Day1
Trainer
Felix Tsang
擅長雲管理和雲計算技術 , IaaS 和 PaaS 及原生雲解決方案。
享受知識分享,也是國際開源基金會Linux Foundation APAC 的Open Source Evangelist, 推廣開源科技
CNCF認證 : LFAI , CKA, CKAD, CKS (Instructor , Developer , Security Specialist )
RedHat認證:RHCI (Instructor ), RHCA (Architect)
Email : felix@linux.com
Registration
Lab Material and VMs
CKA: Certified Kubernetes Administrator
CKAD: Certified Kubernetes Application Developer
CKS: Certified Kubernetes Security Specialist
Exam and Certifications
(Must CKA certified first)
14
Kubernetes (commonly stylized as K8s[4]) is an open-source container-orchestration system for automating computer application deployment, scaling, and management.[5]
It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts".[6] It works with a range of container tools, including Docker.[7]
Many cloud services offer a Kubernetes-based platform or infrastructure as a service (PaaS or IaaS) on which Kubernetes can be deployed as a platform-providing service. Many vendors also provide their own branded Kubernetes distributions.
7 June 2014 By Google
2015 (CNCF)
(CNCF) is a Linux Foundation project
https://en.wikipedia.org/wiki/Kubernetes
Cloud Native Roles
16
Container vs VM
Abstract of OS kernel
Abstract of Hardware
CPU MEMORY Devices
OS
RT
KERNEL
RT
Container abstract of KERNEL
ENGINE [CRI-O /Docker]
CPU MEMORY Devices
OS
RT
KERNEL
RT
Container abstract of KERNEL
ENGINE [CRI-O /Docker]
Host 1
Host 2
On-Perm
On-Cloud
Cloud Native Architecture - CNCF Cloud Native Definition
What is Cloud Native?
“Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.”
“云原生技术有利于各组织在公有云、私有云和混合云等新型动态环境中,构建和运行可弹性扩展的应用。云原生的代表技术包括容器、服务网格、微服务、不可变基础设施和声明式API。
这些技术能够构建容错性好、易于管理和便于观察的松耦合系统。结合可靠的自动化手段,云原生技术使工程师能够轻松地对系统作出频繁和可预测的重大变更。“
Source from
19
Modern Application Development
Cloud Native Architecture - CNCF Cloud Native Definition
- Increase complexity of applications
Monolithic vs Microservices Architecture
a clearly defined scope of functions are often referred to as microservices.
How small the microservices?
Cloud Native Architecture Characteristics
Cloud Native Architecture Characteristics
A good baseline and starting point for your cloud native journey is the twelve-factor app. The twelve factor app is a guideline for developing cloud native applications, which starts with simple things like version control of your codebase, environment-awar
Cloud Native Architecture Characteristics
Lab
nginx
nginx
Master
Deployment
Pod
Service
(application)
kubectl get pod -o wide
(control of the application)
kubectl get deployment
(how to access your application, ClusterIP, LoadBalacner, NodePort)
Kubectl get svc
SDN:80
SDN:80
service
Host Network:30122
External firewall
Pod , virtual network (private)
192.168.233.73
10.98.64.122:80
nginx
http://35.203.121.109:31345/
Lab
Nginx
Label:b
Nginx
Label:a
Master
Deployment
Pod
Service
(application)
kubectl get pod -o wide
(control of the application)
kubectl get deployment
(how to access your application, ClusterIP, LoadBalacner, NodePort)
Kubectl get svc
SDN:80
SDN:80
service
Host Network:30122
External firewall
Pod , virtual network (private)
192.168.233.73
10.98.64.122:80
nginx
http://35.203.121.109:31345/
Selector : label :a
Deployment
Replica
Label:a
Secret
configmap
docker/cri-o
Tool: docker >>> start , stop , rm
podman >>>
1.App 2.ENV
kubernetes
pod
Kind: pod , deployment , service, configmap , PVC, PV
>>>> yaml
Kubectl create –f xxx.yaml
Kubectl delete –f xxx.yaml
Kubectl get pod
Kubectl delete pod/pod_name
1 apiVersion: v1
2 kind: Pod
3 metadata:
4 name: basicpod
5 spec:
6 containers:
7 - name: webcont
8 image: nginx
9 ports: #<--Add this and following line
10 - containerPort: 80
Registry server
Quay.io
By yourself
27
Containerized Application
Application + Running ENV�(container)
up and run
container-orchestration
1
2
3
Coding
> Source / Docker image
code
compile
Docker image
docker file
Cloud Native Architecture Characteristics
Day2
Course Registration Link�
https://trainingportal.linuxfoundation.org/redeem
Manage yaml file for deployment
Helm
Httpd chart
Wordpress chart
1.Meta
2.Dependency ,指向另一個chart
Eg:
GO language Injected
To get parameter from values.yaml
Parameters Definition
More example
Kustomize
kustomize build myapp/base | oc apply -f -
kustomize build myapp/base > /tmp/base.yaml
kubectl apply –f /tmp/base.yaml
https://ellis-wu.github.io/2018/07/26/kustomize-introduction/
More example
變量??
Day 1-2 Kubernetes Note
https://kubernetes.io/docs/concepts/workloads/pods/
Official doc
Resources Kind:
Retrieve the resource yaml file
Create the resource from yaml file
Installation:
kubeadm , kubelet , kubectl
EXTRA
Deployments VS StatefulSets VS DaemonSet
Kind :Deployments
Deployment is the easiest and most used resource for deploying your application. It is a Kubernetes controller that matches the current state of your cluster to the desired state mentioned in the Deployment manifest.
