The basics - Introduction to Containers and Orchestrators (May 18th, 2020)
by Rauno De Pasquale (Newesis), supported by Cristiano Degiorgis (Deltatre)
A new version of the introduction to containers and orchestrator, done for the series of events "Kubernetes - The Deltatre way".
Knowing the context and concepts behind container use is essential to be able to proceed on the path that will lead to master Kubernetes and Cloud Native applications. This initial session is about basic skills to answer questions such as: what is a container image? Why did anyone feel the need for an orchestrator? Are there any alternatives to Docker and Kubernetes? How does working with containers and Kubernetes connect to traditional virtualization? The session aims to provide the basic skills to be able to guide yourself in the next sessions where the ways of creating and execution of applications in Kubernetes environment will be tackled.
Recorded session: YouTube | Facebook
Repository: https://github.com/deltatrelabs/community-events-kubernetes-the-deltatre-way
Terraform and Infrastructure as Code (IaC): an introduction of the reason why this kind of solution had been created and an explanation of the concepts and usage, with a link in the notes to a demo project available in GitHub.
This document provides an introduction to Docker. It describes Docker as a platform for running software in isolated containers. It discusses how Docker allows running multiple software versions simultaneously and makes software easily installable and disposable. It covers Docker concepts like images, containers, Dockerfiles for building images, and running containers from images. It also discusses Docker networking, Docker Compose for defining multi-container apps, and tools for monitoring Docker performance and usage.
This document provides an overview of Kubernetes, including its architecture, components, concepts, and configuration. It describes that Kubernetes is an open-source container orchestration system designed by Google to manage containerized applications across multiple hosts. The key components include the master nodes which run control plane components like the API server, scheduler, and controller manager, and worker nodes which run the kubelet and containers. It also explains concepts like pods, services, deployments, networking, storage, and role-based access control (RBAC).
This document discusses Docker and Kubernetes concepts and how they can be used to deploy applications and services. It provides examples of deploying Dataverse, a data repository system, using Docker containers and Kubernetes. Key points covered include Docker concepts like images, containers and registries. It also discusses tools like Docker Compose for defining multi-container applications and Kubernetes for orchestrating containers across a cluster.
Clair is a container vulnerability analysis service that scans container layers to detect known vulnerabilities without executing the container. It provides a list of vulnerabilities that threaten each container. The analyze-local-images tool allows analyzing local Docker images with Clair by copying an image ID. Logging multiple Docker containers can be automated by sending their logs to Logstash for indexing in Elasticsearch with a Kibana frontend, monitored alongside metrics from Cadvisor. SELinux applies Mandatory Access Control to Docker containers using the svirt_lxc_net_t type to improve security. It isolates processes but allows reading from most host labels.
This is the notes of a presentation I gave to our IT dept., people who know a lot about VMs! They include a description of differences betwen a VM and a container, why would someone would want to use Docker, how it works (at 30,000 feet), some hints of what are the hub and orchestration, some Dockerfiles examples: jenkins slave, jenkins master, sinopia server, etc. and finally some new features Docker is going to propose in the future and how I intend to mix Configuration tools, such as Ansible, and Docker.
This document provides an overview of Docker and Kubernetes concepts and demonstrates how to create and run Docker containers and Kubernetes pods and deployments. It begins with an introduction to virtual machines and containers before demonstrating how to build a Docker image and container. It then introduces Kubernetes concepts like masters, nodes, pods and deployments. The document walks through running example containers and pods using commands like docker run, kubectl run, kubectl get and kubectl delete. It also shows how to create pods and deployments from configuration files and set resource limits.
Introduction to Microservices with Docker and KubernetesDavid Charles
Slides used to accompany a talk to introduce Microservices and two related technologies; Docker and Kubernetes. A large part of this talk is a live demonstration of Docker and Kubernetes features so the slides are just to support.
Terraform and Infrastructure as Code (IaC): an introduction of the reason why this kind of solution had been created and an explanation of the concepts and usage, with a link in the notes to a demo project available in GitHub.
This document provides an introduction to Docker. It describes Docker as a platform for running software in isolated containers. It discusses how Docker allows running multiple software versions simultaneously and makes software easily installable and disposable. It covers Docker concepts like images, containers, Dockerfiles for building images, and running containers from images. It also discusses Docker networking, Docker Compose for defining multi-container apps, and tools for monitoring Docker performance and usage.
This document provides an overview of Kubernetes, including its architecture, components, concepts, and configuration. It describes that Kubernetes is an open-source container orchestration system designed by Google to manage containerized applications across multiple hosts. The key components include the master nodes which run control plane components like the API server, scheduler, and controller manager, and worker nodes which run the kubelet and containers. It also explains concepts like pods, services, deployments, networking, storage, and role-based access control (RBAC).
This document discusses Docker and Kubernetes concepts and how they can be used to deploy applications and services. It provides examples of deploying Dataverse, a data repository system, using Docker containers and Kubernetes. Key points covered include Docker concepts like images, containers and registries. It also discusses tools like Docker Compose for defining multi-container applications and Kubernetes for orchestrating containers across a cluster.
Clair is a container vulnerability analysis service that scans container layers to detect known vulnerabilities without executing the container. It provides a list of vulnerabilities that threaten each container. The analyze-local-images tool allows analyzing local Docker images with Clair by copying an image ID. Logging multiple Docker containers can be automated by sending their logs to Logstash for indexing in Elasticsearch with a Kibana frontend, monitored alongside metrics from Cadvisor. SELinux applies Mandatory Access Control to Docker containers using the svirt_lxc_net_t type to improve security. It isolates processes but allows reading from most host labels.
This is the notes of a presentation I gave to our IT dept., people who know a lot about VMs! They include a description of differences betwen a VM and a container, why would someone would want to use Docker, how it works (at 30,000 feet), some hints of what are the hub and orchestration, some Dockerfiles examples: jenkins slave, jenkins master, sinopia server, etc. and finally some new features Docker is going to propose in the future and how I intend to mix Configuration tools, such as Ansible, and Docker.
