Kubernetes

A User's Perspective

What do YOU want to achieve?

Container Orchestration

❓

- Manages Compute

- Manages Network

- Manages Storage

Container Orchestration

User Input

Desired State

Actual State

kubectl

- get

- describe

- apply

POD

"Logical Unit of Application"

Deployment

Deployment: Keeps Pods running

Deployment

Deployment: Keeps Pods running

Source: https://github.com/carsonoid/kube-decon

Deployment

Deployment: Keeps the Pods running

- Pod Template

- Replicas

- Strategy

Deployment

Deployment: Keeps the Pods running

- Pod Template

- Replicas

- Strategy

Deployment

Best Practices

Deployment

Best Practices

ReadinessProbe & LivenessProbe

Deployment

Best Practices

ReadinessProbe & LivenessProbe

ConfigMaps & Secrets

Network

Networking Model

The Network Provider contract:

All pods can communicate with all other pods without NAT

All nodes can communicate with all pods (and vice-versa) without NAT

The IP that a pod sees itself as is the same IP that others see it as

Network

Source: https://github.com/carsonoid/kube-decon

Network

PODS

Each pod has a cluster-wide unique IP address.

Network

PODS

Each pod has a cluster-wide unique IP address.

POP QUIZ!

1. Under what circumstances can we reach this IP address directly?

Network

PODS

POP QUIZ!

1. Under what circumstances can we reach this IP address directly?

2. Why would we NOT want to reach the IP address directly?

Each pod has a cluster-wide unique IP address.

Network

Source: https://github.com/carsonoid/kube-decon

Network

Services

Services provide a persistent IP and forward network traffic.

An abstraction which defines a logical set of Pods and a policy by which to access them

TRAFFIC

Source: https://github.com/carsonoid/kube-decon

TRAFFIC

Namespaces

Separate contexts

Namespaces

Separate contexts

Default namespace is "default"

Common to split up environments (staging / production)

Use Kubernetes Contexts to change default namespace

Ingress

Layer 7 Load Balancer Rules

STORAGE

VOLUMES

!=

VOLUMES

NODE

POD

pod.spec.volumes

pod
  .spec
  .Containers.[]
    .volumeMounts

NODE

POD

PERSISTENT VOLUMES

PersistentVolume + PersistentVolumeClaim + Deployment

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: ssd
  resources:
    requests:
      storage: 50Gi

apiVersion: extensions/v1beta1
kind: Deployment
spec:
  template:
    spec:
      containers:
        - name: nginx
          image: nginx
          volumeMounts:
          - name: my_volume
            mountPath: /var/data
      volumes:
        - name: my_volume
          persistentVolumeClaim:
            claimName: my-pvc

# Can be omitted if 
# Dynamic Provisioning
# is enabled

apiVersion: v1
kind: PersistentVolume
metadata:
  name: my-pv
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce

awsElasticBlockStore
azureDisk
azureFile
cephfs
configMap
csi
downwardAPI
emptyDir
fc (fibre channel)
flocker
gcePersistentDisk
gitRepo
glusterfs

hostPath
iscsi
local
nfs
persistentVolumeClaim
projected
portworxVolume
quobyte
rbd
scaleIO
secret
storageos
vsphereVolume

Source: https://kubernetes.io/docs/concepts/storage/volumes/

awsElasticBlockStore
azureDisk
azureFile
cephfs
configMap
csi
downwardAPI
emptyDir
fc (fibre channel)
flocker
gcePersistentDisk
gitRepo
glusterfs

hostPath
iscsi
local
nfs
persistentVolumeClaim
projected
portworxVolume
quobyte
rbd
scaleIO
secret
storageos
vsphereVolume

Source: https://kubernetes.io/docs/concepts/storage/volumes/

Storage

⚠️CONTROVERSY⚠️

Storage

kind: Service
apiVersion: v1
metadata:
  name: db-service
spec:
  type: ExternalName
  externalName: db-host.com

CNAME