Kubernetes 1001
•
2 likes•656 views
In this slide, I briefly introduce the container and how docker implement it, including the image and container itself. also show how docker setup the networking connectivity by default bridge network.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Kubernetes 1001
Similar to Kubernetes 1001 (20)
More from HungWei Chiu
More from HungWei Chiu (20)
Recently uploaded
Recently uploaded (20)
Kubernetes 1001
- 2. hung-wei chiu Microsoft MVP Devops @ Thundertoken Co-organizer of SDNDS-TW Co-organizer of CNTUUG Network/Kubernetes/SDN https://blog.hwchiu.com
- 4. Why Kubernetes 1001 ?
- 5. All-In-One Solution ? Unrealistic Expectation? Do you know what you want ?
- 6. Before Kubernetes We need to know container first.
- 7. What is Container ?
- 10. Relationship between VMs/Containers ✖Containers Are More Agile then VMs ✖Containers Enable Hybrid and Multi- Cloud Adoption ✖Integrate Containers with Your Existing IT Process ✖Containers Save on VM Licensing ✖What About Bare Metal ✖What About Security https://blog.docker.com/2018/08/containers-replacing- virtual-machines/
- 12. How Docker Works ✖Mount namespaces ✖IPC namespaces ✖PID namespaces ✖Network namespace ✖User namespaces ✖UTS namespaces
- 13. Persistent Storage ? Where is my data ? VM -> Container
- 14. OS Docker BusyBox b1 Docker run --name b1 busybox OS Docker BusyBox b2 touch … apk add … ???? Docker run --name b2 busybox
- 15. We Need To Know How Container Works First
- 16. Image, series of read-only layers
- 17. DockerFile Image RUN APK add …. COPY RUN Yarn … a1b2c3d3xxxxx a1b2c3d3xxxxx a1b2c3d3xxxxx
- 18. Image Container 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e Read Only 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e https://docs.docker.com/glossary/?term=Union%20file %20system Container Layer Read Write Storage Driver Storage Driver Storage Driver Storage Driver
- 19. Container https://docs.docker.com/glossary/?term=Union%20file %20system Container Layer Container Container Layer Container Container Layer Read Write Read Write Read Write Read Only 902b87aaaec9 4dcef5c50d60 c34ce3c1fcc0c 9a61b6b1315e
- 20. When the container is deleted, the writable layer is also deleted.
- 21. The underlying image remains unchanged
- 22. So, Persistent Data ?
- 24. Docker volume create vol Docker run –d –v vol:/app nginx Docker run –d -v /home/nginx:/app nginx
- 25. How about advance storage functions ?
- 26. Networking
- 27. Container -> WAN WAN -> Container Container -> Container
- 29. Docker Use Bridge Network To Provide Network Connectivity by default.
- 31. Linux Bridge Network ✖Create a linux bridge ✖Create a linux network namespace ✖Create a veth pair ✖Attach the veth pair into the namespace and linux bridge ✖Set the ip address ✖Set the route rules ✖Set the iptables
- 32. br0 br0 br0br0br0 Container vth1 vth1vth1 Linux Host Linux Host Linux Host Linux HostLinux HostLinux Host ContainerContainerContainer vth0vth0vth0
- 37. Docker run –p 12345:80 nginx
- 41. How About Advanced Networking Features?
- 42. Docker provides the basic functionality of storage/network
- 45. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Shared Storage Data Sync
- 47. OS Docker Nginx OS Docker Redis OS Docker Backend 1 OS Docker Backend 2 Load Balancing/HA Backend 1
- 48. Access Control Service Discovery Computing Resources (CPU/GPU) Service Mesh Container Deployment ……
- 50. Take a Break
- 52. Kubernetes is becoming the Linux of the cloud Jim Zemlin, Linux Foundation
- 53. Before kubernetes ✖Google has been running containerized workloads in production. ○ Virtually everything runs as a container. ✖Borg: The predecessor to Kubernetes ○ Long-rumored internal container- oriented cluster-management system. ○ Pod ○ Services ○ Label https://kubernetes.io/blog/2015/04/borg-predecessor-to- kubernetes/
- 54. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH
- 55. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH I want to deploy a container
- 56. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Find a target node
- 57. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Dispatch Container
- 58. Kubernetes architecture Users Control Plane Nodes https://www.flaticon.com/free-icon/boy_145867 API Server Scheduler Controller Node (VM) Node (Bare Metal) Node (Container) CLI DISPATCH Running Container
- 59. Control Plane Like Docker Daemon
- 60. api-server ✖Validates and configures data for the api objects. ✖Services REST operations
- 61. controller ✖Control loop that watches the shared state of the cluster ✖Make changes attempting to move the current state https://drive.google.com/file/d/1iOsAa4HwXrNMfkkTJF A1mHt6glgpOYbL/view
- 62. scheduler ✖Watches newly created pods and selected a node for them to run on. ✖Decisions ○ Resource requirements ○ Hardware/Software/Policy constraints ○ Affinity ○ Anti-Affinity
- 63. Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7
- 64. Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Predicate PodSelectorMatches MatchNodeSelector NoDiskConflict …
- 65. Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 2 Host 3 Host 4 Host 5 Host 6 Predicate Priority Node Affinity Image Locality Selector Spread
- 66. Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 2 Host 3 Host 4 Host 5 Host 6 Host 6 Predicate Priority Select
- 68. Core Primitives
- 70. Workloads ✖Pod ✖Deployment ✖Daemon Set ✖Job ✖Cron Job ✖Stateful Set ✖Replica Set
- 71. pod ✖A single instances of application in Kubernetes ✖Group of containers ✖Those containers shares ○ IP address ○ File System ○ Network namespace
- 73. replica Set ✖Maintain a stable set of replica Pods running at any given time. ✖Guarantee the availability of a specified number of identical Pods.