This document provides an overview of Docker and Kubernetes concepts and demonstrates how to create and run Docker containers and Kubernetes pods and deployments. It begins with an introduction to virtual machines and containers before demonstrating how to build a Docker image and container. It then introduces Kubernetes concepts like masters, nodes, pods and deployments. The document walks through running example containers and pods using commands like docker run, kubectl run, kubectl get and kubectl delete. It also shows how to create pods and deployments from configuration files and set resource limits.
Introduction to Microservices with Docker and KubernetesDavid Charles
Slides used to accompany a talk to introduce Microservices and two related technologies; Docker and Kubernetes. A large part of this talk is a live demonstration of Docker and Kubernetes features so the slides are just to support.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
Docker uses virtualization techniques like namespaces and cgroups to isolate processes and share resources efficiently across multiple Linux containers. Namespaces isolate things like process IDs, network interfaces, and mounted filesystems between containers, while cgroups limit resources like CPU and memory for containers. AuFS combines multiple filesystem layers into one for containers. Docker builds on these technologies to package applications and their dependencies into lightweight Linux containers that can run virtually anywhere.
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...Lakmal Warusawithana
This document discusses Apache Stratos/WSO2 private PaaS with Docker integration. It provides an overview of containers, Docker, CoreOS, Kubernetes and Flannel. It then demonstrates how Apache Stratos 4.1.0 can be used to deploy and manage Docker-based applications on a CoreOS cluster using Kubernetes for orchestration and service discovery. Key features of Stratos like automated scaling and updates are shown.
Container Orchestration from Theory to PracticeDocker, Inc.
Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using Docker’s SwarmKit as a real-world example. Gain a deeper understanding of how orchestration systems like SwarmKit work in practice and walk away with more insights into your production applications.
This document summarizes GlusterFS, an open-source scale-out network filesystem. It discusses GlusterFS concepts like servers, trusted storage pools, bricks and volumes. It describes the distributed, replicated and dispersed volume types. Additional features like geo-replication, snapshots, quotas and data tiering are covered. The document provides an overview of GlusterFS architecture, components like translators and processes. It also discusses performance considerations and accessing volumes via FUSE, NFS and SMB protocols.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
There are different dimensions for scalability of a distributed storage system: more data, more stored objects, more nodes, more load, additional data centers, etc. This presentation addresses the geographic scalability of HDFS. It describes unique techniques implemented at WANdisco, which allow scaling HDFS over multiple geographically distributed data centers for continuous availability. The distinguished principle of our approach is that metadata is replicated synchronously between data centers using a coordination engine, while the data is copied over the WAN asynchronously. This allows strict consistency of the namespace on the one hand and fast LAN-speed data ingestion on the other. In this approach geographically separated parts of the system operate as a single HDFS cluster, where data can be actively accessed and updated from any data center. The presentation also cover advanced features such as selective data replication.
Extended version of presentation at Strata + Hadoop World. November 20, 2014. Barcelona, Spain.
http://strataconf.com/strataeu2014/public/schedule/detail/39174
This document discusses container orchestration and provides an overview of different container orchestration technologies including Mesos, Kubernetes, CoreOS Fleet, and Docker libswarm. It explains the benefits of containers and orchestration, and covers concepts like schedulers, service discovery, monitoring, and clustering.
GlusterFS is an open-source networked file system that provides scalable, distributed storage for OpenStack. It aggregates disk storage from multiple servers into a single global namespace that is accessible from anywhere. GlusterFS uses a distributed hashing technique to spread files across servers and can be configured for replication or erasure coding for redundancy. It integrates with OpenStack components like Swift, Cinder, and Glance to provide block, object, and file-level storage services for virtual machines. Future integration plans include a Cinder-like file service (FaaS) and support for Windows and NFS shares.
Red Hat Gluster Storage (GlusterFS) is a software-only, scale-out storage solution built on GlusterFS, a general purpose distributed file system. GlusterFS aggregates storage across commodity servers to provide high performance, scalable storage. It uses a stackable, userspace design and has features like elasticity, high availability, simple management, data replication and distribution, snapshots, and encryption. GlusterFS deployments involve forming a trusted storage pool of servers, exporting storage using bricks, and creating logical volumes from the bricks for clients to mount and access over various protocols.
Container technologies use namespaces and cgroups to provide isolation between processes and limit resource usage. Docker builds on these technologies using a client-server model and additional features like images, containers, and volumes to package and run applications reliably and at scale. Kubernetes builds on Docker to provide a platform for automating deployment, scaling, and operations of containerized applications across clusters of hosts. It uses labels and pods to group related containers together and services to provide discovery and load balancing for pods.
Docker is an open-source tool that allows developers to easily deploy applications inside isolated containers. Kubernetes is an open-source system for automating deployment and management of containerized applications across clusters of hosts. It coordinates containerized applications across nodes by providing mechanisms for scheduling, service discovery, and load balancing. The key components of Kubernetes include Pods, Services, ReplicationControllers, Scheduler, API Server, etcd and Nodes.
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Go is used for many popular projects like Kubernetes, Docker, Prometheus, and Ethereum due to its advantages like being statically compiled, allowing for easy distribution and parallelism. Google migrated its dl.google.com download service from C++ to Go because the Go version was much less code, more readable, testable, and fixed HTTP issues while having equal or better performance. Go's creators aimed to design a language that is simple yet powerful for building reliable and efficient software in the modern era.
This document discusses several new features in Docker 1.5 including relative ADD/COPY commands and faster docker push. It also summarizes Docker Machine for provisioning Docker hosts on cloud providers, Docker Swarm for clustering Docker daemons, and the use of systemd to manage containers as pods. Demos are provided for using smaller base images like Alpine, Docker Machine, Docker Swarm, and systemd-based container management.
This session from DockerCon 18 covers the types of applications that have a requirement of persistent or shared storage, it discusses the various implementation methods with Docker and finally looks at automating the process with both Swarm and Kubernetes.
