11. Containers
Kubernetes
Whereof what's past is prologue
Kubernetes is a container management platform
Kubernetes is a container management system
Kubernetes is a services management platform
12. In Scope
• Open Container Initiative (OCI)
• Container Ecosystem
• Service Mesh
• Kubernetes API Extensibility
13. Out of Scope
• Introduction to Containers
• Storage
• Networking
• Ecosystem Tools
• Cloud Native Computing Foundation (CNCF)
• Serverless
26. Service Mesh
• Infrastructure layer for service to service
communications
• Lightweight proxies deployed together with
the services.
• Ensures consistent routing, security,
resilience and monitoring.
27. Service Mesh Capabilities
• Observability
• Traffic Control
• Service Discovery
• Load Balancing
• Resilience
• Deployment Strategies
• Security
29. ISTIO
• Data Plane
• Intercepts all inbound (ingress) and outbound (egress)
network traffic.
• Service mesh sidecar model (proxy) is an implementation of
the data plane that runs as a container in a Kubernetes Pod.
• Control Plane
• Manages and configures proxies to route traffic, enforce
policies, and collect telemetry.
• Made up of three services: Pilot, Mixer, and Auth.
30. ISTIO Control Plane
• Pilot
• Service Discovery, RouteRule
and DestinationPolicy.
• Mixer
• Telemetry, ACL’s, White Lists,
Rate Limits, Custom Metrics
• Auth
• Certificate Authority, TLS,
Encryption.
31. ISTIO Sidecar Proxies
• Envoy
• Envoy is a Layer 7 proxy developed by Lyft.
• Default and most popular implementation of
ISTIO.
• nginMesh (Nginx)
• Works in the ISTIO environment.
• NGINX JavaScript module (LUA)
34. Kubernetes API
• Kubenernetes APIs allow users to specify the desired
state of a Kubernetes cluster with declarative yaml or
json config for a Resource.
• Facilitating self-healing APIs that continuously watch the
state of the system.
• Leveraging tools that work with any Kubernetes config such
as kubectl and kustomize.
• Integrating with Kubernetes Authz and Authn.
• Developers can build and publish their own Kubernetes APIs
which may be installed into running clusters by cluster
admins.
35. Custom Resource and
Controllers
• Custom Controllers have access to Kubernetes
API that can see the current state and make
decisions in milliseconds.
• Custom Controllers can use custom rules that
can monitor a cluster, change pods, and scale
endpoints of an applications.
• Useful for abstracting complexities of managing
state-full applications in Kubernetes clusters.
37. Kubebuilder
• SDK for rapidly building and publishing Kubernetes APIs in
go. It facilitates using canonical techniques used by core
Kubernetes APIs as well as techniques specific to
extensions.
• Initializing new project library dependencies and structure.
• Bootstrapping API scaffolding code, tests, and documentation.
• High level abstractions wrapping client-go, apimachinery, and
apiserver libraries.
• Building and publishing API container images and yaml config.
• Building and publish API reference documentation.