kubernetes apis under the hood
play

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip - PowerPoint PPT Presentation

Mar 29, 2023 •834 likes •1.12k views

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me

  1. Kubernetes APIs Under the Hood @pwittrock

  2. Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me through… ● Kubectl ● Kubebuilder ● Kubernetes Steering Committee @pwittrock

  3. Kubernetes Refresher ● Nodes are machines in a cluster that run Containers in Pods ● Pods are created and managed by higher level abstractions such as ReplicaSets ● ReplicaSets managed by higher level abstractions such as Deployments ● Deployments (and all other user owned objects) defined in files and created / updated with `kubectl apply` ● APIs (deployments, replicasets, pods, nodes) == Resource Types and Objects == Resources @pwittrock

  4. Kubernetes APIs Are... Declarative , Asynchronous, Level-Triggered , Observable, Discoverable, Versioned , Access Controlled, Extensible, ... @pwittrock

  5. Kubernetes APIs are… Declarative apiVersion: apps/v1 Configuration for a Deployment that kind: Deployment metadata: manages 3 Pods each running an nginx name: nginx-deployment container labels: {app: nginx} spec: Deployment resource is replicas: 3 selector: declared in a file matchLabels: {app: nginx} template: metadata: labels: {app: nginx} Create or update the resource in the cluster by run spec: kubectl apply on a file or directory containers: [ {name: nginx, kubectl apply -f deploy.yaml image: 'nginx:1.7.9'}] @pwittrock

  6. Create Deployment Example apiVersion: apps/v1 kubectl apply -f kind: Deployment deploy.yaml metadata: deploy.yaml name: nginx-deployment labels: {app: nginx} spec: 1. Discover EndPoints replicas: 3 selector: 2. HTTP POST matchLabels: {app: nginx} template: 3. ??? metadata: labels: {app: nginx} spec: apiserver containers: [ Pod Pod Nodes {name: nginx, Pod image: 'nginx:1.7.9'}] @pwittrock

  7. Lifecycle - Resources, Controllers and Webhooks ● APIs declared as Resources - provide storage and endpoints ● APIs actuated by Controllers - execute the business logic ● APIs admitted by Webhooks - defaulting, validation, conversion @pwittrock

  8. Kubernetes APIs are... Asynchronous & Observable Foo Resources stored in etcd by the apiserver API endpoints Resource: Foo objects (CRUD storage) Foo objects Stores Foo objects Foo Resources Stuff Asynchronous watch notification on object create / update / delete Controller: Foo Controller Does Stuff Loose coupling between Controller and API endpoints: Storage doesn’t know about @pwittrock Controllers

  9. Kubernetes APIs are... Level Triggered Object Controller default/baz default / Reconcile Reconcile baz Queue Function Watch events: Create Update Update Tips: ● Internal cleanup with Reconcile on Batch events together ownerReferences namespace/name ● External cleanup with into single Reconcile call only, not the event finalizers @pwittrock

  10. Controller Workflow ● apiserver streams Watch Event to Controller Controller ● Controller Reads Object + Related Reconcile: Objects (e.g. Deployment + Read Cluster Watch Event ReplicaSets) State Reconcile: ● Controller Creates new owned Update Cluster objects, updates owned objects, Objects updates object status apiserver @pwittrock

  11. Kubectl Apply: Create Deployment Deployment Controller watch evt create ReplicaSet apply create deploy. ReplicaSet apiserver yaml Controller create Pod(s) update Pod(s) Node(s) update Pod(s) (Pod) Scheduler @pwittrock

  12. Kubectl Apply: Update Deployment Deployment Controller watch evt Scale up new ReplicaSet / Scale down old ReplicaSet apply patch deploy. ReplicaSet apiserver yaml Controller delete Pod(s) create Pod(s) update Pod(s) Node(s) update Pod(s) (Pod) Scheduler @pwittrock

  13. Resources apiVersion: v1 kind: Pod metadata metadata: name: my-app Resource Types declare APIs ● namespace: default … ● Resources provide storage for spec: objects containers: - args: [sh] ● Standardized schema structure image: gcr.io/some-project/udptest spec Discoverable API endpoints and ● imagePullPolicy: Always name: client schema … dnsPolicy: ClusterFirst ● “Just work” with declarative … tooling - e.g. kubectl apply status: status podIP: 10.8.3.11 … @pwittrock

