Kubernetes for Admins
Photo by Kent Pilcher on Unsplash
Containerization
Orchestration
CI / CD
Service Mesh
Package Application
Run Application
Manage Application
Connect & Secure Application
Docker
Kubernetes
Bitbucket + ConcourseCI + Artifactory + Spinnaker
Istio
Cluster
Collection of machines:
aggregate computing power.
A Kubernetes cluster is controlled by a single API and can be used by that API.
Photo by Atharva Tulsi on Unsplash
References
Book: Managing Kubernetes
K8s Overview
Photo by Jenhao Hsiao on Unsplash
Basic Objects
Pods
ReplicaSets
Services
Storage
Persistent Volumes
ConfigMaps
Secrets
Organise Your Cluster
Namespaces
Labels
Annotations
app=greatapp
checksum.kubernetes.io/
configmap=9c6537e
Useful Concepts
Deployments
Ingress
StatefulSets
Batch Workloads
Jobs
ScheduledJobs
Cluster Agents & Utilities
DaemonSets
on every nodes ...
Node / VM
Kubernetes Architecture
Photo by Ravin Vimesh on Unsplash
Concepts
Declarative Configuration
Reconciliation Loop
Dynamic Grouping
Desired State
Current State
selector:
matchLabels:
app: Webapp
version: v2
Structure
Unix Philosophy of Many Components
API-Driven Interactions
Components
Master VM 1
etcd
API Server
Scheduler
Controller Manager
kubelet
kube-proxy
Worker VM 1
Docker
UI
CLI
Control Plane
kubeDNS
metrics-server
add-on
Add-on:
Kubernetes Dashboard,
automatic certificate agents,
functions as a service (FaaS) etc.
The K8s API Server
Photo by Adi Goldstein on Unsplash
Functions of API Server
1. API Management
2. Request processing
3. Internal control loops
Photo by Alvaro Reyes on Unsplash
Photo by Maarten van den Heuvel on Unsplash
1. API Management
API Paths
API Discovery
OpenAPI Spec Serving
API Translation
2. Request Management
GET LIST POST / PUT DELETE
Type Of Request
Authenticate
RBAC/Authorization
Life of Request
Admission Control
2. Request Management
Specialised Requests
/proxy
/exec
/attach
/logs
Watch Operations
Optimistically Concurrent Updates
Alternate Encodings
application/json
application/yaml
application/vnd.kubernetes.protobuf
Common Response Codes
202: Accepted
400: Bad Request
401: Unauthorised
403: Forbidden
409: Conflict
422: Unprocessable Entity
3. Internal control loops
API Server Internals
Custom Resource Definition
Debugging the API Server
Basic Logs
Audit Logs
Activating Additional Logs
Debugging kubectl Requests
Scheduler
Photo by Curtis MacNewton on Unsplash
Scheduling Process
Scheduler
nodeName is missing
Pod
Node
kubelet
Docker
Get list of all healthy nodes
Filter Nodes based on Predicates
Prioritise/score Nodes
Get Best scored nodes
Choose a node (Round Robin)
Controlling Scheduling
Node Selectors
Node Affinity
Taints and Tolerations
Go
XL
SUV
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
# foo == A
- key: foo
operator: In
values:
- A
# bar != C
- key: bar
operator: NotIn
values:
- C
kind: Pod
spec:
nodeSelector:
nvme-ssd: true
Installing Kubernetes
Photo by Chad Kirchoff on Unsplash
kubeadm
Requirements
kubelet
Control Plane
Pre-flight Checks
kubeadm Config
Certificates
etcd
kubeconfig
Taints
Worker Nodes
Add-Ons
Phases
High Availability
Upgrades
Authentication and User Management
Authorization
Admission Control
Networking
Monitoring Kubernetes
Disaster Recovery
Extending Kubernetes
Kubernetes Overview
By Ashish Pandey
Kubernetes Overview
About how Kubernetes is architected, installed and maintained.
- 380