Abstract image of a woman sitting on books and studying on a laptop

Intro to kubernetes

Elad Hirsch, profile picture
Elad Hirsch

The document provides an in-depth overview of container technology, with a focus on Kubernetes as a container orchestration platform. It covers the history and evolution of containers, the need for orchestration, and the specific functionalities and benefits of using Kubernetes, including its role in managing microservices and optimizing resource allocation. Additionally, it discusses the limitations and areas where Kubernetes may require further development to enhance its capabilities.

Technology
Related topics:
CI/CD
1 of 58
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Intro to kubernetes
Contents Why even bother Containers Container Orchestrators Kubernetes - What? Why? How? Kubernetes - The details Extending Kubernetes Relation status - it’s complicated Going forward
Intro to kubernetes
Let’s define players Service based Event driven Open API No infra management Managed security Pay only for usage Developer Operator
Intro to kubernetes
Intro to kubernetes
Containers
Container - What's in a name? Coming from the shipping industry Caused aquatic theme for domain
Shipping containers Portability - can be used on any of supported types of ships Wide variety of cargo that can be packed inside Standard sizes - standard fittings on ships Many containers on a ship Isolates cargo from each other
Translated to software Portability - can be used on any supported system (system with container execution environment) Wide variety of software that can be packed inside Standard format Many containers to a physical node Isolates execution of one container from another
What is a container? way to pack code and dependencies together can run anywhere execute multiple containers to a physical machine
Sounds familiar? same concept as virtual machines pack OS and software together, to run in isolated instances can run anywhere the specific hypervisor runs multiple VMs to a physical machine
How do VMs work? hypervisor = layer between VM and kernel emulates system calls allows multiple types of operating systems on a machine (Windows on Linux) overhead for hypervisor
Containers on the other hand ... only contain application and application-related libraries and frameworks, that run on the host machine's kernel smaller lower overhead differences in OS distributions and dependencies are abstracted - same kernel
Working together, not against each other Windows on Linux possible only with VMs older software needs to be adapted to be run as containers (and won't) usage of VMs as a medium for containers (better isolation and easier scaling)
Greater modularity in software Monolithic application → independent services that interact (microservices)
Containers empowering microservices quicker start times -> easy to prototype or scale allow work to be done independently on modules -> independent releases for components (take care of interfaces) isolated and abstracted runtime environments, that can be tailored for each module shared runtime environment, for heterogeneous applications
Containers history – early days need for resources to be shared among many users -> multiple terminals connected to the same mainframe main problem - execution can cause the main computer to crash -> down for everybody
Containers history – Linux containers (lxc) 2008 Provides virtualization at OS level Provides containers with its own process and network space
Containers history – Docker 2013 Container execution and management system Originally started with lxc, then moved to libcontainer, which allows containers to work with: • linux namespaces • libcontainer control groups • capabilities • app armor security profiles • network interfaces • firewall rules
Containers history – OCI & CNCF Open Container Initiative – 2015 industry format for a container format and container runtime software for all platforms spend resources on developing additional software to support use of standard containers, instead of format alternatives Cloud Native Container Foundation – 2015 Working on different projects to further standardize the market: • Kubernetes • Container Network Interface • Containerd
Container orchestration
Need for something more? docker started out with a CLI tool on top of lxc, that built, created, started, stopped and exec'd containers does management at a node level, upon specific requests easy to manually manage with up to 100s of containers and 10s of nodes, but what next?
Orchestrator manage and organize both hosts and docker containers running on a cluster main issue - resource allocation - where can a container be scheduled, to fulfill its requirements (CPU/RAM/disk) + how to keep track of nodes and scale
Some orchestrator tasks manage networking and access track state of containers scale services do load balancing relocation in case of unresponsive host service discovery attribute storage to containers
Orchestrator options Kubernetes – open-source, product of CNCF Apache Mesos – cluster management tool, with container orchestration being only one of the things it can do, originally through a plugin called Marathon Docker Swarm – integrated in docker container platform
Lately ... Mesos announced Kubernetes support as container orchestration, alongside Marathon Docker Enterprise Edition - integration with Kubernetes alongside Swarm → Kubernetes becoming the de-facto standard for container orchestration (allowing developers to focus on building on top instead of alternatives)
Kubernetes – What? Why? How?
What is Kubernetes? “Kubernetes” = Greek for governor, helmsman, captain open-source container orchestration system originally designed by Google, maintained by CNCF aim to provide "platform for automating deployment, scaling and operations of application containers across clusters of hosts"
