SlideShare a Scribd company logo

Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf

S
ssuser348b1c

Containers-and-Kubernetes

Related slideshows

Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and Services
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Pdf tech deep dive 42 paris
Pdf tech deep dive 42 parisPdf tech deep dive 42 paris
Pdf tech deep dive 42 paris
 
1 of 44
Download to read offline
digitalocean.com Getting Started with Containers and Kubernetes
digitalocean.com Hi! I’m... ● Wayne Warren ○ I am a Software Engineer ○ Based out of Chicago ○ Working on DigitalOcean Kubernetes (DOKS)
digitalocean.com Webinar Goals ● Discuss trends in app design and deployment ● High-level overview of and motivation for containers ● Learn about Kubernetes architecture and objects ● Demo ○ Build a continer image for a demo Flask app ○ Deploy Flask app to Kubernetes cluster ○ Create a public load-balancer to access that app
digitalocean.com Prerequisites ● Kubernetes cluster you have access to (we’ll use DigitalOcean Kubernetes throughout this talk) ● On your machine: ○ Kubectl configured to access your cluster ○ Git ○ Docker ● Clone the Flask demo code ○ git clone https://github.com/do-community/k8s-intro-meetup-kit.git ○ cd k8s-intro-meetup-kit
digitalocean.com App Modernization: Monoliths vs Microservices
digitalocean.com The Monolith
digitalocean.com Breaking the Monolith
digitalocean.com Revisiting Containers
digitalocean.com What is a Container? ● VMs vs. Containers ● Container features ○ Lightweight ○ Portable ○ Isolated Virtual Machines Containers
digitalocean.com But what are they, really? ● A package of application code and all of its dependencies ○ Includes everything needed to run the application ● Built around two Linux kernel features ○ Namespaces: Process isolation ○ Cgroups: Resource limits
digitalocean.com Let’s try it out! ● Create a PID namespace from scratch ○ ps aux ○ sudo unshare --fork --pid --mount-proc /bin/bash ○ ps aux ● In a new shell, find process id of PID namespace we created: ○ pgrep -af /bin/bash ○ pid=<pid of /bin/bash process under unshare parent> ● Enter into the PID namespace ○ ps aux ○ sudo nsenter -a -t $pid ○ ps aux
digitalocean.com Container Ecosystem ● Container ● Container Images ● Container Runtime ● Container Registries
digitalocean.com Example: Containerized Flask App from flask import Flask app = Flask(__name__) @app.route('/') def hello_world(): return 'Hello, World!' if __name__ == "__main__": app.run(debug=True,host='0.0.0.0') App Code (cat app/app.py)
digitalocean.com Example: Containerized Flask App FROM python:3-alpine WORKDIR /app COPY requirements.txt . RUN pip install -r requirements.txt COPY . . EXPOSE 5000 CMD ["python", "app.py"] Dockerfile (cat app/Dockerfile) ● Build & tag image ○ docker build -t flask:v0 . ○ docker images ● Run container / test ○ docker run -p 5000:5000 flask:v0 ○ docker ps ○ curl http://localhost:5000 ● Push to Docker Hub repo (optional) ● What would this look like in VM world?
