SlideShare a Scribd company logo
1 of 18
Download to read offline
KubeVirt 101
Piotr Kliczewski
June 12th 2019
Agenda
1. KubeVirt
a. Why we need it?
b. Components
c. How it works?
2. Storage
3. Networking
4. Container Native Virtualization
5. Demo
6. References
VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
VM virtualizes the hardware Container virtualizes isolates
the process
VM
OS Dependencies
Kernel
Hypervisor
Hardware
App App App App
Hardware
Container Host (Kernel)
Containe
r
App
OS
deps
Containe
r
App
OS
deps
Containe
r
App
OS
deps
Containe
r
App
OS
deps
Kubernetes
● Orchestrates many containers on many nodes (hosts)
● Initiated by Google
● Huge community now (contributors and users)
● Declarative approach
● Continuously compares declared state with observed state and
takes action
KubeWhat?
KubeVirt (http://kubevirt.io) is a virtual management add-on for Kubernetes.
KubeVirt leverages Kubernetes as a common platform for virtual machines and
containers.
Use cases
● Migration path from existing VM infrastructure
● Decomposing VM workloads into containers
● Centralize development workflows
○ One pipeline for both VMs and Containers
○ Allows VMs and Containers to coexist
● Centralized Operations
○ One System for both Container and VM workloads
○ Increased Ops efficiency and lowers Ops costs.
● Provide strict(er) isolation of containers
○ Katacontainers, gVisor, Isolates, Firecracker
Capabilities
Compute
● Create/Start/Stop/Reset VM
● VNC and serial console access
● Liveness and readiness probes
● Guest agent status
● Prometheus metrics
● Custom hooks
● VM (anti)affinity
● VM migrations / Node drain
Performance
● CPU pinning
● Huge pages
● IO threads
● Multi-queue
● Pinned IO
Networking
● Pod and L2 networking (via Multus or Genie)
● SR-IOV interface support
● Custom DHCP options
● PXE boot
● Configure MAC address
Storage
● Block PVs
● DataVolume
● ContainerDisk
● Host assisted cloning
● Import and upload flows
How it was built
● KubeVirt is built upon K8s
● Leverages K8s native infrastructure
○ Scheduler
○ Networking
■ Ingress
■ Services and routes
■ NetworkPolicies
○ Storage
■ PVs and PVCs
■ storageClass
○ Operators
■ Uses CRDs for many entities including VM and VMI
● Provides virtctl and vmctl(experimental)
● Tooling ecosystem (vagrant, ansible etc)
Components
● K8s controllers
○ Manages VM process life cycle
● Virt APIs
○ Defines, Validates, Implements VM, VMI, VMRS, and VMPreset APIs
● Stream APIs
○ WebSocket access to VM’s via console and VNC
● Virt specific pods
○ Virt handler and launcher
● Network and storage integration
○ The glue code integrates VMs with network and storage solutions
● Kubevirt operator
○ Install/update/uninstall Kubevirt components
KubeVirt: VM Start Flow
● PVC/PVs
○ PVCs and PVs are K8s APIs for providing persistent volumes to Pods
○ These APIs abstract away storage details from how storage is consumed
● DataVolume
○ Built on top of PVC, it helps with PVC readiness issue
● StorageClass Provisioners
○ Provisions storage using CSI provider (GlusterFS, Ember, etc...)
○ Offload more complex storage operations to the provisioner
● ContainerDisk
○ Use regular container image exposed as file system
K8s Storage subsystem
Data importing
● Containerized Data Importer (CDI)
○ Controller that watches for PVC created with special annotations
○ Attaches PVCs to short lived Pod to inject data into PVC
● CDI Use Cases
○ Leveraged by KubeVirt to import or upload VM disks into PVCs
○ Clone existing disks to new VM
○ Possible other use cases outside of KubeVirt
● Data cloning methods
○ Smart cloning (copy on write, provided by underlying implementation)
○ Host assisted cloning (heavyweight generic approach)
● Consumption methods
○ File based (PVC based)
○ Block device
Disk provisioning flow - example
● Post a PVC
○ VM needs a 10gb disk containing a fedora image
○ Post PVC with annotations asking CDI to import a fedora image.
● StorageClass provisions PV
○ GlusterFS StorageClass provisioner sees PVC
○ Dynamically generates PV and underlying Gluster storage volume
● CDI Injects data into PVC
○ CDI sees bound PVC/PV with special annotation
○ Launches Pod to inject fedora image into PVC
● PVC is ready for consumption
○ VM spec is posted referencing new PVC as a volume source
○ Possible to use DataVolume to simplify readiness check
VM networking
● Pod network
○ IP Takeover
○ Laverages K8s DNS
○ Services and Routes
● Container networking plugins L2
○ CNI-Multus
○ CNI-Genie
■ Abstraction over other CNI plugins
Container-native Virtualization
● Built upon Openshift
● CDI
● Leverage OCP templates
● OCP web console
● VM import from VmWare
● CSI-Ember
DEMO
References
● Website
○ https://www.kubevirt.io/
● Demo
○ https://github.com/kubevirt/demo
● User Guide
○ https://github.com/kubevirt/user-guide
● Slack (K8s Virtualization group)
○ #virtualization @ kubernetes.slack.com
● Twitter
○ @kubevirt
● IRC
○ #kubevirt @ irc.freenode.net
● Weekly meeting
○ https://calendar.google.com/calendar/embed?src=18pc0jur01k8f2cccvn5j04j1g%40group.cale
ndar.google.com&ctz=Etc%2FGM
T
Thank you!
Questions?

More Related Content

Recently uploaded

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Recently uploaded (20)

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Piotr kliczewski - KubeVirt 101

  • 2. Agenda 1. KubeVirt a. Why we need it? b. Components c. How it works? 2. Storage 3. Networking 4. Container Native Virtualization 5. Demo 6. References
  • 3. VIRTUAL MACHINES AND CONTAINERS VIRTUAL MACHINES CONTAINERS VM virtualizes the hardware Container virtualizes isolates the process VM OS Dependencies Kernel Hypervisor Hardware App App App App Hardware Container Host (Kernel) Containe r App OS deps Containe r App OS deps Containe r App OS deps Containe r App OS deps
  • 4. Kubernetes ● Orchestrates many containers on many nodes (hosts) ● Initiated by Google ● Huge community now (contributors and users) ● Declarative approach ● Continuously compares declared state with observed state and takes action
  • 5. KubeWhat? KubeVirt (http://kubevirt.io) is a virtual management add-on for Kubernetes. KubeVirt leverages Kubernetes as a common platform for virtual machines and containers.
  • 6. Use cases ● Migration path from existing VM infrastructure ● Decomposing VM workloads into containers ● Centralize development workflows ○ One pipeline for both VMs and Containers ○ Allows VMs and Containers to coexist ● Centralized Operations ○ One System for both Container and VM workloads ○ Increased Ops efficiency and lowers Ops costs. ● Provide strict(er) isolation of containers ○ Katacontainers, gVisor, Isolates, Firecracker
  • 7. Capabilities Compute ● Create/Start/Stop/Reset VM ● VNC and serial console access ● Liveness and readiness probes ● Guest agent status ● Prometheus metrics ● Custom hooks ● VM (anti)affinity ● VM migrations / Node drain Performance ● CPU pinning ● Huge pages ● IO threads ● Multi-queue ● Pinned IO Networking ● Pod and L2 networking (via Multus or Genie) ● SR-IOV interface support ● Custom DHCP options ● PXE boot ● Configure MAC address Storage ● Block PVs ● DataVolume ● ContainerDisk ● Host assisted cloning ● Import and upload flows
  • 8. How it was built ● KubeVirt is built upon K8s ● Leverages K8s native infrastructure ○ Scheduler ○ Networking ■ Ingress ■ Services and routes ■ NetworkPolicies ○ Storage ■ PVs and PVCs ■ storageClass ○ Operators ■ Uses CRDs for many entities including VM and VMI ● Provides virtctl and vmctl(experimental) ● Tooling ecosystem (vagrant, ansible etc)
  • 9. Components ● K8s controllers ○ Manages VM process life cycle ● Virt APIs ○ Defines, Validates, Implements VM, VMI, VMRS, and VMPreset APIs ● Stream APIs ○ WebSocket access to VM’s via console and VNC ● Virt specific pods ○ Virt handler and launcher ● Network and storage integration ○ The glue code integrates VMs with network and storage solutions ● Kubevirt operator ○ Install/update/uninstall Kubevirt components
  • 11. ● PVC/PVs ○ PVCs and PVs are K8s APIs for providing persistent volumes to Pods ○ These APIs abstract away storage details from how storage is consumed ● DataVolume ○ Built on top of PVC, it helps with PVC readiness issue ● StorageClass Provisioners ○ Provisions storage using CSI provider (GlusterFS, Ember, etc...) ○ Offload more complex storage operations to the provisioner ● ContainerDisk ○ Use regular container image exposed as file system K8s Storage subsystem
  • 12. Data importing ● Containerized Data Importer (CDI) ○ Controller that watches for PVC created with special annotations ○ Attaches PVCs to short lived Pod to inject data into PVC ● CDI Use Cases ○ Leveraged by KubeVirt to import or upload VM disks into PVCs ○ Clone existing disks to new VM ○ Possible other use cases outside of KubeVirt ● Data cloning methods ○ Smart cloning (copy on write, provided by underlying implementation) ○ Host assisted cloning (heavyweight generic approach) ● Consumption methods ○ File based (PVC based) ○ Block device
  • 13. Disk provisioning flow - example ● Post a PVC ○ VM needs a 10gb disk containing a fedora image ○ Post PVC with annotations asking CDI to import a fedora image. ● StorageClass provisions PV ○ GlusterFS StorageClass provisioner sees PVC ○ Dynamically generates PV and underlying Gluster storage volume ● CDI Injects data into PVC ○ CDI sees bound PVC/PV with special annotation ○ Launches Pod to inject fedora image into PVC ● PVC is ready for consumption ○ VM spec is posted referencing new PVC as a volume source ○ Possible to use DataVolume to simplify readiness check
  • 14. VM networking ● Pod network ○ IP Takeover ○ Laverages K8s DNS ○ Services and Routes ● Container networking plugins L2 ○ CNI-Multus ○ CNI-Genie ■ Abstraction over other CNI plugins
  • 15. Container-native Virtualization ● Built upon Openshift ● CDI ● Leverage OCP templates ● OCP web console ● VM import from VmWare ● CSI-Ember
  • 16. DEMO
  • 17. References ● Website ○ https://www.kubevirt.io/ ● Demo ○ https://github.com/kubevirt/demo ● User Guide ○ https://github.com/kubevirt/user-guide ● Slack (K8s Virtualization group) ○ #virtualization @ kubernetes.slack.com ● Twitter ○ @kubevirt ● IRC ○ #kubevirt @ irc.freenode.net ● Weekly meeting ○ https://calendar.google.com/calendar/embed?src=18pc0jur01k8f2cccvn5j04j1g%40group.cale ndar.google.com&ctz=Etc%2FGM T