Kubernetes

Introduction to Kubernetes

Why choose Kubernetes?

An open-source system for automating deployment, scaling, and management of containerized applications.
No Vendor Lock-In
Large Community of support
Robust platform for container orchestration
Based on 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community

Kubernetes is an Orchestration Platform

Scheduling: decide where containers run
Lifecycle and Health: keep containers running and restart them if they fail
Scaling: grow and shrink deployments as needed
Naming and Discovery: help containers find each other
LoadBalancing: distribute traffic across containers ...and a whole lot more

Why Do You Need Container Orchestration?

Deploy applications to servers without worrying about specific servers
Scale the application horizontally up and dow
This is called container auto-healing or Restore the application if the server on which it worked fails rescheduling

Kubernetes has a Declarative API

Kubernetes is a Declarative Model

You express the desired state

Kubernetes maintains it

What could be simpler?

Kubernetes Architecture

There can be one or more Master Nodes (HA)
There can be zero or more Worker Nodes
Everyone communicates via the API Server
Kubelet on each Worker Node acting as an agent
Everything can be on one node for development use

Kubernetes All-In-One

You can run Kubernetes all in one VM for development work (not for production!)
MiniKube is great for setting this up
MiniShift will deploy a development version of RedHat OpenShift 3.x which uses Kubernetes
CRC (Code Ready Container) will deploy OpenShift 4.x

Kubernetes is the new "Cloud OS"

Managing Containers with VMs:

SysAdmins must decide where to place container
Workload balancing is manual

Managing Containers with Kubernetes:

Kubernetes schedules and optimizes workloads automatically

Kubernetes Pods

Containers run in Pods
The Pod is the smallest deployment possible
Containers are deployed from a container registry (public or private)

Kubernetes ReplicaSets

ReplicaSets allow multiple copies of containers to be deployed
Each one in it's own Pod
If a container dies, the ReplicaSet will spawn a new one

Kubernetes Volume Mounts

Volumes

ConfigMaps hold configuration parameters
Secrets hold credentials and other secrets
Persistent Volume Claims are used to ask for persistent storage for data/state

Kubernetes Deployments

Deployment

Sets up the ReplicaSets for you
Also specified the Secrets, ConfigMaps, and Volume Mounts
Provides features for rolling out updates and handling their rollbacks

Kubernetes Service

Service exposes Pods to the outside as:

ClusterIP
NodePort
Load Balancer

Types of Services

LoadBalancer: Only available via cloud providers. Front end for service that balances the load across multiple backends from a single IP address
NodePort: Exposes the service as an arbitrary port on every worker node in the cluster
ClusterIP: Service is only accessible from other services within the cluster (no external exposure)

Kubernetes Ingress Controller

Ingress

Exposes Service outside of Kubernetes
Maps URL paths to services

Services Map to Pods via Labels

Use Case for Multiple Containers in a Pod

Pods can be used to host vertically integrated application stacks (e.g. LAMP), but their primary motivation is to support co-located, co-managed helper programs, such as:

Content management systems, file and data loaders, local cache managers, etc.
Log and checkpoint backup, compression, rotation, snapshotting, etc.
Data change watchers, log tailers, logging and monitoring adapters, event publishers, etc.
Proxies, bridges, and adapters
Controllers, managers, configurators, and updaters

Linking Service to Pods

Service:

apiVersion: v1
  kind: Service
  metadata:
    name: hitcounter-service
  spec:
    type: NodePort
    selector:
      app: hitcounter # label
    ports:
      - name: primary
        protocol: TCP
        port: 8080

Deployment:

apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: hitcounter
  spec:
    replicas: 3
    selector:
      matchLabels:
        app: hitcounter # <-- should match this label
    template:
      metadata:
        labels:
          app: hitcounter
    spec:
      containers:
      - image: hitcounter:1.0
        imagePullPolicy: IfNotPresent
        name: hitcounter
        ports:
        - containerPort: 8080
        - protocol: TCP
      restartPolicy: Always

Service Discovery

Kubernetes provides internal routing so services can find each other

External Service Access

LoadBalancers provide external access for a single service

External Routing

Kubernetes provides an Ingress Controller to allow external network access or you can use NodePorts.