The original deck in PPTX is available here https://www.dropbox.com/s/pzqi0wbaxdqeca7/DCSF18_Docker%20Storage.pptx?dl=0
The document introduces the Disperse Translator, which allows for configurable fault tolerance in Gluster volumes using erasure codes. Key features include adjustable redundancy levels, minimized storage waste, and reduced bandwidth usage. It works by dispersing and encoding file chunks across bricks. The current implementation provides a functional disperse translator and healing processes, with future plans to add CLI support and optimize performance.
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Containers in depth – Understanding how containers work to better work with c...All Things Open
Presented by: Brent Laster, SAS
Presented at All Things Open 2020
Abstract: Containers are all the rage these days – from Docker to Kubernetes and everywhere in-between. But to get the most out of them it can be helpful to understand how containers are constructed, how they depend and interact with the operating system, and what the differences and interactions are between layers, images, and containers. Join R&D Director, Brent Laster as he does a quick, visual overview of how containers work and how applications such as Docker work with them. Topics to be discussed include:
What containers are and the benefits they provide
How containers are constructed
The differences between layers, images, and containers
What does immutability really mean
The core Linux functionalities that containers are based on
How containers reuse code
The differences between containers and VMs
What Docker really does
The Docker storage drivers
How overlays work
The Open Container Initiative
A good analogy for understanding all of this
Containers in depth – Understanding how containers work to better work with c...All Things Open
Presented by: Brent Laster
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Containers are all the rage these days – from Docker to Kubernetes and everywhere in-between. But to get the most out of them it can be helpful to understand how containers are constructed, how they depend and interact with the operating system, and what the differences and interactions are between layers, images, and containers. Join R&D Director, Brent Laster as he does a quick, visual overview of how containers work and how applications such as Docker work with them.
Topics to be discussed include:
• What containers are and the benefits they provide
• How containers are constructed
• The differences between layers, images, and containers
• What does immutability really mean
• The core Linux functionalities that containers are based on • How containers reuse code
• The differences between containers and VMs
• What Docker really does
• The Open Container Initiative
• A good analogy for understanding all of this
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
Docker uses virtualization techniques like namespaces and cgroups to isolate processes and share resources efficiently across multiple Linux containers. Namespaces isolate things like process IDs, network interfaces, and mounted filesystems between containers, while cgroups limit resources like CPU and memory for containers. AuFS combines multiple filesystem layers into one for containers. Docker builds on these technologies to package applications and their dependencies into lightweight Linux containers that can run virtually anywhere.
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...Lakmal Warusawithana
This document discusses Apache Stratos/WSO2 private PaaS with Docker integration. It provides an overview of containers, Docker, CoreOS, Kubernetes and Flannel. It then demonstrates how Apache Stratos 4.1.0 can be used to deploy and manage Docker-based applications on a CoreOS cluster using Kubernetes for orchestration and service discovery. Key features of Stratos like automated scaling and updates are shown.
Container Orchestration from Theory to PracticeDocker, Inc.
Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using Docker’s SwarmKit as a real-world example. Gain a deeper understanding of how orchestration systems like SwarmKit work in practice and walk away with more insights into your production applications.
This document summarizes GlusterFS, an open-source scale-out network filesystem. It discusses GlusterFS concepts like servers, trusted storage pools, bricks and volumes. It describes the distributed, replicated and dispersed volume types. Additional features like geo-replication, snapshots, quotas and data tiering are covered. The document provides an overview of GlusterFS architecture, components like translators and processes. It also discusses performance considerations and accessing volumes via FUSE, NFS and SMB protocols.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
There are different dimensions for scalability of a distributed storage system: more data, more stored objects, more nodes, more load, additional data centers, etc. This presentation addresses the geographic scalability of HDFS. It describes unique techniques implemented at WANdisco, which allow scaling HDFS over multiple geographically distributed data centers for continuous availability. The distinguished principle of our approach is that metadata is replicated synchronously between data centers using a coordination engine, while the data is copied over the WAN asynchronously. This allows strict consistency of the namespace on the one hand and fast LAN-speed data ingestion on the other. In this approach geographically separated parts of the system operate as a single HDFS cluster, where data can be actively accessed and updated from any data center. The presentation also cover advanced features such as selective data replication.
Extended version of presentation at Strata + Hadoop World. November 20, 2014. Barcelona, Spain.
http://strataconf.com/strataeu2014/public/schedule/detail/39174
This document discusses container orchestration and provides an overview of different container orchestration technologies including Mesos, Kubernetes, CoreOS Fleet, and Docker libswarm. It explains the benefits of containers and orchestration, and covers concepts like schedulers, service discovery, monitoring, and clustering.
GlusterFS is an open-source networked file system that provides scalable, distributed storage for OpenStack. It aggregates disk storage from multiple servers into a single global namespace that is accessible from anywhere. GlusterFS uses a distributed hashing technique to spread files across servers and can be configured for replication or erasure coding for redundancy. It integrates with OpenStack components like Swift, Cinder, and Glance to provide block, object, and file-level storage services for virtual machines. Future integration plans include a Cinder-like file service (FaaS) and support for Windows and NFS shares.
Red Hat Gluster Storage (GlusterFS) is a software-only, scale-out storage solution built on GlusterFS, a general purpose distributed file system. GlusterFS aggregates storage across commodity servers to provide high performance, scalable storage. It uses a stackable, userspace design and has features like elasticity, high availability, simple management, data replication and distribution, snapshots, and encryption. GlusterFS deployments involve forming a trusted storage pool of servers, exporting storage using bricks, and creating logical volumes from the bricks for clients to mount and access over various protocols.
Container technologies use namespaces and cgroups to provide isolation between processes and limit resource usage. Docker builds on these technologies using a client-server model and additional features like images, containers, and volumes to package and run applications reliably and at scale. Kubernetes builds on Docker to provide a platform for automating deployment, scaling, and operations of containerized applications across clusters of hosts. It uses labels and pods to group related containers together and services to provide discovery and load balancing for pods.