  14. TypeMeta apiVersion: apps /v1 ● Kind (Deployment) kind: Deployment metadata: ○ Name of the API (e.g. Deployment) name: nginx-deployment ● Group (apps) labels: {app: nginx} spec: ○ Like a package in go, java, etc (e.g. apps ) replicas: 3 ● Version (v1) selector: ... ○ Ensures backwards compatibility of: Defaulted template: Fields & Schema ... @pwittrock

  15. ObjectMeta apiVersion: apps/v1 Name and * Namespace uniquely identify an ● kind: Deployment metadata: object for a given Resource name: nginx-deployment ● Annotations are arbitrary key-value pairs namespace: default labels: {app: nginx} that cannot be queried spec: Labels are key-value pairs that may be ● replicas: 3 selector: queried (selected) ... template: ... @pwittrock

  16. Spec and Status apiVersion: apps/v1 kind: Deployment metadata: ● Spec name: nginx-deployment labels: {app: nginx} Object Desired State (e.g. how ○ spec: many replicas to run, template for replicas: 3 selector: Pods, etc) matchLabels: {...} ● Status (not shown) template: metadata: ○ Defines the observed state for an labels: {...} spec: object (e.g. how many replicas are ... running) @pwittrock

  17. Deployment name: nginx Resource Wiring labels :run=nginx selector :run=nginx ReplicaSet Labels/Selectors locate objects ● name: nginx-65899c769f ● Label - generated objects labels :run=nginx selector :run=nginx ● Selector - find labeled objects owner : Deployment nginx ● OwnerReference on generated objects Pod name: nginx-65899c769f-6slpx labels :run=nginx Tip: Objects with owner references are Pod automatically garbage collected when selector :run=nginx name: nginx-65899c769f-fbgcv all of their owners have been deleted labels : run=nginx owner: ReplicaSet nginx-65899c769f @pwittrock

  18. apiVersion: apps/v1 kind: Deployment Synchronous Defaulting metadata: name: nginx-deployment and Validation labels: {app: nginx} spec: # server defaults this value Unspecified optional fields may be ● # to 1 if unset replicas: 1 defaulted by the apiserver before the object is stored # make sure these match the # template labels Simple Schema validation performed ● selector: through OpenAPI matchLabels: {...} template: ● Complex validation performed by the metadata: apiserver before the object is stored labels: {...} @pwittrock

  19. Kubernetes APIs are… Extensible Mutating Webhook + CustomResourceDefinition Deployment Service + (CRD) (or Pod) Deployment (or Pod) Foo Foo Foo Admission Resource Controller Actuation: Defaulting, Validation, Version Storage, Schema, Display, level-triggered, Conversion etc asynchronous Tip: build your own APIs in go using @pwittrock kubebuilder

  20. apiVersion: v1 Updating Resources kind: Service metadata: name: nginx Gotchas labels: {app: nginx} spec: selector: app: nginx ● Spec has shared ownership across multiple parts ports: - protocol: TCP of the system port: 80 ● Controllers or other actors may update the Spec # not set by owner! with new fields which must be retained across # don’t overwrite! clusterIp: 10.0.171.239 updates to the object # not set by owner! ● Both an issue for Controllers and for users # don’t overwrite! managing Resources using config loadBalancerIp: 78.1124.19 type: LoadBalancer ● Need to either read-update-write or apply @pwittrock

  21. Kind: Pod Observing Objects - ... spec: readinessGates: Status and Events - conditionType: "www.example.com/feature-1" status: conditions : ● Actuation performed asynchronously - type: Ready Status published to users, tools and other ● status: "False" lastProbeTime: null controllers through Status field lastTransitionTime: ... Conditions: key/value pairs that communicate ● - type: "www.example.com/feature-1" status: "False" status (current) to other tools (part of Status lastProbeTime: null field) lastTransitionTime: ... ● Events: separate objects that communicate containerStatuses: - containerID: docker://abcd… past events to users ready: true @pwittrock

  22. Converting API versions ● Different versions of an API may have different representations default/baz Foo Object ○ Changing default values and field names / field types requires a new version ● All versions of the same API are logically equivalent The same object may be read or written in any ● version -- the underlying object remains the same -- v1beta2 v1beta1 v1 but the endpoints are different. API Endpoints @pwittrock

