What's Kubernetes, how to use it - basic intro by Martin Danielsson

1. One of the most unpolished
Kubernetes introduction
presentations ever given on a
Thursday afternoon from
Freiburg, Germany, ever
Martin Danielsson -- 2017-01-05
Haufe-Lexware GmbH & Co. KG, CTO Office
Twitter: @donmartin76, GitHub: DonMartin76

2. You might have figured,
this is the Kubernetes logo

3. Thank you for your attention!
Just kidding.

4. What is Kubernetes?
“Kubernetes is an open-source platform for automating deployment,
scaling, and operations of application containers across clusters of
hosts, providing container-centric infrastructure.”
http://kubernetes.io/docs/whatisk8s/
Holy smokes!Which means?

5. What does Kubernetes do?
• Provide a runtime environment for Docker containers
• Scale and load balance docker containers
• Abstract away the infrastructure containers run on
• Monitor/health check containers
• Declarative definition for running containers
• Update containers (also rolling updates)
• Storage mounting (allow abstracting infrastructure)
• Service discovery and exposure
• Labelling and selection of any kind of object (we‘ll get to this)

6. What does Kubernetes fucking not do?
• Provide any additional services than just Docker
• Compile or build your source code (needs images)
• Provide real orchestration, relies on containers working
independently
• Mandate or provide any kind of special configuration language
• You’re free to do whatever you want
• But: You have to find out a way yourself

7. Kubernetes =
General Purpose
Platform-as-a-Service (PaaS)
~

8. Recap - Docker?
Docker Host (e.g. Ubuntu 16.04 LTS)
Container
nginx
Container
node.js App
Container
PostgreSQL
• Docker containers share Kernel with Host
• Many containers can efficiently run on one Host
• Powerful developer tooling
• Dockerfiles are used to build images
• A Docker Registry can store Docker images
• Haufe’s registry.haufe.io
• Official hub.docker.com
• Docker Engine used by Kubernetes under the
hood
• Kubernetes is alternative to Docker Swarm
• Older, more mature
• Used e.g. by GCE (Google Container Engine)

9. Kubernetes and Docker
• Kubernetes adds functionality to Docker
• Manages a set of Docker Hosts, forming a Cluster
• Takes care of Container scheduling
• Supervises Docker containers
• Kubernetes is replacement/alternative for Docker Swarm

10. Node
workload
workload
workload
Node
workload
workload
workload
Kubernetes
Master(s)
apiserver
controllers
Node
workload
workload
workload
All blue boxes are Docker Hosts (VMs)
Kubernetes Components are also running as stateless containers!
etcd
(cluster) scheduler
Deployment Architecture

11. Node 1
Kubernetes Runtime
Pod X
Container
A
Container
B
Pod Y
Container
C
Node 2
Pod Y
Container
C
Pod Z
Container
D
Node 3
Pod Z
Container
D
Pod X
Container
A
Container
B

12. Deployment
Replica Set
Pod Spec
Abstractions (1) - “Boxes in boxes”
Container
Spec
Container
Spec
Docker image
Environment variables
Storage Claims
Node selector
Service labels
How many Pods should run?
How are updates handled?
Rolling/recreation

13. Abstractions (2) - Services
Pod
Pod
Pod
Pod
PodService B,
select “B”,
http://ser
vice-b
A
A
A
B
B
Service A,
select “A”
e.g.,
http://ser
vice-a

14. Abstractions (3) - Other things
• Jobs (one-off containers)
• DaemonSets (one container per node)
• StatefulSet (handles lifetime of pods differently)

15. Exposing Services (1) - NodePort
Node 1 Node 2 Node 3
Service A
31234 (non-privileged) 31234 31234
Can be used to put an external Load Balancer in front of a service

16. Exposing Services (2) - LoadBalancer
Node 1 Node 2 Node 3
Service A
• Depends on Cloud Provider (Azure, AWS,…) how this is done
• Will provision a Load Balancer on the cloud provider’s infrastructure
• (e.g. Elastic LB, Azure LB,…)
LB

17. Exposing Services (3) - Ingress
Kubernetes Cluster
Service A
Service B
Service C
Pod
Pod
Pod
Pod Pod
Pod
Pod
Pod
Pod
…
LB
Ingress
Definition
Ingress
Controller
(SNI, TLS)
• E.g., “route Host x.y.z to Service A”, “Use TLS Certificate abc for host x.y.z”
• Abstract definition of rules
• Implemented by Ingress Controller
• Flexible; leverages “LoadBalancer” on cloud provider
• Can provide SNI (Server Name Indication) and TLS termination

18. Working with kubectl
$ kubectl apply -f deployment.yml
Created deployment “nginx”
$
Kubernetes
Master(s)
apiserver
scheduler
~/.kube/config
Authentication/
Authorization
• kubectl is a convenient way to talk
to the Kubernetes API
• Uses ~/.kube/config for AuthN/Z

19. Example kubectl YAML file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: idesk-mobile-2851
spec:
replicas: 2
# keep the latest three deployments on k8s
revisionHistoryLimit: 3
template:
metadata:
labels:
service: idesk-mobile-2851
feature: "false”
spec:
containers:
- env:
- name: API_GATEWAY_HOST
value: https://api.idesk-apim.haufe-ep.de
- name: CLIENT_ID
value: "ad283bd8273bdbe9a72bdef”
image: "aurora/aurora.mobile.client:v2851”
name: idesk-mobile
ports:
- containerPort: 80
protocol: TCP
restartPolicy: Always
imagePullSecrets:
- name: aurora-registry-haufe-io
$ kubectl apply -f idesk-mobile.yml
Created deployment “idesk-mobile-2851”
$ kubectl get po
NAME READY STATUS RESTARTS AGE
idesk-mobile 1/2 Running 0 10s
$
Container(s)
Pod
Replica Set
Deployment

20. Example Service YML
apiVersion: v1
kind: Service
metadata:
labels:
service: idesk-mobile-2851
feature: ”true”
name: idesk-mobile-2851
spec:
type: NodePort
ports:
- name: “https”
port: 443
protocol: TCP
targetPort: 443
nodePort: 31851
selector:
service: idesk-mobile-2851
status:
loadBalancer: {}
Reachable over any Agent IP:
https://aurora-k8s.haufe-ep.de:31851

21. Demo
• Add an nginx Deployment
• Add a service
• Expose service via an Ingress definition
• Kubernetes Dashboard
• Deleting with a selector filter

22. Example Ingress YML
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-demo
spec:
rules:
- host: nginx-demo.donmartin76.com
http:
paths:
- path:
backend:
serviceName: nginx-demo
servicePort: 80