- 74. Replica Set replica=3 Node Node Node Node Pod Pod Pod
- 75. deployment ✖Rollouts as a Service ✖Update ○ Rolling update ○ Recreate ✖Manage Replica Set and Pod
- 76. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment
- 77. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment Deployment - replicas: 0 - version: v2 Replica Set replica=0 Deployment
- 78. Deployment - replicas: 3 - version: v1 Replica Set replica=3 Pod Pod Pod Deployment Deployment - replicas: 1 - version: v2 Replica Set replica=1 Pod Deployment
- 79. Deployment - replicas: 2 - version: v1 Replica Set replica=2 Pod Pod Deployment Deployment - replicas: 1 - version: v2 Replica Set replica=1 Pod Deployment
- 80. Deployment - replicas: 2 - version: v1 Replica Set replica=3 Pod Pod Deployment Deployment - replicas: 2 - version: v2 Replica Set replica=2 Pod Pod Deployment
- 81. Deployment - replicas: 1 - version: v1 Replica Set replica=1 Pod Deployment Deployment - replicas: 2 - version: v2 Replica Set replica=2 Pod Pod Deployment
- 82. Deployment - replicas: 1 - version: v1 Replica Set replica=1 Pod Deployment Deployment - replicas: 3 - version: v2 Replica Set replica=3 Pod Pod Pod Deployment
- 83. Deployment - replicas: 0 - version: v1 Replica Set replica=0 Deployment Deployment - replicas: 3 - version: v2 Replica Set replica=3 Pod Pod Pod Deployment
- 84. Daemon Set ✖Ensure that all Nodes run a copy of a Pod. ✖Pods are added to node once it is added to the cluster. ✖Usage ○ Storage Daemon ○ Log collection Daemon ○ Monitoring Daemon
- 87. Job ✖Creates one or more Pods ✖Ensures a specified number of them successfully terminate. ✖You container process should not be a daemon.
- 88. Daemon Job ?
- 89. Storage
- 90. Before We Talk About Kubernetes
- 91. How Would You Design The System Infrastructure For Storage
- 92. We know ✖Container is in a read-write layer. ✖Each container has its own file system ✖How about Pod (Group of containers)? ○ Restart Pod in different Node ○ Keep same data?
- 93. Goals ✖Support different storage system. ○ Block Device ○ File System ○ Public Cloud Storage Service ✖Provide storage function for Pods ○ Access identical storages by Pod ○ Different Pods ✖Easy to maintain/manager storage requirements ○ Capacity ○ Access Mode ○ Performance
- 94. Workloads ✖Volume ✖Persistent Volume ✖Persistent Volume Claim ✖Storage Class
- 96. Why Persistent Volume (PV) and Persistent Volume Claim (PVC)
- 97. We Need One Abstraction Layer To Handle All Storage Connection
- 98. Persistent volume ✖Abstraction layer for storage providers ○ Parameters ○ Configurations ✖Take a NFS as example. ○ NFS Server IP ○ NFS Server Export Path
- 99. Persistent volume ✖Common Options ○ Capacity ○ Volume Mode ○ Access Mode ○ Reclaim Policy ○ Mount Options
- 103. Now, We Need Another Abstraction Layer For Pod, Which is Used To Choose Persistent Volume (PV)
- 104. Persistent volume claim ✖Don’t need to consider storage backend. ✖Choose a PV to bind it ○ Resources requirements ✖Pod declare volume by it
- 107. How Pod Use PV/PVC ?
- 108. volume ✖Pod is a group of containers ✖Data will be lost if we restart Pod ✖We want to share files between those containers. ✖Volume abstraction solves those problems
- 111. Summary ✖Administrator prepare a storage backend first ✖Create a PV first ✖Create a PVC which binds to above PV ✖Create Pods which use volume to source above PVC
- 112. Network
- 113. network ✖Network Connectivity ○ Container to Container (Same Node) ○ Container to Container (Cross Node) ✖Service ○ Wan to Container ✖Ingress ○ Wan to Container ✖Network Policy
- 114. Network connectivity ✖Container Network Plugin (CNI) ✖Container to Container (Same Node) ○ Simplest approach is bridge mode ○ Same as Docker default network ✖Container to Container (Cross Node) ○ Overlay Network (VXLAN/GRE) ○ L3 Routing ○ … etc
- 115. Pod network ✖Group of Containers share same network environment ✖Communicate by localhost ○ Use same IP address ○ Port conflict ✖How does it works ?
