This document provides an overview of Kubernetes concepts including:
- Kubernetes architecture with masters running control plane components like the API server, scheduler, and controller manager, and nodes running pods and node agents.
- Key Kubernetes objects like pods, services, deployments, statefulsets, jobs and cronjobs that define and manage workloads.
- Networking concepts like services for service discovery, and ingress for external access.
- Storage with volumes, persistentvolumes, persistentvolumeclaims and storageclasses.
- Configuration with configmaps and secrets.
- Authentication and authorization using roles, rolebindings and serviceaccounts.
It also discusses Kubernetes installation with minikube, and common networking and deployment
Report
Share
Report
Share
1 of 73
More Related Content
Similar to Container Orchestration using kubernetes
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
Kubernetes-introduction to kubernetes for beginers.pptxrathnavel194
Kubernetes is an open source tool that provides automation and management of containerized applications across a cluster of nodes. It handles tasks like scheduling, deployment, scaling, and healing of containers. The main components include a master node with controllers and an API server, and worker nodes running kubelet and kube-proxy. Core objects in Kubernetes include pods to group related containers, services for discovery and load balancing, and deployments to declaratively manage replicated applications.
Recent momentum around the evolution of Containers are gradually increase in last two years.Containers virtualize an OS and applications running in each container believe that they have full access to their very own copy of that OS. This is analogous to what VMs do when they virtualize at a lower level, the hardware. In the case of containers, it’s the OS that does the virtualization and maintains the illusion.
Recent past many software companies have quickly adopted container technologies, including Docker Containers, aware of the threat and advantage of the approach. For example, Linux companies have also jumped into the ground, seeing as this as an opportunity to grow the Linux market. Also Microsoft is going to add features to support containers and VMware have made efforts in integrating support for Docker into virtual machine technology.
Recent momentum around the evolution of Containers are gradually increase in last two years.Containers virtualize an OS and applications running in each container believe that they have full access to their very own copy of that OS. This is analogous to what VMs do when they virtualize at a lower level, the hardware. In the case of containers, it’s the OS that does the virtualization and maintains the illusion.
Recent past many software companies have quickly adopted container technologies, including Docker Containers, aware of the threat and advantage of the approach. For example, Linux companies have also jumped into the ground, seeing as this as an opportunity to grow the Linux market. Also Microsoft is going to add features to support containers and VMware have made efforts in integrating support for Docker into virtual machine technology.
Recent momentum around the evolution of Containers are gradually increase in last two years.Containers virtualize an OS and applications running in each container believe that they have full access to their very own copy of that OS. This is analogous to what VMs do when they virtualize at a lower level, the hardware. In the case of containers, it’s the OS that does the virtualization and maintains the illusion.
Visualpath provides top-quality Certified Kubernetes Security Specialist Training Worldwide led by real-time instructors. We offer daily recordings and presentations for reference. Enroll for a Free Demo. Call +91-9989971070.
Visit Blog: https://visualpathblogs.com/
WhatsApp: https://www.whatsapp.com/catalog/917032290546/
Visit: https://www.visualpath.in/DevOps-docker-kubernetes-training.html
Container orchestration engine for automating deployment, scaling, and management of containerized applications.
What are Microservices?
What is container?
What is Containerization?
What is Docker?
Kubernetes is an open-source container management platform. It has a master-node architecture with control plane components like the API server on the master and node components like kubelet and kube-proxy on nodes. Kubernetes uses pods as the basic building block, which can contain one or more containers. Services provide discovery and load balancing for pods. Deployments manage pods and replicasets and provide declarative updates. Key concepts include volumes for persistent storage, namespaces for tenant isolation, labels for object tagging, and selector matching.
This presentation covers how app deployment model evolved from bare metal servers to Kubernetes World.
In addition to theoretical information, you will find free KATACODA workshops url to perform practices to understand the details of the each topics.
Kubernetes is an open-source platform for managing containerized applications across multiple hosts. It provides tools for deployment, scaling, and management of containers. Kubernetes handles tasks like scheduling containers on nodes, scaling resources, applying security policies, and monitoring applications. It ensures containers are running and if not, restarts them automatically.