  23. Classes of APIs Composites Decorators Operators Autoscalers, Resource Spark, Airflow Tuners Cloud Native Abstractions Tekton, Knative @pwittrock

  24. Kubernetes APIs Are... Declarative , Asynchronous, Level-Triggered , Observable, Discoverable, Versioned, Access Controlled, Extensible, ... @pwittrock

  25. Kubebuilder Workshop https://github.com/DirectXMan12/kubebuilder-workshops/tr ee/software-architecture-2019 @pwittrock

  26. Rate today ’s session Session page on conference website O’Reilly Events App

  27. Questions? @pwittrock

Recommend

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly Couldnt you have more buzz words in your talk title? Previous workflow and its limitations

898 views • 46 slides
Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley Rivoire, Stripe Real World Machine Learning (@ Stripe) Stripe provides a toolkit to start and run an internet business We need to make

713 views • 44 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann Container orchestration platform Deploy, run and scale your services in isolated containers No vendor lock in Standardized APIs Runs on Your laptop

2.39k views • 139 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes & Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina

Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina

Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina Nosema sp. Nosema Disease parasitic disease of adult bees caused by microsporidian Nosema apis or Nosema ceranae which in advanced living

530 views • 20 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.17k views • 28 slides
Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes Ceph Storage Operation NVRAMOS 2019 10/28/2019 Cloud Service Model On Premises IaaS CaaS PaaS SaaS Applications Applications

660 views • 36 slides
Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

1.17k views • 57 slides
OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com) Jaesuk Ahn (jay.ahn@sk.com) Open System Lab Network IT Convergence R&D Center SK Telecom Wil Reichert (wil@solinea.com) Solinea What will

1.26k views • 46 slides
Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie and Joe Beda 2/3rds of a pod Connaissez-vous Kubernetes? Kubernetes is an open-source system for automating deployment, scaling, and

747 views • 63 slides
Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs Mohsen Taheriyan, Craig A. Knoblock, Pedro Szekely, and Jose Luis Ambite USC Information

321 views • 28 slides
Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4 Kubernetes cloud for a few Euros! few Euros! Jean-Frederic Clere Jean-Frederic Clere @jfclere @jfclere Fosdem 2020 Feb. 1-2, 2020 TM Who am I?

529 views • 26 slides
AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used by our faculty, our corporate mobile app users, corporate systems and students, the adoption rate is growing healthy at a steady rate. We are moving

452 views • 17 slides
Lecture 3: Kubernetes AC295 AC295 Advanced Practical Data Science Pavlos Protopapas Outline

Lecture 3: Kubernetes AC295 AC295 Advanced Practical Data Science Pavlos Protopapas Outline

Lecture 3: Kubernetes AC295 AC295 Advanced Practical Data Science Pavlos Protopapas Outline 1: Communications 2: Recap 3: Introduction to Kubernetes 4: Creating and Running Containers | Review 5: Anatomy of a Kubernetes Cluster 6:

821 views • 38 slides
APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2

APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2

1 APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2 Micky Tripathi Ryan Howells Kristen Valdes President & CEO Principal Founder & CEO Massachusetts eHealth Collaborative Leavitt

276 views • 8 slides
Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5

Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5

Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5 Database Operations in Kubernetes kanister.io 6 Agenda Background DB in a container DB in Kubernetes Kanister Use

767 views • 42 slides
OPENSTACK + KUBERNETES + HYPERCONTAINER The Container Platform for NFV ABOUT ME Harry Zhang

OPENSTACK + KUBERNETES + HYPERCONTAINER The Container Platform for NFV ABOUT ME Harry Zhang

OPENSTACK + KUBERNETES + HYPERCONTAINER The Container Platform for NFV ABOUT ME Harry Zhang ID: @resouer Coder, Author, Speaker Member of Hyper Feature Maintainer & Project Manager of Kubernetes sig-scheduling,

3.57k views • 46 slides
The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are banks doing about it? How important are Open APIs to banks? 2 http://www.briansolis.com/2016/12/top-10-retail-banking-trends-predictions-2017/

449 views • 20 slides

More recommend