digitalocean.com Container Clusters
digitalocean.com Container Clusters ● What if we have 10s, 100s, 1000s of running containers on multiple VMs? ● How to deploy, scale, restart, manage all of these containers? ● What problems do they solve? ○ Management ■ Metrics ■ Health checks ■ Security ○ Abstraction of hardware ○ Networking ○ Scheduling ○ Scaling ○ Deployment ■ Rollbacks ■ Zero-downtime / blue-green ○ Service discovery
digitalocean.com A Brief Kubernetes History ● “K8s” ● Evolved out of Borg (Google’s internal container cluster) ● Open sourced ~2014 ● Grew in popularity, open source velocity increased ● Now the most popular container cluster (most cloud platforms have some sort of managed K8s offering) ● Features added regularly and frequently ● Cloud Native / CNCF - Kubernetes, Prometheus, Fluentd
digitalocean.com Kubernetes Architecture ● Client-Server architecture ○ Server: Control Plane ○ Clients: Nodes
digitalocean.com Kubernetes Architecture ● Control Plane ○ API server ○ Scheduler ○ Controllers ■ Kubernetes ■ Cloud ○ Etcd Node
digitalocean.com Kubernetes Architecture ● Nodes ○ Kubelet ○ Kube-proxy ○ cAdvisor ○ Container runtime
digitalocean.com How do I interact with a Kubernetes cluster? ● Hit REST API directly ○ Can use curl, client libraries, etc. ● Kubectl ○ Command-line tool to interact with control plane ○ Abstracts away multiple REST API calls ○ Provides “get” “create” “delete” “describe”, etc. functionality ○ Filtering results ● Set up kubectl ○ cp k8s_config_file ~/.kube/config ○ May need to create this directory, depending on your OS ○ kubectl cluster-info
digitalocean.com Some Kubectl Commands... ● kubectl get ● kubectl apply ● kubectl rollout status ● kubectl rollout undo ● kubectl create ● kubectl delete ● kubectl expose ● kubectl edit ● kubectl patch
digitalocean.com Kubernetes Objects: Pods and Workloads
digitalocean.com Namespaces ● An abstraction that allows you to divide a cluster into multiple scoped “virtual clusters” ○ E.g. Each team gets its own Namespace with associated resource quota ● Primary mechanism for scoping and limiting access ● Kubernetes usually starts with 3 Namespaces by default ○ default ○ kube-system ○ kube-public
digitalocean.com Creating a Namespace ● List namespaces with kubectl: ○ kubectl get namespaces ○ kubectl get ns ● Create your own: ○ kubectl create ns flask ● Specify a namespace with kubectl: ○ kubectl -n flask get all ● If you don’t want to use the -n flag with every command: contexts ○ kubectl config current-context ○ kubectl config set-context --current --namespace=flask ○ kubectl config get-contexts ○ kubectl get all
digitalocean.com Pods ● Fundamental Kubernetes work unit ● Can run one or more containers ○ Why more than one? ● Pod containers share resources ○ Storage ○ Network (localhost) ○ Always run on the same Node Image Attribution: K8s Official Docs
digitalocean.com Pod Manifest Example Pod Manifest (cat k8s/flask-pod.yaml) apiVersion: v1 kind: Pod metadata: name: flask-pod labels: app: flask-helloworld spec: containers: - name: flask image: digitalocean/flask-helloworld:latest ports: - containerPort: 5000 ● Deploy the Flask Pod ○ kubectl apply -f flask_pod.yaml -n flask ● Check that it’s up ○ kubectl get pod -n flask ● Forward a local port into the cluster so that we can access it ○ kubectl port-forward -n flask pods/flask-pod 5000:5000 ○ curl http://localhost:5000 ● Delete the Pod ○ kubectl delete pod flask-pod -n flask
digitalocean.com Labels ● Key/value pairs: think of them as object “tags” ● Almost everything can be labeled ○ Even Nodes ● Not Unique ● Used to select objects with selectors ● Examples: ○ env: prod ○ env: staging ○ release: stable ○ release: canary
digitalocean.com Kubernetes Workloads ● Deployments (stateless apps) ○ ReplicaSets ■ Pods ● Containers ○ Namespaces & cgroups ● StatefulSets (stateful apps - e.g. databases) ● DaemonSets (think of these as “agents” / daemons) ● Jobs & CronJobs