This document provides an introduction to Kubernetes including:
- What Kubernetes is and what it does including abstracting infrastructure, providing self-healing capabilities, and providing a uniform interface across clouds.
- Key concepts including pods, services, labels, selectors, and namespaces. Pods are the atomic unit and services provide a unified access method. Labels and selectors are used to identify and group related objects.
- The Kubernetes architecture including control plane components like kube-apiserver, etcd, and kube-controller-manager. Node components include kubelet and kube-proxy. Optional services like cloud-controller-manager and cluster DNS are also described.
Kubernetes (commonly referred to as "K8s") is an open-source system for automating deployment, scaling and management of containerized applications It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts". We will see Kubernetes architecture, use cases, basics and live demo
Federated Kubernetes: As a Platform for Distributed Scientific ComputingBob Killen
A high level overview of Kubernetes Federation and the challenges encountered when building out a Platform for multi-institutional Research and Distributed Scientific Computing.
Kubernetes seems to be the biggest buzz word currently in the DevOps world. The Google designed container orchestrator based in their 10+ years of experience running production applications using containers seems to have positioned as the market leader.
Open source, available in both Google Cloud and Azure container platforms or as a custom installation, it is ready to receive production loads.
During this talk we will discover how does Kubernetes works, its architecture, what components compose a Kubernetes cluster. We will also learn what objects can a developer use to deploy its applications on a Kubernetes cluster. We will see a live demo where we will deploy an application and then introduce changes to it without any downtime.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called Pods. ReplicaSets ensure that a specified number of pod replicas are running at any given time. Key components include Pods, Services for enabling network access to applications, and Deployments to update Pods and manage releases.
Kubernetes is an open-source tool for managing containerized applications across clusters of nodes. It provides capabilities for deployment, maintenance, and scaling of applications. The document discusses Kubernetes concepts like pods, deployments, services, namespaces and components like the API server, scheduler and kubelet. It also covers Kubernetes commands and configuration using objects like config maps, secrets, volumes and labels.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. The core components of Kubernetes include Pods to host containers, Nodes to host Pods, and a master control plane for managing the cluster. It uses controllers like Deployments to ensure that the desired number of Pod replicas are running and available.
The document provides an overview of containers and Kubernetes. It discusses the need for containers due to microservices and infrastructure as code. It then covers technical details of containers like Dockerfiles, images, and registries. It also discusses Kubernetes and its components like kube-apiserver, etcd, and kubelet. Finally, it covers Kubernetes concepts like pods, services, deployments, and how they are configured.
Similar to Container Orchestration using kubernetes (20)
DevOps is a solution that brings together development and operations teams to address challenges in the traditional approach where developers want fast changes while operations values stability. DevOps provides benefits like accelerated time-to-market through continuous integration, delivery, and deployment across the application lifecycle. It also allows for technological innovation, business agility, and infrastructure flexibility. Major companies like Apple, Amazon, and eBay introduced DevOps teams to reduce release cycles from months to weeks. DevOps is a journey that requires new skills to be fully realized.
This document discusses Docker, containers, and how Docker addresses challenges with complex application deployment. It provides examples of how Docker has helped companies reduce deployment times and improve infrastructure utilization. Key points covered include:
- Docker provides a platform to build, ship and run distributed applications using containers.
- Containers allow for decoupled services, fast iterative development, and scaling applications across multiple environments like development, testing, and production.
- Docker addresses the complexity of deploying applications with different dependencies and targets by using a standardized "container system" analogous to intermodal shipping containers.
- Companies using Docker have seen benefits like reducing deployment times from 9 months to 15 minutes and improving infrastructure utilization.
This document discusses Docker, containers, and containerization. It begins by explaining why containers and Docker have become popular, noting that modern applications are increasingly decoupled services that require fast, iterative development and deployment to multiple environments. It then discusses how deployment has become complex with diverse stacks, frameworks, databases and targets. Docker addresses this problem by providing a standardized way to package applications into containers that are portable and can run anywhere. The document provides examples of results organizations have seen from using Docker, such as significantly reduced deployment times and increased infrastructure efficiency. It also covers Docker concepts like images, containers, the Dockerfile and Docker Compose.