- 118. Pod infrastructure Pod 172.17.17.2 PID/Mount/Network/UTC Namespace Container Pause eth0 Container Nginx Container Redis All user-defined containers are attached to Pause container.
- 120. Kubernetes Service
- 121. Kubernetes Service
- 122. Before We Talk About Service, We Must Know Why Service Exist.
- 123. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.58
- 124. Access ✖How does application access those Nginx servers? ✖IP address ○ 10.123.234.56:80 ○ 10.123.234.57:80 ○ 10.123.234.58:80
- 125. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.58
- 126. Deployment Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster ✖Deployment: ○ Ngnix ○ Replica: 3 10.123.234.56 10.123.234.57 10.123.234.75
- 127. Access ✖How does application access those Nginx servers? ✖IP address ○ 10.123.234.56:80 ○ 10.123.234.57:80 ○ 10.123.234.58:80 ○ 10.123.234.75:80 ✖Connect directly to server by IP address ?
- 128. ✖That’s Why We Need Service
- 129. Service Node1 Nginx Node2 Nginx Node3 Nginx Kubernetes Cluster 10.123.234.56 10.123.234.57 10.123.234.58 App Service Nginx
- 130. Service ✖Application to Service ○ We use the DNS to access the service. ○ $(service).$(namespace).cluster.local ✖Service to Pods ○ Service maintains all IP addresses of all Pods. ○ We call it endpoints
- 131. INGRESS ✖Manage external access to the services in a cluster, typically HTTP ✖Provide load balancing, SSL termination and name-based virtual hosting.
- 134. summary ✖Kubernetes use CNI to provide the basic network function for Pods ✖Service provide a DNS entry for all backend servers ✖Ingress manage a interface to handle HTTP issues
- 136. Ask Yourself Before Using it
- 137. Do I Really Need Kubernetes ?
- 138. How Powerful Kubernetes Is ?
- 139. Flexible Infrastructure ✖Plugin Based ○ Container Runtime Interface ○ Device Plugin ○ Container Storage Interface ○ Container Network Interface ✖Developing life cycle ✖Support by third-party
- 142. CRI ✖Is container omniscient ? ✖Containerlized applications ○ Dockerfile ? ○ Refactor? ✖Treat container as Virtual Machine ✖Micro Service ?
- 143. Device Plugin ✖Third-party plugin ○ Nvidia GPU ○ RDMA ○ SRIOV ○ AMD GPU ○ Intel GPU/FPGA/Quick-Assist ✖Are those plugin production-ready ? ○ Stable?
- 144. GPU ✖GPU Device Plugin ✖GPU virtualization ✖GPU Dispatches ○ Node1: 1 ○ Node2: 1 ○ Node3: 0 ✖Pod require 2 GPU ○ ? ✖Two Pods use 1 GPU in Node 1 ○ ?
- 146. Storage ✖Container Storage Interface ✖Connect to storage provider ✖Can kubernetes handle all storage issues ?
- 147. Storage ✖FileSystem ○ Zfs/ext4/btrfs/…etc ✖Block Device ✖Distributed FS ○ Ceph/GlusterFS/BeeGFS ✖RAID/LVM ✖Read/Write Cache
- 149. Summary ✖Kubernetes doesn’t provide any storage function. ✖It rely on backend storage provider. ✖Choose a proper storage to meet your requirement ✖Learn the concept/knowledge about storage
- 150. Network ✖Container Container Interface ✖A binary to setup the networking function ✖Can kubernetes handle all networking issues ?
- 151. Network ✖Network Topology ○ Fat-Tree, Leaf-Spine, ○ LAG, MC-LAG, Bonding ✖Routing related ○ BGP, OSPF, DSR, RIP ○ ECMP ✖Network protocol ○ IPv4/IPv6/Multicast/Broadcast/TCP/UDP /MPTCP/STCP/QUIC ✖Network tools ○ Iptables/tun/tap
- 152. Network ✖SDN concept ○ Switch ○ Controller ✖Logical Network ○ VLAN/VXLAN/GRE/NVGRE ✖High Performance Network ○ DPDK/RDMA/Smart NIC
- 153. What you want? ✖IPv4 Address ○ Multiple addresses? ✖Connect to Host ○ Veth ○ Host-local ○ SRIOV ? ✖Routing ○ Static/Dynamic ✖Overlay network
- 154. summary ✖CNI provide the network connectivity ✖Service/Ingress may conflict with CNI ✖Need experience to debug networking issues
- 156. summary ✖Know what you want first ✖Evaluation ✖Check third-party solution ○ Production Ready? ○ Testing? ✖Check your resources