K 8 S
a.k.a.
WHY?
Simple!
!Simple
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
What is it?
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
Architecture
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
Control Plane COMPONENTS
The container runtime is responsible for running containers.
Kubernetes supports several container runtimes:
* Docker
* containerd
* CRI-O
and any implementation of the
Kubernetes CRI (Container Runtime Interface).
NODE COMPONENTS
DNS
Web UI
Container Resource Monitoring
Cluster-Level Logging
+ many, many others...
ADDONS
CONTAINERS
Container IMAGES
Container images are usually given a name such as mycontainer, or kube-apiserver.
Images can also include a registry hostname; for example: some.registry.example.com/imagename
If you don't specify a registry hostname, Kubernetes assumes that you mean the Docker public registry.
After the image name part you can add a tag.
Tags let you identify different versions of the same series of images.
CONTAINER IMAGES
Container environments
CONTAINER environments
PODS
Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.
A Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers.
A Pod models an application-specific "logical host": it contains one or more application containers which are relatively tightly coupled.
PODS
NODES
Kubernetes runs your workload by placing containers into Pods to run on Nodes.
A node may be a virtual or physical machine, depending on the cluster. Each node is managed by the control plane and contains the services necessary to run Pods.
Typically you have several nodes in a cluster; in a learning or resource-limited environment, you might have only one node.
The components on a node include the kubelet, a container runtime, and the kube-proxy.
NODES
WORKLOADS
A workload is an application running on Kubernetes.
Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods.
In Kubernetes, a Pod represents a set of running containers on your cluster.
Workloads
workload resources manages a set of pods on your behalf.
These resources configure controllers that make sure the right number of the right kind of pod are running, to match the state you specified.
Workloads
Deployment and ReplicaSet is a good fit for managing a stateless application workload on your cluster, where any Pod in the Deployment is interchangeable and can be replaced if needed.
Workload resources
StatefulSet lets you run one or more related Pods that do track state somehow. For example, if your workload records data persistently, you can run a StatefulSet that matches each Pod with a PersistentVolume. Your code, running in the Pods for that StatefulSet, can replicate data to other Pods in the same StatefulSet.
Workload RESOURCES
DaemonSet defines Pods that provide node-local facilities. These might be fundamental to the operation of your cluster, such as a networking helper tool, or be part of an add-on.
Every time you add a node to your cluster that matches the specification in a DaemonSet, the control plane schedules a Pod for that DaemonSet onto the new node.
Workload RESOURCES
Workload RESOURCES
SERVICES, LOAD BALANCING & NETWORKING
a Service is an abstraction which defines a logical set of Pods and a policy by which to access them (sometimes this pattern is called a micro-service). The set of Pods targeted by a Service is usually determined by a selector.
The Service abstraction enables a highly decoupled deployment.
SERVICES
SERVICES
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9376On cloud providers which support external load balancers, setting the type field to LoadBalancer provisions a load balancer for your Service.
The actual creation of the load balancer happens asynchronously, and information about the provisioned balancer is published in the Service's .status.loadBalancer field.
LOAD BALANCERS
LOAD BALANCERS
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
clusterIP: 10.0.171.239
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 192.0.2.127Every Service defined in the cluster (including the DNS server itself) is assigned a DNS name. By default, a client Pod's DNS search list includes the Pod's own namespace and the cluster's default domain.
A DNS query may return different results based on the namespace of the pod making it. DNS queries that don't specify a namespace are limited to the pod's namespace. Access services in other namespaces by specifying it in the DNS query.
NETWORK SERVICES - DNS
Volumes
Kubernetes supports many types of volumes. A Pod can use any number of volume types simultaneously. Ephemeral volume types have a lifetime of a pod, but persistent volumes exist beyond the lifetime of a pod. When a pod ceases to exist, Kubernetes destroys ephemeral volumes; however, Kubernetes does not destroy persistent volumes. For any kind of volume in a given pod, data is preserved across container restarts.
VOLUMES
* awsElasticBlockStore
* AZUREDISK
* cephfs
* cinder
* downwardAPI
* emptyDir
* fc (fibre channel)
* gcePersistentDisk
* glusterfs
* local
* nfs
* secret
* vsphereVolume
VOLUMES
Configuration
ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.
ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable.
configmaps
Secrets
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key.
Such information might otherwise be put in a Pod specification or in a container image.
Using a Secret means that you don't need to include confidential data in your application code.
SECRETS
SECURITY
SECURITY
ProfileDescription
| Privileged | Unrestricted policy, providing the widest possible level of permissions. This policy allows for known privilege escalations. |
| Baseline | Minimally restrictive policy which prevents known privilege escalations. Allows the default (minimally specified) Pod configuration. |
| Restricted | Heavily restricted policy, following current Pod hardening best practices. |
POD SECURITY
Controlling access
POLICIES
* Limit Ranges
* Resource Quotas
* Pod Security Policies
* PID Limits
* Node resource managers
POLICIES
AND MANY MORE TOPICS...
Scheduling
Cluster administration tasks
k8s
By maderskog
