Kubernetes 101

Workshop

What is Kubernetes?

• A cloud-native container orchestrator
  • Velocity
    • Self-healing
    • Declarative configuration
    • Immutability
  • Scaling
  • Abstracting infrastructure
  • Efficiency
  • High availability

K8s Resource Types

• Ingress
• Statefulset
• Daemonset
• Job/Cronjob
• Controller
• more...

• Namespace
• Pod
• ConfigMap/Secret
• Service
• ReplicaSet
• Deployment

Labels and Annotations

• Labels
  • Help identifying K8s objects
    • For grouping, viewing, and operating
    • Used with selectors
• Annotations
  • Additional metadata about objects
    • Where the object came from
    • How to use the object
    • Policy around the object
  • Assist tools and libraries that interact with K8s

Namespaces

• Multiple virtual clusters on the same physical cluster
• Provides a scope for names:
  • Names must be unique within a namespace
  • Names can be repeated across namespaces
• K8s starts with three namespaces

  • default

  • kube-system

  • kube-public

Pods

• A collection of one or more containers​
• Core unit of management
  • Isolation
  • ​Dynamic scaling
• Container within the same pod can talk to each other via localhost
• Containers in the same pod run on the same node
  • Affinity and anti-affinity

Healthchecks

• The kubelet checks pods for:

  • Readiness
    • A pod is ready when all its containers are
    • Unready pods are removed from load balancers
  • Liveness
    • A pod not responding to liveness checks will be killed and restarted
• Configuring health checks is mandatory
  • ​Automatic pod lifecycle management
  • Load balancing

ConfigMaps

• Decouple configuration from container images
  • For portability purposes
• Key value map
• Can be injected in containers as:
  • Environment variables
  • Files
• ConfigMaps can be updated dynamically

Secrets

• API similar to ConfigMap
  • Different intent
    • Hold confidential information
• Initial security advantages were limited
  • Opaque (base64 encoded)
  • Only sent to a node if a pod on that node requires it
• Secrets are decoupled from the underlying data protection mechanism
• As of K8s v1.13.0, e​ncryption at rest is available

Services

• Enables service discovery
  • Endpoints are identified via label selectors
  • Readiness-checks dependent
• Service types
  • ClusterIP
  • NodePort
  • Headless
  • LoadBalancer
• DNS

  • <service-name>.<ns>.svc.cluster.local

ReplicaSets

• Manage sets of pods
  • via label selectors
• Reconciliation loop ensures current state matches desired state
  • Desired state is expressed via pod template
• ReplicaSets provide:
  • Redundancy
  • Scaling
    • Manual and automatic
  • Sharding

Deployments

• Run on top of replica sets
  • Direct usage of deployments should be preferred over that of replica sets
• Deployment strategies

  • RollingUpdate

    • Configurable
      • maxUnavailable
      • maxSurge

  • Recreate

    • Involves downtime

Ingress

• Manage external access to the services in a cluster
  • Load balancing
  • SSL termination
  • Name-based virtual hosting
• ​​Based on an Ingress controller

K8s Resources

• The Illustrated Children's Guide to Kubernetes https://www.youtube.com/watch?v=Q4W8Z-D-gcQ

• Kubernetes: Up and Running: Dive into the Future of Infrastructure (ISBN 1491935677)

• Underworld's K8s-related documentation https://underdocs.walmartdigital.cl/#kubernetes

• Google Cloud Platform's (GCP) Kubernetes 101 Workshop https://github.com/GoogleCloudPlatform/kubernetes-workshops/tree/master/bundles/kubernetes-101

• kubernetes Deconstructed https://vimeo.com/245778144/4d1d597c5e

• Free course Getting Started with Google Kubernetes Engine

Questions?

Feedback

https://bit.ly/2ISdufb​

Thank you!