digitalocean.com Deployments ● How to manage multiple Pods? ● Higher-level object that “contains” the Pod object ● Pod management ○ Deployment ○ Scaling ○ Updates
digitalocean.com Deployment example Deployment Manifest (cat k8s/flask-deployment.yaml ) ● Roll out the Flask Deployment ○ kubectl apply -f flask_deployment.yaml -n flask ● Check that it’s up ○ kubectl get deploy -n flask ○ kubectl get pods -n flask ● Forward a local port into the cluster so that we can access it ○ kubectl port-forward -n flask deployment/flask-dep 5000:5000 ○ curl http://localhost:5000 apiVersion: apps/v1 kind: Deployment metadata: name: flask-dep labels: app: flask-helloworld spec: replicas: 2 selector: matchLabels: app: flask-helloworld template: metadata: labels: app: flask-helloworld spec: containers: - name: flask image: digitalocean/flask-helloworld ports: - containerPort: 5000
digitalocean.com Services: Exposing your apps to the outside world ● By default, every Pod will be assigned an ephemeral cluster-internal IP address ● If you have a set of Pod replicas (Deployment), how to create a stable endpoint? ● Services: Abstraction to expose an app as a service (think microservices) ● Load balancing traffic ○ Routing to “healthy” / “available” Pods ● Again uses Labels + Selectors ● Example: “Prod Service” ○ ClusterIP ○ Stable network endpoint ○ Load-balances traffic to prod Deployment Pods
digitalocean.com Service Types ● ClusterIP ○ Expose the service on a Cluster-internal IP ● NodePort ○ Expose the service on each Node’s IP at a static port (“NodePort”) ● LoadBalancer ○ Create an external LoadBalancer which routes requests to Nodeport & ClusterIP services ● Aside: Ingress Controllers
digitalocean.com NodePort Service
digitalocean.com LoadBalancer Service
digitalocean.com Example: Flask App LoadBalancer Service apiVersion: v1 kind: Service metadata: name: flask-svc labels: app: flask-helloworld spec: type: LoadBalancer ports: - port: 80 targetPort: 5000 protocol: TCP selector: app: flask-helloworld Service Manifest (cat k8s/flask-service.yaml ) ● Deploy the Flask LoadBalancer Service ○ kubectl apply -f flask-service.yaml -n flask ● Check that it’s up (may have to wait for external IP) ○ kubectl get svc -n flask ○ curl loadbalancer_external_ip ● Get external IPs of Nodes (for NodePort services) ○ kubectl get node -o wide
digitalocean.com Other Kubernetes Resources
digitalocean.com Configuration: ConfigMaps & Secrets ● Kubernetes provides various features for externalizing and versioning config parameters ○ Stored in etcd ● ConfigMaps ○ Hostnames, runtime parameters for commands, config files ● Secrets ○ Base64-encoded, encrypted ○ Passwords, credentials, etc. ● Versatile, can be created and used in a number of ways ○ Env vars ○ Mounted as Volumes attached to Pods
digitalocean.com Storage & Volumes (briefly) ● Volumes ○ Tied to the lifecycle of the Pod that requests it ○ Can be used to share data between containers in a Pod ● Persistent Volumes & PVCs ○ Abstraction that allows operators to separate storage provisioning from consumption ○ For example: ■ A PV could be a 10Gi DO block storage disk made available to the cluster ■ The PVC (defined in the workload manifest) states that this particular app needs a 10Gi disk. A controller matches the PVC with the PV ● Storage Classes
digitalocean.com More K8S Features... ● Resource requests & limits ● Autoscaling ● Node affinity, taints, tolerations ● Dashboard ● Metrics-server
digitalocean.com Helm: a K8S “Package Manager” ● Tool for managing Kubernetes applications ○ Think “apt-get” for Ubuntu / package managers ● Architecture ○ Helm (client) ○ Tiller (server, runs in the cluster) ● How it works ○ Charts ○ helm install stable/wordpress ● Sample apps: Wordpress, Prometheus, MySQL, Drupal, ...
digitalocean.com Where to go from here? ● Kubernetes For Fullstack Developers Curriculum ● Kubernetes White Paper ● DigitalOcean Kubernetes Community Tutorials ● Kubernetes Official Documentation ● Kubernetes GitHub Project ● The History of Kubernetes and the Community Behind It ● K9s
digitalocean.com Any questions?
