kubernetes apis under the hood
play

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip - PowerPoint PPT Presentation

Mar 29, 2023 •834 likes •1.12k views

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me

  1. Kubernetes APIs Under the Hood @pwittrock

  2. Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me through… ● Kubectl ● Kubebuilder ● Kubernetes Steering Committee @pwittrock

  3. Kubernetes Refresher ● Nodes are machines in a cluster that run Containers in Pods ● Pods are created and managed by higher level abstractions such as ReplicaSets ● ReplicaSets managed by higher level abstractions such as Deployments ● Deployments (and all other user owned objects) defined in files and created / updated with `kubectl apply` ● APIs (deployments, replicasets, pods, nodes) == Resource Types and Objects == Resources @pwittrock

  4. Kubernetes APIs Are... Declarative , Asynchronous, Level-Triggered , Observable, Discoverable, Versioned , Access Controlled, Extensible, ... @pwittrock

  5. Kubernetes APIs are… Declarative apiVersion: apps/v1 Configuration for a Deployment that kind: Deployment metadata: manages 3 Pods each running an nginx name: nginx-deployment container labels: {app: nginx} spec: Deployment resource is replicas: 3 selector: declared in a file matchLabels: {app: nginx} template: metadata: labels: {app: nginx} Create or update the resource in the cluster by run spec: kubectl apply on a file or directory containers: [ {name: nginx, kubectl apply -f deploy.yaml image: 'nginx:1.7.9'}] @pwittrock

  6. Create Deployment Example apiVersion: apps/v1 kubectl apply -f kind: Deployment deploy.yaml metadata: deploy.yaml name: nginx-deployment labels: {app: nginx} spec: 1. Discover EndPoints replicas: 3 selector: 2. HTTP POST matchLabels: {app: nginx} template: 3. ??? metadata: labels: {app: nginx} spec: apiserver containers: [ Pod Pod Nodes {name: nginx, Pod image: 'nginx:1.7.9'}] @pwittrock

  7. Lifecycle - Resources, Controllers and Webhooks ● APIs declared as Resources - provide storage and endpoints ● APIs actuated by Controllers - execute the business logic ● APIs admitted by Webhooks - defaulting, validation, conversion @pwittrock

  8. Kubernetes APIs are... Asynchronous & Observable Foo Resources stored in etcd by the apiserver API endpoints Resource: Foo objects (CRUD storage) Foo objects Stores Foo objects Foo Resources Stuff Asynchronous watch notification on object create / update / delete Controller: Foo Controller Does Stuff Loose coupling between Controller and API endpoints: Storage doesn’t know about @pwittrock Controllers

  9. Kubernetes APIs are... Level Triggered Object Controller default/baz default / Reconcile Reconcile baz Queue Function Watch events: Create Update Update Tips: ● Internal cleanup with Reconcile on Batch events together ownerReferences namespace/name ● External cleanup with into single Reconcile call only, not the event finalizers @pwittrock

  10. Controller Workflow ● apiserver streams Watch Event to Controller Controller ● Controller Reads Object + Related Reconcile: Objects (e.g. Deployment + Read Cluster Watch Event ReplicaSets) State Reconcile: ● Controller Creates new owned Update Cluster objects, updates owned objects, Objects updates object status apiserver @pwittrock

  11. Kubectl Apply: Create Deployment Deployment Controller watch evt create ReplicaSet apply create deploy. ReplicaSet apiserver yaml Controller create Pod(s) update Pod(s) Node(s) update Pod(s) (Pod) Scheduler @pwittrock

  12. Kubectl Apply: Update Deployment Deployment Controller watch evt Scale up new ReplicaSet / Scale down old ReplicaSet apply patch deploy. ReplicaSet apiserver yaml Controller delete Pod(s) create Pod(s) update Pod(s) Node(s) update Pod(s) (Pod) Scheduler @pwittrock

  13. Resources apiVersion: v1 kind: Pod metadata metadata: name: my-app Resource Types declare APIs ● namespace: default … ● Resources provide storage for spec: objects containers: - args: [sh] ● Standardized schema structure image: gcr.io/some-project/udptest spec Discoverable API endpoints and ● imagePullPolicy: Always name: client schema … dnsPolicy: ClusterFirst ● “Just work” with declarative … tooling - e.g. kubectl apply status: status podIP: 10.8.3.11 … @pwittrock

  14. TypeMeta apiVersion: apps /v1 ● Kind (Deployment) kind: Deployment metadata: ○ Name of the API (e.g. Deployment) name: nginx-deployment ● Group (apps) labels: {app: nginx} spec: ○ Like a package in go, java, etc (e.g. apps ) replicas: 3 ● Version (v1) selector: ... ○ Ensures backwards compatibility of: Defaulted template: Fields & Schema ... @pwittrock