This 16-day program teaches Java developers how to build microservices using Spring Boot. Participants will learn microservice architecture and design patterns, how to create microservices from scratch using Spring Boot, secure microservices, and deploy microservices on Docker containers to the cloud. Hands-on labs and exercises are included to help developers build RESTful APIs, integrate SQL and NoSQL databases, implement inter-microservice communication, and deploy a sample mini-project.
This 16-day program teaches Java developers how to build microservices using Spring Boot. Participants will learn microservice architecture and design patterns, how to create microservices from scratch using Spring Boot, secure microservices, and deploy microservices on Docker containers to the cloud. Hands-on labs are included to build REST APIs, integrate SQL and NoSQL databases, implement inter-microservice communication, and deploy a sample project using microservices techniques.
AWS is a cloud computing platform that provides on-demand computing resources and services. The key components of AWS include Route 53 (DNS), S3 (storage), EC2 (computing), EBS (storage volumes), and CloudWatch (monitoring). S3 provides scalable object storage, while EC2 allows users to launch virtual servers called instances. An AMI is a template used to launch EC2 instances that defines the OS, apps, and server configuration. Security best practices for EC2 include using IAM for access control and only opening required ports using security groups.
The document discusses how the future job market is changing due to new technologies. It notes that while technology can increase efficiency, many workers may become unemployed unless they update their skills. It outlines several trends that will impact work, such as the rise of contract work, the importance of digital skills and analytics. Critical skills gaps are identified in both technical and management areas. Emerging in-demand jobs are listed like VR/AR architects and data scientists. The conclusion emphasizes that workers must enhance their skills through continuous learning to adapt to an automated future job market.
Kaizen is a Japanese philosophy of continuous improvement involving everyone in an organization. It is based on the idea that all processes can always be improved. Key aspects of Kaizen include focusing on processes, not individuals, using tools like visual controls and charts to identify problems and track improvements, and emphasizing small, incremental changes. Kaizen was influential in Japan's manufacturing success and aims to continuously challenge the status quo through team-based problem solving.
The document provides instructions for a hands-on lab on creating a Hudson plugin. The lab includes exercises on:
1) Creating a skeleton Hudson plugin project using Maven.
2) Building and running the plugin project in NetBeans to see it installed and functioning on a test Hudson server.
3) Exploring how the plugin extends the "Builder" extension point to add a custom "HelloBuilder" that prints a message.
The document summarizes Disney's journey adopting ITIL best practices for IT service management. It discusses how Glen Taylor championed ITIL adoption as VP of Technology for Disney's Theme Parks & Resorts division. Key steps included educating over 250 IT staff on ITIL foundations, selecting 20 champions from across the division to become ITIL experts, and communicating the benefits of ITIL adoption widely to gain organizational buy-in. ITIL adoption aims to ensure technology reliability and availability to enhance the guest experience at Disney parks.
This case study describes a project to set up a new offshore service desk to support an existing onshore service desk. PRINCE2 project management methodology was used. Key benefits of using PRINCE2 included: 1) Ensuring continued business justification and focus on the original project objective to expand capacity, 2) Managing the large project in stages to make it more manageable, and 3) Learning from past experiences to avoid common pitfalls and ensure project success. The new offshore service desk was successfully set up on time and within budget to increase overall service desk capacity.
More from Puneet Kumar Bhatia (MBA, ITIL V3 Certified) (17)
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecJames Anderson
The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles.
The Pains of Manual AppSec:
This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks.
Automating CI/CD Gates:
Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline.
Triaging Issues with Automation:
This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed.
Identifying Ownership Automatically:
Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools.
Three Tips to Scale the Shift Left Program:
Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
AC Atlassian Coimbatore Session Slides( 22/06/2024)apoorva2579
This is the combined Sessions of ACE Atlassian Coimbatore event happened on 22nd June 2024
The session order is as follows:
1.AI and future of help desk by Rajesh Shanmugam
2. Harnessing the power of GenAI for your business by Siddharth
3. Fallacies of GenAI by Raju Kandaswamy
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
3. Classification: Public
every cloud supports kubernetes
https://www.sinax.be/en/aws/
https://www.westconcomstor.com/za/en/vendors/wc-vendors/microsoft-azure-EN-UK.html
https://www.g2crowd.com/products/google-kubernetes-engine-gke/details
Kubernetes support on cloud
6. Classification: Public
A Container Orchestration System.
