Hello Kubernetes World
from Centre for Digital Humanities
presentation repo: https://github.com/centrefordigitalhumanities/hello-kubernetes-world/Outline
- Why Kubernetes?
- What is Kubernetes?
- Cluster components
- Basic objects
- Minikube
- Examples: Hello World, Snake, Bonus
- Next steps
Why Kubernetes?
Over the years, people called developers started
virtualizing and containerizing applications (separation of concerns)
image: https://kubernetes.io/docs/concepts/overview/
Docker containers
"It works on my machine""Then we will ship your machine to the customer"
Containers made it easy to seperate applications but managing hundreds of containers was cumbersome... Kubernetes to the rescue!
image: https://k21academy.com/docker-kubernetes/docker-and-kubernetes/
Kubernetes features
After a container image is pushed into a registry,Kubernetes gets into the scene.
What is Kubernetes?
Kubernetes is a distributed container orchestration platform
for automating deployment and management of applications at scale.
- Open Source
- Distributed
- Extensible
- Declarative
- Resilient
Kubernetes is also:
image: https://tudip.com/blog-post/managing-deployments-using-kubernetes-engine/
What is Kubernetes??
Kubernetes is the "linux kernel" of distributed systems.
*
It abstracts away the underlying infrastructure and provides a uniform interface for applications to be both deployed and consume the shared pool of resources.
*
Kubernetes runs in nodes: on cloud or on premises or on a combination.
Cluster Components
Node: a physical or virtual machine that contributes resources
Cluster: a group of master control plane and worker data plane nodes
image: https://faun.pub/kubernetes-chronicles-k8s-01-introduction-to-kubernetes-architecture-18cad51d270f
Control Plane
kube-apiserver: allows user interaction with the cluster (CLI/UI)
etcd: stores key-value pairs for cluster configuration (state, parameters, secrets)
kube-scheduler: decides which node a pod will run on
kube-controller-manager: shifts the actual state of the cluster to the desired state (acts as cluster thermostat)
For high availability,
the control plane runs on multiple nodes.
Data Plane
kubelet: agent ensures that containers are running, reports to the kube-apiserver
kube-proxy: facilitates networking between pods and handles external traffic
container runtime: (ie. Docker) pulls and runs container images from a registry
Basic Objects
Pod: the smallest computational unit, plugs&plays container(s), ephemeral in nature
*
Deployment: manages the lifecycle of identical pods by scaling, updating, self-healing
*
ConfigMap/Secret: holds data as key-value pairs, passwords and apikeys kept secret
*
Service: provides a stable IP address and domain name for reaching a deployment
More Objects
StatefulSet: same as a deployment but for applications with persistent storage
*
Persistent Volume (PV): represents a piece of storage that can be attached to pods
*
Persistent Volume Claim (PVC): requests PV resources with specific characteristics
*
Namespace: groups and isolates kubernetes objects in seperate cluster spaces
Label: nametags kubernetes objects; useful to select, identify, inform
even more on: https://kodekloud.com/blog/kubernetes-objects/
Minikube
brew install minikube
minikube start
minikube dashboard
docker ps # 🤯
minikube config set memory 4096
kubectl config
watch kubectl get all
tutorial: how-to-use-minikube-for-local-kubernetes-development-and-testing@digitalocean
kubectl: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ | k9s: https://k9scli.io/
Examples
kubectl apply -f hello-k8s-message.yaml # or through dashboard
kubectl apply -f kubesnake.yaml # or through dashboard
minikube ip # or minikube service --url
minikube stop/delete # 💥
.
.
Bonus: Development IdP
Development IdP
- A django app for developing & testing applications using SAML/OIDC
- Meant for local Docker deployment, easily adapted to run in Kubertenes
- For today: configuring docker apps, the K8S way
- For at home: deploying using manifests & kustomize: see example readme
In Docker compose
.
├── container.env
├── docker-compose.yml
├── private.key
└── public.cert
services:
dev-idp:
# [..]
env_file:
- ./container.env
secrets:
- private_key
- public_cert
secrets:
private_key:
file: ./private.key
public_cert:
file: ./public.cert
In Kubernetes
The problemWe have no filesystem to retrieve these values and files from 🙁️
The solution
Use Kubernetes config maps and secrets
Env variables
apiVersion: v1
kind: Secret
metadata:
name: django-secrets
type: Opaque
data:
DJANGO_SECRET_KEY: dG9wc3lfa3JldHMK
apiVersion: v1
kind: ConfigMap
metadata:
name: django-config-map
data:
DJANGO_HOST: "idp.example.org" # Change this to the domain you get from the ingress
DJANGO_DB_TYPE: "sqlite"
DJANGO_SQLLITE_FILE: "/data/db.sqlite3"
# [..]
Env variables
# deployment.yaml
containers:
- name: dev-idp
envFrom:
- configMapRef:
name: django-config-map
- secretRef:
name: django-secrets
File secrets
apiVersion: v1
kind: Secret
metadata:
name: django-certs
type: Opaque
data:
private.key: [base64 encoded private key]
public.cert: [base64 encoded public cert]
File secrets
# deployment.yaml
# [..]
volumes:
- name: django-certs
secret:
secretName: django-certs
# [..]
containers:
- name: dev-idp
volumeMounts:
- name: django-certs
mountPath: /certs
Next steps
- Networking ie. Ingress with load balancer
- Autoscaling ie. Horizontal Pod Autoscaler
- RBAC - Role Based Access Control
- RedHat Openshift ITS
ie. Rootless Containers, Routes, Storage - Helm & Kustomize package managers
- ArgoCD for automatic deployments
- Plugins ie. for backup, monitoring, metrics
image: https://www.cncf.io/phippy/the-childrens-illustrated-guide-to-kubernetes/
Qubi..nitis
/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/Cuba..nitas!
K8s: Kate's