Kubernetes
-
container orchestration
-
kubernetes
-
architecture
-
key concepts
SWARM
Container Orchestration Engines (COE)
Features of a COE
clustering
scheduling
load balancing
fault tolerance
scaling
app deployment
battle hardened
open
community
features
complex
zero to dev
non native
Features of a k8s
clustering
scheduling
load balancing
fault tolerance
scaling
app deployment
| Feature | Concept |
|---|---|
| Colocation | Pods |
| Scaling/Fault Tolerance | replication controllers, replica sets |
| Load Balancing | Services |
| App Deployment, Rollbacks | deployments, rolling-updates |
| Stateful Apps | stateful sets/ pet sets |
| configs, secrets | config sets, secrets |
| app health checks | liveness, readiness |
| logs and storage | |
| monitoring |
key concepts
Namespaces
Project A
Project B
Project C
Namespaces
stack = project
Project A
Project B
Project C
Namespaces
Multi Tenancy Features (NS)
-
Logical separation and views
-
RBAC - Users and Roles
-
Network Policies
-
Quotas - Resource | Object
Multi Tenancy Features (addT.)
-
Pod Priority -
Pod Affinity/Anti Affinity
-
Taints and Tolerations
-
Pod Security Policy
-
Sandbox Pods (New)
Reference:
[Multi-Tenancy Best Practices for Google Kubernetes Engine (Cloud Next ’18) - YouTube](https://www.youtube.com/watch?v=RkY8u1_f5yY)
pods
container
container
nginx
fsync
nginx
fsync
container
container
container
pod
debian
centos
nginx
fsync
eth0
10.0.4.25
-
process/pid namespace
-
root filesystem namespace
-
user namespace
-
network namespace
-
hostname /uts namespace
-
volumes
isolated
common
fsyncdst: /var/www/html
dst: /data
hostname = pod-xxx
A
K
M
S
PI Version
ind
etadata
pec
apiVersion: v1
kind: Pod
metadata:
name: vote
labels:
app: voting
role: ui
tier: front
env: dev
spec:
containers:
- name: vote
image: schoolofdevops/vote:latest
ports:
- containerPort: 80specs
availability & SCALABILITY
1
2
3
replication controllers
2
replication controllers
labels:
app: carts version: v2.1 env: dev
labels:
app: ui version: v5.0 env: dev
selector:
app: carts env: dev
replicationController
selector:
app: carts env: dev
replicaSet
selector:
app: carts env: dev version: [v1,v2, v3]
set based ( A AND B AND (x or y) )
A AND B AND C
OLD
NEW
replicaSet
updateStrategy
=
Deployment
High
Availability
Release Strategy
replicationController
rolling-update
code
imperative
deployment
replicaSet
podTemplate
updateStrategy
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: frontend-canary
namespace: mogambo
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
replicas: 3
minReadySeconds: 40
revisionHistoryLimit: 4
paused: false
template:
metadata:
name: frontend
labels:
tier: "1"
app: frontend
env: dev
release: canary
spec:
containers:
- name: frontend
image: schoolofdevops/frontend:v2.0
ports:
- containerPort: 8079
protocol: TCPdeployment
replicaSet
updateStrategy
pod spec
svc.k8s.io
Service Discovery
api
ui.project1.svc.cluster.local
10.30.45.76
ui:80
Service
Endpoints
Cluster IP
Nodeport
Load Balancer
ExtIP
host:80
host:30000
cloud
with selectors
without selectors
External Names
End
Points
db.rds.aws.com
ELB
L4
L4
L4
L7
Ingress
ui.xyz.com
api.xyz.com
xyz.com/carts
DNS
deplyoments
namespace
service
ConfigMaps and Secrets
Persistent Volumes
Network and CNI
Network Policies
HELM Package Manager
RBAC
Horizontal Pod Autoscaler
additional concepts
Additional Controllers
additional controllers
1
2
3
deplyoments
daemon set
e.g. Monitoring/Logging Agents
app.xyz.com
stateful set
app.svc.ns.cluster
stateful set
app.svc.ns.cluster
cron
Jobs
architecture
KUBERNETES Architecture
kubectl
Scheduler
API Server
Controllers Manager
etcd
kubelet
kube-proxy
Master
Node 1
Node 2
Docker
kubelet
kube-proxy
Docker
etcd
managers
High Available Design
etcd
etcd
LB
kubectl, ui, api clients
storage
log mgmt
monitoring
nodes