Docker is an open-source tool that allows developers to easily deploy applications inside isolated containers. Kubernetes is an open-source system for automating deployment and management of containerized applications across clusters of hosts. It coordinates containerized applications across nodes by providing mechanisms for scheduling, service discovery, and load balancing. The key components of Kubernetes include Pods, Services, ReplicationControllers, Scheduler, API Server, etcd and Nodes.
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Go is used for many popular projects like Kubernetes, Docker, Prometheus, and Ethereum due to its advantages like being statically compiled, allowing for easy distribution and parallelism. Google migrated its dl.google.com download service from C++ to Go because the Go version was much less code, more readable, testable, and fixed HTTP issues while having equal or better performance. Go's creators aimed to design a language that is simple yet powerful for building reliable and efficient software in the modern era.
This document discusses several new features in Docker 1.5 including relative ADD/COPY commands and faster docker push. It also summarizes Docker Machine for provisioning Docker hosts on cloud providers, Docker Swarm for clustering Docker daemons, and the use of systemd to manage containers as pods. Demos are provided for using smaller base images like Alpine, Docker Machine, Docker Swarm, and systemd-based container management.
This session from DockerCon 18 covers the types of applications that have a requirement of persistent or shared storage, it discusses the various implementation methods with Docker and finally looks at automating the process with both Swarm and Kubernetes.
The original deck in PPTX is available here https://www.dropbox.com/s/pzqi0wbaxdqeca7/DCSF18_Docker%20Storage.pptx?dl=0
The document introduces the Disperse Translator, which allows for configurable fault tolerance in Gluster volumes using erasure codes. Key features include adjustable redundancy levels, minimized storage waste, and reduced bandwidth usage. It works by dispersing and encoding file chunks across bricks. The current implementation provides a functional disperse translator and healing processes, with future plans to add CLI support and optimize performance.
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Containers in depth – Understanding how containers work to better work with c...All Things Open
Presented by: Brent Laster, SAS
Presented at All Things Open 2020
Abstract: Containers are all the rage these days – from Docker to Kubernetes and everywhere in-between. But to get the most out of them it can be helpful to understand how containers are constructed, how they depend and interact with the operating system, and what the differences and interactions are between layers, images, and containers. Join R&D Director, Brent Laster as he does a quick, visual overview of how containers work and how applications such as Docker work with them. Topics to be discussed include:
What containers are and the benefits they provide
How containers are constructed
The differences between layers, images, and containers
What does immutability really mean
The core Linux functionalities that containers are based on
How containers reuse code
The differences between containers and VMs
What Docker really does
The Docker storage drivers
How overlays work
The Open Container Initiative
A good analogy for understanding all of this
Containers in depth – Understanding how containers work to better work with c...All Things Open
Presented by: Brent Laster
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Containers are all the rage these days – from Docker to Kubernetes and everywhere in-between. But to get the most out of them it can be helpful to understand how containers are constructed, how they depend and interact with the operating system, and what the differences and interactions are between layers, images, and containers. Join R&D Director, Brent Laster as he does a quick, visual overview of how containers work and how applications such as Docker work with them.
Topics to be discussed include:
• What containers are and the benefits they provide
• How containers are constructed
• The differences between layers, images, and containers
• What does immutability really mean
• The core Linux functionalities that containers are based on • How containers reuse code
• The differences between containers and VMs
• What Docker really does
• The Open Container Initiative
• A good analogy for understanding all of this
Containers in depth – understanding how containers work to better work with c...All Things Open
This document provides an overview and agenda for a presentation on understanding containers. The presentation will cover what containers are and their benefits, how they are constructed from images and layers, the differences between containers and virtual machines, what Docker does, and an analogy for understanding containers. It includes sections on images, layers, namespaces, cgroups, Dockerfiles, and the Docker commands.
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
Presented by: Brent Laster, SAS
Presented at All Things Open 2020
Abstract: In this workshop, students will get a quick overview of what containers are and why they form the basis for many of the key technologies that we use today in cloud environments.
We’ll explore what makes up a container and how they are managed and leveraged in key industry tooling including Docker, Kubernetes, Helm, and Istio. You’ll also learn the basics of these technologies, what they are used for, and see some simple examples of how to use them.
This workshop will include hands-on labs where you will get experience:
Building container images, running them as containers, and tagging and pushing them into a Docker repository.
Creating deployments, services, and pods for containers and instantiating and running those in Kubernetes.
Working with Helm to leverage templates for Kubernetes objects and managing releases in Kubernetes.
Working with Istio to do traffic shaping between multiple versions of your app, fault and delay injection for testing and validation in Kubernetes.
We’ll also briefly cover GitOps – the recommended Git-based way to manage infrastructure like your Kubernetes cluster.
Introduction to containers, k8s, Microservices & Cloud NativeTerry Wang
Slides built to upskill and enable internal team and/or partners on foundational infra skills to work in a containerized world.
Topics covered
- Container / Containerization
- Docker
- k8s / container orchestration
- Microservices
- Service Mesh / Serverless
- Cloud Native (apps & infra)
- Relationship between Kubernetes and Runtime Fabric
Audiences: MuleSoft internal technical team, partners, Runtime Fabric users.
Docker allows creating isolated environments called containers from images. Containers provide a standard way to develop, ship, and run applications. The document discusses how Docker can be used for scientific computing including running different versions of software, automating computations, sharing research environments and results, and providing isolated development environments for users through Docker IaaS tools. K-scope is a code analysis tool that previously required complex installation of its Omni XMP dependency, but could now be run as a containerized application to simplify deployment.
Introduction to Containers: From Docker to Kubernetes and everything in-betweenAll Things Open
This document provides an introduction to containers using Docker and Kubernetes. It begins with an overview of containers, images, and layers. It then discusses Docker, including how to build images with Dockerfiles and compose containers together. The document also introduces Kubernetes for managing container clusters. It outlines an agenda covering containers, Docker, Kubernetes, Helm, Istio, GitOps and monitoring tools.
