Difference between revisions of "Kubernetes"
(Extracting minikube) |
(→Helm) |
||
(13 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
[[File:Container_evolution.svg|right|thumb|500px|Container evolution|link=https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/]] | [[File:Container_evolution.svg|right|thumb|500px|Container evolution|link=https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/]] | ||
− | It's important to note right up front, before you dive into Kubernetes, that [[minikube]] is the tool for ''local'' Kubernetes. | + | {{Messagebox |
+ | | type = success | ||
+ | | style = width:50%; | ||
+ | | text = It's important to note right up front, before you dive into Kubernetes, that [[Minikube|minikube]] is the tool for ''local'' Kubernetes. | ||
+ | }} | ||
− | == Kubernetes Components == | + | |
+ | |||
+ | TechWorld with Nana has a great crash course in Kubernetes 72:03. {{#ev:youtube|s_o8dwzRlu4}} | ||
+ | |||
+ | For hands-on interactive learning, head over to https://Katacoda.com | ||
+ | |||
+ | Reddit community is at https://www.reddit.com/r/kubernetes/ | ||
+ | |||
+ | ==Kubernetes Components== | ||
When you deploy Kubernetes, you get a cluster. The cluster is composed of many [https://kubernetes.io/docs/concepts/overview/components/ components]. Here are brief details on some of them. | When you deploy Kubernetes, you get a cluster. The cluster is composed of many [https://kubernetes.io/docs/concepts/overview/components/ components]. Here are brief details on some of them. | ||
[[File:Components-of-kubernetes.png|thumb|left|800px|Kubernetes Components|link=https://kubernetes.io/docs/concepts/overview/components/]] | [[File:Components-of-kubernetes.png|thumb|left|800px|Kubernetes Components|link=https://kubernetes.io/docs/concepts/overview/components/]] | ||
<br clear="all"> | <br clear="all"> | ||
− | === Kube-apiserver === | + | ;Pod:abstraction of a container |
+ | ;Service:communication between Pods | ||
+ | ;Ingress:route traffic into cluster | ||
+ | ;ConfigMap:external configuration | ||
+ | ;Secret:external configuration | ||
+ | ;Volume:data persistence | ||
+ | ;Blueprints: | ||
+ | ;Deployments:for replication of stateless services; a template for creating pods; Declarative so the Controller Manager can check and ensure system is what we want. Each configuration file has 3 parts: metadata, specification, status (automatically generated and added by K8s) | ||
+ | ;StatefulSet:replication of stateful applications like databases | ||
+ | |||
+ | Current status comes from etcd - the "Cluster Brain". | ||
+ | |||
+ | ===Kube-apiserver=== | ||
The API server is the front end for the Kubernetes control plane. | The API server is the front end for the Kubernetes control plane. | ||
The main implementation of a Kubernetes API server is [https://kubernetes.io/docs/reference/generated/kube-apiserver/ kube-apiserver]. kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances. | The main implementation of a Kubernetes API server is [https://kubernetes.io/docs/reference/generated/kube-apiserver/ kube-apiserver]. kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances. | ||
− | === etcd === | + | All communication; whether from a UI, API or CLI, goes through the API Server, and must be in the form of [[JSON]] or [[YAML]]. |
+ | |||
+ | ===etcd=== | ||
Consistent and highly-available key value store. Used for backing store for all cluster data. https://etcd.io/docs/ [http://play.etcd.io/install Play with etcd]. github: https://github.com/etcd-io/etcdlabs [https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/hardware.md#example-hardware-configurations Sizing] [https://github.com/etcd-io/etcd/tree/master/etcdctl <code>etcdctl</code>] (command line client) | Consistent and highly-available key value store. Used for backing store for all cluster data. https://etcd.io/docs/ [http://play.etcd.io/install Play with etcd]. github: https://github.com/etcd-io/etcdlabs [https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/hardware.md#example-hardware-configurations Sizing] [https://github.com/etcd-io/etcd/tree/master/etcdctl <code>etcdctl</code>] (command line client) | ||
− | === Kube-scheduler === | + | ===Kube-scheduler=== |
Control plane component that watches for newly created Pods with no assigned node , and selects a node for them to run on. | Control plane component that watches for newly created Pods with no assigned node , and selects a node for them to run on. | ||
Factors taken into account for scheduling decisions include: individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, and deadlines. | Factors taken into account for scheduling decisions include: individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, and deadlines. | ||
− | === Kube-controller-manager === | + | ===Kube-controller-manager=== |
Control Plane component that runs controller processes; including Node controller, Replication controller, Endpoints controller, Service Account and Token controllers. | Control Plane component that runs controller processes; including Node controller, Replication controller, Endpoints controller, Service Account and Token controllers. | ||
− | === Cloud-controller-manager === | + | ===Cloud-controller-manager=== |