● A project that was spun out of Google as an open source container
orchestration platform (~2 billion containers/week).
● Built from the lessons learned in the experiences of developing and running
Google’s Borg and Omega.
● Designed from the ground-up as a loosely coupled collection of
components centred around deploying, maintaining and scaling workloads.
What is Kubernetes?
7. Classification: Public
What does Kubernetes do?
● Known as the linux kernel of distributed systems.
● Abstracts away the underlying hardware of the nodes and provides a uniform
interface for workloads to be both deployed and consume the shared pool of
resources.
● Works as an engine for resolving state by converging the actual and the
desired state of the system.
8. Classification: Public
Kubernetes is self-healing
Kubernetes will ALWAYS try and steer the cluster to its desired state.
● User: “I want 3 healthy instances of Redis to always be running.”
● Kubernetes: “Okay, I’ll ensure there are always 3 instances up and running.”
● Kubernetes: “Oh look, one has died. I’m going to attempt to spin up a new one.”
9. Classification: Public
What can Kubernetes really do?
● Autoscale Workloads
● Blue/Green Deployments
● Fire off Jobs and scheduled CronJobs
● Manage Stateless and Stateful Applications
● Built-in Service Discovery
● ~Easily integrate and support 3rd party apps~
14. Classification: Public
Masters – Acts as the primary control plane for Kubernetes.
• Masters are responsible at a minimum for running the API Server, scheduler and
cluster controller.
• They also manage storing cluster state, cloud-provider specificcomponents and other
cluster essential services.
Nodes -Are the ‘workers’ of a Kubernetes cluster.
• Theyrun a minimal agent that manages the node itself, and execute workloads as
designated by the master.
Architecture Overview
15. Classification: Public
kube-apiserver – the heart of the cluster
● Provides a forward facing REST interface into the Kubernetes control
plane and datastore.
● All clients and other applications interact with Kubernetes strictly
through the API Server.
● Acts as the gatekeeper to the cluster by handling authentication and
authorization, request validation and admission control in addition to
being the front-end to the backing datastore.
Kubectl
Kubectl is the official Kubernetes command line interface tool. It is
used to communicate with the API.
16. Classification: Public
etcd – the key-value datastore
● etcd acts as the cluster datastore.
● A standalone incubating CNCF project https://www.cncf.io/projects/
● Purpose in relation to Kubernetes is to provide a strong, consistent
and highly available key-value store for persisting all cluster state.
17. Classification: Public
kube-controller-manager
● Serves as the primary daemon that manages all core components’
reconciliation loops.
● Handles a lot of the business logic of Kubernetes.
● Monitors the cluster state via the API Server and steers the cluster towards
the desired state.
18. Classification: Public
kube-scheduler
Evaluates workload requirements and attempts to place it on a matching
resource.
● The default scheduler uses the “binpacking” mode.
● Workload Requirements can include: general hardware requirements,
affinity/anti-affinity, labels, and other various custom resource
requirements.
● Is swappable, you can create your own scheduler
20. Classification: Public
kubelet
Acts as the node agent responsible for managing pod lifecycle on its host.
Kubelet understands YAML container manifests that it can read from several
sources:
● File path
● HTTP Endpoint
● Etcd watch acting on any changes
● HTTP Server mode accepting container manifests over a simple API.
21. Classification: Public
kube-proxy
● Manages the network rules for Services on each node.
● Performs connection forwarding or load balancing for
Kubernetes Services.
● Available Proxy Modes:
○ ipvs (default if supported)
○ iptables (default fallback)
○ userspace (legacy)
22. Classification: Public
Container Runtime – the executor
● A container runtime is a CRI (Container Runtime Interface) compatible
application that executes and manages containers.
○ Docker (default, built into the kubelet atm) ○ containerd
○ cri-o
○ rkt
○ Kata Containers (formerly clear and hyper)
○ Virtlet (VM CRI compatible runtime)
23. Classification: Public
Additional Services
Kube-dns - Provides cluster wide DNS Services. Services are resolvable to
<service>.<namespace>.svc.cluster.local.
Heapster - Metrics Collector for kubernetes cluster, used by some
resources such as the Horizontal Pod Autoscaler. (required for
kubedashboard metrics)
Kube-dashboard -A general purpose web based UI for kubernetes.
24. Classification: Public
Additional Services
Kube-dns - Provides cluster wide DNS Services. Services are resolvable to
<service>.<namespace>.svc.cluster.local.
Heapster - Metrics Collector for kubernetes cluster, used by some
resources such as the Horizontal Pod Autoscaler. (required for
kubedashboard metrics)
Kube-dashboard -A general purpose web based UI for kubernetes.
27. Classification: Public
Pod: The basic building block in Kubernetes. The name is the same idea as a pod of
whales, one of more containers– or better said, a running process on the cluster —
running on a given system which can be scaled up or down.
Service: A consistent network access point for a pod. What this means is that
regardless of the underlying containers’ state – restarts, etc, a service will always
provide access to the given pod/application.
ReplicaSet: Ensures a given number of pods are running in the cluster at a given time.
Deployment: Suited for more ephemeral applications like web applications, anything
that doesn’t have persistent qualities. It Provides declarative updates for Pods and
ReplicaSets by describing a desired state the deployment in turn acts on.
28. Classification: Public
Stateful Set: Suited for stateful applications like databases or even monitoring systems like
Prometheus. Similar to a deployment in that it manages the deployment and scaling of a set of pods,
but differs in that it ensures ordinal (things happen in a given sequence and are numbered) and
uniqueness of pods. Overall, it ensures that all resources in the stateful set have a sticky identity
across restarts.
Labels: When creating Kubernetes objects, one can give any number of labels to each object which
are discoverable across the system. For instance, one could create a database with the label
“customer_database” and another application pod could reference it by simply using that name
“customer_database” in the selector value of the manifest file.
Namespaces: Virtual clusters. Provides a means to separate applications in the cluster.
31. Classification: Public
Networking -FundamentalRules
1) All Pods can communicate with all other Pods without NAT
2) All nodes can communicate with all Pods (and vice-versa) without
NAT.
3) The IP that a Pod sees itself as is the same IP that others see it as.
32. Classification: Public
Networking –Fundamentals Applied
• Containers in a pod exist within the same network namespaceand share an IP;
allowing for intrapod communication over localhost.
• Pods are givena cluster unique IP for the duration of its lifecycle,but the pods themselves
are fundamentally ephemeral.
• Services are givena persistent cluster unique IP that spans the Pods lifecycle.
• External Connectivity is generally handed by an integrated cloudprovider or other
external entity (load balancer)
33. Classification: Public
Networking -CNI
Networking within Kubernetes is plumbed via the Container Network
Interface (CNI), an interface between a container runtime and a
network implementation plugin.
Compatible CNI Network Plugins:
● Calico
● Cillium
● Contiv
● Contrail
● Flannel
● GCE
● kube-router
● Multus
● OpenVSwitch
● OVN
● Romana
● Weave
35. Classification: Public
Kubernetes Concepts-Core
Cluster - A collection of hosts that aggregate their available resources including cpu, ram,
disk, and their devices into a usable pool.
Master - The master(s) represent a collection of components that make up the control plane
of Kubernetes. These components are responsible for all cluster decisions including both
scheduling and responding to cluster events.
Node - A single host, physical or virtual capable of running pods. A node is managed by
the master(s), and at a minimum runs both kubelet and kube-proxy to be considered part
of the cluster.
Namespace - A logical cluster or environment. Primary method of dividing a cluster
or scoping access.
36. Classification: Public
Concepts -Core(cont.)
Label - Key-value pairs that are used to identify, describe and group together related sets
of objects. Labels have a strict syntax and available character set. *
Annotation - Key-value pairs that contain non-identifying information or metadata.
Annotations do not have the the syntax limitations as labels and can contain structured
or unstructured data.
Selector - Selectors use labels to filter or select objects. Both equality-based (=, ==, !=)
or simple key-value matching selectors are supported.
* https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
39. Classification: Public
Concepts - Workloads
Pod - A pod is the smallest unit of work or management resource within Kubernetes. It
is comprised of one or more containers that share their storage, network, and context
(namespace, cgroupsetc).
ReplicationController - Method of managing pod replicas and their lifecycle.