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques est principalement organisationnelle.
Federated Kubernetes: As a Platform for Distributed Scientific ComputingBob Killen
A high level overview of Kubernetes Federation and the challenges encountered when building out a Platform for multi-institutional Research and Distributed Scientific Computing.
Kubernetes - how to orchestrate containersinovex GmbH
http://www.meetup.com/Docker-Karlsruhe/events/220797663/
mehr Meetups von inovex:
http://www.meetup.com/inovex-karlsruhe
http://www.meetup.com/inovex-munich
http://www.meetup.com/inovex-cologne
An RSVP app designed to be deployed by the dockers on the Kubernetes Minikube Cluster. Front end with flask framework and MongoDB as a backend database.
Youtube video:https://youtu.be/KnjnQj-FvfQ
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageMayaData Inc
Webinar Session - https://youtu.be/_5MfGMf8PG4
In this webinar, we share how the Container Attached Storage pattern makes performance tuning more tractable, by giving each workload its own storage system, thereby decreasing the variables needed to understand and tune performance.
We then introduce MayaStor, a breakthrough in the use of containers and Kubernetes as a data plane. MayaStor is the first containerized data engine available that delivers near the theoretical maximum performance of underlying systems. MayaStor performance scales with the underlying hardware and has been shown, for example, to deliver in excess of 10 million IOPS in a particular environment.
Dataverse can be deployed using Docker containers to improve maintainability and portability. The document discusses how Docker can isolate applications and their dependencies into portable containers. It provides an example of deploying Dataverse as a set of microservices within Docker containers. Instructions are included on building Docker images, running containers, and managing the containers and images through commands and tools like Docker Desktop, Docker Hub, and Docker Compose.
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
Build your own container-based system
with the Moby project
Docker Community Edition—an open source product that lets you build, ship, and run containers—is an assembly of modular components built from an upstream open source project called Moby. Moby provides a “Lego set” of dozens of components, the framework for assembling them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
Patrick Chanezon and Mindy Preston explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud, or bare-metal scenarios. Patrick and Mindy explore Moby’s framework, components, and tooling, focusing on two components: LinuxKit, a toolkit to build container-based Linux subsystems that are secure, lean, and portable, and InfraKit, a toolkit for creating and managing declarative, self-healing infrastructure. Along the way, they demo how to use Moby, LinuxKit, InfraKit, and other components to quickly assemble full-blown container-based systems for several use cases and deploy them on various infrastructures.
This document discusses the evolution of Linux container virtualization, including technologies like LXC, Docker, CoreOS, and Kubernetes. It provides an overview of key concepts in virtualization like namespaces, cgroups, AppArmor, SELinux, and seccomp. It also summarizes features of Linux container engines like LXC, and container platforms like Docker, CoreOS, and the Kubernetes container cluster management system.
Hybrid and multicloud deployments are critical approaches for bridging the gap between legacy and modern architectures. Sandeep Parikh discusses common patterns for creating scalable cross-environment deployments using Kubernetes and explores best practices and repeatable patterns for leveraging Kubernetes as a consistent abstraction layer across multiple environments.
Kubernetes (commonly referred to as "K8s") is an open-source system for automating deployment, scaling and management of containerized applications It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts". We will see Kubernetes architecture, use cases, basics and live demo
Microservices, Containers and Docker
This document provides an overview of microservices, containers, and Docker. It begins by defining microservices as an architectural style where applications are composed of independent, interchangeable components. It discusses benefits of the microservices style such as independent deployability, efficient scaling, and design autonomy. The document then introduces containers as a way to package applications and their dependencies to run uniformly across various environments. It compares containers to virtual machines. Finally, it describes Docker as an open source tool that automates deployment of applications into containers, providing portability and management of containers. The document concludes by discussing the need for container orchestration at scale.
Similar to Kubernetes the deltatre way the basics - introduction to containers and orchestrators (20)
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 6 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 6 di 6
Modulo 6: efficienza delle prestazioni
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 5 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 5 di 6
Modulo 5: eccellenza operativa
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 4 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 4 di 6
Modulo 4: ottimizzazione dei costi
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 3 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 3 di 6
Modulo 3: sicurezza
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 2 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 2 di 6
Modulo 2: affidabilità
Introduction to Microsoft Azure Well Architected Framework in Italian - Session 1 of 6
Introduzione a Microsoft Azure Well Architected Framework in Italiano - Sessione 1 di 6
Modulo 1: introduzione, principi e concetti base
DevOps Torino Meetup - DevOps Engineer, a role that does not exist but is muc...Rauno De Pasquale
The third appointment of the DevOps Meetup in Turin. We made a survey to collect data to discuss about the usage of the term "DevOps Engineer" to define a specific role. Is it really a role? And how this role compare with the ones of SysAdmin, Cloud Engineer, SRE or Developer? Which are the different organisation model used for each of these roles? Which are the skills and area of competences?
Independently from the DevOps movement but starting from the same problems, Google developed its own strategy defining a new specific role called SRE (Site Reliability Engineer). This introduction tries to explain the history and the concept of this methodology and to compare it with the DevOps manifesto to understand what does it mean to adopt DevOps and what does it mean to be an SRE and what the two things are sharing and where they diverge.
DevOps Torino Meetup Group Kickoff Meeting - Why a meetup group on DevOps, wh...Rauno De Pasquale
Torino DevOps Meetup Group - Culture, Processes and Tools.
There is a lot of talking about DevOps culture and practices with different point of views and a lot of misunderstandings. This group aims to create a point of discussion to share experience, analysis and thoughts to help each us to better understand and implement DevOps approaches into our way of working in the Digital Services.