A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that just interact with your cluster. | A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that just interact with your cluster. | ||
− | == Node Components == | + | ==Node Components== |
Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment. | Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment. | ||
− | === Kubelet === | + | ===Kubelet=== |
An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod . | An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod . | ||
− | === Kube-proxy === | + | ===Kube-proxy=== |
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. | kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. | ||
− | === Container runtime === | + | ===Container runtime=== |
− | The container runtime is the software that is responsible for running containers. Docker by default, it can also be CRI-O or possibly other implementations of the Container Runtime Interface. | + | The container runtime is the software that is responsible for running containers. [[Docker]] by default, it can also be CRI-O or possibly other implementations of the Container Runtime Interface. |
− | == Addons == | + | ==Addons== |
You probably need at least the DNS and Web UI [https://kubernetes.io/docs/concepts/cluster-administration/addons/ addons]. | You probably need at least the DNS and Web UI [https://kubernetes.io/docs/concepts/cluster-administration/addons/ addons]. | ||
− | == Tools == | + | ==Tools== |
− | === Kubectl === | + | ===[[Kubectl]]=== |
− | |||
− | === Kubeadm === | + | ===Kubeadm=== |
[https://github.com/kubernetes/kubeadm Kubeadm] is a [https://github.com/kubernetes/kubernetes/tree/master/cmd/kubeadm component of Kubernetes]. | [https://github.com/kubernetes/kubeadm Kubeadm] is a [https://github.com/kubernetes/kubernetes/tree/master/cmd/kubeadm component of Kubernetes]. | ||
− | : Kubeadm is a tool built to provide best-practice "fast paths" for creating Kubernetes clusters. It performs the actions necessary to get a minimum viable, secure cluster up and running in a user friendly way. Kubeadm's scope is limited to the local node filesystem and the Kubernetes API, and it is intended to be a composable building block of higher level tools. | + | |
+ | :Kubeadm is a tool built to provide best-practice "fast paths" for creating Kubernetes clusters. It performs the actions necessary to get a minimum viable, secure cluster up and running in a user friendly way. Kubeadm's scope is limited to the local node filesystem and the Kubernetes API, and it is intended to be a composable building block of higher level tools. | ||
+ | |||
+ | ===Helm=== | ||
+ | [[File:Helm.svg|thumb|150px|The package manager for Kubernetes|link=Helm]] [[Helm]] is a tool for managing Charts, self-styled as "the package manager for Kubernetes". | ||
+ | |||
+ | ==Container Registries== | ||
+ | [[RedHat]] has a registry at quay.io. Quay builds, analyzes, distributes your container images. | ||
+ | |||
+ | For example, see the [https://quay.io/repository/bitnami/mediawiki/manifest/sha256:8cceeeb88e2922c25b0cd9e2fe62cc75b739a4dba2dba515e37e22ebe0586c2c bitnami manifest for MediaWiki]. What's really interesting is that not only can you quickly look at the '''manifest''', they also show you a list of all the packages built into the image. Most importantly, they do a security scan for vulnerabilities and even show which layer the (vulnerable) package is introduced in. | ||
+ | |||
+ | ==LXD public image server== | ||
+ | |||
+ | *https://images.linuxcontainers.org | ||
+ | |||
+ | ==Official Ubuntu Cloud Images== | ||
+ | |||
+ | *https://cloud-images.ubuntu.com/releases | ||
+ | |||
+ | ==Chart Repositories== | ||
+ | There is a Helm chart repository at https://hub.helm.sh/ There you can find the [https://hub.helm.sh/charts/bitnami/mediawiki chart for Bitnami MediaWiki] | ||
+ | |||
+ | Bitnami has it's own chart repository at https://charts.bitnami.com/ (nothing to see there). The GitHub repo is https://github.com/bitnami/charts | ||
+ | |||
+ | ==Cloud Providers== | ||
+ | Each cloud provider has customized their offerings for Kubernetes to integrate with their platforms. So we have: | ||
+ | |||
+ | *<strike>VMWare Enterprise PKS</strike> [https://tanzu.vmware.com/kubernetes-grid VMWare Tanzu Kubernetes Grid] | ||
+ | *[https://azure.microsoft.com/en-us/services/kubernetes-service/ Azure Kubernetes Service] (AKS) | ||
+ | *[https://aws.amazon.com/eks/ Amazon Elastic Container Service for Kubernetes] (EKS) | ||
+ | *[https://cloud.google.com/kubernetes-engine Google Kubernetes Engine] (GKE) | ||
+ | *[https://www.ibm.com/cloud/container-service/ IBM Cloud Kubernetes Service] (IKS) | ||
+ | *[https://www.digitalocean.com/products/kubernetes/ DigitalOcean managed Kubernetes] | ||
+ | |||
+ | Canonical doesn't offer cloud products per-se, but Ubuntu is the reference platform for Kubernetes on all major public clouds, including official support in Google's GKE, Microsoft's AKS, and Amazon's EKS offerings. Canonical supports these upstreams: MicroK8s, Charmed Kubernetes, <code>[[#Kubeadm|kubeadm]]</code> | ||
[[Category:Virtualization]] | [[Category:Virtualization]] | ||
+ | [[Category:Kubernetes]] |
Latest revision as of 07:30, 2 August 2024
Kubernetes is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications.