Why Kubernetes? - Goals Main objectives, stated by devs, for community Achieve velocity Allow scaling of both software and teams Present abstract infrastructure Gain efficiency
Achieve velocity Velocity = number of things you ship while maintaining a highly available service Achieved by: • immutability - created artifact cannot be changed • declarative configuration - declare desired state and Kubernetes' job is to ensure it matches • self-healing systems - trying to maintain desired states if something changes
Allow scaling of software encouraging decoupling in applications - separated components that communicate via defined APIs via load-balanced services running in shared abstract environment, without interference utilizing standard container format that runs on any machine
Allow scaling of teams separation of concerns for consistency and scaling • application ops rely on the SLA provided by the platform • orchestrator ops uphold SLA
Present abstract infrastructure decoupling container images and machines cluster can be heterogeneous and reduce overhead and cost portability - container can be used on another cluster without being changed
Gain efficiency optimized usage of physical machines - multiple containers on same machine isolated with namespaces, to not interfere with each other
Kubernetes - the details
Container image format layered format, allowing to inherit from lower levels and to modify them by adding, changing or removing files using unified file system that allows this layering issue – deleted file remains in older layers image size bigger and build time longer -> development of better tools
Running a container image provides the filesystem base for execution configuration, to interoperate with the rest of the system – environment variables, CPU/RAM requirements, process to execute, ports to expose, etc.
Kubernetes and containers Can you deploy a container in Kubernetes? NO (not directly) Why not? Because the smallest deployable unit of computing is not a container, but ...
Pod smallest deployable unit of computing in Kubernetes colocated multiple apps(containers) into a single atomic unit, scheduled onto a single machine upon creation, statically allocated to a certain node
Pod each container runs in its own cgroup (CPU + RAM allocation), but they share some namespaces and filesystems, such as: • IP address and port space • same hostname • IPC channels for communication
So, why a pod and not container directly? all or nothing approach for a group of symbiotic containers, that need to be kept together at all times pod considered running if all containers are scheduled and running Can you deploy a container in Kubernetes? Yes, inside a pod!
Service abstraction which defines a logical set of Pods (selected using label selector), that provide the same functionality (same microservice) different types, for different types of exposure provided by the service
Deployment manages replica set through time and versions for pod spec scale != version update using health checks, makes sure a new version works allows rollbacks to older versions (keeps track of changes)
Deployment strategies - recreate all previous pods are destroyed and new pods are created quickest downtime while new pods start in case of problems and rollback, even more downtime
Kubernetes - next steps
Soooo many things to configure :( at least one controller some services some configMaps and Secrets preallocate persistentVolumes or create storage class for dynamic provisioning
Solution: another level of abstraction higher-level controller that can manage lower-level elements for the moment, not included in Kubernetes ... YET! BUT can be added, through third-party controllers
What is Helm? package manager for Kubernetes provides higher-level abstraction (Chart) to configure full-fledged applications manage complexity, easy upgrades, simple sharing of full application setups, safe rollbacks
How does Helm work? Helm CLI + Tiller server in Kubernetes (which is a controller) CLI responsible for management + requests for releases of charts on Kubernetes Tiller - listens for requests, combines chart + configuration = release, install release, track release
Helm++ Helm release controller - current Lentiq way to manage applications expose HelmRelease as a CRD (custom resource definition) in Kubernetes, to work directly with Kubernetes to manage apps
What are Operators? domain-specific controller manages lifetime of a single application works with Kubernetes primitives, as well as performing application-specific steps
Operators pre and post provision hooks, for application-specific operations single tool to perform all management (kubectl) work in a scalable, repeatable, standard fashion improve resiliency while reducing burden on IT teams
Relation status - it’s complicated Write Build a container image Deploy the application Expose at an endpoint Request-level load balancing Set up SSL/TLS Scale up based on demand Scale down to zero Canary deployments Monitor metrics
Cloud native stack
What Kubernetes missing ? Source-to-URL deploys Canary deployments, rollouts/rollbacks Kubernetes needs container images built/pushed Kubernetes has no notion of immutable revisions to cleanly rollback Manage application traffic Kubernetes cannot natively split traffic (lack of L7 HTTP load balancing) Out-of-the box monitoring Kubernetes doesn’t provide monitoring signals beyond CPU/memory Scale-to-zero Kubernetes cannot do natively
Going forward More projects will natively support k8s CockroachDB - A database architected and built for Kubernetes SiSense BI engine rewritten in k8s) More business scenarios (KubeFlow - Running ML/DS pipeline) Go serverless (Knative ,kubeless) Lightweight k8s (k3s - running on edge devices) Advanced k8s management systems (Multi cloud ,Backup and restore ,Security)
Q&A