Thank you!

More Related Content

Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf

  • 2. digitalocean.com Hi! I’m... ● Wayne Warren ○ I am a Software Engineer ○ Based out of Chicago ○ Working on DigitalOcean Kubernetes (DOKS)
  • 3. digitalocean.com Webinar Goals ● Discuss trends in app design and deployment ● High-level overview of and motivation for containers ● Learn about Kubernetes architecture and objects ● Demo ○ Build a continer image for a demo Flask app ○ Deploy Flask app to Kubernetes cluster ○ Create a public load-balancer to access that app
  • 4. digitalocean.com Prerequisites ● Kubernetes cluster you have access to (we’ll use DigitalOcean Kubernetes throughout this talk) ● On your machine: ○ Kubectl configured to access your cluster ○ Git ○ Docker ● Clone the Flask demo code ○ git clone https://github.com/do-community/k8s-intro-meetup-kit.git ○ cd k8s-intro-meetup-kit
  • 9. digitalocean.com What is a Container? ● VMs vs. Containers ● Container features ○ Lightweight ○ Portable ○ Isolated Virtual Machines Containers
  • 10. digitalocean.com But what are they, really? ● A package of application code and all of its dependencies ○ Includes everything needed to run the application ● Built around two Linux kernel features ○ Namespaces: Process isolation ○ Cgroups: Resource limits
  • 11. digitalocean.com Let’s try it out! ● Create a PID namespace from scratch ○ ps aux ○ sudo unshare --fork --pid --mount-proc /bin/bash ○ ps aux ● In a new shell, find process id of PID namespace we created: ○ pgrep -af /bin/bash ○ pid=<pid of /bin/bash process under unshare parent> ● Enter into the PID namespace ○ ps aux ○ sudo nsenter -a -t $pid ○ ps aux
  • 12. digitalocean.com Container Ecosystem ● Container ● Container Images ● Container Runtime ● Container Registries
  • 13. digitalocean.com Example: Containerized Flask App from flask import Flask app = Flask(__name__) @app.route('/') def hello_world(): return 'Hello, World!' if __name__ == "__main__": app.run(debug=True,host='0.0.0.0') App Code (cat app/app.py)
  • 14. digitalocean.com Example: Containerized Flask App FROM python:3-alpine WORKDIR /app COPY requirements.txt . RUN pip install -r requirements.txt COPY . . EXPOSE 5000 CMD ["python", "app.py"] Dockerfile (cat app/Dockerfile) ● Build & tag image ○ docker build -t flask:v0 . ○ docker images ● Run container / test ○ docker run -p 5000:5000 flask:v0 ○ docker ps ○ curl http://localhost:5000 ● Push to Docker Hub repo (optional) ● What would this look like in VM world?
