Kubernetes for Admins

Photo by Kent Pilcher on Unsplash 

Containerization

Orchestration

CI / CD

Service Mesh

Package Application

Run Application

Manage Application

 Connect & Secure Application

Docker

Kubernetes

Bitbucket + ConcourseCI + Artifactory + Spinnaker

Istio

Cluster

Collection of machines:

 aggregate computing power.

A Kubernetes cluster is controlled by a single API and can be used by that API.

Photo by Atharva Tulsi on Unsplash

References

Book: Kubernetes: Up and Running

Book: Managing Kubernetes

https://kubernetes.io/

K8s Overview

Photo by Jenhao Hsiao on Unsplash

Basic Objects

Pods

ReplicaSets

Services

Storage

Persistent Volumes

ConfigMaps

Secrets

Organise Your Cluster

Namespaces

Labels

Annotations

app=greatapp

checksum.kubernetes.io/
configmap=9c6537e

Useful Concepts

Deployments

Ingress

StatefulSets

Batch Workloads

Jobs

ScheduledJobs

Cluster Agents & Utilities

DaemonSets

on every nodes ...

Node / VM

Kubernetes Architecture

Photo by Ravin Vimesh on Unsplash

Concepts

Declarative Configuration

Reconciliation Loop

Dynamic Grouping

Desired State

Current State

selector:
    matchLabels:
        app: Webapp

         version: v2     

Structure

Unix Philosophy of Many Components

API-Driven Interactions

Components

Master VM 1

etcd

API Server

Scheduler

Controller Manager

kubelet

kube-proxy

Worker VM 1

Docker

UI

CLI

Control Plane

kubeDNS

metrics-server

add-on

Add-on:

      Kubernetes Dashboard,

      automatic certificate agents,

      functions as a service (FaaS) etc.

The K8s API Server

Photo by Adi Goldstein on Unsplash

Functions of API Server

1. API Management

2. Request processing

3. Internal control loops

Photo by Alvaro Reyes on Unsplash

Photo by Maarten van den Heuvel on Unsplash

1. API Management

API Paths

API Discovery

OpenAPI Spec Serving

API Translation

2. Request Management

GET                          LIST                         POST / PUT                        DELETE

Type Of Request

Authenticate

RBAC/Authorization

Life of Request

Admission Control

2. Request Management

Specialised Requests

/proxy

/exec

/attach

/logs

Watch Operations

Optimistically Concurrent Updates

Alternate Encodings

application/json

application/yaml

application/vnd.kubernetes.protobuf

Common Response Codes

202: Accepted

400: Bad Request

401: Unauthorised

403: Forbidden

409: Conflict

422: Unprocessable Entity

3. Internal control loops

API Server Internals

Custom Resource Definition

Debugging the API Server

Basic Logs

Audit Logs

Activating Additional Logs

Debugging kubectl Requests

Scheduler

Photo by Curtis MacNewton on Unsplash

Scheduling Process

Scheduler

nodeName is missing

Pod

Node

kubelet

Docker

Get list of all healthy nodes

Filter Nodes based on Predicates

Prioritise/score Nodes

Get Best scored nodes

Choose a node (Round Robin)

Scheduler / Algorithm

Controlling Scheduling

Node Selectors

Node Affinity

Taints and Tolerations

Go

XL

SUV

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        # foo == A
        - key: foo
          operator: In
          values:
          - A
        # bar != C
        - key: bar
          operator: NotIn
          values:
          - C
kind: Pod
spec:
  nodeSelector:
    nvme-ssd: true

Installing Kubernetes

Photo by Chad Kirchoff on Unsplash

kubeadm

Requirements

kubelet

Control Plane

Pre-flight Checks

kubeadm Config

Certificates

etcd

kubeconfig

Taints

Worker Nodes

Add-Ons

Phases

High Availability

Upgrades

Authentication and User Management

Authorization

Admission Control

Networking

Monitoring Kubernetes

Disaster Recovery

Extending Kubernetes

Made with Slides.com