More Related Content

PPTX
Jenkins 1
Elad Hirsch
 
PPTX
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
PDF
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
PPTX
Ultimate Guide to Microservice Architecture on Kubernetes
kloia
 
PPTX
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
PDF
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
PDF
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
PDF
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Jenkins 1
Elad Hirsch
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Ultimate Guide to Microservice Architecture on Kubernetes
kloia
 
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 

What's hot (20)

PPTX
Why kubernetes matters
Platform9
 
PDF
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
PDF
Building Your Docker Swarm Tech Stack
Bret Fisher
 
PPTX
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
PDF
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
PPTX
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
 
PDF
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Docker, Inc.
 
PDF
Zero downtime-java-deployments-with-docker-and-kubernetes
Arjan Schaaf
 
PDF
DockerCon SF 2015: Ben Golub's Keynote Day 1
Docker, Inc.
 
PPTX
7+1 myths of the new os
Alexis Richardson
 
PDF
DCSF19 Container Security: Theory & Practice at Netflix
Docker, Inc.
 
PDF
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
PDF
DockerCon SF 2015: Keynote Day 1
Docker, Inc.
 
PDF
DockerCon SF 2015: DHE/DTR
Docker, Inc.
 
PPTX
Introduction to Docker - 2017
Docker, Inc.
 
PDF
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 
PDF
DCEU 18: Docker Container Networking
Docker, Inc.
 
PDF
Docker Meetup at Docker HQ: Docker Cloud
Docker, Inc.
 
PDF
Cluster management with Kubernetes
Satnam Singh
 
ODP
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Docker, Inc.
 
Why kubernetes matters
Platform9
 
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
Building Your Docker Swarm Tech Stack
Bret Fisher
 
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Docker, Inc.
 
Zero downtime-java-deployments-with-docker-and-kubernetes
Arjan Schaaf
 
DockerCon SF 2015: Ben Golub's Keynote Day 1
Docker, Inc.
 
7+1 myths of the new os
Alexis Richardson
 
DCSF19 Container Security: Theory & Practice at Netflix
Docker, Inc.
 
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
DockerCon SF 2015: Keynote Day 1
Docker, Inc.
 
DockerCon SF 2015: DHE/DTR
Docker, Inc.
 
Introduction to Docker - 2017
Docker, Inc.
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 
DCEU 18: Docker Container Networking
Docker, Inc.
 
Docker Meetup at Docker HQ: Docker Cloud
Docker, Inc.
 
Cluster management with Kubernetes
Satnam Singh
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Docker, Inc.
 

Similar to Intro to kubernetes (20)

PPTX
Kubernetes Immersion
Juan Larriba
 
PPTX
KubernetesPPT.pptx
Ryuzaki360
 
PPTX
Newesis - Introduction to Containers
Rauno De Pasquale
 
PDF
modern-guide-to-container-monitoring-and-orchestration.pdf
Guillaume Kpotufe
 
PDF
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
DOCX
Containerization Report
Jatin Chauhan
 
PPTX
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
PPTX
Docker and kubernetes
Meiyappan Kannappa
 
PDF
IRJET- Container Live Migration using Docker Checkpoint and Restore
IRJET Journal
 
PDF
Why kubernetes for Serverless (FaaS)
Krishna-Kumar
 
PDF
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
PPTX
Kubernetes: від знайомства до використання у CI/CD
Stfalcon Meetups
 
PPTX
Mesos and Kubernetes ecosystem overview
Krishna-Kumar
 
PPTX
Techdays SE 2016 - Micros.. err Microcosmos
Mike Martin
 
PPTX
Containers and workload security an overview
Krishna-Kumar
 
PPTX
Containers kuberenetes
Gayan Gunarathne
 
PPTX
Containers kuberenetes
Gayan Gunarathne
 
PPTX
Kubernetes: A Top Notch Automation Solution
Fibonalabs
 
PPTX
Openshift Workshop
PT Datacomm Diangraha
 
PDF
Introduction to containers, k8s, Microservices & Cloud Native
Terry Wang
 
Kubernetes Immersion
Juan Larriba
 
KubernetesPPT.pptx
Ryuzaki360
 
Newesis - Introduction to Containers
Rauno De Pasquale
 
modern-guide-to-container-monitoring-and-orchestration.pdf
Guillaume Kpotufe
 
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
Containerization Report
Jatin Chauhan
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Docker and kubernetes
Meiyappan Kannappa
 
