Kubernetes 101 VMworld 2019 workshop slides
Download as PPTX, PDF2 likes691 views
The document provides an overview of Kubernetes concepts including pods, deployments, services, ingress, volumes, and configmaps. It explains that pods are the smallest deployable units that can contain one or more containers running applications. Deployments help manage and scale replicated applications, while services expose pods to other pods or external clients. Ingress manages external access to services. Volumes provide shared storage within a pod. Configmaps and secrets allow injecting configuration and credentials into applications.
![Confidential │ ©2019 VMware, Inc. 21
A volume Is [effectively] a Directory,
possibly with data in it, available to all
containers in a Pod.
Usually Shares lifecycle of a Pod
(Created when Pod is created, destroyed
when Pod is destroyed).
Persistent Volumes outlive Pods.
Can be mounted from local disk, or from a
network storage device such as a
vSphere Datastore, iSCSI, NFS, etc.
Kubernetes Volume
NGINX
Bins/Libs
Telegraf
Bins/Libs
VETH0
172.17.0.2](https://image.slidesharecdn.com/kubernetes101vmworld2019workshopslides-190829190038/85/Kubernetes-101-VMworld-2019-workshop-slides-21-320.jpg)
Kubernetes 101 VMworld 2019 workshop slides
- 1. 1Confidential │ ©2019 VMware, Inc. Kubernetes 101 Simone Morellato
- 2. Confidential │ ©2019 VMware, Inc. 2 What is Docker? OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Docker Host
- 3. Confidential │ ©2019 VMware, Inc. 3 What is Kubernetes? OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Docker Host Kubernetes Kubelet OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Docker Host Kubernetes Kubelet OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Docker Host Kubernetes Kubelet Kubernetes Master
- 4. Confidential │ ©2019 VMware, Inc. 4 What is Kubernetes? OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Kubernetes None Kubernetes Kubelet OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Kubernetes None Kubernetes Kubelet OS App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Docker Daemon Kubernetes None Kubernetes Kubelet Kubernetes Master
- 5. Confidential │ ©2019 VMware, Inc. 5 Intro to Kubernetes Workloads Pod: Smaller unit of schedule Jobs: for apps that run to termination Cron Jobs: for apps that run on a time schedule Daemon Sets: for apps that run on each VM/Machine Deployments: Manage the rollout of new versions of Pods Replica Sets: for stateless apps that need multiple instances Stateful Sets: for stateful apps that need multiple instances CRDs: you teach Kubernetes how to behave
- 6. Confidential │ ©2019 VMware, Inc. 6 One or more application containers that are tightly coupled, sharing network and storage. Example: NGINX container and a telegraf container. The NGINX container is providing you a frontend webpage and the telegraf container is sending NGINX metrics to Wavefront for monitoring. What is a POD? Smaller unit of schedule NGINX Bins/Libs Telegraf Bins/Libs VETH0 172.17.0.2
- 7. Confidential │ ©2019 VMware, Inc. 7 How do I run a Pod? $ cat mywebserver.yaml apiVersion: v1 kind: pod metadata: name: my-webserver labels: app: web spec: containers: - name: NGINX image: "nginx:1.7.9“ - name: TELEGRAF image: “telegraf:1.9" $ kubectl create -f mywebserver.yaml pod "my-webserver" created $ kubectl get pod NAME READY STATUS RESTARTS AGE my-webserver 0/1 Pending 0 15s NGINX Bins/Libs Telegraf Bins/Libs
- 8. Confidential │ ©2019 VMware, Inc. 8 Kuberbetes Pod Phases • Pending • The pod has been accepted by the system, but one or more of the container images has not been created • Includes time before being scheduled as well as time spent downloading images over the network • Running • The pod has been bound to a node, and all of the containers have been created • At least one container is still running, or is in the process of starting or restarting • Succeeded • All containers in the pod have terminated in success, and will not be restarted • Failed • All containers in the pod have terminated, at least one container has terminated in failure (exited with non-zero exit status or was terminated by the system) • Unknown • For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod
- 9. Confidential │ ©2019 VMware, Inc. 9 for apps that run on each VM/Machine DaemonSet in Action Kubernetes Cluster DaemonSet1.yaml kind: DaemonSet containers: - name: webserver - image: nginx Runs a copy of a Pod on every node in the cluster Newly created nodes automatically get the DaemonSet Pod(s) When a node is removed a DaemonSet doesn’t get rescheduled Node 1 Pod1 Node 2 Pod2 Node 3 Pod3 MasterAPI K K K
- 10. Confidential │ ©2019 VMware, Inc. 10 Kubernetes Cluster Deployment X.yaml ContainerImage1 Replicas: 3 ContainerImage2 Replicas: 2 Deployments and Replicaset in Action Node 1 P1R1 Node 2 P1R2 P2R1 P1R1 P2R1 Node 3 P1R3 P2R2 P2R2 MasterAPI K K K Deployment_Y.yaml ContainerImage1 Replicas: 1 ContainerImage2 Replicas: 2 P1R1 P1R2 P2R1 Manage the rollout of new versions of stateless apps that need multiple instances Deployments offer: • Auto-healing • Manual Scaling • Rolling Updates
