
•Kubic-Project
•Telepresence - Locally develop/debug
services against a remote Kubernetes
cluster
•Fission Workflows - Workflow-based
serverless function composition
•Ambassador - API Gateway built on the
Envoy Proxy
34. Kubernetes – use cases …..
36
https://thenewstack.io/ebooks/us
e-cases/use-cases-for-
kubernetes/
Scaling services like large scale web applications for ecommerce
operation
Stateful workloads – Zookeper, MySQL, etc.
Serverless execution for short burst jobs (like AWS Lambda)
Optimized resource usage with resource quota
Hybrid and multi cloud scenarios
Solution providers for CRM, ERP, etc.
System Integrators for Enterprise/Legacy/Cloud
Specific needs – Advanced routing, network scanners, etc.
Kubernetes case studies - https://kubernetes.io/case-studies/
And now gaining momentum in Big data, AI/ML, Block chain,
Robotics operations and so on, almost all areas of computing..
The business case for running k8s -
https://thenewstack.io/containers-enable-companies-just-less/