SlideShare a Scribd company logo

Kubernetes 101 for Beginners

Download as PPTX, PDF
O
Oktay Esgul

The document provides a comprehensive overview of Kubernetes, covering its architecture, core components, and deployment processes, alongside discussions on Docker and related containerization technologies. It introduces essential concepts such as namespaces, workloads, services, and storage in Kubernetes, as well as tools like Helm for package management. The document also includes hands-on workshop links for practical learning and emphasizes Kubernetes' role in managing and scaling applications efficiently.

Technology
1 of 76
Downloaded 149 times
1
2
3
4
Most read
5
6
7
8
9
Most read
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Most read
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Kubernetes For Beginners UnrestrictedUnrestricted
Agenda ● Introduction ○ Legacy Systems ○ Docker ○ Docker-Compose ○ Docker-Swarm ○ What isKubernetes? ○ What doesKubernetesdo? ● Architecture ○ MasterComponents ○ NodeComponents ○ Additional Services ○ Kubectl ○ Kube Config ● Concepts ○ Core ○ Workloads ○ Network ○ Storage ○ Configuration ○ Auth and Identity ○ Helm ○ MiniKube ● Behind theScenes ● Deployment fromBeginningto End ● AKS Deployment Demo ○ End to End AKS Deployment
Introduction
Legacy Systems Legacy App Deployment Model on Bare Metal Servers.
Legacy Systems App Deployment on Virtual Machines Overview.
Welcome Docker
Virtual Machines vs Docker Containers
Container:  Containers are an abstraction at the app layer that packages code and dependencies together.  Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.  Containers typically take up less space than VMs. Virtual Machines  Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers.  The hypervisor allows multiple VMs to run on a single machine.  Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs.  VMs can also be slower to boot.
Docker Workshops https://www.katacoda.com/courses/docker/deploying-first-Container https://www.katacoda.com/courses/docker/3 Docker Basics: Dockerize NodeJs:
COMPOSE https://www.katacoda.com/boxboat/courses/df-dev/02-docker-compose Workshop:  Compose is a tool for defining and running multi-container Docker applications.  With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.  Compose is great for development, testing, and staging environments, as well as CI workflows
SWARM https://www.katacoda.com/boxboat/courses/df-ops/01-docker-swarm https://www.katacoda.com/courses/docker-orchestration/getting-started-with-swarm-mode Workshop:  Docker Swarm is a clustering and scheduling tool for Docker containers.  With Swarm, IT administrators and developers can establish and manage a cluster of Docker nodes as a single virtual system.
=
Kubernetes 101 for Beginners
Intro - Whatis Kubernetes? Kubernetes or K8s wasaproject spunout of Googleasaopensource next-gen container scheduler designed with the lessons learned from developing andmanagingBorg andOmega. Kubernetes wasdesignedfromtheground-upasalooselycoupled collection of components centered around deploying, maintaining, and scaling applications.
Intro - What Does Kubernetes do? Kubernetes isthelinuxkernelof distributed systems. Itabstractsawaytheunderlyinghardwareof thenodesandprovides a uniform interface for applicationsto bebothdeployedandconsumethe sharedpool of resources. https://www.katacoda.com/loodse/courses/kubernetes/kubernetes-01-playground Workshop:
Kubernetes Architecture
Architecture Overview Masters -Acts as the primary control plane for Kubernetes. Masters are responsible ataminimumfor runningtheAPI Server, scheduler,andcluster controller. Theycommonly alsomanagestoringcluster state,cloud-provider specific componentsandother cluster essentialservices. Nodes-Are the‘workers’of aKubernetes cluster. They runaminimalagent that manages the node itself, and are tasked with executing workloads as designatedbythemaster.
Architecture Overview
Master Components
Master Components ● Kube-apiserver ● Etcd ● Kube-controller-manager ● Cloud-controller-manager ● Kube-scheduler
kube-apiserver Theapiserverprovides aforward facingRESTinterface into thekubernetes control plane and datastore. All clients, including nodes, users and other applicationsinteract with kubernetes strictly through theAPI Server. It is the true core of Kubernetes acting as the gatekeeper to the cluster by handlingauthenticationandauthorization,requestvalidation,mutation, and admission control in addition to beingthefront-end to thebackingdatastore. kubectl api-resources  to see all api resources
etcd Etcd actsasthecluster datastore;providing astrong,consistent andhighly availablekey-valuestoreusedfor persisting cluster state.
kube-controller-manager The controller-manager is the primary daemon that manages all core componentcontrol loops.Itmonitorsthecluster state viatheapiserverand steersthecluster towardsthedesired state.
cloud-controller-manager The cloud-controller-manager is a daemon that provides cloud-provider specific knowledge andintegration capabilityinto thecorecontrol loop of Kubernetes. The controllers include Node, Route, Service, and add an additional controller to handlePersistentVolumeLabels.
kube-scheduler Kube-scheduler isaverbose policy-rich enginethatevaluatesworkload requirements and attempts to place it on a matching resource. These requirements canincludesuchthings asgeneralhardwarereqs,affinity, anti-affinity, andother customresource requirements.
Node Components
Node Components ● Kubelet ● Kube-proxy ● Containerruntime engine
kubelet Acts as the node agent responsible for managing pod lifecycle on its host. Kubelet understandsYAML containermanifeststhatit canreadfromseveral sources: ● File path ● HTTP Endpoint ● Etcd watchacting onanychanges ● HTTP Servermodeaccepting containermanifestsoverasimpleAPI.
kube-proxy Manages thenetwork rulesoneachnodeandperformsconnection forwarding or loadbalancingfor Kubernetes cluster services. Available ProxyModes: ● Userspace ● iptables ● ipvs(alphain1.8)
Container Runtime With respect to Kubernetes,A containerruntime isaCRI (Container RuntimeInterface) compatible application that executesandmanagescontainers. ● Containerd (docker) ● Cri-o ● Rkt ● Kata(formerlyclearandhyper) ● Virtlet (VM CRI compatible runtime)
Additional Services Kube-dns-Provides cluster wide DNS Services.Servicesareresolvable to <service>.<namespace>.svc.cluster.local. Heapster - Metrics Collector for kubernetes cluster, usedbysomeresources suchastheHorizontal Pod Autoscaler. (required for kubedashboardmetrics) Kube-dashboard -A generalpurpose webbasedUIfor kubernetes.
Kubectl kubectl [command] [TYPE] [NAME] [flags] command: operation to perform (verb) TYPE: the resource type to perform the operation on NAME:Specifies the name of the resource flags:optional flags https://www.katacoda.com/courses/kubernetes/kubectl-run-containers Workshop:
$KUBECONFIG • Multiple configurations files as a list of paths • KUBECONFIG • Append new configurations temporarily https://github.com/ahmetb/kubectx KUBECTX:
https://www.katacoda.com/boxboat/courses/kubernetes-basic/module-2 Workshops: https://www.katacoda.com/loodse/courses/kubernetes/kubernetes-03-cluster- setup App Deployment: KubeAdm
Kubernetes Concepts
Kubernetes Concepts - Core Cluster - A collection of hoststhat aggregate their available resources including cpu,ram,disk, andtheir devicesinto ausablepool. Master - The master(s)represent acollection of components that makeupthecontrol planeof Kubernetes. These components are responsible for all cluster decisions including both schedulingandresponding to cluster events. Node - A singlehost,physicalor virtual capableof runningpods.A nodeismanagedbythe master(s),andat aminimumrunsboth kubelet andkube-proxyto beconsidered part of the cluster. Namespace- A logical cluster or environment. Primarymethodof dividing acluster or scopingaccess.
Concepts - Core(cont.) Label- Key-valuepairs that areusedto identify, describe andgrouptogetherrelated setsof objects.Labelshaveastrict syntaxandavailable characterset.* Annotation - Key-value pairs that contain non-identifying information or metadata. Annotations donot havethethesyntaxlimitations aslabels andcancontainstructured or unstructureddata. Selector - Selectors uselabels to filter or select objects. Bothequality-based(=,==,!=)or simplekey-valuematchingselectorsaresupported. * https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
Labels: app:nginx tier:frontned Annotations description: “nginxfrontend” Selector: app:nginx tier:frontend Labels, and Annotations, and Selectors
Concepts - Workloads Pod- A podisthesmallestunit of workormanagementresourcewithin Kubernetes.Itis comprised of one or more containers that share their storage, network, and context (namespace, cgroupsetc). ReplicationController - Method of managingpodreplicasandtheir lifecycle. Their scheduling,scaling,anddeletion. ReplicaSet- Next GenerationReplicationController. Supportsset-basedselectors. Deployment - A declarativemethodof managingstatelessPods andReplicaSets. Provides rollback functionalityinaddition to moregranularupdatecontrol mechanisms.
Deployment Contains configuration of how updates or ‘deployments’ should be managed in addition to thepodtemplateusedto generate theReplicaSet. ReplicaSet Generated ReplicaSet fromDeployment spec. https://www.katacoda.com/boxb oat/courses/kf1/03-deployments Workshop:
Concepts - Workloads (cont.) StatefulSet - A controller tailored to managingPods thatmustpersistormaintainstate.Pod identityincluding hostname,network,andstoragewill bepersisted. DaemonSet - Ensuresthat all nodesmatchingcertain criteria will run aninstance of a supplied Pod. Idealfor cluster wide services suchaslog forwarding, orhealth monitoring.
StatefulSet ● Attaches to ‘headeless service’ (notshown)nginx. ● Podsgivenunique ordinalnamesusingthepattern <statefulset name>-<ordinalindex>. ● Createsindependent persistentvolumesbasedon the‘volumeClaimTemplates’.
DaemonSet ● Bypasses defaultscheduler ● Schedulesasingle instanceonevery host while adheringto tolerancesandtaints. https://www.katacoda.com/reselbob/scenario s/k8s-daemonset-w-node-affinity Workshop:
Concepts – Network
Networking - FundamentalRules 1) All Pods cancommunicate with all other Pods withoutNAT 2) All nodescancommunicatewith all Pods (andvice-versa)without NAT. 3) TheIPthataPod seesitself asisthesameIPthatothersseeit as.
Networking - FundamentalsApplied Containers in apodexist within thesamenetwork namespaceandsharean IP;allowingfor intrapod communicationoverlocalhost. Podsaregivenacluster uniqueIPfor thedurationof its lifecycle,butthepods themselvesarefundamentallyephemeral. Services aregivenapersistentcluster uniqueIPthatspansthePods lifecycle. External Connectivity isgenerally handedbyanintegrated cloud provider or other externalentity (loadbalancer)
Networking -CNI Networking within Kubernetes is plumbed via the Container Network Interface(CNI),aninterface betweenacontainerruntime andanetwork implementation plugin. Compatible CNI Network Plugins: ● Calico ● Cillium ● Contiv ● Contrail ● Flannel ● GCE ● kube-router ● Multus ● OpenVSwitch ● OVN ● Romana ● Weave
Concepts - Network Service - Servicesprovide amethodof exposing andconsuming L4 Pod network accessible resources. Theyuselabel selectorsto mapgroupsof podsandports to acluster-unique virtual IP. Ingress - An ingresscontroller is theprimarymethodof exposing acluster service (usually http) to the outside world. These are load balancers or routers that usually offer SSL termination,name-basedvirtualhostingetc.
Service ● Acts astheunified methodof accessingreplicated pods. ● Four majorServiceTypes: ○ CluterIP-Exposesserviceonastrictly cluster-internal IP(default) ○ NodePort-Serviceis exposedoneachnode’sIPonastatically definedport. ○ LoadBalancer -Works in combination with acloudproviderto exposeaserviceoutsidethecluster onastatic externalIP. ○ ExternalName -usedto referencesendpointsOUTSIDE thecluster byprovidingastatic internally referencedDNSname. https://www.katacoda.com/boxboat/courses/kf2/01-services Workshop:
Ingress Controller ● Deployedasapodtooneormorehosts ● Ingresscontrollers areanexternal controller with multipleoptions. ○ Nginx ○ HAproxy ○ Contour ○ Traefik ● Specificfeaturesandcontroller specific configuration is passed through annotations. https://www.katacoda.com/boxboat/courses/kf2/03-ingress Workshop:
Concepts - Storage Volume - Storagethat istied to the Pod Lifecycle, consumablebyoneor more containerswithin thepod. PersistentVolume- A PersistentVolume (PV)represents astorageresource. PVs are commonly linked to abacking storageresource,NFS,GCEPersistentDisk, RBD etc.andare provisionedaheadof time.Their lifecycle ishandledindependently fromapod. PersistentVolumeClaim - A PersistentVolumeClaim(PVC)is arequest for storagethat satisfiesaset of requirements insteadof mappingto astorageresourcedirectly.Commonly usedwith dynamicallyprovisionedstorage. StorageClass - Storageclassesareanabstractionontopof anexternal storageresource. These will include a provisioner, provisioner configuration parameters as well as a PV reclaimPolicy. https://www.katacoda.com/courses/kubernetes/storage-introduction Workshop:
Concepts -Configuration ConfigMap - Externalized data stored within kubernetes that can be referenced as a commandlineargument,environment variable,or injected asafile into avolumemount.Ideal for separatingcontainerizedapplication fromconfiguration. Secret- Functionallyidenticalto ConfigMaps, but stored encoded asbase64,andencrypted at rest (ifconfigured).
ConfigMaps andSecrets ● CanbeusedinPod Config: ○ Injectedasafile ○ Passedasanenvironmentvariable ○ Usedasacontainercommand(requirespassing asenvvar) https://www.katacoda.com/javajon/courses/kubernetes-fundamentals/configmap-secret Workshop:
Concepts - Auth and Identity (RBAC) [Cluster]Role - Roles contain rules that act asaset of permissions that apply verbs like “get”, “list”,“watch” etc over resources that arescopedto apiGroups.Roles arescopedto namespaces, andClusterRolesareapplied cluster-wide. [Cluster]RoleBinding - Grant thepermissionsasdefined in a[Cluster]Role to oneor more “subjects”whichcanbeauser,group,orservice account. ServiceAccount- ServiceAccounts provide aconsumableidentity for podsor external servicesthatinteractwith thecluster directly andarescopedto namespaces. https://www.katacoda.com/boxboat/courses/kf2/04-misc Workshop:
[Cluster]Role ● Permissions translate to url path. With “”defaultingto core group. ● Resourcesactasitemstherole shouldbegrantedaccessto. ● Verbsaretheactionstherole canperform onthereferenced resources.
[Cluster]RoleBinding ● Canreference multiplesubjects ● Subjectscanbeof kind: ○ User ○ Group ○ ServiceAccount ● roleRef targetsasinglerole only.
What is HELM • Package manager • Like yum, apt but for Kubernetes • Search and reuse or start from scratch • Lifecycle Management • Create • Install • Upgrade/Rollback • Delete • Status • Versioning • Benefits • Repeatability • Reliability • Multiple environment • Ease collaboration • Manage Complexity
Kubernetes Cluster Helm Components • Helm Client • Command-line client • Interacts with Tiller Server • Local chart development • Tiller Server • In-cluster • Listens to the Helm client • Interacts with Kubernetes APIServer • Manages the lifecycle Helm Client TillerServer gRPC Kubernetes API Server REST https://www.katacoda.com/javajon/c ourses/kubernetes-pipelines/helm Workshop:
MINIKUBE https://www.katacoda.com/javajon/courses/kubernetes-fundamentals/minikube
Behind The Scenes
Deployment From Beginning toEnd
Kubernetes 101 for Beginners
Kubectl 1)Kubectlperformsclient side validationonmanifest(linting). 2)Manifestispreparedandserialized creating aJSON payload.
APIserver Request Loop 3)Kubectl authenticatesto apiserverviax509,jwt, http authproxy,otherplugins,or http-basic auth. 4)Authorization iteratesoveravailableAuthZ sources:Node,ABAC, RBAC,or webhook. 5)AdmissionControlchecksresourcequotas, othersecurityrelatedchecksetc. 6)Requestisstoredinetcd. 7)Initializersaregiven opportunityto mutate requestbeforethe objectispublished. 8)Requestispublishedonapiserver.
Deployment Controller 9)Deployment Controller isnotified of thenew Deployment viacallback. 10)Deployment Controller evaluatescluster stateand reconciles the desired vs current state and forms a request for thenewReplicaSet. 11)apiserver request loopevaluatesDeployment Controllerrequest. 12)ReplicaSet ispublished.
ReplicaSet Controller 13)ReplicaSetController isnotified of thenewReplicaSet viacallback. 14)ReplicaSet Controller evaluates cluster state and reconciles thedesiredvscurrentstateandformsarequest for thedesiredamountof pods. 15)apiserver request loopevaluatesReplicaSet Controllerrequest. 16)Podspublished, andenter ‘Pending’ phase.
Kubernetes 101 for Beginners
Scheduler 17)Schedulermonitorspublished podswith no ‘NodeName’ assigned. 18)Appliesschedulingrulesandfilters to find a suitablenodeto host thePod. 19)Schedulercreatesabinding of Pod to Node and POSTs toapiserver. 20)apiserver request loopevaluatesPOST request. 21)Pod statusisupdatedwith nodebinding andsets status to‘PodScheduled’.
Kubelet -PodSync 22)Thekubelet daemononeverynodepollstheapiserver filtering for podsmatchingits own‘NodeName’; checkingits currentstate with thedesiredstatepublished throughtheapiserver. 23)Kubelet will thenmovethroughaseries of internal processesto prepare the pod environment. This includes pulling secrets, provisioningstorage,applyingAppArmorprofiles andothervarious scaffolding. During this period,it will asynchronouslybePOST’ing the ‘PodStatus’ to the apiserver through the standard apiserver request loop.
Pause and Plumbing 24)Kubelet thenprovisionsa‘pause’containerviathe CRI (Container RuntimeInterface). The pausecontainer actsastheparent containerfor thePod. 25)The network is plumbed to the Pod via the CNI (Container Network Interface),creating aveth pair attached to the pause container and to acontainer bridge (cbr0). 26)IPAM handledbytheCNI plugin assignsanIPto the pausecontainer.
Kubelet - Create Containers 24)Kubelet pullsthecontainerImages. 25)Kubelet first creates andstartsanyinit containers. 26)Oncetheoptional init containerscomplete,the primarypodcontainersarestarted.
Pod Status 27)Ifthere areanyliveless/readiness probes,theseareexecuted beforethe PodStatus isupdated. 28)Ifall completesuccessfully,PodStatusis set to readyandthecontainer has startedsuccessfully. ThePodisDeployed!
END to END AKS DEMO
Questions?
Resources: 1. https://www.slideshare.net/BobKillen?utm_campaign=profiletracking&ut m_medium=sssite&utm_source=ssslideview 2. https://www.katacoda.com/ 3. https://kubernetes.io/
Kubernetes 101 for Beginners

