Misc
- K8s: Full blown Kubernetes. 3 x K8s masters, 3 x etcd, 2 x Ingress plus your worker nodes
-
K3s: Designed to be a single binary of less than 40MB that completely implements the Kubernetes API. In order to achieve this, they removed a lot of extra drivers that didn't need to be part of the core and are easily replaced with add-ons.
Intro
- Kubrenebts is OSS orchestration tool
- Developed by Google
- Help you manage containerized applications
- How Kubernetes can help you?
- Move from Monolithic to Microservices
- Apps divided to microservices
- Manage those containers (that could be 100 or more)
- Move from Monolithic to Microservices
- What features Kubernetes offers ?
- HA
- Scalability
- DR - backup and restore
Kubernetes Architecture
- Kubelet: agent that the cluster use to communicate.
- Master node:
- Important K8s processes that are running here to manage the cluster
- API server:
- Entry point to K8s cluster
- Different clients talks to. like UI or CLI
- Entry point to K8s cluster
- Controller Manager:
- Keep tracks of what happening in the cluster, if an application die and needs to be restarted etc.
- Scheduler:
- Intelligent scheduler to Pods, and decide which node the Pod should be scheduled depending on utilization
- ETCD
- K8 backing store (key/value): Hold all the data on the cluster (Pods status etc ) - so recovery usually starts with this storage.
- Virtual network
- API server:
- Important K8s processes that are running here to manage the cluster
Kubernetes Main Component
-
Pod: the square in blue
- Smallest unit in Kubernetes.
- A layer on top of Container, so regardless of container technology - Kubrenetes abstract that away that from you.
- Usually 1 Application per Pod
- Each Pod get an IP (internal IP)
- Pod: are ephemeral , so when Pod dies because he applications inside it dies, another Pod get created and get a new ip address
-
Service:
- DNS name.
- It acts as load balancer between Pods.
- Permeant ip than can be attached to the Pod
- Lifecycle of Pod and Service are not connected.
- Type of service:
- External : https://node-ip:port (for web server, for testing).
- Internal: https:// db-service-ip:port (for backend services).
-
Ingress
- Requests get received here, and then Ingress forward it to Service.
- Kubernetes traffic gateway
-
ConfigMap
- External config for your application.
-
Secrets
- User stores secret data in Base64 format.
- This doesn't make things secure by default, where you need 3rd party tools. (like Vault?)
- Certificates get stored here as well.
-
Volumes
- The component which attach storage to Pods, whether a local storage or remote storage (Cloud, etc. )
- K8 doesn't manage data persistence, it's on you to backup it etc.
-
Deployment
- Used for StateLess Apps
- Blueprint for "my-app" podcs
- A layer of abstractions of Pods (where you don't work with Pods directly)
-
Statefulset
- Used for STATEFUL apps or Databases (but if it's 1 replica, it's okay to use deployment)
- Examples:
- Mongodb
- Elastic
- MySQL
- Examples:
- You create those services using Statefulsets and not Deployments.
- Will take care of replicating the Pods
- Not easy to deploy stateful apps in K8
- Sometimes you have put the database outside of K8
- Used for STATEFUL apps or Databases (but if it's 1 replica, it's okay to use deployment)
Kubernetes Configuration
- API server is the gateway for the clients
- Request is either in JSON or YAML
3 important parts in Kubrenetes configuration file
- Metadata: what we are creating, Service or xxxx)
- Specification: What is the specification of the container? (how many replica, what's the desired state)
- Status: Automatically generated and added by Kubernetes. The cluster information and containers state gets stored in etcd.
YAML Configuration File
- Syntax: Strict indentation.
Demo time
Demo architecture
Notes while deploying the demo:
- Pods has it own spec section.
- It's common to put Deployment and Service in the same file.
- Labels
- Labels are external identifiers than can be attached to K8 containers
- For Pods, Labels are required.
- Label Selectors:
- Identify a set of resources
- Match all Pods with labels "app:nginx" → knows which Pods are part of this deployment
- Service
- Target port should always forward to Container port
- You need to make the service accessible from outside, and this happen with Node port.
- There's a range for NodePort that's already defined in Kubernetes, you cannot just use any port.
- Before deploying
- ConfigMAP & Secrets needs to exists before running deployments
Issues I ran into while deploying the demo
- ImagePullBackOff
https://www.tutorialworks.com/kubernetes-imagepullbackoff/ - Restart a deployment
Useful commands
- kubectl get all
- kubectl get node -o wide
- kubectl describe component name (i.e: pods ) id
- kubectl rollout restart name
- kubectl apply -f webapp.yaml (when you change configuration file)