  15. ObjectMeta apiVersion: apps/v1 Name and * Namespace uniquely identify an ● kind: Deployment metadata: object for a given Resource name: nginx-deployment ● Annotations are arbitrary key-value pairs namespace: default labels: {app: nginx} that cannot be queried spec: Labels are key-value pairs that may be ● replicas: 3 selector: queried (selected) ... template: ... @pwittrock

  16. Spec and Status apiVersion: apps/v1 kind: Deployment metadata: ● Spec name: nginx-deployment labels: {app: nginx} Object Desired State (e.g. how ○ spec: many replicas to run, template for replicas: 3 selector: Pods, etc) matchLabels: {...} ● Status (not shown) template: metadata: ○ Defines the observed state for an labels: {...} spec: object (e.g. how many replicas are ... running) @pwittrock

  17. Deployment name: nginx Resource Wiring labels :run=nginx selector :run=nginx ReplicaSet Labels/Selectors locate objects ● name: nginx-65899c769f ● Label - generated objects labels :run=nginx selector :run=nginx ● Selector - find labeled objects owner : Deployment nginx ● OwnerReference on generated objects Pod name: nginx-65899c769f-6slpx labels :run=nginx Tip: Objects with owner references are Pod automatically garbage collected when selector :run=nginx name: nginx-65899c769f-fbgcv all of their owners have been deleted labels : run=nginx owner: ReplicaSet nginx-65899c769f @pwittrock

  18. apiVersion: apps/v1 kind: Deployment Synchronous Defaulting metadata: name: nginx-deployment and Validation labels: {app: nginx} spec: # server defaults this value Unspecified optional fields may be ● # to 1 if unset replicas: 1 defaulted by the apiserver before the object is stored # make sure these match the # template labels Simple Schema validation performed ● selector: through OpenAPI matchLabels: {...} template: ● Complex validation performed by the metadata: apiserver before the object is stored labels: {...} @pwittrock

  19. Kubernetes APIs are… Extensible Mutating Webhook + CustomResourceDefinition Deployment Service + (CRD) (or Pod) Deployment (or Pod) Foo Foo Foo Admission Resource Controller Actuation: Defaulting, Validation, Version Storage, Schema, Display, level-triggered, Conversion etc asynchronous Tip: build your own APIs in go using @pwittrock kubebuilder

  20. apiVersion: v1 Updating Resources kind: Service metadata: name: nginx Gotchas labels: {app: nginx} spec: selector: app: nginx ● Spec has shared ownership across multiple parts ports: - protocol: TCP of the system port: 80 ● Controllers or other actors may update the Spec # not set by owner! with new fields which must be retained across # don’t overwrite! clusterIp: 10.0.171.239 updates to the object # not set by owner! ● Both an issue for Controllers and for users # don’t overwrite! managing Resources using config loadBalancerIp: 78.1124.19 type: LoadBalancer ● Need to either read-update-write or apply @pwittrock

  21. Kind: Pod Observing Objects - ... spec: readinessGates: Status and Events - conditionType: "www.example.com/feature-1" status: conditions : ● Actuation performed asynchronously - type: Ready Status published to users, tools and other ● status: "False" lastProbeTime: null controllers through Status field lastTransitionTime: ... Conditions: key/value pairs that communicate ● - type: "www.example.com/feature-1" status: "False" status (current) to other tools (part of Status lastProbeTime: null field) lastTransitionTime: ... ● Events: separate objects that communicate containerStatuses: - containerID: docker://abcd… past events to users ready: true @pwittrock

  22. Converting API versions ● Different versions of an API may have different representations default/baz Foo Object ○ Changing default values and field names / field types requires a new version ● All versions of the same API are logically equivalent The same object may be read or written in any ● version -- the underlying object remains the same -- v1beta2 v1beta1 v1 but the endpoints are different. API Endpoints @pwittrock

  23. Classes of APIs Composites Decorators Operators Autoscalers, Resource Spark, Airflow Tuners Cloud Native Abstractions Tekton, Knative @pwittrock

  24. Kubernetes APIs Are... Declarative , Asynchronous, Level-Triggered , Observable, Discoverable, Versioned, Access Controlled, Extensible, ... @pwittrock

  25. Kubebuilder Workshop https://github.com/DirectXMan12/kubebuilder-workshops/tr ee/software-architecture-2019 @pwittrock

  26. Rate today ’s session Session page on conference website O’Reilly Events App

  27. Questions? @pwittrock

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly Couldnt you have more buzz words in your talk title? Previous workflow and its limitations

898 views • 46 slides
Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley Rivoire, Stripe Real World Machine Learning (@ Stripe) Stripe provides a toolkit to start and run an internet business We need to make

713 views • 44 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann Container orchestration platform Deploy, run and scale your services in isolated containers No vendor lock in Standardized APIs Runs on Your laptop

2.39k views • 139 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes & Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina

Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina

Nosema: the Silent Killer Wm. Michael Hood, PhD Clemson University Clemson, South Carolina Nosema sp. Nosema Disease parasitic disease of adult bees caused by microsporidian Nosema apis or Nosema ceranae which in advanced living

530 views • 20 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.16k views • 28 slides
Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes Ceph Storage Operation NVRAMOS 2019 10/28/2019 Cloud Service Model On Premises IaaS CaaS PaaS SaaS Applications Applications

660 views • 36 slides
Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

1.17k views • 57 slides
OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com) Jaesuk Ahn (jay.ahn@sk.com) Open System Lab Network IT Convergence R&D Center SK Telecom Wil Reichert (wil@solinea.com) Solinea What will

1.26k views • 46 slides
Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie

Lessons learnt building Kubernetes controllers David Cheney - Heptio gday Craig McLuckie and Joe Beda 2/3rds of a pod Connaissez-vous Kubernetes? Kubernetes is an open-source system for automating deployment, scaling, and

747 views • 63 slides
Results Presentation YE December 2019 Macro Environment South African Key Economical Indicators

Results Presentation YE December 2019 Macro Environment South African Key Economical Indicators

Results Presentation YE December 2019 Macro Environment South African Key Economical Indicators in a Nutshell GDP GDP Forecast Trade Balance January 2020 Q4/2019 January 2020 2020 -R1.9bn CPI +4.5% 1.2% -1.4% (was 1,4%) PPI +4.6 %

926 views • 28 slides
-

-

No.: 068.CDC.NDIV.GL2020 Ver.:3.0 Created on: 2020.02.21 Governo da Regio Administrativa Especial de CDC (Macao SS) Revised on: 2020.05.11 Macau Technical Guidelines

475 views • 3 slides
ABOUT COMPANY KazUniversalProjectConstruction LLP (hereinafter as KUPC) was founded in November,

ABOUT COMPANY KazUniversalProjectConstruction LLP (hereinafter as KUPC) was founded in November,

ABOUT COMPANY KazUniversalProjectConstruction LLP (hereinafter as KUPC) was founded in November, 2012 with 100% Kazakhstani content and located in Atyrau. The main target of our Company is to become one of the most competitive organization within

301 views • 12 slides
Investor Presentation August 2017 Forward-looking Statements & Non-GAAP Financial

Investor Presentation August 2017 Forward-looking Statements & Non-GAAP Financial

Investor Presentation August 2017 Forward-looking Statements & Non-GAAP Financial Information TECHNOLOGY | INNOVATION | SOLUTIONS Forward-Looking Language This press release contains "forward-looking statements" within the

1.08k views • 26 slides
Practical Considerations in Empirical POD Study Design Floyd W. Spencer Distinguished Member of

Practical Considerations in Empirical POD Study Design Floyd W. Spencer Distinguished Member of

Practical Considerations in Empirical POD Study Design Floyd W. Spencer Distinguished Member of Technical Staff Sandia National Laboratories ASNT 16 th Annual Research Symposium Orlando, Florida March 26-30, 2007 Sandia is a multiprogram

555 views • 29 slides
Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid

Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid

Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid Computer Vision Made Simple Millions of detectors and streams as easy as this Outline Overview of Infrastructure Matroid Live Demo New

357 views • 25 slides
Sub-Saharan African higher education cooperation: Lessons from Access to Success Elizabeth

Sub-Saharan African higher education cooperation: Lessons from Access to Success Elizabeth

Sub-Saharan African higher education cooperation: Lessons from Access to Success Elizabeth Colucci, EUA AGS Compostela UNICA seminar 4 June, 2013 EUAs International Agenda: Objectives Improve understanding of the relationship

398 views • 17 slides
Interior Gas Utility April 2014 Mission & Vision The IGU's mission is to provide low

Interior Gas Utility April 2014 Mission & Vision The IGU's mission is to provide low

Interior Gas Utility April 2014 Mission & Vision The IGU's mission is to provide low cost, clean burning, natural gas to the most people in the Fairbanks North Star Borough as possible, as soon as possible. As a public utility, the

492 views • 38 slides

More recommend