More Related Content

What's hot (20)

PDF
Kubernetes 101
Crevise Technologies
 
ODP
Kubernetes Architecture
Knoldus Inc.
 
PDF
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
PPTX
Kubernetes Introduction
Martin Danielsson
 
PPTX
Kubernetes PPT.pptx
ssuser0cc9131
 
PDF
Kubernetes Basics
Eueung Mulyana
 
PDF
Introduction to Kubernetes Workshop
Bob Killen
 
PDF
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
PPTX
Kubernetes Introduction
Eric Gustafson
 
PDF
Getting Started with Kubernetes
VMware Tanzu
 
PDF
Kubernetes
erialc_w
 
PDF
Introduction to kubernetes
Gabriel Carro
 
PPTX
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
PDF
Kubernetes 101
Winton Winton
 
PDF
Kubernetes Architecture and Introduction
Stefan Schimanski
 
PPTX
Introduction to kubernetes
Rishabh Indoria
 
PPTX
Kubernetes
Henry He
 
PDF
An Introduction to Kubernetes
Imesh Gunaratne
 
PDF
Kubernetes a comprehensive overview
Gabriel Carro
 
PDF
An overview of the Kubernetes architecture
Igor Sfiligoi
 
Kubernetes 101
Crevise Technologies
 
Kubernetes Architecture
Knoldus Inc.
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Kubernetes Introduction
Martin Danielsson
 
Kubernetes PPT.pptx
ssuser0cc9131
 
Kubernetes Basics
Eueung Mulyana
 
Introduction to Kubernetes Workshop
Bob Killen
 
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
Kubernetes Introduction
Eric Gustafson
 
Getting Started with Kubernetes
VMware Tanzu
 
Kubernetes
erialc_w
 
Introduction to kubernetes
Gabriel Carro
 
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
Kubernetes 101
Winton Winton
 
Kubernetes Architecture and Introduction
Stefan Schimanski
 
Introduction to kubernetes
Rishabh Indoria
 
Kubernetes
Henry He
 
An Introduction to Kubernetes
Imesh Gunaratne
 
Kubernetes a comprehensive overview
Gabriel Carro
 
An overview of the Kubernetes architecture
Igor Sfiligoi
 

Similar to Kubernetes 101 for Beginners (20)

PPTX
Kubernetes-introduction to kubernetes for beginers.pptx
rathnavel194
 
PPTX
08 - kubernetes.pptx
RanjithM61
 
PDF
Kubernetes acomprehensiveoverview
Ankit Shukla
 
PDF
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
PPTX
Kubernetes
Lhouceine OUHAMZA
 