IRJET- Container Live Migration using Docker Checkpoint and Restore
IRJET Journal
 
Why kubernetes for Serverless (FaaS)
Krishna-Kumar
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Kubernetes: від знайомства до використання у CI/CD
Stfalcon Meetups
 
Mesos and Kubernetes ecosystem overview
Krishna-Kumar
 
Techdays SE 2016 - Micros.. err Microcosmos
Mike Martin
 
Containers and workload security an overview
Krishna-Kumar
 
Containers kuberenetes
Gayan Gunarathne
 
Containers kuberenetes
Gayan Gunarathne
 
Kubernetes: A Top Notch Automation Solution
Fibonalabs
 
Openshift Workshop
PT Datacomm Diangraha
 
Introduction to containers, k8s, Microservices & Cloud Native
Terry Wang
 

More from Elad Hirsch (10)

PDF
Data in the wild west with some DevOps to the rescue
Elad Hirsch
 
PDF
KNATIVE - DEPLOY, AND MANAGE MODERN CONTAINER-BASED SERVERLESS WORKLOADS
Elad Hirsch
 
PPTX
JaVers (Open Source) - Object auditing and diff framework
Elad Hirsch
 
PDF
So you want to write a cloud function
Elad Hirsch
 
PDF
Migrate AngularJS to Angular (v5)
Elad Hirsch
 
PDF
Refactoring to GO modules
Elad Hirsch
 
PDF
Cloud native - CI/CD
Elad Hirsch
 
PPTX
devjam2018 - angular 5 performance
Elad Hirsch
 
PPT
Jenkins 17 IL - JavaScript CI/CD
Elad Hirsch
 
PPTX
AngularJS - Architecture decisions in a large project 
Elad Hirsch
 
Data in the wild west with some DevOps to the rescue
Elad Hirsch
 
KNATIVE - DEPLOY, AND MANAGE MODERN CONTAINER-BASED SERVERLESS WORKLOADS
Elad Hirsch
 
JaVers (Open Source) - Object auditing and diff framework
Elad Hirsch
 
So you want to write a cloud function
Elad Hirsch
 
Migrate AngularJS to Angular (v5)
Elad Hirsch
 
Refactoring to GO modules
Elad Hirsch
 
Cloud native - CI/CD
Elad Hirsch
 
devjam2018 - angular 5 performance
Elad Hirsch
 
Jenkins 17 IL - JavaScript CI/CD
Elad Hirsch
 
AngularJS - Architecture decisions in a large project 
Elad Hirsch
 

Recently uploaded (20)

PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PDF
Launch a Bumble-Style App with AI Features in 2025.pdf
techugoapp2025
 
PDF
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
PDF
ment.tech-Siri Delay Opens AI Startup Opportunity in 2025.pdf
thomasnova26
 
PPTX
Information-Technology-in-Human-Society.pptx
744tusharsingh094
 
PDF
substrate PowerPoint Presentation basic one
jwaite4
 
PDF
Identification of potential depression in social media posts
IAESIJAI
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
PDF
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
PDF
EIS-Webinar-Regulated-Industries-2025-08.pdf
Earley Information Science
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PPTX
How to Convert Tickets Into Sales Opportunity in Odoo 18
Celine George
 
PDF
IT-ITes Industry bjjbnkmkhkhknbmhkhmjhjkhj
yatharthjutt100311
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Launch a Bumble-Style App with AI Features in 2025.pdf
techugoapp2025
 
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
ment.tech-Siri Delay Opens AI Startup Opportunity in 2025.pdf
thomasnova26
 
Information-Technology-in-Human-Society.pptx
744tusharsingh094
 
substrate PowerPoint Presentation basic one
jwaite4
 
Identification of potential depression in social media posts
IAESIJAI
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
EIS-Webinar-Regulated-Industries-2025-08.pdf
Earley Information Science
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
How to Convert Tickets Into Sales Opportunity in Odoo 18
Celine George
 
IT-ITes Industry bjjbnkmkhkhknbmhkhmjhjkhj
yatharthjutt100311
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 