Their scheduling, scaling, anddeletion.
ReplicaSet - Next Generation ReplicationController. Supports set-based selectors.
Deployment - A declarative method of managing stateless Pods and ReplicaSets.
Provides rollback functionality in addition to more granular update control mechanisms.
41. Classification: Public
Concepts -Workloads (cont.)
StatefulSet - A controller tailored to managing Pods that must persist or maintain state.
Pod identity including hostname, network, and storage will be persisted.
DaemonSet - Ensures that all nodes matching certain criteria will run an instance of
a supplied Pod. Ideal for cluster wide services such as log forwarding, or health
monitoring.
42. Classification: Public
StatefulSet
● Attaches to ‘headeless service’ (notshown)
nginx.
● Pods given unique ordinal names using the
pattern
<statefulset name>-<ordinal index>.
● Creates independent persistent volumes based
on the ‘volumeClaimTemplates’.
44. Classification: Public
Concepts -Workloads (cont.)
Job - The job controller ensures one or more pods are executed and successfully terminates.
It will do this until it satisfies the completion and/or parallelism condition.
CronJob - An extension of the Job Controller, it provides a method of executing jobs on
a cron-like schedule.
45. Classification: Public
Jobs
● Number of pod executions can be controlled
via spec.completions
● Jobs can be parallelized using
spec.parallelism
● Jobs and Pods are NOT
automatically cleaned up after a job
has completed.
47. Classification: Public
Concepts - Network
Service - Services provide a method of exposing and consuming L4 Pod network
accessible resources. They use label selectors to map groups of pods and ports to a cluster-
unique virtual IP.
Ingress - An ingress controller is the primary method of exposing a cluster service
(usually http) to the outside world. These are load balancers or routers that usually offer
SSL termination, name-based virtual hosting etc.
48. Classification: Public
Service
● Acts as the unified method of accessing replicated pods.
● Four major Service Types:
○ CluterIP - Exposes service on a strictly cluster-internal IP (default)
○ NodePort - Service is exposed on each node’s IP on a
statically defined port.
○ LoadBalancer - Works in combination with a cloud provider to
expose a service outside the cluster on a static external IP.
○ ExternalName - used to references endpoints OUTSIDE the
cluster by providing a static internally referenced DNS name.
49. Classification: Public
IngressController
● Deployed as a pod to one or more
hosts
● Ingress controllers are an
external controller with multiple
options.
○ Nginx
○ HAproxy
○ Contour
○ Traefik
● Specific features and controller
specific configuration is passed
through annotations.
50. Classification: Public
Concepts - Storage
Volume - Storage that is tied to the Pod Lifecycle, consumable by one or
more containers within the pod.
PersistentVolume - A PersistentVolume (PV) represents a storage resource. PVs
are commonly linked to a backing storage resource, NFS, GCEPersistentDisk, RBD etc.
and are provisioned ahead of time. Their lifecycle is handled independently from a pod.
PersistentVolumeClaim - A PersistentVolumeClaim (PVC) is a request for storage
that satisfies a set of requirements instead of mapping to a storage resource directly.
Commonly used with dynamically provisioned storage.
StorageClass - Storage classes are an abstraction on top of an external storage
resource. These will include a provisioner, provisioner configuration parameters as well
as a PV reclaimPolicy.
52. Classification: Public
PersistentVolumes
● PVs are a cluster-wide resource
● Not directly consumable by a Pod
● PV Parameters:
○ Capacity
○ accessModes
■ ReadOnlyMany (ROX)
■ ReadWriteOnce (RWO)
■ ReadWriteMany (RWX)
○ persistentVolumeReclaimPolic
y
■ Retain
■ Recycle
■ Delete
○ StorageClass
53. Classification: Public
Persistent VolumeClaims
● PVCs are scoped to namespaces
● Supports accessModes likePVs
● Uses resource request model similar to Pods
● Claims will consume storage from matching
PVs or StorageClasses based on
storageClass and selectors.
54. Classification: Public
StorageClasses
● Uses an external system defined by
the provisioner to dynamically
consume and allocate storage.
