kubernetes administration from zero to junior hero
play

Kubernetes Administration from Zero to (junior) Hero Lszl Budai - PowerPoint PPT Presentation

Oct 22, 2022 •584 likes •1.17k views

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

  1. Kubernetes Administration from Zero to (junior) Hero László Budai – Component Soft Ltd.

  2. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  3. Introduction ● Cloud computing in general ● Cloud native computing ● Kubernetes overview ● Kubernetes architecture 3 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  4. Cloud computing in general ● a model for enabling ubiquitous network access to a shared pool of configurable computing resources* – resources (compute, storage, network, apps) as services ● resources are allocated on demand – scaling and removal also happens rapidly ( seconds-minutes) ● multi-tenancy – share resources among thousands of users – resource quotas – cost effective IT ● Pay-As-You-Go model – pay per hour/gigabyte instead of flat rate ● maximized effectiveness of the shared resources – maybe over-provisioning ● lower barriers to entry (nice for startups) – focus on your business instead of your infrastructure *definition by NIST 4 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  5. Cloud native computing – a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self healing multi-tenant nodes. – Main properties: ● Container packaged – containers represents an isolated unit of application deployment. ● Dynamically managed - actively scheduled and actively managed by a central orchestrating process. ● Micro-services oriented - loosely coupled with dependencies explicitly described (e.g. through service endpoints). 5 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  6. Application containers – OS level virtualization – OS partitioning (virtual OS vs virtual HW) – Allows us to run multiple isolated user-space application instances in parallel. – Instances will have: Application Application Application ● Application code ● Required libraries ● Runtime Libraries, Libraries, Libraries, – Self sufficient – no external dependencies binaries binaries binaries – Portable – Lightweight Operating system – Immutable images Hardware 6 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  7. Container orchestration – tools that are providing an enterprise-level framework for integrating and managing containers at scale. – aim to simplify container management ● a framework for defining initial container deployment ● availability ● scaling ● networking – Docker Swarm – Mesosphere Marathon – Kubernetes 7 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  8. Kubernetes – Kubernetes – ancient Greek word for helmsman or pilot of the ship – Initially developed by google – Has its origins in Borg cluster manager – “Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.” – Places containers on nodes – Recovers from failure – Basic monitoring, logging, health checking – Enables containers to find each other 8 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  9. Kubernetes concepts – Kubernetes Master – maintains the desired state for the cluster – Kubernetes Node – runs the applications – Kubernetes objects - abstractions that represent the state of the cluster. ● A “record of intent” - a desired state of the cluster ● Objects have – Spec – describes its desired state – State – describes the actual state; updated by Kubernetes. – Name – client provided; unique for a kind in a namespace, can be reused – Namespaces – virtual clusters; provides a scope for names. – Labels – key-value pairs attached to objects – Label selector – is the core grouping primitive – Annotations – attach arbitrary non-identifying metadata to objects 9 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  10. Kubernetes objects categories – Workloads – used to manage and run the containers (Pod, ReplicationController, deployment) – Discovery & LB – "stitck" workloads together into an externally accessible, load-balanced Service (Service, Ingress). – Config & Storage – objects we can use to inject initialization data into applications, and to persist data that is external to the containers (Volume, Secret). – Metadata – objects used to configure the behavior of other resources within the cluster (LimitRange) – Cluster – objects responsible for defining the configuration of the cluster itself (Namespace, Binding) 10 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  11. Kubernetes architecture – Kubernetes master Users – Kubernetes node Devops Kubernetes node Kubernetes node Kubelet Kube-Proxy Kubernetes master Container engine ... API Server Pod Pod Pod Pod etcd . . . Controller Scheduler Kubernetes node Manager Kubelet Kube-Proxy Container engine ... Pod Pod Pod Pod 11 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  12. Kubernetes master – provide the cluster’s control plane – kube-apiserver Kubernetes master ● Exposes the Kubernetes API – the front-end for the Kubernetes control plane. API Server ● Designed to scale horizontally. etcd – etcd ● Is the backing store of Kubernetes. Controller Scheduler ● Distributed key-value store Manager – Kube-controller-manager ● background threads that handle routine tasks – Node Controller – Replication Controller – Endpoints Controller – Service Account & Token Controllers – kube-scheduler ● Assigns nodes to the newly created pods 12 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  13. Kubernetes node – kubelet - the primary node agent. It watches for pods that have been assigned to its node and: Kubernetes node ● Mounts the pod’s required volumes. ● Downloads the pod’s secrets. Kubelet Kube-Proxy ● Runs the pod’s containers. Container engine ● Periodically executes any requested container liveness probes. ... ● Reports the status of the pod. Pod Pod ● Reports the status of the node. – kube-proxy ● enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding – Container engine ● Used to run the containers ● Docker by default, rkt optionally. ● Container Runtime Interface – paves the way to alternative runtimes 13 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  14. Exercise 1: The lab environment – Understanding the classroom environment br_management Lab machine: – Using kubectl 10.10.10.0/24 eth0 eth0 eth0 eth0 worker3 instances worker1 worker2 master1 KVM 14 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  15. 2. Accessing the kubernetes API – Ways to access the API – Controlling access to the API – Authentication – Authorization – Role Based Access Control 15 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  16. Accessing the kubernetes cluster – kubectl – the command line tool for deploying and managing applications on kubernetes ● Inspect cluster resources ● Create, delete, update components ● Configuration file: ~/.kube/config – information for finding and accessing a cluster ● bash autocompletion – Dashboard – web based user interface (add-on) ● Manage applications ● Manage the cluster itself – Direct access to the API ● HTTP REST 16 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  17. Controlling access to the API – A request for the API will pass several stages before reaching it Request Admission Resource Resource Authentication Authorization control – Authentication – Ensures that the user it is who it pretends to be – Kubernetes has 2 categories of users: ● Service accounts – managed by kubernetes ● Normal users – managed by an independent service – API requests can be treated as anonymous ones if are not tied to a user or service account. – Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate API requests through authentication plugins. 17 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  18. Authorization – After the user authentication step the request will have to pass the authorization step. – All parts of an API request must be allowed by some policy → permissions are denied by default. – Authorization modules ● Node ● ABAC – Attribute-based access control ● RBAC – Role-based access control ● Webhook 18 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  19. Role Based Access Control – RBAC allows fine grained rules for accessing the cluster – allows dynamic configuration of policies through the Kubernetes API. – uses the “rbac.authorization.k8s.io” API group – It defines Roles and RoleBindings in order to assign permissions to subjects. – These permissions can be set ● Clusterwide – can be used for cluster-scoped resources, non-resource endpoints, namespaced resources across all namespaces ● Within a namespace. ● For one single resource. – Subjects can be users, groups, and service accounts 19 (c) 2018 Component Soft Ltd. - v1.11revdraf t