<<< controlled by replica , PVC is shared
Kind : StatefulSets
StatefulSet(stable-GA in k8s v1.9) is a Kubernetes resource used to manage stateful applications. It manages the deployment and scaling of a set of Pods, and provides guarantee about the ordering and uniqueness of these Pods.
<<< ensure pods run on each node
Kind: DaemonSet
A DaemonSet is a controller that ensures that the pod runs on all the nodes of the cluster. If a node is added/removed from a cluster, DaemonSet automatically adds/deletes the pod.
<<<PVC is NOT shared. Eg DB cluster
Probes can be configured in many ways based on how often they need to run, the success and failure thresholds, and how long to wait for responses.
Note: By default, the probe will stop if the application is not ready after three attempts. In case of a liveness probe, it will restart the container. In the case of a readiness probe, it will mark pods as unhealthy.
Day 3
Volume and Data
PersistentVolumeClaim
this is for container volume mount
PersistentVolume
this is for abstract the storage backend , NFS, S3, Cloud Disk etc.
StorageClass
dynamic provision the storage with backend
Secret <<< kubectl create secret generic –h ….from file ? From key value?
data value : base64 encode
ConfigMap <<< kubectl create cm –h ….from file ? From key value?
data value: raw text
/home
/etc
/tmp
/tmp
Moutpoint /var/app/img
App
pod
app
pod
Vol
img
NFS
Cloud S3
OS /Path
PV , PersistentVolume
PVC, Persistent Volume Claims
Moutpoint /abc/ap
ENV
Volume
Expose Secret/ configMap data to Container
StorageClass
Moutpoint /var/app/img
App
pod
app
Vol
img
NFS
Cloud S3
OS /Path
PV , PersistentVolume
secret
ConfigMap
PVC, Persistent Volume Claims
Moutpoint /abc/ap
emptyDir: {}
ENV
Volume
Expose secret/ configMap data to Container
StrageClass
App
pod
Moutpoint /var/app/img
Log
sidecar
Moutpoint /tmp/img
Study Progress
Command :
$ kubectl get KIND –n namepsace
$ kubectl create KIND NAME
$ kubectl describe KIND NAME
$ kubectl get KIND NAME -o yaml > NAME.yaml
$ kubectl delete KIND NAME
$ kubectl exec pod/NAME -it – sh
$ kubectl logs podxxxx
$ kubectl xxx –record
$ kubectl rollout xxx
Kind:
crontab.guru <<<< cronjob tool
Tools
ClusterRole , Role
Cluster Level (namespace)
Project Level(namespace)
>>>
--verb=create --resource=deployments,statefulsets,daemonsets
clusterrolebinding
rolebinding
DEPLOYMENT
1
2
3
Study Progress
Command :
$ kubectl get KIND –n namepsace
$ kubectl create KIND NAME
$ kubectl describe KIND NAME
$ kubectl get KIND NAME -o yaml > NAME.yaml
$ kubectl delete KIND NAME
$ kubectl exec pod/NAME -it – sh
$ kubectl logs podxxxx
$ kubectl xxx –record
$ kubectl rollout xxx
Kind:
crontab.guru <<<< cronjob tool
Tools
Day 5
Services (also called microservices) are objects which declare a policy to access a logical set of Pods. They are typically assigned with labels to allow persistent access to a resource, when front or back end containers are terminated and replaced. Native applications can use the Endpoints API for access. Non-native applications can use a Virtual IP-based bridge to access back end pods. ServiceTypes Type could be:
• ClusterIP default - exposes on a cluster-internal IP. Only reachable within cluster
A Pod – B Pod
• NodePort Exposes node IP at a static port. A ClusterIP is also automatically created.
VM:port >> A Pod
• LoadBalancer Exposes service externally using cloud providers load balancer. NodePort and ClusterIP
automatically created.
Ask to create IP to map the nodeport >>> Pod
• ExternalName Maps service to contents of externalName using a CNAME record.
nginx
nginx
Master
Deployment
Pod
Service
(application)
kubectl get pod -o wide
(control of the application)
kubectl get deployment
(how to access your application, ClusterIP, LoadBalacner, NodePort)
Kubectl get svc
SDN:80
SDN:80
service
Host Network:30122
External firewall
Pod , virtual network (private)
192.168.233.73
10.98.64.122:80
nginx
http://35.203.121.109:31345/
Use selector and forward the request/traffic
To the pod with label matched
Expose network
Study Progress
Command :
$ kubectl get KIND –n namepsace
$ kubectl create KIND NAME
$ kubectl describe KIND NAME
$ kubectl get KIND NAME -o yaml > NAME.yaml
$ kubectl delete KIND NAME
$ kubectl exec pod/NAME -it – sh
$ kubectl logs podxxxx
$ kubectl xxx –record
$ kubectl rollout xxx
Kind:
crontab.guru <<<< cronjob tool
Tools
plaftform
Kubectl get event >> eg : get docker image failed
>> registry authen
Pod
0. kubectl exec -ti tester-<tab> -- /bin/sh
Pod <!> Pod
>>> NetworkPolicy
>>> Service > label
Pod status >>> Pending , ImagePullBackoff , OOMKill , Completed