  • 16. digitalocean.com Container Clusters ● What if we have 10s, 100s, 1000s of running containers on multiple VMs? ● How to deploy, scale, restart, manage all of these containers? ● What problems do they solve? ○ Management ■ Metrics ■ Health checks ■ Security ○ Abstraction of hardware ○ Networking ○ Scheduling ○ Scaling ○ Deployment ■ Rollbacks ■ Zero-downtime / blue-green ○ Service discovery
  • 17. digitalocean.com A Brief Kubernetes History ● “K8s” ● Evolved out of Borg (Google’s internal container cluster) ● Open sourced ~2014 ● Grew in popularity, open source velocity increased ● Now the most popular container cluster (most cloud platforms have some sort of managed K8s offering) ● Features added regularly and frequently ● Cloud Native / CNCF - Kubernetes, Prometheus, Fluentd
  • 18. digitalocean.com Kubernetes Architecture ● Client-Server architecture ○ Server: Control Plane ○ Clients: Nodes
  • 19. digitalocean.com Kubernetes Architecture ● Control Plane ○ API server ○ Scheduler ○ Controllers ■ Kubernetes ■ Cloud ○ Etcd Node
  • 20. digitalocean.com Kubernetes Architecture ● Nodes ○ Kubelet ○ Kube-proxy ○ cAdvisor ○ Container runtime
  • 21. digitalocean.com How do I interact with a Kubernetes cluster? ● Hit REST API directly ○ Can use curl, client libraries, etc. ● Kubectl ○ Command-line tool to interact with control plane ○ Abstracts away multiple REST API calls ○ Provides “get” “create” “delete” “describe”, etc. functionality ○ Filtering results ● Set up kubectl ○ cp k8s_config_file ~/.kube/config ○ May need to create this directory, depending on your OS ○ kubectl cluster-info
  • 22. digitalocean.com Some Kubectl Commands... ● kubectl get ● kubectl apply ● kubectl rollout status ● kubectl rollout undo ● kubectl create ● kubectl delete ● kubectl expose ● kubectl edit ● kubectl patch
  • 24. digitalocean.com Namespaces ● An abstraction that allows you to divide a cluster into multiple scoped “virtual clusters” ○ E.g. Each team gets its own Namespace with associated resource quota ● Primary mechanism for scoping and limiting access ● Kubernetes usually starts with 3 Namespaces by default ○ default ○ kube-system ○ kube-public
  • 25. digitalocean.com Creating a Namespace ● List namespaces with kubectl: ○ kubectl get namespaces ○ kubectl get ns ● Create your own: ○ kubectl create ns flask ● Specify a namespace with kubectl: ○ kubectl -n flask get all ● If you don’t want to use the -n flag with every command: contexts ○ kubectl config current-context ○ kubectl config set-context --current --namespace=flask ○ kubectl config get-contexts ○ kubectl get all
  • 26. digitalocean.com Pods ● Fundamental Kubernetes work unit ● Can run one or more containers ○ Why more than one? ● Pod containers share resources ○ Storage ○ Network (localhost) ○ Always run on the same Node Image Attribution: K8s Official Docs
  • 27. digitalocean.com Pod Manifest Example Pod Manifest (cat k8s/flask-pod.yaml) apiVersion: v1 kind: Pod metadata: name: flask-pod labels: app: flask-helloworld spec: containers: - name: flask image: digitalocean/flask-helloworld:latest ports: - containerPort: 5000 ● Deploy the Flask Pod ○ kubectl apply -f flask_pod.yaml -n flask ● Check that it’s up ○ kubectl get pod -n flask ● Forward a local port into the cluster so that we can access it ○ kubectl port-forward -n flask pods/flask-pod 5000:5000 ○ curl http://localhost:5000 ● Delete the Pod ○ kubectl delete pod flask-pod -n flask
  • 28. digitalocean.com Labels ● Key/value pairs: think of them as object “tags” ● Almost everything can be labeled ○ Even Nodes ● Not Unique ● Used to select objects with selectors ● Examples: ○ env: prod ○ env: staging ○ release: stable ○ release: canary
  • 29. digitalocean.com Kubernetes Workloads ● Deployments (stateless apps) ○ ReplicaSets ■ Pods ● Containers ○ Namespaces & cgroups ● StatefulSets (stateful apps - e.g. databases) ● DaemonSets (think of these as “agents” / daemons) ● Jobs & CronJobs