PPTX
Kubernetes the deltatre way the basics - introduction to containers and orc...
Rauno De Pasquale
 
PDF
Kubernetes Me This Batman
Richard Boyd, II
 
PDF
Kubernetes Me this Batman
Sonatype
 
PDF
Kubernetes111111111111111111122233334334
adnansalam11
 
PPTX
Kubernates : An Small introduction for Beginners by Rajiv Vishwkarma
Rajiv Vishwkarma
 
PPTX
Docker and kubernetes
Meiyappan Kannappa
 
PPTX
Kube 101
Syed Imam
 
PPTX
Kubernetes 101
Stanislav Pogrebnyak
 
PPTX
Docker and kubernetes_introduction
Jason Hu
 
PPTX
Introduction to Kubernetes
Vishal Biyani
 
PPTX
KubernetSADASDASDASDSADASDASDASDASDes.pptx
MuhamedAhmed35
 
PPTX
Kubernetes20151017a
Richard Kuo
 
PPTX
Introduction+to+Kubernetes-Details-D.pptx
SantoshPandey160
 
PPTX
Containers and Kubernetes -Notes Leo
Léopold Gault
 
PDF
Kubernetes From Scratch .pdf
ssuser9b44c7
 
Kubernetes-introduction to kubernetes for beginers.pptx
rathnavel194
 
08 - kubernetes.pptx
RanjithM61
 
Kubernetes acomprehensiveoverview
Ankit Shukla
 
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Kubernetes
Lhouceine OUHAMZA
 
Kubernetes the deltatre way the basics - introduction to containers and orc...
Rauno De Pasquale
 
Kubernetes Me This Batman
Richard Boyd, II
 
Kubernetes Me this Batman
Sonatype
 
Kubernetes111111111111111111122233334334
adnansalam11
 
Kubernates : An Small introduction for Beginners by Rajiv Vishwkarma
Rajiv Vishwkarma
 
Docker and kubernetes
Meiyappan Kannappa
 
Kube 101
Syed Imam
 
Kubernetes 101
Stanislav Pogrebnyak
 
Docker and kubernetes_introduction
Jason Hu
 
Introduction to Kubernetes
Vishal Biyani
 
KubernetSADASDASDASDSADASDASDASDASDes.pptx
MuhamedAhmed35
 
Kubernetes20151017a
Richard Kuo
 
Introduction+to+Kubernetes-Details-D.pptx
SantoshPandey160
 
Containers and Kubernetes -Notes Leo
Léopold Gault
 
Kubernetes From Scratch .pdf
ssuser9b44c7
 
Ad

Recently uploaded (20)

PDF
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
PDF
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PPTX
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
PDF
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
PPTX
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PPTX
Mastering ODC + Okta Configuration - Chennai OSUG
HathiMaryA
 
PPTX
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
PPTX
Digital Circuits, important subject in CS
contactparinay1
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
PDF
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PDF
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
🚀 Let’s Build Our First Slack Workflow! 🔧.pdf
SanjeetMishra29
 
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
Mastering ODC + Okta Configuration - Chennai OSUG
HathiMaryA
 
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
Digital Circuits, important subject in CS
contactparinay1
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
🚀 Let’s Build Our First Slack Workflow! 🔧.pdf
SanjeetMishra29
 