Si parla molto di DevOps ma rimane molta confusione circa il significato del termine, ci sono molti punti di vista diversi e anche diversi fraintendimenti. Questo gruppo si prefigge lo scopo di diventare un punto di aggregazione per condividere esperienze, studi e pensieri circa la cultura e le pratiche DevOps per poter giungere insieme a una migliore comprensione che ci possa aiutare a portare questo approccio nel nostro lavoro in ambito IT.
This document provides an introduction to containers and container orchestration technologies. It discusses the evolution from virtual machines to containers and the benefits of containers. It then explains why an orchestrator tool is needed to manage containers at scale. The remainder of the document defines common container and orchestration concepts, including Docker, Kubernetes objects and components, Helm for package management, and Istio for traffic management and security.
The document provides an introduction to cloud computing, discussing key concepts, common mistakes, and Newesis' experience with cloud adoption. Specifically:
- It defines cloud computing as a new type of service with capabilities beyond remote hosting, and discusses new use cases enabled by different cloud technologies.
- It outlines common mistakes like assuming costs will always be higher, capacity is infinite, or that availability and security are handled automatically.
- It shares Newesis' journey working with various cloud vendors since 2009 and why they recommend a multi-cloud approach to avoid lock-in and select the best cloud for a given need.
- Finally, it presents Newesis' "Cloud Cookbook" approach of transforming systems for the
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Enhanced Screen Flows UI/UX using SLDS with Tom KittPeter Caitens
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Enums On Steroids - let's look at sealed classes !
Kubernetes the deltatre way the basics - introduction to containers and orchestrators
1.
2. ABOUT US
➤ Rauno De Pasquale, Co-Founder and CTO at Newesis Srl,
constantly trying to reconcile his degree in Philosophy with
a passion for computer science. After almost 18 year at
Deltatre, at the beginning of 2019 he creates Newesis, with
the aim of simplifying the use of the most advanced
services of Cloud platforms even in fields other than sports.
➤ Cristiano Degiorgis, An enthusiastic *lehrling* in the IT
world still feeling like Alice in wonderland after so many
years being around.
➤ Linkedin:
https://www.linkedin.com/in/ra
uno-de-pasquale-b075773
➤ Twitter: @RaunoDepa
➤ Linkedin:
https://www.linkedin.com/in/cr
istianodegiorgis/
➤ StackOverflow:
https://stackoverflow.com/user
s/539684/crixo
3. AGENDA
➤ Knowing the context and the concepts behind the use of containers is essential to be able to proceed on the road that will lead you
to master the Kubernetes and Cloud Native applications.
➤ This initial session covers basic skills to answer questions such as:
➤ what is a container image?
➤ Why did anyone feel the need for an orchestrator?
➤ Are there alternatives to Docker and Kubernetes?
➤ How does working with containers and Kubernetes connect to traditional virtualization?
➤ This session has the scope of providing the basic skills to be able to orientate in subsequent sessions where the ways of creating and
running applications in the Kubernetes environment will be addressed.
➤ Speaker: Rauno De Pasquale (Newesis) supported by Cristiano DeGiorgis (Deltatre)
➤ Organised by: #DeltatreLab supported by #Newesis
➤ Powered by: #Deltatre
➤ Hashtags: #DeltatreK8S #Containers #Docker #Kubernetes #meetup #webinar
4. WHAT THIS SESSION IS
NOT
➤ Training on what it is and how to use Docker
➤ Wait for: Monday 25-May 17:30 --> 19:30 - Kubernetes the Deltatre way: Docker in Action
➤ Training on what it is and how to use Kubernetes
➤ Wait for:
➤ Wednesday 3-Jun 17:30 --> 19:30 - Kubernetes the Deltatre way: Kubernetes basics
➤ Monday 8-Jun 17:30 --> 19:30 - Kubernetes the Deltatre way: Kubernetes advanced topics & Kind
➤ Monday 15-Jun 17:30 --> 19:30 - Kubernetes the Deltatre way: Kubernetes CI/CD
➤ Monday 22-Jun 17:30 --> 19:30 - Kubernetes the Deltatre way: Kubernetes extensibility: CRD & Operators
6. WHAT IS A CONTAINER?
➤ “A container is a standard unit of software that packages up code and all its dependencies, so the application runs quickly and
reliably from one computing environment to another. “ (Docker web site)
➤ “Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they
actually run.” (Google Cloud web site)
➤ “Linux containers are implementations of operating system-level virtualization for the Linux operating system.” “OS-level
virtualization refers to an operating system paradigm in which the kernel allows the existence of multiple isolated user space
instances. Such instances, called containers (Solaris, Docker), Zones (Solaris), virtual private servers (OpenVZ), partitions, virtual
environments (VEs), virtual kernel (DragonFly BSD), or jails (FreeBSD jail or chroot jail),[1] may look like real computers from the
point of view of programs running in them. “ (Wikipedia on Linux Containers and OS-Level virtualisation)
➤ “Isolated area of an OS with resource limits usage applied” (Nigel Poulton, book “Docker Deep Dive”)
8. ... RESTRICTED TO A
PRIVATE NAMESPACE
➤ “Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of
resources while another set of processes sees a different set of resources. The feature works by having the same namespace for a
set of resources and processes, but those namespaces refer to distinct resources. Resources may exist in multiple spaces. Examples
of such resources are process IDs, hostnames, user IDs, file names, and some names associated with network access, and
interprocess communication. “ (Wikipedia – Linux namespaces)
➤ “cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU,
memory, disk I/O, network, etc.) of a collection of processes..” (Wikipedia - Cgroups)
➤ “cgroups, which stands for control groups, are a kernel mechanism for limiting and measuring the total resources used by a group of
processes running on a system. For example, you can apply CPU, memory, network or IO quotas. cgroups were originally developed
by Paul Menage and Rohit Seth of Google, and their first features were merged into Linux 2.6.24.“ (Duncan Macrae - How Linux