Recommend

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School Deputy- Allison Bye - Year 4 Sue Esposito sespo2@eq.edu.au abye3@eq.edu.au Meet the Year 4 Teachers Mr Clinton Mills Mrs Fiona Campbell

412 views • 24 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell

The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell

The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell Alison Dotson Shala Nicely Stuart Ralph The elevator pitch Musical Chairs Groups of 2-3 People you dont know! Todays Tale Criteria to

556 views • 39 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes & Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1

Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1

Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1 Opponent 2 Opponent 3 American Beauty by Alan Ball Lester (+ Ricky) Carolyn (+ real estate king) (deposed king-trickster)

381 views • 24 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite 12 spacious Suites Junior Suite: 45m 2 Suite: 65m 2 Apartment Suite: 110m 2 Fine Italian Cuisine Renowned Chef Vito Grippa

498 views • 18 slides
Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero

Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero

Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero Acquisitions Limited Q3 17 Steve Ashmore, CEO John Gill, CEO Strategic progress Headlines Steve Bailey, Interim CFO Paul Quested, CFO Q3 17 Results

392 views • 17 slides
Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and

Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and

Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and Junior to Youth Classes Page 6 and 7 To develop & retain the best young racing sailors in the world To achieve the ambition: 1. Create fast

611 views • 32 slides
REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G.

REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G.

REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G. McCoy, P.E. TxDOT Austin District 6/28/2018 HERO Program Update 6/28/18 HERO Program Performance-based contract awarded to SERCO September 2017

198 views • 5 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.17k views • 28 slides
HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR.

HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR.

HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR. VOAKES Mrs. Rehn: Mrs. DeVuyst: Students Last names A-O Students Last names P-Z Stress &Anxiety Guidance Counseling

458 views • 28 slides
Freshmen Orientation Defiance High School August 11, 2016 Staff Introductions l Administration:

Freshmen Orientation Defiance High School August 11, 2016 Staff Introductions l Administration:

Freshmen Orientation Defiance High School August 11, 2016 Staff Introductions l Administration: l Mr.Morton, Principal l Mr. Jerger, Assistant Principal l School Counselors: l Mr. Singer Senior/Junior l Mr. Manz Junior/Sophomore l Mrs.

494 views • 21 slides
Dimension Reduction for Classification Alfred O. Hero Dept. EECS, Dept BME, Dept. Statistics

Dimension Reduction for Classification Alfred O. Hero Dept. EECS, Dept BME, Dept. Statistics

Dimension Reduction for Classification Alfred O. Hero Dept. EECS, Dept BME, Dept. Statistics University of Michigan - Ann Arbor hero@eecs.umich.edu http://www.eecs.umich.edu/~hero BIRS, July. 2005 1. The manifold supporting data sample 2.

452 views • 31 slides
Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me

1.12k views • 27 slides
Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes Ceph Storage Operation NVRAMOS 2019 10/28/2019 Cloud Service Model On Premises IaaS CaaS PaaS SaaS Applications Applications

660 views • 36 slides
OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com) Jaesuk Ahn (jay.ahn@sk.com) Open System Lab Network IT Convergence R&D Center SK Telecom Wil Reichert (wil@solinea.com) Solinea What will

1.26k views • 46 slides
Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie and Joe Beda 2/3rds of a pod Connaissez-vous Kubernetes? Kubernetes is an open-source system for automating deployment, scaling, and

747 views • 63 slides
LEADERSHIP LESSONS FROM THE AGILE MANIFESTO @ANJUAN A hero ventures forth from the world of

LEADERSHIP LESSONS FROM THE AGILE MANIFESTO @ANJUAN A hero ventures forth from the world of

LEADERSHIP LESSONS FROM THE AGILE MANIFESTO @ANJUAN A hero ventures forth from the world of common day into a region of supernatural wonder: fabulous forces are there encountered and a decisive victory is won: the hero comes back from

969 views • 37 slides
Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4 Kubernetes cloud for a few Euros! few Euros! Jean-Frederic Clere Jean-Frederic Clere @jfclere @jfclere Fosdem 2020 Feb. 1-2, 2020 TM Who am I?

529 views • 26 slides

More recommend