Ad

Kubernetes 101 for Beginners

  • 2. Agenda ● Introduction ○ Legacy Systems ○ Docker ○ Docker-Compose ○ Docker-Swarm ○ What isKubernetes? ○ What doesKubernetesdo? ● Architecture ○ MasterComponents ○ NodeComponents ○ Additional Services ○ Kubectl ○ Kube Config ● Concepts ○ Core ○ Workloads ○ Network ○ Storage ○ Configuration ○ Auth and Identity ○ Helm ○ MiniKube ● Behind theScenes ● Deployment fromBeginningto End ● AKS Deployment Demo ○ End to End AKS Deployment
  • 4. Legacy Systems Legacy App Deployment Model on Bare Metal Servers.
  • 5. Legacy Systems App Deployment on Virtual Machines Overview.
  • 7. Virtual Machines vs Docker Containers
  • 8. Container:  Containers are an abstraction at the app layer that packages code and dependencies together.  Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.  Containers typically take up less space than VMs. Virtual Machines  Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers.  The hypervisor allows multiple VMs to run on a single machine.  Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs.  VMs can also be slower to boot.
  • 10. COMPOSE https://www.katacoda.com/boxboat/courses/df-dev/02-docker-compose Workshop:  Compose is a tool for defining and running multi-container Docker applications.  With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.  Compose is great for development, testing, and staging environments, as well as CI workflows
  • 11. SWARM https://www.katacoda.com/boxboat/courses/df-ops/01-docker-swarm https://www.katacoda.com/courses/docker-orchestration/getting-started-with-swarm-mode Workshop:  Docker Swarm is a clustering and scheduling tool for Docker containers.  With Swarm, IT administrators and developers can establish and manage a cluster of Docker nodes as a single virtual system.
  • 12. =
  • 14. Intro - Whatis Kubernetes? Kubernetes or K8s wasaproject spunout of Googleasaopensource next-gen container scheduler designed with the lessons learned from developing andmanagingBorg andOmega. Kubernetes wasdesignedfromtheground-upasalooselycoupled collection of components centered around deploying, maintaining, and scaling applications.
  • 15. Intro - What Does Kubernetes do? Kubernetes isthelinuxkernelof distributed systems. Itabstractsawaytheunderlyinghardwareof thenodesandprovides a uniform interface for applicationsto bebothdeployedandconsumethe sharedpool of resources. https://www.katacoda.com/loodse/courses/kubernetes/kubernetes-01-playground Workshop:
  • 17. Architecture Overview Masters -Acts as the primary control plane for Kubernetes. Masters are responsible ataminimumfor runningtheAPI Server, scheduler,andcluster controller. Theycommonly alsomanagestoringcluster state,cloud-provider specific componentsandother cluster essentialservices. Nodes-Are the‘workers’of aKubernetes cluster. They runaminimalagent that manages the node itself, and are tasked with executing workloads as designatedbythemaster.
  • 20. Master Components ● Kube-apiserver ● Etcd ● Kube-controller-manager ● Cloud-controller-manager ● Kube-scheduler
  • 21. kube-apiserver Theapiserverprovides aforward facingRESTinterface into thekubernetes control plane and datastore. All clients, including nodes, users and other applicationsinteract with kubernetes strictly through theAPI Server. It is the true core of Kubernetes acting as the gatekeeper to the cluster by handlingauthenticationandauthorization,requestvalidation,mutation, and admission control in addition to beingthefront-end to thebackingdatastore. kubectl api-resources  to see all api resources
  • 22. etcd Etcd actsasthecluster datastore;providing astrong,consistent andhighly availablekey-valuestoreusedfor persisting cluster state.
  • 23. kube-controller-manager The controller-manager is the primary daemon that manages all core componentcontrol loops.Itmonitorsthecluster state viatheapiserverand steersthecluster towardsthedesired state.
  • 24. cloud-controller-manager The cloud-controller-manager is a daemon that provides cloud-provider specific knowledge andintegration capabilityinto thecorecontrol loop of Kubernetes. The controllers include Node, Route, Service, and add an additional controller to handlePersistentVolumeLabels.
  • 25. kube-scheduler Kube-scheduler isaverbose policy-rich enginethatevaluatesworkload requirements and attempts to place it on a matching resource. These requirements canincludesuchthings asgeneralhardwarereqs,affinity, anti-affinity, andother customresource requirements.
  • 27. Node Components ● Kubelet ● Kube-proxy ● Containerruntime engine
  • 28. kubelet Acts as the node agent responsible for managing pod lifecycle on its host. Kubelet understandsYAML containermanifeststhatit canreadfromseveral sources: ● File path ● HTTP Endpoint ● Etcd watchacting onanychanges ● HTTP Servermodeaccepting containermanifestsoverasimpleAPI.
  • 29. kube-proxy Manages thenetwork rulesoneachnodeandperformsconnection forwarding or loadbalancingfor Kubernetes cluster services. Available ProxyModes: ● Userspace ● iptables ● ipvs(alphain1.8)
  • 30. Container Runtime With respect to Kubernetes,A containerruntime isaCRI (Container RuntimeInterface) compatible application that executesandmanagescontainers. ● Containerd (docker) ● Cri-o ● Rkt ● Kata(formerlyclearandhyper) ● Virtlet (VM CRI compatible runtime)
  • 31. Additional Services Kube-dns-Provides cluster wide DNS Services.Servicesareresolvable to <service>.<namespace>.svc.cluster.local. Heapster - Metrics Collector for kubernetes cluster, usedbysomeresources suchastheHorizontal Pod Autoscaler. (required for kubedashboardmetrics) Kube-dashboard -A generalpurpose webbasedUIfor kubernetes.
  • 32. Kubectl kubectl [command] [TYPE] [NAME] [flags] command: operation to perform (verb) TYPE: the resource type to perform the operation on NAME:Specifies the name of the resource flags:optional flags https://www.katacoda.com/courses/kubernetes/kubectl-run-containers Workshop:
