Infracoders VII - Someone is Watching You

Someone is 👀 you
Kubernetes APIs and Watch Events Explained
Oliver Moser

The Guy
2
- TU Wien PhD
- Braintribe, Inc.
- Cloud / Automation / SRE

The Talk
3
- Kubernetes APIs
- Watch Events
- Live Examples

Kubernetes
API
5
- Resource-based programmable
interface for container workloads
- HTTP based API
- Entrypoint into Kubernetes
- Lives in the kube-apiserver

Kubernetes Components
kube-apiserver
kubelet
kube-scheduler
kube-controller-manager
kube-proxy
Master Nodes
Components
Worker Nodes
Components

kube-apiserver
kubelet
kube-scheduler
kube-proxy
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
/api/v1/namespaces/default/pods/nginx

kube-apiserver
kubelet
kube-scheduler
kube-proxy
WATCH /api/v1/watch/pods
pod.nodeName == nil
pod.nodeName == nil
pod.nodeName == NodeB

kube-apiserver
kubelet
kube-scheduler
kube-proxy
WATCH /apis/apps/v1/watch/replicasets
replicaset-controller
WATCH /api/v1/watch/namespaces
namespace-controller
certificate-controller
cronjob-controller
endpoint-controller
node-lifecycle-controller
...

kube-apiserver
kubelet
kube-scheduler
kube-proxy
FILTER pod.spec.nodeName == Node A

kube-apiserver
kubelet
kube-scheduler
kube-proxy
WATCH /api/v1/watch/services
FILTER pod.spec.nodeName == Node A

Kubernetes API Structure
{paths: [
/api,
/api/v1,
/apis,
/apis/,
/apis/admission.certmanager.k8s.io,
/apis/admission.certmanager.k8s.io/v1beta1,
/apis/admissionregistration.k8s.io,
/apis/admissionregistration.k8s.io/v1beta1,
/apis/apiextensions.k8s.io,
/apis/apiextensions.k8s.io/v1beta1,
/apis/apiregistration.k8s.io,
/apis/apiregistration.k8s.io/v1,
/apis/apiregistration.k8s.io/v1beta1,
/apis/apps,
/apis/apps/v1,
/apis/apps/v1beta1,
/apis/apps/v1beta2,
/apis/authentication.k8s.io,
/apis/authentication.k8s.io/v1,
…
]}
> kubectl proxy &
> curl localhost:8001

stolen from: https://blog.openshift.com/kubernetes-deep-dive-api-server-part-1/

{
kind: APIGroup,
apiVersion: v1,
name: apps,
versions: [
{
groupVersion: apps/v1,
version: v1
},
{
groupVersion: apps/v1beta2,
version: v1beta2
},
{
groupVersion: apps/v1beta1,
version: v1beta1
}
],
preferredVersion: {
version: v1
}
}
> kubectl proxy &
> curl localhost:8001/apis/apps

{
kind: APIResourceList,
apiVersion: v1,
resources: [
...
{
name: deployments,
singularName: ,
namespaced: true,
kind: Deployment,
verbs: [
create,
delete,
get,
list,
patch,
update,
watch
],
shortNames: [
deploy
],
...
}
> kubectl proxy &
> curl localhost:8001/apis/apps/v1

Kubernetes API Structure {
kind: DeploymentList,
apiVersion: apps/v1,
metadata: {
selfLink: /apis/apps/v1/deployments,
resourceVersion: 242895786
},
items: [
{
metadata: {
name: phoenix-dev-adx-cartridge,
namespace: adx,
selfLink: /apis/apps/v1/namespaces/...,
uid: 9972a409-ef77-11e9-8904-42010a9c00ae,
resourceVersion: 241706486,
generation: 1,
creationTimestamp: 2019-10-15T18:14:16Z,
labels: {
app: adx-cartridge,
initiative: phoenix,
runtime: phoenix-dev,
stage: dev,
workspace: adx
},
...
> kubectl proxy &
> curl localhost:8001/apis/apps/v1/deployments

/apis/
apps/v1/
namespaces/default/
deployments/nginx
Version
Group
metadata.namespace
Kind
metadata.name
spec.scope: Namespaced
/apis/apps/v1/namespaces/default/deployments/nginx
Kubernetes Resource Naming: Group Version Kind

- Each Kubernetes Object has a resourceVersion
- Used for optimistic locking/ concurrency control
Kubernetes Resource Versioning
metadata.resourceVersion: 1492311
spec.image: nginx:1.13.2
spec.image: nginx:1.13.3
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
resourceVersion:
1492311
spec:
containers:
- image:
nginx:1.13.3
name:
nginx

Watch Events: Incremental State Change Notifications
kube-apiserver kube-scheduler
GET /api/v1/pods?watch=true
status: {
phase: Pending,
qosClass: BestEffort
}
nodeName: nodeA
status: {
phase: Pending,
conditions: [
{
type: PodScheduled,
status: True,
…
}
],
}
nodeName: nodeA
status: {
phase: Running,
conditions: [
{
type: ContainersReady,
status: True,
…
}
],
}
MODIFIEDADDED MODIFIED
time

Watch Events: Type Definition
type WatchEvent struct {
// The type of the watch event; added, modified, deleted, or error.
// +optional
Type watch.EventType `json:type,omitempty description:the type of watch event; may be ADDED,
MODIFIED, DELETED, BOOKMARK or ERROR`
// For added or modified objects, this is the new object; for deleted objects,
// it's the state of the object immediately prior to its deletion.
// For errors, it's an api.Status.
// +optional
Object runtime.RawExtension `json:object,omitempty description:the object being watched;
will match the type of the resource endpoint or be a Status object if the type is ERROR`
}

Watch Events: Build up State
Type: ModifiedType: Added
time
Type: Modified Type: Deleted

Watch Events: Change Propagation
time
“delta
propagation”
“full-state
propagation”
{
"operation": "add",
"field": "replicas",
"value": 2
}
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "calico-typha",
"namespace": "kube-system"
...
},
"spec": {
"replicas": 2,
...
}
}
{
"metadata": {
...
},
"spec": {
"replicas": 1,
...
}
}
{
"operation": "del",
"value": 1
}

time
{
"operation": "add",
"value": 2
}
{
"metadata": {
...
},
"spec": {
"replicas": 2,
...
}
}
{
"metadata": {
...
},
"spec": {
"replicas": 1,
...
}
}
{
"operation": "del",
"value": 1
}
{
"metadata": {
...
},
"spec": {
"replicas": 4,
...
}
}
{
"operation": "add",
"value": 3
}
replicas:=4
replicas:=4

time
{
"operation": "add",
"value": 2
}
{
"metadata": {
...
},
"spec": {
"replicas": 2,
...
}
}
{
"metadata": {
...
},
"spec": {
"replicas": 1,
...
}
}
{
"operation": "del",
"value": 1
}
{
"metadata": {
...
},
"spec": {
"replicas": 4,
...
}
}
{
"operation": "add",
"value": 3
}
lost update!
replicas:=5
replicas:=5

Watch Events: Edge Triggered vs Level Triggered
Signal Rise
Signal FallEdge
Triggered
Level
Triggered
Signal High
Signal Low

add 2
replicas
remove 1
replica
Edge
Triggered
Level
Triggered
replicas:=4
replicas:=3
replicas:=2 replicas:=3

add 2
replicas
remove 1
replica
Edge
Triggered
Level
Triggered
replicas:=3
replicas:=2
replicas:=1
replicas:=4
replicas:=3
lost update!

Infracoders VII - Someone is Watching You

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Infracoders VII - Someone is Watching You

Similar to Infracoders VII - Someone is Watching You (20)

Recently uploaded

Recently uploaded (20)

Infracoders VII - Someone is Watching You

Editor's Notes