Kernel Cgroups And Namespaces Made Modern Containers Possible)
➤ “Namespaces are a kernel mechanism for limiting the visibility that a group of processes has of the rest of a system. For example
you can limit visibility to certain process trees, network interfaces, user IDs or filesystem mounts. namespaces were originally
developed by Eric Biederman, and the final major namespace was merged into Linux 3.8.” (Duncan Macrae - How Linux Kernel
Cgroups And Namespaces Made Modern Containers Possible)
17. DELTATRE STRATEGY
• Docker and Kubernetes have the larger
communities and larger adoption
• Fully supported by all major Cloud providers
• Fully supported for an OnPremises
configuration
• Part of the Open Containers Initiatives
• Part of the Cloud Native Computing Foundation
• Docker supports Kubernetes (now part of the
Enteprise Edition)
• Docker support migration from Swarm to
Kubernetes
• Google Borg as foundation of Kubernetes
18. 2018
18
CLOUD AGNOSTIC
Portable Solutions
➤Reusable components and products must be Cloud Agnostic
➤Container images able to run on Linux OS
➤ NodeJS
➤ .Net Core
➤Docker images and Kubernetes based deployments
➤MongoDB and in general intensive IO applications to be installed into
VMs and not as containers
➤Usage of PaaS only if replaceable with alternatives (e.g. CosmosDB in
Azure is ok if development is done to preserve compatibility with
MongoDB)
2018
20. 2018
DOCKER BASICS
➤Dockerfile
➤ Source code of an image
➤Image
➤ Immutable package of application and its dependencies
➤ Composed by multiple layers
➤Container
➤ Running instance of an image
➤Registry
➤ Repository of images
➤Docker Daemon
➤ Build images
➤ Run Containers
➤Docker CLI
21. 2018
21
DOCKERFILE
Image build instruction
➤A dockerfile contains the instruction for the docker build process on
how to create a new image
➤Build of an image is done by executing command inside a container
➤A container is the execution of an image
➤Multi-Stage builds should be used to optimise image creation process
and image size
20182018
23. ➤ Greek for “Helmsman”; also the root of the word “governor”
and “cybernetic”
➤ Orchestrator for containers
➤ Builds on Docker containers
➤ Also supporting other container technologies
➤ Multi-cloud and bare-metal environments
➤ Inspired and informed by Google’s experiences and internal
systems
➤ 100% Open Source, written in Go
➤ Created by three Google employees initially during the
summer of 2014; grew exponentially and became the first
project to get donated to the CNCF
➤ Release 1.0 21st July 2015
KUBERNETES – THE
ORIGIN
8
24. ➤ It all started with Google growing and experiencing problems
on managing the new scale of hardware and software
➤ The Datacentre as a Computer
(https://research.google/pubs/pub35290/)
➤ Abstract completely hardware (software defined datacentre)
➤ Abstract completely from network (software define network)
➤ Declarative application deployment (deploy is documentation)
➤ Self-Healing system based on desired state
➤ Ability to configure rules for automatic scaling
➤ Designed for multi-tenant
➤ Designed for integration (“API first” approach)
KUBERNETES – THE
BASIC CONCEPTS
28. KUBERNETES
ARCHITECTURE
➤ Etcd
➤ The etcd project, developed by the team at CoreOS, is a lightweight, distributed key-value
store that can be configured to span across multiple nodes.
➤ Kubernetes uses etcd to store configuration data that can be accessed by each of the nodes in
the cluster.
➤ Kube-apiserver
➤ This is the main management point of the entire cluster as it allows a user to configure
Kubernetes' workloads and organizational units
➤ The API server implements a RESTful interface
➤ Kube-controller-manager
➤ It manages different controllers that regulate the state of the cluster, manage workload life
cycles, and perform routine tasks.
➤ When a change is seen, the controller reads the new information and implements the
procedure that fulfills the desired state.
➤ Kube-scheduler
➤ The process that actually assigns workloads to specific nodes
➤ The scheduler is responsible for tracking available capacity on each host to make sure that
workloads are not scheduled in excess of the available resources.
29. KUBERNETES
ARCHITECTURE
➤ Container Runtime
➤ Typically Docker
➤ Rkt and runC supported
➤ Kubelet
➤ The kubelet service communicates with the master
components to authenticate to the cluster and
receive commands and work
➤ The kubelet process then assumes responsibility for
maintaining the state of the work on the node
server.
➤ Kube-Proxy
➤ To manage individual host subnetting and make
services available to other components
30. ➤ Cluster - A collection of hosts that aggregate their available
resources including cpu, ram, disk, and their devices into a
usable pool.
➤ Master - The master(s) represent a collection of components
that make up the control plane of Kubernetes. These
components are responsible for all cluster decisions including
both scheduling and responding to cluster events.
➤ Node - A single host, physical or virtual capable of running
pods. A node is managed by the master(s), and at a minimum
runs both kubelet and kube-proxy to be considered part of the
cluster.
➤ Namespace - A logical cluster or environment. Primary method
of dividing a cluster or scoping access.
KUBERNETES – THE
BASIC CONCEPTS
31. ➤ Pod - A pod is the smallest unit of work or management
resource within Kubernetes. It is comprised of one or more
containers that share their storage, network, and context
(namespace, cgroups etc).
➤ Deployment - A declarative method of managing stateless
Pods and ReplicaSets. Provides rollback functionality in
addition to more granular update control mechanisms.
➤ Service - Services provide a method of exposing and
consuming L4 Pod network accessible resources. They use
label selectors to map groups of pods and ports to a cluster-
unique virtual IP.
➤ Volume - Storage that is tied to the Pod Lifecycle, consumable
by one or more containers within the pod.
➤ ConfigMap - Externalized data stored within kubernetes that
can be referenced as a commandline argument, environment
variable, or injected as a file into a volume mount. Ideal for
separating containerized application from configuration.
➤ Secret - Functionally identical to ConfigMaps, but stored
encoded as base64, and encrypted at rest (if configured).
