Docker image contains:
- Docker images
- execution environment
- standard set of instructions
VM/CONTAINER
Kubernetes: An open-source platform designed to automate deploying, scaling and operating application containers
Features:
- Multi-Host Container Scheduling : done by kube-scheduler, assigns pods to nodes, checks resources, quality of service and user specification before Scheduling
- Scalability and availability :
- Registration:
- Service Discovery:
- Persistent storage:
- Application upgrades and downgrades
- Logging and Monitoring: Heapster and cAdvisor
- Secrets Management
CNCF(Cloud native computing foundation)
other implementations:
- docker swarm
- mesos
- rancher
- nomad
master node -API server, Controller manager, scheduler - controller manager
- application
- end point
- service etcd - store all cluster data kubectl - interact with master
worker node
- kubelet - communication with api server
- kube-proxy - network-proxy, load balancer
Requirement:
- kublet running
- Docker
- kube-proxy running
- Supervisord - it can restart component
Recommendation : in production you have at least three node cluster
Pod: simplest unit that you can be scheduled as deployment in kubenetes create, deploy and delete pods and it represent one running process on cluster contains:docker container, storage resource, unique network ip states: pending, running, succeeded, failed, crashloopbackoff
Minikube : Lightweight kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node
Benefits of controller: reliability, scalability, load balancer
Kinds of controllers: replica sets, Deployments, DaemonSets, jobs, services - replica sets: ensure number of replicas for pod are running all time - Deployment: provide declarative updates for pod and replicasets - DaemonSets: ensure that all nodes run a copy of specific pod - Jobs: supervisor process for pods - Services: allow communication between one set of deployments with another ..* kind of services: ..* Internal: IP is only rechable within the cluster ..* External: Endpoint available through node ip: port (called nodeport) ..* Load Balancer: Exposes application to the internet with a load balancer(available with a cloud provider)
- Labels: key/value attached to object like pods, service and deployments
- Selectors: label selectors allow you to identify a set of objects ..* Type of selectors: ..* equality-based Selectors: = and != ..* set-based Selectors: in, notin and exist
labels and selectors used with kubectl
Namespaces: allow multiple virtual clusters divide resources between clusters provide scope for names-must be unique in namespaces
kubelet:
- communicates with API server to see if pods have been assigned to nodes
- Executes pod containers via container engine
- Mounts and runs pod volumes and secretes
- Executes health checks to identify pod/node status
- "kubernetes node agent" runs on each node
- roles: communicate with api server, mounts and runs pod volumes and secretes, execute health checks
- podspec: yml file that describe pod
- kubelet only manages containers that were created by the api server- not any container running on the nodes
kube-proxy: 1. process that runs on all worker nodes 2. modes: user space mode, iptables mode, ipvs mode
windows install: install kubectl, Minikube, setup hyperv-switch manager
minikube start --vm-driver="hyperv" --hyperv-virtual-switch="Minikube" --alsologtostderr
Solution : start Administrative Tools -> Hyper-V Manager Add Minikube Virtual switch - connection type : External Network - https://support.microsoft.com/en-in/help/3101106/you-cannot-create-a-hyper-v-virtual-switch-on-64-bit-versions-of-windo kubernetes/minikube#1967
- Create a "minikube" external Hyper-V virtual switch.
- Put minikube.exe into a folder on a disk (e.g. k:\minikube).
- Add the folder to PATH.
- Create a folder on the same logical disk as the minikube.exe's folder (e.g. k:\minikube_home).
- Set MINIKUBE_HOME env var to the folder in p. 4
- CD to the minikube.exe's folder.
- minikube start --vm-driver="hyperv" --memory=4096 --cpus=4 --hyperv-virtual-switch="Minikube" --v=7 --alsologtostderr
- minikube delete : it delete the minikube_home
Starting local Kubernetes v1.12.4 cluster...
Starting VM...
Getting VM IP address...
E0101 15:50:47.284690 7968 start.go:211] Error parsing version semver: Version string empty
Moving files into cluster...
Downloading kubeadm v1.12.4
Downloading kubelet v1.12.4
Finished Downloading kubeadm v1.12.4
Finished Downloading kubelet v1.12.4
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Stopping extra container runtimes...
Starting cluster components...
Verifying kubelet health ...
Verifying apiserver health ...Kubectl is now configured to use the cluster.
Loading cached images from config file.
Everything looks great. Please enjoy minikube!