TechWorld with Nana has a great crash course in Kubernetes 72:03.
For hands-on interactive learning, head over to https://Katacoda.com
Reddit community is at https://www.reddit.com/r/kubernetes/
Contents
Kubernetes Components[edit | edit source]
When you deploy Kubernetes, you get a cluster. The cluster is composed of many components. Here are brief details on some of them.
- Pod
- abstraction of a container
- Service
- communication between Pods
- Ingress
- route traffic into cluster
- ConfigMap
- external configuration
- Secret
- external configuration
- Volume
- data persistence
- Blueprints
- Deployments
- for replication of stateless services; a template for creating pods; Declarative so the Controller Manager can check and ensure system is what we want. Each configuration file has 3 parts: metadata, specification, status (automatically generated and added by K8s)
- StatefulSet
- replication of stateful applications like databases
Current status comes from etcd - the "Cluster Brain".
Kube-apiserver[edit | edit source]
The API server is the front end for the Kubernetes control plane.
The main implementation of a Kubernetes API server is kube-apiserver. kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances.
All communication; whether from a UI, API or CLI, goes through the API Server, and must be in the form of JSON or Yaml.
etcd[edit | edit source]
Consistent and highly-available key value store. Used for backing store for all cluster data. https://etcd.io/docs/ Play with etcd. github: https://github.com/etcd-io/etcdlabs Sizing etcdctl
(command line client)
Kube-scheduler[edit | edit source]
Control plane component that watches for newly created Pods with no assigned node , and selects a node for them to run on.
Factors taken into account for scheduling decisions include: individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, and deadlines.
Kube-controller-manager[edit | edit source]
Control Plane component that runs controller processes; including Node controller, Replication controller, Endpoints controller, Service Account and Token controllers.
Cloud-controller-manager[edit | edit source]
A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that just interact with your cluster.
Node Components[edit | edit source]
Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment.
Kubelet[edit | edit source]
An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod .
Kube-proxy[edit | edit source]
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
Container runtime[edit | edit source]
The container runtime is the software that is responsible for running containers. Docker by default, it can also be CRI-O or possibly other implementations of the Container Runtime Interface.
Addons[edit | edit source]
You probably need at least the DNS and Web UI addons.
Tools[edit | edit source]
Kubectl[edit | edit source]
Kubeadm[edit | edit source]
Kubeadm is a component of Kubernetes.
- Kubeadm is a tool built to provide best-practice "fast paths" for creating Kubernetes clusters. It performs the actions necessary to get a minimum viable, secure cluster up and running in a user friendly way. Kubeadm's scope is limited to the local node filesystem and the Kubernetes API, and it is intended to be a composable building block of higher level tools.
Helm[edit | edit source]
Helm is a tool for managing Charts, self-styled as "the package manager for Kubernetes".
Container Registries[edit | edit source]
RedHat has a registry at quay.io. Quay builds, analyzes, distributes your container images.
For example, see the bitnami manifest for MediaWiki. What's really interesting is that not only can you quickly look at the manifest, they also show you a list of all the packages built into the image. Most importantly, they do a security scan for vulnerabilities and even show which layer the (vulnerable) package is introduced in.
LXD public image server[edit | edit source]
Official Ubuntu Cloud Images[edit | edit source]
Chart Repositories[edit | edit source]
There is a Helm chart repository at https://hub.helm.sh/ There you can find the chart for Bitnami MediaWiki
Bitnami has it's own chart repository at https://charts.bitnami.com/ (nothing to see there). The GitHub repo is https://github.com/bitnami/charts
Cloud Providers[edit | edit source]
Each cloud provider has customized their offerings for Kubernetes to integrate with their platforms. So we have:
VMWare Enterprise PKSVMWare Tanzu Kubernetes Grid- Azure Kubernetes Service (AKS)
- Amazon Elastic Container Service for Kubernetes (EKS)
- Google Kubernetes Engine (GKE)
- IBM Cloud Kubernetes Service (IKS)
- DigitalOcean managed Kubernetes
Canonical doesn't offer cloud products per-se, but Ubuntu is the reference platform for Kubernetes on all major public clouds, including official support in Google's GKE, Microsoft's AKS, and Amazon's EKS offerings. Canonical supports these upstreams: MicroK8s, Charmed Kubernetes, kubeadm