  • 30. digitalocean.com Deployments ● How to manage multiple Pods? ● Higher-level object that “contains” the Pod object ● Pod management ○ Deployment ○ Scaling ○ Updates
  • 31. digitalocean.com Deployment example Deployment Manifest (cat k8s/flask-deployment.yaml ) ● Roll out the Flask Deployment ○ kubectl apply -f flask_deployment.yaml -n flask ● Check that it’s up ○ kubectl get deploy -n flask ○ kubectl get pods -n flask ● Forward a local port into the cluster so that we can access it ○ kubectl port-forward -n flask deployment/flask-dep 5000:5000 ○ curl http://localhost:5000 apiVersion: apps/v1 kind: Deployment metadata: name: flask-dep labels: app: flask-helloworld spec: replicas: 2 selector: matchLabels: app: flask-helloworld template: metadata: labels: app: flask-helloworld spec: containers: - name: flask image: digitalocean/flask-helloworld ports: - containerPort: 5000
  • 32. digitalocean.com Services: Exposing your apps to the outside world ● By default, every Pod will be assigned an ephemeral cluster-internal IP address ● If you have a set of Pod replicas (Deployment), how to create a stable endpoint? ● Services: Abstraction to expose an app as a service (think microservices) ● Load balancing traffic ○ Routing to “healthy” / “available” Pods ● Again uses Labels + Selectors ● Example: “Prod Service” ○ ClusterIP ○ Stable network endpoint ○ Load-balances traffic to prod Deployment Pods
  • 33. digitalocean.com Service Types ● ClusterIP ○ Expose the service on a Cluster-internal IP ● NodePort ○ Expose the service on each Node’s IP at a static port (“NodePort”) ● LoadBalancer ○ Create an external LoadBalancer which routes requests to Nodeport & ClusterIP services ● Aside: Ingress Controllers
  • 36. digitalocean.com Example: Flask App LoadBalancer Service apiVersion: v1 kind: Service metadata: name: flask-svc labels: app: flask-helloworld spec: type: LoadBalancer ports: - port: 80 targetPort: 5000 protocol: TCP selector: app: flask-helloworld Service Manifest (cat k8s/flask-service.yaml ) ● Deploy the Flask LoadBalancer Service ○ kubectl apply -f flask-service.yaml -n flask ● Check that it’s up (may have to wait for external IP) ○ kubectl get svc -n flask ○ curl loadbalancer_external_ip ● Get external IPs of Nodes (for NodePort services) ○ kubectl get node -o wide
  • 38. digitalocean.com Configuration: ConfigMaps & Secrets ● Kubernetes provides various features for externalizing and versioning config parameters ○ Stored in etcd ● ConfigMaps ○ Hostnames, runtime parameters for commands, config files ● Secrets ○ Base64-encoded, encrypted ○ Passwords, credentials, etc. ● Versatile, can be created and used in a number of ways ○ Env vars ○ Mounted as Volumes attached to Pods
  • 39. digitalocean.com Storage & Volumes (briefly) ● Volumes ○ Tied to the lifecycle of the Pod that requests it ○ Can be used to share data between containers in a Pod ● Persistent Volumes & PVCs ○ Abstraction that allows operators to separate storage provisioning from consumption ○ For example: ■ A PV could be a 10Gi DO block storage disk made available to the cluster ■ The PVC (defined in the workload manifest) states that this particular app needs a 10Gi disk. A controller matches the PVC with the PV ● Storage Classes
  • 40. digitalocean.com More K8S Features... ● Resource requests & limits ● Autoscaling ● Node affinity, taints, tolerations ● Dashboard ● Metrics-server
  • 41. digitalocean.com Helm: a K8S “Package Manager” ● Tool for managing Kubernetes applications ○ Think “apt-get” for Ubuntu / package managers ● Architecture ○ Helm (client) ○ Tiller (server, runs in the cluster) ● How it works ○ Charts ○ helm install stable/wordpress ● Sample apps: Wordpress, Prometheus, MySQL, Drupal, ...
  • 42. digitalocean.com Where to go from here? ● Kubernetes For Fullstack Developers Curriculum ● Kubernetes White Paper ● DigitalOcean Kubernetes Community Tutorials ● Kubernetes Official Documentation ● Kubernetes GitHub Project ● The History of Kubernetes and the Community Behind It ● K9s