Intro to kubernetes

  • 2. Contents Why even bother Containers Container Orchestrators Kubernetes - What? Why? How? Kubernetes - The details Extending Kubernetes Relation status - it’s complicated Going forward
  • 4. Let’s define players Service based Event driven Open API No infra management Managed security Pay only for usage Developer Operator
  • 8. Container - What's in a name? Coming from the shipping industry Caused aquatic theme for domain
  • 9. Shipping containers Portability - can be used on any of supported types of ships Wide variety of cargo that can be packed inside Standard sizes - standard fittings on ships Many containers on a ship Isolates cargo from each other
  • 10. Translated to software Portability - can be used on any supported system (system with container execution environment) Wide variety of software that can be packed inside Standard format Many containers to a physical node Isolates execution of one container from another
  • 11. What is a container? way to pack code and dependencies together can run anywhere execute multiple containers to a physical machine
  • 12. Sounds familiar? same concept as virtual machines pack OS and software together, to run in isolated instances can run anywhere the specific hypervisor runs multiple VMs to a physical machine
  • 13. How do VMs work? hypervisor = layer between VM and kernel emulates system calls allows multiple types of operating systems on a machine (Windows on Linux) overhead for hypervisor
  • 14. Containers on the other hand ... only contain application and application-related libraries and frameworks, that run on the host machine's kernel smaller lower overhead differences in OS distributions and dependencies are abstracted - same kernel
  • 15. Working together, not against each other Windows on Linux possible only with VMs older software needs to be adapted to be run as containers (and won't) usage of VMs as a medium for containers (better isolation and easier scaling)
  • 16. Greater modularity in software Monolithic application → independent services that interact (microservices)
  • 17. Containers empowering microservices quicker start times -> easy to prototype or scale allow work to be done independently on modules -> independent releases for components (take care of interfaces) isolated and abstracted runtime environments, that can be tailored for each module shared runtime environment, for heterogeneous applications
  • 18. Containers history – early days need for resources to be shared among many users -> multiple terminals connected to the same mainframe main problem - execution can cause the main computer to crash -> down for everybody
  • 19. Containers history – Linux containers (lxc) 2008 Provides virtualization at OS level Provides containers with its own process and network space
  • 20. Containers history – Docker 2013 Container execution and management system Originally started with lxc, then moved to libcontainer, which allows containers to work with: • linux namespaces • libcontainer control groups • capabilities • app armor security profiles • network interfaces • firewall rules
  • 21. Containers history – OCI & CNCF Open Container Initiative – 2015 industry format for a container format and container runtime software for all platforms spend resources on developing additional software to support use of standard containers, instead of format alternatives Cloud Native Container Foundation – 2015 Working on different projects to further standardize the market: • Kubernetes • Container Network Interface • Containerd
  • 23. Need for something more? docker started out with a CLI tool on top of lxc, that built, created, started, stopped and exec'd containers does management at a node level, upon specific requests easy to manually manage with up to 100s of containers and 10s of nodes, but what next?
  • 24. Orchestrator manage and organize both hosts and docker containers running on a cluster main issue - resource allocation - where can a container be scheduled, to fulfill its requirements (CPU/RAM/disk) + how to keep track of nodes and scale
  • 25. Some orchestrator tasks manage networking and access track state of containers scale services do load balancing relocation in case of unresponsive host service discovery attribute storage to containers
  • 26. Orchestrator options Kubernetes – open-source, product of CNCF Apache Mesos – cluster management tool, with container orchestration being only one of the things it can do, originally through a plugin called Marathon Docker Swarm – integrated in docker container platform
  • 27. Lately ... Mesos announced Kubernetes support as container orchestration, alongside Marathon Docker Enterprise Edition - integration with Kubernetes alongside Swarm → Kubernetes becoming the de-facto standard for container orchestration (allowing developers to focus on building on top instead of alternatives)
  • 28. Kubernetes – What? Why? How?
  • 29. What is Kubernetes? “Kubernetes” = Greek for governor, helmsman, captain open-source container orchestration system originally designed by Google, maintained by CNCF aim to provide "platform for automating deployment, scaling and operations of application containers across clusters of hosts"
  • 30. Why Kubernetes? - Goals Main objectives, stated by devs, for community Achieve velocity Allow scaling of both software and teams Present abstract infrastructure Gain efficiency
  • 31. Achieve velocity Velocity = number of things you ship while maintaining a highly available service Achieved by: • immutability - created artifact cannot be changed • declarative configuration - declare desired state and Kubernetes' job is to ensure it matches • self-healing systems - trying to maintain desired states if something changes