● Storage ClassFields
○ Provisioner
○ Parameters
○ reclaimPolicy
55. Classification: Public
Concepts -Configuration
• ConfigMap - Externalized data stored within kubernetes that can
be referenced as a commandline argument, environment variable,
or injected as a file into a volume mount. Ideal for separating
containerized application from configuration.
• Secret - Functionally identical to ConfigMaps, but stored encoded as
base64, and encrypted at rest (if configured).
56. Classification: Public
ConfigMaps andSecrets
● Can be used in Pod Config:
○ Injected as a file
○ Passed as an environment variable
○ Used as a container command (requires passing as env
var)
57. Classification: Public
Concepts -Auth and Identity(RBAC)
[Cluster]Role - Roles contain rules that act as a set of permissions that apply verbs like
“get”, “list”, “watch” etc over resources that are scoped to apiGroups. Roles are scoped to
namespaces, and ClusterRoles are applied cluster-wide.
[Cluster]RoleBinding - Grant the permissions as defined in a [Cluster]Role to one or
more “subjects” which can be a user, group, or service account.
ServiceAccount- ServiceAccounts provide a consumable identity for pods or
external services that interact with the cluster directly and are scoped to namespaces.
58. Classification: Public
[Cluster]Role
● Permissions translate to url
path. With “” defaulting to core
group.
● Resources act as items the
role should be granted
access to.
● Verbs are the actions the role
can perform on the referenced
resources.
64. Classification: Public
APIserver RequestLoop
3)Kubectl authenticates to apiserver via x509, jwt,
http auth proxy, other plugins, or http-basic auth.
4)Authorization iterates over availableAuthZ
sources: Node,ABAC, RBAC, or webhook.
5)AdmissionControl checks resource quotas,
other security related checks etc.
6) Request is stored in etcd.
7) Initializers are given opportunity to mutate request before the object is published.
8) Request is published on apiserver.
65. Classification: Public
DeploymentController
9)Deployment Controller is notified of the new
Deployment via callback.
10)Deployment Controller evaluates cluster state and
reconciles the desired vs current state and forms a
request for the new ReplicaSet.
11)apiserver request loop evaluates Deployment
Controller request.
12) ReplicaSet ispublished.
66. Classification: Public
ReplicaSetController
13)ReplicaSet Controller is notified of the new ReplicaSet
via callback.
14)ReplicaSet Controller evaluates cluster state and
reconciles the desired vs current state and forms a
request for the desired amount of pods.
15)apiserver request loop evaluates
ReplicaSet Controller request.
16) Pods published, and enter ‘Pending’ phase.
68. Classification: Public
Scheduler
17)Scheduler monitors published pods with no
‘NodeName’ assigned.
18)Applies scheduling rules and filters to find a
suitable node to host the Pod.
19)Scheduler creates a binding of Pod to Node
and POSTs to apiserver.
20) apiserver request loop evaluates POST
request.
21)Pod status is updated with node binding and sets
status to‘PodScheduled’.
69. Classification: Public
Kubelet -PodSync
22)The kubelet daemon on every node polls the apiserver filtering
for pods matching its own ‘NodeName’; checking its current state
with the desired state published through the apiserver.
23)Kubelet will then move through a series of internal processes to
prepare the pod environment. This includes pulling secrets,
provisioning storage, applying AppArmor profiles and other
various scaffolding. During this period, it will asynchronously be
POST’ing the ‘PodStatus’ to the apiserver through the standard
apiserver request loop.
70. Classification: Public
Pause andPlumbing
24)Kubelet then provisions a ‘pause’ container via the
CRI (Container Runtime Interface). The pause
container acts as the parent container for the Pod.
25)The network is plumbed to the Pod via the CNI
(Container Network Interface), creating a veth pair
attached to the pause container and to a container
bridge (cbr0).
26)IPAM handled by the CNI plugin assigns an IP to
the pause container.
71. Classification: Public
Kublet -CreateContainers
24) Kubelet pulls the container Images.
25) Kubelet first creates and starts any init containers.
26)Once the optional init containers complete, the
primary pod containers are started.
72. Classification: Public
Pod Status
27)If there are any liveless/readiness probes, these are executed before
the PodStatus isupdated.
28)If all complete successfully, PodStatus is set to ready and the
container has started successfully.
The Pod is
Deployed!