- 11. Confidential │ ©2019 VMware, Inc. 11 StatefulSet in Action Pod 1 Pod 2 Pod 3 Pod 1 Pod 2 Pod 3 Creates Pods in sequence Deletes Pods in reverse sequence for stateful apps that need multiple instances The way of launching ordered replica’s of Pods. Enables running pods in “clustered mode” • Master/Slave applications Valuable for applications that require: • Stable and unique network identifiers • Stable persistent storage • Ordered deployment and scaling Examples • Zookeeper, Cassandra, etcd, MySQL, etc
- 12. Confidential │ ©2019 VMware, Inc. 12 Labels A Label is a key/value pair attached to Pods and convey user-defined attributes. You can then use label selectors to select Pods with particular Labels and apply Services or Replication Controllers to them. Labels can be attached to objects at creation time and subsequently added and modified at any time NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp Allows us to tie components within Kubernetes together
- 13. 13Confidential │ ©2019 VMware, Inc. Let’s build an Application
- 14. Confidential │ ©2019 VMware, Inc. 14 ReplicaSets Make sure multiple copies of a pod is running Replicas: 2 Selector: tier=Frontend NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp ReplicaSet
- 15. Confidential │ ©2019 VMware, Inc. 15 Replicas: 2 Selector: tier=Frontend NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp ReplicaSet Deployments Declarative orchestration of application roll-out Deployment
- 16. Confidential │ ©2019 VMware, Inc. 16 Replicas: 2 Selector: tier=Frontend NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp NGINX Bins/Libs Telegraf Bins/Libs Labels: tier=frontend, app=myapp ReplicaSet Services Exposing pods based on labels Deployment Service Selectors: tier=Frontend app=myapp
- 17. Confidential │ ©2019 VMware, Inc. 17 Ingress and Services Intro to Kubernetes discovery and load balancing Ingress Service app=bacon Service app=eggs /bacon /eggs https://breakfast.com Pod 1 Pod 2 Pod 3 Pod 1 Pod 2 Services Types • ClusterIP: Internal to the K8s cluster • NodePort: Open a port on the host to allow connectivity with external world • Loadbalancer: configure an external LB to allow connectivity with external world Ingress: manage external access to multiple services
- 18. Confidential │ ©2019 VMware, Inc. 18 apiVersion: v1 kind: Service metadata: name: bacon spec: ports: - port: 80 selector: app: breakfast type: LoadBalancer apiVersion: apps/v1beta1 kind: Deployment metadata: name: breakfast spec: replicas: 2 template: metadata: labels: app: breakfast spec: containers: - image: nginx name: nginx ports: - containerPort: 80 nginx Pod app=breakfast nginx Pod app=breakfast bacon-svc app=breakfast http 80 http 80 load balanced Let’s put it all together
- 19. Confidential │ ©2019 VMware, Inc. 19 https://url apiVersion: extensions/v1beta1 kind: Ingress metadata: name: breakfast spec: rules: - http: paths: - path: /bacon backend: serviceName: bacon-svc servicePort: 80 - http: paths: - path: /eggs backend: serviceName: eggs-svc servicePort: 80 ingress app=breakfast breakfast Pod app= breakfast bacon-svc Service app=bacon http 80 breakfast Pod app= breakfast eggs-svc Service app=eggs http 80 http://url/bacon http://url/eggs Let’s put it all together
- 20. 20Confidential │ ©2019 VMware, Inc. Kubernetes Configuration and Storage
- 21. Confidential │ ©2019 VMware, Inc. 21 A volume Is [effectively] a Directory, possibly with data in it, available to all containers in a Pod. Usually Shares lifecycle of a Pod (Created when Pod is created, destroyed when Pod is destroyed). Persistent Volumes outlive Pods. Can be mounted from local disk, or from a network storage device such as a vSphere Datastore, iSCSI, NFS, etc. Kubernetes Volume NGINX Bins/Libs Telegraf Bins/Libs VETH0 172.17.0.2
- 22. Confidential │ ©2019 VMware, Inc. 22 vSphere Kubelet Datastore1 K8s Vol dataVol.vmdk K8s vSphere Cloud provider Kubernetes Worker (VM) Pod Tools, Libs, SW Redis DB K8s API vCenter Create Storage Class Create Persistent Vol Claim Create Pod and Mount Volume New Pod Tools, Libs, SW Redis DB Name: thin-disk Provisioner: vSphere Volume Diskformat: thin Name: volume-claim Storage class: thin-disk Accessmode: readwrite Storage: 2GB Podspec includes: Persistent volume claim Filesystem mount point How do Persistent Volumes work on vSphere
- 23. Confidential │ ©2019 VMware, Inc. 23 ConfigMaps decouple configuration artifacts from image content to keep containerized applications portable. Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys ConfigMaps/Secrets (user-data)
- 24. Confidential │ ©2019 VMware, Inc. 24 Kubernetes Node (VM) Kubernetes Pod In summary Container – The core application Pod – Container(s) run inside Pods Node – Runs Docker Engine & Kubelet Kubernetes Cluster – Culmination of all components: Control & Data Plane Stem B Stem B Stem B Stem B Node Node Node Kubernetes Cluster Services API Kubernetes Pod App Container Redis DB Tools, Libs, SW Pod 2 Pod 1 K Docker Engine K K K ESXi App Container Redis DB Tools, Libs, SW VM VM VM VM VMs
- 25. Confidential │ ©2019 VMware, Inc. 25 Why developers prefer to use Kubernetes when building cloud-native applications PKS – Developer Benefits Self-Healing Batch Execution Intelligent Scheduling Service Discovery & Load Balancing Storage Orchestration Automated Rollouts & Rollbacks Horizontal Scaling Secret & Config Management