  • 32. Allow scaling of software encouraging decoupling in applications - separated components that communicate via defined APIs via load-balanced services running in shared abstract environment, without interference utilizing standard container format that runs on any machine
  • 33. Allow scaling of teams separation of concerns for consistency and scaling • application ops rely on the SLA provided by the platform • orchestrator ops uphold SLA
  • 34. Present abstract infrastructure decoupling container images and machines cluster can be heterogeneous and reduce overhead and cost portability - container can be used on another cluster without being changed
  • 35. Gain efficiency optimized usage of physical machines - multiple containers on same machine isolated with namespaces, to not interfere with each other
  • 36. Kubernetes - the details
  • 37. Container image format layered format, allowing to inherit from lower levels and to modify them by adding, changing or removing files using unified file system that allows this layering issue – deleted file remains in older layers image size bigger and build time longer -> development of better tools
  • 38. Running a container image provides the filesystem base for execution configuration, to interoperate with the rest of the system – environment variables, CPU/RAM requirements, process to execute, ports to expose, etc.
  • 39. Kubernetes and containers Can you deploy a container in Kubernetes? NO (not directly) Why not? Because the smallest deployable unit of computing is not a container, but ...
  • 40. Pod smallest deployable unit of computing in Kubernetes colocated multiple apps(containers) into a single atomic unit, scheduled onto a single machine upon creation, statically allocated to a certain node
  • 41. Pod each container runs in its own cgroup (CPU + RAM allocation), but they share some namespaces and filesystems, such as: • IP address and port space • same hostname • IPC channels for communication
  • 42. So, why a pod and not container directly? all or nothing approach for a group of symbiotic containers, that need to be kept together at all times pod considered running if all containers are scheduled and running Can you deploy a container in Kubernetes? Yes, inside a pod!
  • 43. Service abstraction which defines a logical set of Pods (selected using label selector), that provide the same functionality (same microservice) different types, for different types of exposure provided by the service
  • 44. Deployment manages replica set through time and versions for pod spec scale != version update using health checks, makes sure a new version works allows rollbacks to older versions (keeps track of changes)
  • 45. Deployment strategies - recreate all previous pods are destroyed and new pods are created quickest downtime while new pods start in case of problems and rollback, even more downtime
  • 47. Soooo many things to configure :( at least one controller some services some configMaps and Secrets preallocate persistentVolumes or create storage class for dynamic provisioning
  • 48. Solution: another level of abstraction higher-level controller that can manage lower-level elements for the moment, not included in Kubernetes ... YET! BUT can be added, through third-party controllers
  • 49. What is Helm? package manager for Kubernetes provides higher-level abstraction (Chart) to configure full-fledged applications manage complexity, easy upgrades, simple sharing of full application setups, safe rollbacks
  • 50. How does Helm work? Helm CLI + Tiller server in Kubernetes (which is a controller) CLI responsible for management + requests for releases of charts on Kubernetes Tiller - listens for requests, combines chart + configuration = release, install release, track release
  • 51. Helm++ Helm release controller - current Lentiq way to manage applications expose HelmRelease as a CRD (custom resource definition) in Kubernetes, to work directly with Kubernetes to manage apps
  • 52. What are Operators? domain-specific controller manages lifetime of a single application works with Kubernetes primitives, as well as performing application-specific steps
  • 53. Operators pre and post provision hooks, for application-specific operations single tool to perform all management (kubectl) work in a scalable, repeatable, standard fashion improve resiliency while reducing burden on IT teams
  • 54. Relation status - it’s complicated Write Build a container image Deploy the application Expose at an endpoint Request-level load balancing Set up SSL/TLS Scale up based on demand Scale down to zero Canary deployments Monitor metrics
  • 56. What Kubernetes missing ? Source-to-URL deploys Canary deployments, rollouts/rollbacks Kubernetes needs container images built/pushed Kubernetes has no notion of immutable revisions to cleanly rollback Manage application traffic Kubernetes cannot natively split traffic (lack of L7 HTTP load balancing) Out-of-the box monitoring Kubernetes doesn’t provide monitoring signals beyond CPU/memory Scale-to-zero Kubernetes cannot do natively
  • 57. Going forward More projects will natively support k8s CockroachDB - A database architected and built for Kubernetes SiSense BI engine rewritten in k8s) More business scenarios (KubeFlow - Running ML/DS pipeline) Go serverless (Knative ,kubeless) Lightweight k8s (k3s - running on edge devices) Advanced k8s management systems (Multi cloud ,Backup and restore ,Security)
  • 58. Q&A