| title | subtitle | author | date |
|---|---|---|---|
3. Container orchestration with Kubernetes |
Infrastructure Automation<br/>HOGENT applied computer science |
Bert Van Vreckem & Thomas Parmentier |
2024-2025 |
- Understanding the concept of container orchestration
- Understanding the basic architecture of Kubernetes
- Being able to operate a Kubernetes cluster
- Applying changes using manifest files
- Being able to manipulate Kubernetes resources
- Pods
- Controllers: ReplicaSets, Deployments, Services
- Organising applications: Labels, Selectors
- Deploying a multi-tier application on a Kubernetes cluster
Source: https://kubernetes.io/docs/concepts/overview/
- CI/CD: easy to switch to previous versions (= images)
- decouple application from infrastructure
- environmental consistency: runs the same on your pc as in the cloud
- resource isolation: predictable application performance
- resource utilization: high efficiency and density
- ...
- Scalability & availability
- Dependencies between containers
- Load balancer
- Database/persistent storage
- Multi-host container
- Rolling updates/rollbacks
- ...
It's complicated!
= tool that allows container management at scale
- Apache Mesos
- Docker Swarm
- Rancher
- Nomad
- Kubernetes - has become "market leader"
Kubernetes (k8s) is an open source project that enables software teams of all sizes, from a small startup to a Fortune 100 company, to automate deploying, scaling, and managing applications on a group or cluster of server machines.
These applications can include everything from internal-facing web applications like a content management system, to marquee web properties like Gmail, to big data processing.
-- Jo Beda (Google)
- Sysadmin interacts with Master Node through
kubectl- compare with
ansible,ansible-playbookcommands!
- compare with
- Settings (host name, credentials, etc):
kubeconfig- compare with Ansible inventory file!
- API server
- Scheduler
- Controller Manager
- Node controller: responsible for worker states
- Replication controller: maintain correct number of pods for replicated controllers
- Endpoint controller: join services & pods
- Service account & token controller: access mgmt
- etcd: key/value store, e.g. scheduling info, node details
kubelet: communicate with Master Node- Run workloads
- Container Engine (e.g. Docker, Podman)
- Pods: smallest unit, tightly coupled containers
- Mount volumes
- Network routing (
kube-proxy) - ...
- Pods
- Controllers:
- Deployments, ReplicaSets, Services
- DaemonSets, Jobs
- Organise applications:
- Labels, Selectors, Namespaces
- Smallest unit of deployment
- (Docker) App container(s)
- Storage resources
- Unique network IP
- Options that govern how container(s) should run
- Ephemeral, disposable
- Never self-heal, not restarted by scheduler by itself
- Never create pods just by themselves
- Pro-tip: don't use pods directly, but controllers like a deployment
- Pending - k8s accepted Pod but no containers created
- Running - node assigned, all containers are created and at least one is running
- Succeeded - all containers exited with status 0
- Failed - all containers exited, at least one with exit status != 0
- CrashLoopBackOff - container fails to start, k8s tries over and over
- Running applications in controllers has some benefits:
- Application reliabilty
- Scaling
- Load balancing
- Ensure specified number of replicas for a pod are running
- Used within a Deployment
- Declarative updates for pods & ReplicaSets
- Desired state in YAML file, k8s will bring pods to that state
- Allow communication between sets of deployments
- Important: provides fixed ip, even if pod ip changes
- Kinds:
- Internal: IP only reachable within cluster
- External: endpoint available throug ip:port (called NodePort)
- Load Balancer: expose app to internet with LB
- Supervisor process for pods carrying out batch jobs
- Individual processes that run once and complete successfully
- Compare with cron job
- Ensure that all nodes run a copy of a specific pod
- E.g. when adding/removing nodes to the cluster
- E.g. run single logging/monitoring agent on each node
- key/value pairs, attached to objects (pods, services, deployments)
- e.g.
"environment": "prod","tier": "backend", etc.
- identify set of objects, depending on label values
- kinds:
- equality-based: value = or !=
- set-based: value in, not in, specific set, or value exists
- isolate different groups of resources on the same hardware
- manage access control for different users
- default namespace is used when cluster is started
- Kubernetes is not a fit for every use case!
- Overkill for simple applications
- Running k8s on-prem is hard!
- Cloud providers offer k8s as a service
- Only microservices architecture!
- Not suitable for "monolithic" applications
- Team organisation
- DevOps!
- CI/CD!
- Install
minikubeon your physical system- Use VirtualBox or Docker as the driver
- Install
kubectl - Start
minikube- Install metrics server and dashboard plugins
- Optionally, add one or two extra nodes
- Remark: Minikube is not a production-grade cluster!
- No way to expose services to the outside world
- Instead:
minikube service <service-name>
- Also keep a cheat sheet of important commands!