  • 33. $KUBECONFIG • Multiple configurations files as a list of paths • KUBECONFIG • Append new configurations temporarily https://github.com/ahmetb/kubectx KUBECTX:
  • 36. Kubernetes Concepts - Core Cluster - A collection of hoststhat aggregate their available resources including cpu,ram,disk, andtheir devicesinto ausablepool. Master - The master(s)represent acollection of components that makeupthecontrol planeof Kubernetes. These components are responsible for all cluster decisions including both schedulingandresponding to cluster events. Node - A singlehost,physicalor virtual capableof runningpods.A nodeismanagedbythe master(s),andat aminimumrunsboth kubelet andkube-proxyto beconsidered part of the cluster. Namespace- A logical cluster or environment. Primarymethodof dividing acluster or scopingaccess.
  • 37. Concepts - Core(cont.) Label- Key-valuepairs that areusedto identify, describe andgrouptogetherrelated setsof objects.Labelshaveastrict syntaxandavailable characterset.* Annotation - Key-value pairs that contain non-identifying information or metadata. Annotations donot havethethesyntaxlimitations aslabels andcancontainstructured or unstructureddata. Selector - Selectors uselabels to filter or select objects. Bothequality-based(=,==,!=)or simplekey-valuematchingselectorsaresupported. * https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
  • 39. Concepts - Workloads Pod- A podisthesmallestunit of workormanagementresourcewithin Kubernetes.Itis comprised of one or more containers that share their storage, network, and context (namespace, cgroupsetc). ReplicationController - Method of managingpodreplicasandtheir lifecycle. Their scheduling,scaling,anddeletion. ReplicaSet- Next GenerationReplicationController. Supportsset-basedselectors. Deployment - A declarativemethodof managingstatelessPods andReplicaSets. Provides rollback functionalityinaddition to moregranularupdatecontrol mechanisms.
  • 40. Deployment Contains configuration of how updates or ‘deployments’ should be managed in addition to thepodtemplateusedto generate theReplicaSet. ReplicaSet Generated ReplicaSet fromDeployment spec. https://www.katacoda.com/boxb oat/courses/kf1/03-deployments Workshop:
  • 41. Concepts - Workloads (cont.) StatefulSet - A controller tailored to managingPods thatmustpersistormaintainstate.Pod identityincluding hostname,network,andstoragewill bepersisted. DaemonSet - Ensuresthat all nodesmatchingcertain criteria will run aninstance of a supplied Pod. Idealfor cluster wide services suchaslog forwarding, orhealth monitoring.
  • 42. StatefulSet ● Attaches to ‘headeless service’ (notshown)nginx. ● Podsgivenunique ordinalnamesusingthepattern <statefulset name>-<ordinalindex>. ● Createsindependent persistentvolumesbasedon the‘volumeClaimTemplates’.
  • 43. DaemonSet ● Bypasses defaultscheduler ● Schedulesasingle instanceonevery host while adheringto tolerancesandtaints. https://www.katacoda.com/reselbob/scenario s/k8s-daemonset-w-node-affinity Workshop:
  • 45. Networking - FundamentalRules 1) All Pods cancommunicate with all other Pods withoutNAT 2) All nodescancommunicatewith all Pods (andvice-versa)without NAT. 3) TheIPthataPod seesitself asisthesameIPthatothersseeit as.
  • 46. Networking - FundamentalsApplied Containers in apodexist within thesamenetwork namespaceandsharean IP;allowingfor intrapod communicationoverlocalhost. Podsaregivenacluster uniqueIPfor thedurationof its lifecycle,butthepods themselvesarefundamentallyephemeral. Services aregivenapersistentcluster uniqueIPthatspansthePods lifecycle. External Connectivity isgenerally handedbyanintegrated cloud provider or other externalentity (loadbalancer)
  • 47. Networking -CNI Networking within Kubernetes is plumbed via the Container Network Interface(CNI),aninterface betweenacontainerruntime andanetwork implementation plugin. Compatible CNI Network Plugins: ● Calico ● Cillium ● Contiv ● Contrail ● Flannel ● GCE ● kube-router ● Multus ● OpenVSwitch ● OVN ● Romana ● Weave
  • 48. Concepts - Network Service - Servicesprovide amethodof exposing andconsuming L4 Pod network accessible resources. Theyuselabel selectorsto mapgroupsof podsandports to acluster-unique virtual IP. Ingress - An ingresscontroller is theprimarymethodof exposing acluster service (usually http) to the outside world. These are load balancers or routers that usually offer SSL termination,name-basedvirtualhostingetc.
  • 49. Service ● Acts astheunified methodof accessingreplicated pods. ● Four majorServiceTypes: ○ CluterIP-Exposesserviceonastrictly cluster-internal IP(default) ○ NodePort-Serviceis exposedoneachnode’sIPonastatically definedport. ○ LoadBalancer -Works in combination with acloudproviderto exposeaserviceoutsidethecluster onastatic externalIP. ○ ExternalName -usedto referencesendpointsOUTSIDE thecluster byprovidingastatic internally referencedDNSname. https://www.katacoda.com/boxboat/courses/kf2/01-services Workshop:
  • 50. Ingress Controller ● Deployedasapodtooneormorehosts ● Ingresscontrollers areanexternal controller with multipleoptions. ○ Nginx ○ HAproxy ○ Contour ○ Traefik ● Specificfeaturesandcontroller specific configuration is passed through annotations. https://www.katacoda.com/boxboat/courses/kf2/03-ingress Workshop:
  • 51. Concepts - Storage Volume - Storagethat istied to the Pod Lifecycle, consumablebyoneor more containerswithin thepod. PersistentVolume- A PersistentVolume (PV)represents astorageresource. PVs are commonly linked to abacking storageresource,NFS,GCEPersistentDisk, RBD etc.andare provisionedaheadof time.Their lifecycle ishandledindependently fromapod. PersistentVolumeClaim - A PersistentVolumeClaim(PVC)is arequest for storagethat satisfiesaset of requirements insteadof mappingto astorageresourcedirectly.Commonly usedwith dynamicallyprovisionedstorage. StorageClass - Storageclassesareanabstractionontopof anexternal storageresource. These will include a provisioner, provisioner configuration parameters as well as a PV reclaimPolicy. https://www.katacoda.com/courses/kubernetes/storage-introduction Workshop:
  • 52. Concepts -Configuration ConfigMap - Externalized data stored within kubernetes that can be referenced as a commandlineargument,environment variable,or injected asafile into avolumemount.Ideal for separatingcontainerizedapplication fromconfiguration. Secret- Functionallyidenticalto ConfigMaps, but stored encoded asbase64,andencrypted at rest (ifconfigured).
  • 53. ConfigMaps andSecrets ● CanbeusedinPod Config: ○ Injectedasafile ○ Passedasanenvironmentvariable ○ Usedasacontainercommand(requirespassing asenvvar) https://www.katacoda.com/javajon/courses/kubernetes-fundamentals/configmap-secret Workshop:
  • 54. Concepts - Auth and Identity (RBAC) [Cluster]Role - Roles contain rules that act asaset of permissions that apply verbs like “get”, “list”,“watch” etc over resources that arescopedto apiGroups.Roles arescopedto namespaces, andClusterRolesareapplied cluster-wide. [Cluster]RoleBinding - Grant thepermissionsasdefined in a[Cluster]Role to oneor more “subjects”whichcanbeauser,group,orservice account. ServiceAccount- ServiceAccounts provide aconsumableidentity for podsor external servicesthatinteractwith thecluster directly andarescopedto namespaces. https://www.katacoda.com/boxboat/courses/kf2/04-misc Workshop:
  • 55. [Cluster]Role ● Permissions translate to url path. With “”defaultingto core group. ● Resourcesactasitemstherole shouldbegrantedaccessto. ● Verbsaretheactionstherole canperform onthereferenced resources.
  • 56. [Cluster]RoleBinding ● Canreference multiplesubjects ● Subjectscanbeof kind: ○ User ○ Group ○ ServiceAccount ● roleRef targetsasinglerole only.
  • 57. What is HELM • Package manager • Like yum, apt but for Kubernetes • Search and reuse or start from scratch • Lifecycle Management • Create • Install • Upgrade/Rollback • Delete • Status • Versioning • Benefits • Repeatability • Reliability • Multiple environment • Ease collaboration • Manage Complexity
  • 58. Kubernetes Cluster Helm Components • Helm Client • Command-line client • Interacts with Tiller Server • Local chart development • Tiller Server • In-cluster • Listens to the Helm client • Interacts with Kubernetes APIServer • Manages the lifecycle Helm Client TillerServer gRPC Kubernetes API Server REST https://www.katacoda.com/javajon/c ourses/kubernetes-pipelines/helm Workshop:
  • 64. APIserver Request Loop 3)Kubectl authenticatesto apiserverviax509,jwt, http authproxy,otherplugins,or http-basic auth. 4)Authorization iteratesoveravailableAuthZ sources:Node,ABAC, RBAC,or webhook. 5)AdmissionControlchecksresourcequotas, othersecurityrelatedchecksetc. 6)Requestisstoredinetcd. 7)Initializersaregiven opportunityto mutate requestbeforethe objectispublished. 8)Requestispublishedonapiserver.
  • 65. Deployment Controller 9)Deployment Controller isnotified of thenew Deployment viacallback. 10)Deployment Controller evaluatescluster stateand reconciles the desired vs current state and forms a request for thenewReplicaSet. 11)apiserver request loopevaluatesDeployment Controllerrequest. 12)ReplicaSet ispublished.
  • 66. ReplicaSet Controller 13)ReplicaSetController isnotified of thenewReplicaSet viacallback. 14)ReplicaSet Controller evaluates cluster state and reconciles thedesiredvscurrentstateandformsarequest for thedesiredamountof pods. 15)apiserver request loopevaluatesReplicaSet Controllerrequest. 16)Podspublished, andenter ‘Pending’ phase.
  • 68. Scheduler 17)Schedulermonitorspublished podswith no ‘NodeName’ assigned. 18)Appliesschedulingrulesandfilters to find a suitablenodeto host thePod. 19)Schedulercreatesabinding of Pod to Node and POSTs toapiserver. 20)apiserver request loopevaluatesPOST request. 21)Pod statusisupdatedwith nodebinding andsets status to‘PodScheduled’.
  • 69. Kubelet -PodSync 22)Thekubelet daemononeverynodepollstheapiserver filtering for podsmatchingits own‘NodeName’; checkingits currentstate with thedesiredstatepublished throughtheapiserver. 23)Kubelet will thenmovethroughaseries of internal processesto prepare the pod environment. This includes pulling secrets, provisioningstorage,applyingAppArmorprofiles andothervarious scaffolding. During this period,it will asynchronouslybePOST’ing the ‘PodStatus’ to the apiserver through the standard apiserver request loop.
  • 70. Pause and Plumbing 24)Kubelet thenprovisionsa‘pause’containerviathe CRI (Container RuntimeInterface). The pausecontainer actsastheparent containerfor thePod. 25)The network is plumbed to the Pod via the CNI (Container Network Interface),creating aveth pair attached to the pause container and to acontainer bridge (cbr0). 26)IPAM handledbytheCNI plugin assignsanIPto the pausecontainer.
  • 71. Kubelet - Create Containers 24)Kubelet pullsthecontainerImages. 25)Kubelet first creates andstartsanyinit containers. 26)Oncetheoptional init containerscomplete,the primarypodcontainersarestarted.
  • 72. Pod Status 27)Ifthere areanyliveless/readiness probes,theseareexecuted beforethe PodStatus isupdated. 28)Ifall completesuccessfully,PodStatusis set to readyandthecontainer has startedsuccessfully. ThePodisDeployed!
  • 73. END to END AKS DEMO

Editor's Notes

  • #8: Container: Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Containers typically take up less space than VMs. (Source: Docker.com) Virtual Machine Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers. The hypervisor allows multiple VMs to run on a single machine. Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs. VMs can also be slower to boot.(Source: Docker.com)
  • #10: https://www.katacoda.com/courses/docker/deploying-first-Container https://www.katacoda.com/courses/docker/3
  • #11: https://www.katacoda.com/boxboat/courses/df-dev/02-docker-compose
  • #12: https://www.katacoda.com/boxboat/courses/df-ops/01-docker-swarm
  • #35: Kubernetes