Ingress Example

apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    name: ecommerce
  spec:
    rules:
    - host: ecommerce.containers.mybluemix.net
      http:
        paths:
        - path: /shopcarts
          backend:
            serviceName: shopcart-service
            servicePort: 5000
        - path: /catalog
          backend:
            serviceName: catalog-service
            servicePort: 5000
        - path: /orders
          backend:
            serviceName: order-service
            servicePort: 5000
        - path: /recommendations
          backend:
            serviceName: recommendation-service
            servicePort: 5000

Ingress Controller

Single entry point into multiple kubernetes services

Persistent Volumes

Kubernetes loosely couples physical storage devices with containers by introducing an intermediate resource called persistent volume claims (PVCs).
A PVC defines the disk size, disk type (ReadWriteOnce, ReadOnlyMany, ReadWriteMany) and dynamically links a storage device to a volume defined against a pod
The binding process can either be done in a static way using PVs or dynamically be using a persistent storage provider

Example Volume Mount

There is a volume named redis-storage and that is connected to the redis container via the VolumeMount: /data/redis

apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
    - name: redis
      image: redis
      volumeMounts:
        - name: redis-storage
          mountPath: /data/redis
  volumes:
    - name: redis-storage
      emptyDir: {}

Configurations Management: ConfigMaps

Containers generally use environment variables for parameterizing their runtime configurations
Kubernetes provides a way of managing more complex configuration files using a simple resource called ConfigMaps
ConfigMaps can be created using directories, files or literal values using following CLI command:

$ kubectl create configmap <map-name> <data-source>
# map-name: name of the config map
# data-source: directory, file or literal value

Credentials Management: Secrets

Similar to ConfigMaps, Kubernetes provides another valuable resource called Secrets for managing sensitive information such as passwords, OAuth tokens, and ssh keys.
A secret can be created for managing basic auth credentials using the following way:

# write credentials to two files
$ echo -n 'admin' > ./username.txt
$ echo -n '1f2d1e2e67df' > ./password.txt
# create a secret
$ kubectl create secret generic app-credentials --from-file=./
username.txt --from-file=./password.txt

Credentials From Environment Variables

$ export DATABASE_URI='postgres://admin:s3cr3t@postgres:5432/postgres'
$ kubectl create secret generic db-creds --from-literal=databaseuri=$DATABASE_URI

Creates the following

apiVersion: v1
kind: Secret
data:
  database-uri: cG9zdGdyZXM6Ly9hZG1pbjpzM2NyM3RAcG9zdGdyZXM6NTQzMi9wb3N0Z3Jlcw==

Create Secrets from Literals

kubectl create secret generic dev-db-secret \
 --from-literal=username=devuser \
 --from-literal=password='s3cr3t' \
 --dry-run=client -o yaml

Output from create command:

apiVersion: v1
kind: Secret
metadata:
  name: dev-db-secret
type: Opaque
data:
  username: ZGV2dXNlcgo=
  password: czNjcjN0Cg==

Secret Yaml Example

apiVersion: v1
  kind: Secret
  metadata:
    name: ecommerce-apikey
    namespace: default
  data:
    secret: <place base64 encoded secret here>

Using Secrets

apiVersion: apps/v1
kind: Deployment
---
spec:
  containers:
    - name: pet-demo
      image: pet-demo:v1
      imagePullPolicy: IfNotPresent
      ports:
        - containerPort: 5000
          protocol: TCP
      env:
        - name: DATABASE_URI
          valueFrom:
            secretKeyRef:
              name: pet-creds
              key: binding

Kubernetes Rolling Updates (Zero Downtime Deployments)

$ kubectl set image deployment/<application-name> <container-name>=<container-image-name>:<new-version>

Kubernetes Autoscaling

Kubernetes allows pods to be manually scaled either using ReplicaSets or Deployments. This can be achieved using the following CLI command:

$ kubectl scale --replicas=<desired-instance-count> deployment/<application-name>

PreviousSwagger and OpenAPI NextInfrastructure as Code

Last updated 4 years ago