- kubectl get nodes
- kubectl get pods
- kubectl get services
- kubectl get deployments
- kubectl get all
C:\DDrive\Software\minikube>kubectl run hw --image=karthequian/helloworld --port=80 deployment.apps "hw" created
C:\DDrive\Software\minikube>kubectl get pods --watch
| NAME | READY | STATUS | RESTARTS | AGE |
|---|---|---|---|---|
| hw-854c64787-59lzl | 0/1 | ContainerCreating | 0 | 52m |
| hw-854c64787-59lzl | 1/1 | Running | 0 | 52m |
C:\DDrive\Software\minikube>kubectl expose deployment hw --type=NodePort service "hw" exposed
C:\DDrive\Software\minikube>kubectl get services
| NAME | TYPE | CLUSTER-IP | EXTERNAL-IP | PORT(S) | AGE |
|---|---|---|---|---|---|
| hw | NodePort | 10.104.191.186 | 80:31852/TCP | 51m | |
| kubernetes | ClusterIP | 10.96.0.1 | 443/TCP | 2h |
C:\DDrive\Software\minikube>minikube service hw Opening kubernetes service default/hw in default browser...
kubectl get deploy/hw -o yaml ## Gives yaml
kubectl scale --replicas=3 deploy/helloworld-deployment ## scale deployment with 3 podspec
kubectl get pods --show-labels ## show labels associated with pods
kubectl label po/helloworld app=helloworld-new --overwrite ## add label to running pods
kubectl label pod/helloworld app- ## remove label from pod
kubectl get pods --selector env=production ## get pods with enn=production
kubectl get pods --selector dev-lead=karthik,env=staging
kubectl get pods -l 'release-version in (1.0,2.0)'
kubectl delete pods -l dev-lead=karthik ## delet pod having lable dev-lead=karthik
Add readinessProbe, livenessProbe under spec-container
kubectl create -f helloworld-black.yaml --record ## record rollout history
kubectl rollout history deployment/navbar-deployment ## list record history
kubectl rollout undo deployment/navbar-deployment ## rolout to last version
kubectl rollout undo deployment/navbar-deployment --to-revision= ## rolout to given version
deployments 0 avaialbe : kubectl descibe deployment deployment-names
ImagePullBackOff : kubectl descibe pod pod-name
kubectl logs podname
kubectl exec -it podname /bin/bash
kubectl exec -it podname -c container-name /bin/bash ## in case if there are multiple container in single pods
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml ### install kubernetes dashboard namespace
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml
kubectl proxy ### start kubernetes dashboard
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') ### get token
token:
minikube dashboard
Kubernetes hard way https://github.com/kelseyhightower/
kubeadm - kube admin Tool
Install steps: 1.provision master host with docker and kubernetes distribution 2.run kubeadm init, which starts kubeadm, provision kubernetes control panel and provide join token 3.kubeadm join with join token on each worker node - the workers will join the cluster
kops tool - best way to deploy kubernetes to Amazo and looks similar to the way kubectl operates Features
- automate K8s cluster provision in AWS
- Deploy high-availability masters
- Permits upgrading with kube-up
- Uses a state-sync model for dry runs and automatic idemptency
- Generates config files for AWS cloudFormation and terraform configurations
- supports custom Kubernetes add-DaemonSets
- Uses manifest-based API configuration
Kubernetes supports multiple virtual clusters backed by the same physical clusters These virtual cluster are called namespaces
Namespaces Use cases:
- Roles and responsibilities
- Partitioning landscapes: dev vs. test vs. prod
- Customer Partitioning for non multi tenant scenario
- Application Partitioning
Monitoring priorities 1.Node health 2.Helath of kubernetes 3.Application health
cAdvisor - open-source resource usage collector that was built for containers Auto-discovers all containers in the given node and collection CPU, memory, flesysterm and network usage statistics provides the overall machine usage by analyzing the root container on the machine
Heapster - aggregates Monitoring data across all nodes in the kubernetes cluster. just like an application, Heapster run as pod in the cluster
Prometheus -
- Authentication - does user have access to the system
- Authorization -can the user perform an action in the system
- client certs - enable by passing --client-ca-file=FILENAME option to api server
- Static token files - use --token-auth-file=FILE_WITH_TOKEN it is CSV file with columns: token,username,UID,and optional groups
- OpenID connect - active directory
- Webhook mode - kube-apiserver calls out to a service defined by you to tell it whether a token is valid or not Used commonly in scenario where you want to integrate kubernetes with remote authenticate service
- ABAC: Attribute-based access control
- RBAC: Role Based access control
- Webhook: