kubernetes administration from zero to junior hero
play

Kubernetes Administration from Zero to (junior) Hero Lszl Budai - PowerPoint PPT Presentation

Oct 22, 2022 •584 likes •1.17k views

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

  1. Kubernetes Administration from Zero to (junior) Hero László Budai – Component Soft Ltd.

  2. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  3. Introduction ● Cloud computing in general ● Cloud native computing ● Kubernetes overview ● Kubernetes architecture 3 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  4. Cloud computing in general ● a model for enabling ubiquitous network access to a shared pool of configurable computing resources* – resources (compute, storage, network, apps) as services ● resources are allocated on demand – scaling and removal also happens rapidly ( seconds-minutes) ● multi-tenancy – share resources among thousands of users – resource quotas – cost effective IT ● Pay-As-You-Go model – pay per hour/gigabyte instead of flat rate ● maximized effectiveness of the shared resources – maybe over-provisioning ● lower barriers to entry (nice for startups) – focus on your business instead of your infrastructure *definition by NIST 4 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  5. Cloud native computing – a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self healing multi-tenant nodes. – Main properties: ● Container packaged – containers represents an isolated unit of application deployment. ● Dynamically managed - actively scheduled and actively managed by a central orchestrating process. ● Micro-services oriented - loosely coupled with dependencies explicitly described (e.g. through service endpoints). 5 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  6. Application containers – OS level virtualization – OS partitioning (virtual OS vs virtual HW) – Allows us to run multiple isolated user-space application instances in parallel. – Instances will have: Application Application Application ● Application code ● Required libraries ● Runtime Libraries, Libraries, Libraries, – Self sufficient – no external dependencies binaries binaries binaries – Portable – Lightweight Operating system – Immutable images Hardware 6 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  7. Container orchestration – tools that are providing an enterprise-level framework for integrating and managing containers at scale. – aim to simplify container management ● a framework for defining initial container deployment ● availability ● scaling ● networking – Docker Swarm – Mesosphere Marathon – Kubernetes 7 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  8. Kubernetes – Kubernetes – ancient Greek word for helmsman or pilot of the ship – Initially developed by google – Has its origins in Borg cluster manager – “Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.” – Places containers on nodes – Recovers from failure – Basic monitoring, logging, health checking – Enables containers to find each other 8 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  9. Kubernetes concepts – Kubernetes Master – maintains the desired state for the cluster – Kubernetes Node – runs the applications – Kubernetes objects - abstractions that represent the state of the cluster. ● A “record of intent” - a desired state of the cluster ● Objects have – Spec – describes its desired state – State – describes the actual state; updated by Kubernetes. – Name – client provided; unique for a kind in a namespace, can be reused – Namespaces – virtual clusters; provides a scope for names. – Labels – key-value pairs attached to objects – Label selector – is the core grouping primitive – Annotations – attach arbitrary non-identifying metadata to objects 9 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  10. Kubernetes objects categories – Workloads – used to manage and run the containers (Pod, ReplicationController, deployment) – Discovery & LB – "stitck" workloads together into an externally accessible, load-balanced Service (Service, Ingress). – Config & Storage – objects we can use to inject initialization data into applications, and to persist data that is external to the containers (Volume, Secret). – Metadata – objects used to configure the behavior of other resources within the cluster (LimitRange) – Cluster – objects responsible for defining the configuration of the cluster itself (Namespace, Binding) 10 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  11. Kubernetes architecture – Kubernetes master Users – Kubernetes node Devops Kubernetes node Kubernetes node Kubelet Kube-Proxy Kubernetes master Container engine ... API Server Pod Pod Pod Pod etcd . . . Controller Scheduler Kubernetes node Manager Kubelet Kube-Proxy Container engine ... Pod Pod Pod Pod 11 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  12. Kubernetes master – provide the cluster’s control plane – kube-apiserver Kubernetes master ● Exposes the Kubernetes API – the front-end for the Kubernetes control plane. API Server ● Designed to scale horizontally. etcd – etcd ● Is the backing store of Kubernetes. Controller Scheduler ● Distributed key-value store Manager – Kube-controller-manager ● background threads that handle routine tasks – Node Controller – Replication Controller – Endpoints Controller – Service Account & Token Controllers – kube-scheduler ● Assigns nodes to the newly created pods 12 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  13. Kubernetes node – kubelet - the primary node agent. It watches for pods that have been assigned to its node and: Kubernetes node ● Mounts the pod’s required volumes. ● Downloads the pod’s secrets. Kubelet Kube-Proxy ● Runs the pod’s containers. Container engine ● Periodically executes any requested container liveness probes. ... ● Reports the status of the pod. Pod Pod ● Reports the status of the node. – kube-proxy ● enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding – Container engine ● Used to run the containers ● Docker by default, rkt optionally. ● Container Runtime Interface – paves the way to alternative runtimes 13 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  14. Exercise 1: The lab environment – Understanding the classroom environment br_management Lab machine: – Using kubectl 10.10.10.0/24 eth0 eth0 eth0 eth0 worker3 instances worker1 worker2 master1 KVM 14 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  15. 2. Accessing the kubernetes API – Ways to access the API – Controlling access to the API – Authentication – Authorization – Role Based Access Control 15 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  16. Accessing the kubernetes cluster – kubectl – the command line tool for deploying and managing applications on kubernetes ● Inspect cluster resources ● Create, delete, update components ● Configuration file: ~/.kube/config – information for finding and accessing a cluster ● bash autocompletion – Dashboard – web based user interface (add-on) ● Manage applications ● Manage the cluster itself – Direct access to the API ● HTTP REST 16 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  17. Controlling access to the API – A request for the API will pass several stages before reaching it Request Admission Resource Resource Authentication Authorization control – Authentication – Ensures that the user it is who it pretends to be – Kubernetes has 2 categories of users: ● Service accounts – managed by kubernetes ● Normal users – managed by an independent service – API requests can be treated as anonymous ones if are not tied to a user or service account. – Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate API requests through authentication plugins. 17 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  18. Authorization – After the user authentication step the request will have to pass the authorization step. – All parts of an API request must be allowed by some policy → permissions are denied by default. – Authorization modules ● Node ● ABAC – Attribute-based access control ● RBAC – Role-based access control ● Webhook 18 (c) 2018 Component Soft Ltd. - v1.11revdraf t

  19. Role Based Access Control – RBAC allows fine grained rules for accessing the cluster – allows dynamic configuration of policies through the Kubernetes API. – uses the “rbac.authorization.k8s.io” API group – It defines Roles and RoleBindings in order to assign permissions to subjects. – These permissions can be set ● Clusterwide – can be used for cluster-scoped resources, non-resource endpoints, namespaced resources across all namespaces ● Within a namespace. ● For one single resource. – Subjects can be users, groups, and service accounts 19 (c) 2018 Component Soft Ltd. - v1.11revdraf t

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School

MSC Administration Team College Director- Kerri Jones Head of Junior School- Junior School Deputy- Allison Bye - Year 4 Sue Esposito sespo2@eq.edu.au abye3@eq.edu.au Meet the Year 4 Teachers Mr Clinton Mills Mrs Fiona Campbell

412 views • 24 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell

The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell

The Hero's Journey (and YOU are the Hero!) The Healing Power of Telling Your Story Jeff Bell Alison Dotson Shala Nicely Stuart Ralph The elevator pitch Musical Chairs Groups of 2-3 People you dont know! Todays Tale Criteria to

556 views • 39 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes & Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1

Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1

Standard 2-point Opposition: Hero Opponent 4-point Opposition Hero Opponent 1 Opponent 2 Opponent 3 American Beauty by Alan Ball Lester (+ Ricky) Carolyn (+ real estate king) (deposed king-trickster)

381 views • 24 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite 12 spacious Suites Junior Suite: 45m 2 Suite: 65m 2 Apartment Suite: 110m 2 Fine Italian Cuisine Renowned Chef Vito Grippa

498 views • 18 slides
Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero

Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero

Hero Acquisitions Limited (subsidiary of HSS Hire Group plc) Q3 17 Results Agenda Hero Acquisitions Limited Q3 17 Steve Ashmore, CEO John Gill, CEO Strategic progress Headlines Steve Bailey, Interim CFO Paul Quested, CFO Q3 17 Results

392 views • 17 slides
Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and

Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and

Transition Discussion What next for my sailor? Looking at : Junior to Junior Classes and Junior to Youth Classes Page 6 and 7 To develop & retain the best young racing sailors in the world To achieve the ambition: 1. Create fast

611 views • 32 slides
REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G.

REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G.

REQUEST TO INCREASE CONTRACT FOR HIGHWAY EMERGENCY RESPONSE OPERATOR (HERO) PROGRAM Terry G. McCoy, P.E. TxDOT Austin District 6/28/2018 HERO Program Update 6/28/18 HERO Program Performance-based contract awarded to SERCO September 2017

198 views • 5 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.16k views • 28 slides
HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR.

HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR.

HERITAGE JUNIOR HIGH SCHOOL HORNETS 2020-2021 Meet the administration GO HERITAGE!! MR. VOAKES Mrs. Rehn: Mrs. DeVuyst: Students Last names A-O Students Last names P-Z Stress &Anxiety Guidance Counseling

458 views • 28 slides
hours to accommodate public hearings of special interest County Calendar < October 2015

hours to accommodate public hearings of special interest County Calendar < October 2015

Board of County Commissioners Fiscal Year 2014-15 Held 31 meetings 110 citizens spoke during the morning open public comment period Numerous citizens and other interested parties provided comments during various public hearings in

441 views • 32 slides
APL APOLLO Q3 FY20 Results 1 Safe Harbour Except for the historical information contained

APL APOLLO Q3 FY20 Results 1 Safe Harbour Except for the historical information contained

APL APOLLO Q3 FY20 Results 1 Safe Harbour Except for the historical information contained herein, statements in this presentation and the subsequent discussions, which include words or phrases such as "will", "aim",

909 views • 31 slides
A Bouquet of SBI Products for SME 1 Our initiatives to support you Dedicated SME Intensive

A Bouquet of SBI Products for SME 1 Our initiatives to support you Dedicated SME Intensive

A Bouquet of SBI Products for SME 1 Our initiatives to support you Dedicated SME Intensive branches Aligning Relationship MSMEs to supply chains Banking of corporates Wide Reach 2 Delivery Channel for MSME Customers Centralized

585 views • 26 slides
ATLAS Searches for SUSY Chris Young, CERN ATLAS Group What have we not looked for? 1 / 37 ATLAS

ATLAS Searches for SUSY Chris Young, CERN ATLAS Group What have we not looked for? 1 / 37 ATLAS

ATLAS Searches for SUSY Chris Young, CERN ATLAS Group What have we not looked for? 1 / 37 ATLAS Searches for SUSY Chris Young, CERN ATLAS Group What have we not looked for? 2 / 37 ATLAS Searches for SUSY Chris Young, CERN ATLAS Group This

910 views • 37 slides
SECTION 12 J REGISTERED PUBLIC COMPANY INVESTS IN QUALIFYING COMPANIES IN TERMS OF 12J ANTON VAN

SECTION 12 J REGISTERED PUBLIC COMPANY INVESTS IN QUALIFYING COMPANIES IN TERMS OF 12J ANTON VAN

SECTION 12 J REGISTERED PUBLIC COMPANY INVESTS IN QUALIFYING COMPANIES IN TERMS OF 12J ANTON VAN DEN HEEVER & JONATHAN KILLIK OUR TEAM IN THE BEGINNING Long Term Contracts (5 yrs) 3 Year / 2 year extensions Team - Combined

592 views • 25 slides
ANALYST MEETING Friday 17 th May 2019 DISCLAIMER This presentation has been prepared exclusively

ANALYST MEETING Friday 17 th May 2019 DISCLAIMER This presentation has been prepared exclusively

ANALYST MEETING Friday 17 th May 2019 DISCLAIMER This presentation has been prepared exclusively for the purpose of the analyst meeting held on this 17 th May 2019 concerning Alteo Limited (the Company). This presentation contains only

186 views • 18 slides
Clustering by Support Vector Manifold Learning Marcin Orchel AGH University of Science and

Clustering by Support Vector Manifold Learning Marcin Orchel AGH University of Science and

Clustering by Support Vector Manifold Learning Marcin Orchel AGH University of Science and Technology in Poland 1 / 12 Problem and My Contributions Problem Characterizations of clusters are boundary, center (prototype), cluster core,

125 views • 12 slides
Britvic plc Preliminary Results 2019 27 NOVEMBER 2019 AGENDA 2019 STRATEGIC HIGHLIGHTS

Britvic plc Preliminary Results 2019 27 NOVEMBER 2019 AGENDA 2019 STRATEGIC HIGHLIGHTS

Britvic plc Preliminary Results 2019 27 NOVEMBER 2019 AGENDA 2019 STRATEGIC HIGHLIGHTS FINANCIAL PERFORMANCE REVIEW LOOKING AHEAD SUSTAINABLE BUSINESS BRITVIC PLC PRELIMINARY RESULTS 2019 2 Simon Litherland CEO Strong

533 views • 34 slides

More recommend