KUBERNETES – THE
BASIC CONCEPTS
34. 2018
34
2018
➤ Part of the Cloud Native Computing Foundation
➤ Designed to simply management of dependencies on Kubernetes
deployments
➤ CHARTS: Helm packages, a few YAML configurations files
➤ Mostly standard Kubernetes YAML format
➤ Templates and Values yaml files used to abstract composition of
Kubernetes YAML files with variables (e.g. by environment)
➤ Requirementes.yaml used to define dependencies
HELM PACKAGE MANAGER
36. 2018
36
2018
➤ Traffic Management
➤ Decouples traffic flow and infrastructure scaling, letting you specify
via Pilot what rules you want traffic to follow rather than which
specific pods/VMs
➤ Security
➤ Strong identity, powerful policy, transparent TLS encryption, and
authentication, authorization and audit (AAA) tools
➤ Policy and Telemetry
➤ A flexible model to enforce authorization policies and collect
telemetry for the services in a mesh
➤ Performance and Scalability
➤ Support for Horizontal Pod Autoscaling
ISTIO – SERVICE MESH
37. Processes, Containers, Virtual Machines -
https://medium.com/@jessgreb01/what-is-the-
difference-between-a-process-a-container-and-a-vm-
f36ba0f8a8f7
Introduction to Kubernetes for Vmware users -
https://blogs.vmware.com/cloudnative/2017/10/25/
kubernetes-introduction-vmware-users/
Introduction to Kubernetes Architecture -
https://phoenixnap.com/kb/understanding-
kubernetes-architecture-diagrams
Docker and Windows -
https://techcommunity.microsoft.com/t5/windows-
dev-appconsult/first-steps-with-docker-
introduction/ba-p/317547
Kubernetes and Windows -
https://techcommunity.microsoft.com/t5/windows-
dev-appconsult/first-steps-with-docker-and-
kubernetes-introduction/ba-p/357525
LINKS
Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers. The hypervisor allows multiple VMs to run on a single machine. Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs. VMs can also be slow to boot.
Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Containers take up less space than VMs (container images are typically tens of MBs in size), can handle more applications and require fewer VMs and Operating systems.
Docker is the most famous and by large the most adopted container technology, but it is not the only one existing.
Containers are based on capabilities of the OS kernel, as Kernel Namespaces, Cgroups and Chroot. Containers management software as Docker provide a control plane, APIs and CLI to more easily manage, in the form of pre-defined packages, the build and execution of images and containers.
Docker is an App Container as RKT and runC; while Lxc (and the Ubuntu version named Lxd), Linux-Vserver and OpenVZ are containers Full-System (meaning a different version of the kernel can be executed inside the container). For Microsoft Windows the alternatives are Hyper-V Containers (a container Full-System) or Docker.
runC is not really a different container manager, it is the runtime environment developed initially by Docker and released to the Open Container Initiative (see: https://www.opencontainers.org/about/members )
Each container software defines its own format for the image package, even if Rkt is able to run also Docker images.
You can start packaging your applications into containers and run them using Docker. It makes a clean definition and distribution but…
… but if the number of containers and nodes start growing you can no longer manually manage them or just script docker run command, you need an orchestrator.
Running a container on a single local machine is easy, but on a production environment you will find yourself to run hundreds of containers into hundreds of different servers, you will need to be able to replace a container that was running on a server that failed, or to manage the networking between containers, or to scale them horizontally, or to manage updates, etc… this is why Orchestrators came into play.
Kubernetes is considered as the standard in terms of containers orchestrators but it is not the only options.
Docker Swarm, Nomad and Mesos are still possible alternatives.
If containers mean more than just Docker and if orchestrators mean more than just Kubernetes why is this set of sessions named on Kubernetes only?
.Net Core and NodeJS are the main frameworks used today by Deltatre to develop applications and they have a perfect fit with containerisation
Please remind that the image is an application image, so in order to run it has to be compatible with the OS Kernel of the host.
Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. One of the most challenging things about building images is keeping the image size down. Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. With multi-stage builds, you use multiple FROM statements in your Dockerfile. Each FROM instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image. y default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first FROM instruction. However, you can name your stages, by adding an as <NAME> to the FROM instruction.
Image taken from Vmware blog: https://blogs.vmware.com/cloudnative/2017/10/25/kubernetes-introduction-vmware-users/
Image taken from Vmware blog: https://blogs.vmware.com/cloudnative/2017/10/25/kubernetes-introduction-vmware-users/
Image taken from office Kubernete documentations: https://kubernetes.io/docs/concepts/overview/components/
Addionally the “Cloud-Controller-Manager” is used in Cloud deployments.
Cloud controller managers act as the glue that allows Kubernetes to interact providers with different capabilities, features, and APIs while maintaining relatively generic constructs internally. This allows Kubernetes to update its state information according to information gathered from the cloud provider, adjust cloud resources as changes are needed in the system, and create and use additional cloud services to satisfy the work requirements submitted to the cluster.
Image taken from office Kubernete documentations: https://kubernetes.io/docs/concepts/overview/components/
Configurations are expressed via Yaml files
Around Kubernetes a large ecosystem or additional solutions have been build, we are here reporting only two of them as examples
Helm can: Install software; Automatically install software dependencies; Upgrade software; Configure software deployments; Fetch software packages from repositories.
Helm provides this functionality through the following components:
A command line tool, helm, which provides the user interface to all Helm functionality.
Before version 3.0, a companion server component, tiller, that runs on your Kubernetes cluster, listens for commands from helm, and handles the configuration and deployment of software releases on the cluster
The Helm packaging format, called charts.
During the installation of a chart, Helm combines the chart's templates with the configuration specified by the user and the defaults in value.yaml. These are rendered into Kubernetes manifests that are then deployed via the Kubernetes API. This creates a release, a specific configuration and deployment of a particular chart.
This concept of releases is important, because you may want to deploy the same application more than once on a cluster. For instance, you may need multiple RabbitMQ servers with different configurations. You also will probably want to upgrade different instances of a chart individually. Perhaps one application is ready for an updated RabbitMQ server but another is not. With Helm, you upgrade each release individually.