Kubernetes 101 - FrOSCon · Our motivation to do this talk Provide an overview of container architechture on the example of Docker and Kubernetes. INTRODUCTION Docker Fundamentals

INTRODUCTION Docker Fundamentals

Kubernetes 101

Oleg Fiksel |Michael Siebertz

Email: [email protected] | [email protected]: @oleg:fiksel.info | @captain.vsan:matrix.org

2019-08-10 FrOSCon 2019

mailto:[email protected]

mailto:[email protected]


OLEG FIKSEL (DOCKER FUNDAMENTALS)

I DevOps Engineer

I Passionate about tech

I Like to automate everything


OLEG FIKSEL (DOCKER FUNDAMENTALS)

I DevOps Engineer

I Passionate about tech

I Like to automate everything


MICHAEL SIEBERTZ

(KUBERNETES FUNDAMENTALS + LIVE DEMO)

I DevOps Engineer

I Passionate about tech (IT / Car)

I Trying to automate as much as possible

I Part of Central DevOps Team


MICHAEL SIEBERTZ

(KUBERNETES FUNDAMENTALS + LIVE DEMO)

I DevOps Engineer

I Passionate about tech (IT / Car)

I Trying to automate as much as possible

I Part of Central DevOps Team


MOTIVATION

Our motivation to do this talk

Provide an overview of container architechtureon the example of Docker and Kubernetes.


MOTIVATION

Our motivation to do this talkProvide an overview of container architechture

on the example of Docker and Kubernetes.


AGENDA

I Docker Fundamentals

I Kubernetes Fundamentals

I Roadmap from KubeCon 2019

I Live Demo


AGENDA




I Live Demo


AGENDA




I Live Demo


AGENDA




I Live Demo


AGENDA




I Live Demo


Docker fundamentals


A BIT OF HISTORY


A BIT OF HISTORY 1/2

1979 · · · · · ·• chroot

2000 · · · · · ·• FreeBSD Jails

2001 · · · · · ·• Linux VServer

2004 · · · · · ·• Solaris Containers

2005 · · · · · ·• OpenVZ

2006 · · · · · ·• Process Containers (Google)

2008 · · · · · ·• LXC. . . · · · · · ·•


A BIT OF HISTORY 2/2

. . . · · · · · ·•2011 · · · · · ·• Warden (CloudFoundry)

2013 · · · · · ·• Let Me Contain That For You (LMCTFY)(Google)

2013 · · · · · ·• Docker

2014 · · · · · ·• Kubernetes

. . . · · · · · ·• Big fight between container orchesrationframeworks

2018 · · · · · ·• Kubernetes is de facto standard fororchestrating containers


VMS AND CONTAINERS


VMS AND CONTAINERS


VMS AND CONTAINERS


VMS AND CONTAINERS

I Storage

I VM: Binary ImageI Container: Layered plain FS

I Emulation

I VM: BIOS, Hardware, etc.I Container: No emulation, just separation

I Networking

I VM: NIC emulationI Container: Uses network stack of the host

I Runtime

I VM: statefulI Container: stateless


VMS AND CONTAINERS

I Storage

I VM: Binary ImageI Container: Layered plain FS

I Emulation


I Networking


I Runtime



VMS AND CONTAINERS

I StorageI VM: Binary Image

I Container: Layered plain FS

I Emulation


I Networking


I Runtime



VMS AND CONTAINERS

I StorageI VM: Binary ImageI Container: Layered plain FS

I Emulation


I Networking


I Runtime



VMS AND CONTAINERS


I Emulation


I Networking


I Runtime



VMS AND CONTAINERS


I EmulationI VM: BIOS, Hardware, etc.

I Container: No emulation, just separation

I Networking


I Runtime



VMS AND CONTAINERS


I EmulationI VM: BIOS, Hardware, etc.I Container: No emulation, just separation

I Networking


I Runtime



VMS AND CONTAINERS



I Networking


I Runtime



VMS AND CONTAINERS



I NetworkingI VM: NIC emulation

I Container: Uses network stack of the host

I Runtime



VMS AND CONTAINERS



I NetworkingI VM: NIC emulationI Container: Uses network stack of the host

I Runtime



VMS AND CONTAINERS




I Runtime



VMS AND CONTAINERS




I RuntimeI VM: stateful

I Container: stateless


VMS AND CONTAINERS




I RuntimeI VM: statefulI Container: stateless


CONTAINER LIFECYCLE - OVERVIEW


CONTAINER LIFECYCLE - OVERVIEW


CONTAINER LIFECYCLE - IMAGE VERSIONS






LAYERED FILE SYSTEM


LAYERED FILE SYSTEM


LAYERED FILE SYSTEM


LAYERED FILE SYSTEM - IMAGE DEPENDENCIES








LAYERED FILE SYSTEM - BACKENDS

I aufs (legacy)

I overlayfs (legacy)

I devicemapper

I overlayfs2

I btrfs


LAYERED FILE SYSTEM - BACKENDS

I aufs (legacy)

I overlayfs (legacy)

I devicemapper

I overlayfs2

I btrfs


PERSISTENT STORAGE (VOLUMES)

I Containers start without state

I State is provided via mounts

I Binds (local FS)I Docker volumesI Docker Storage plugins














I State is provided via mountsI Binds (local FS)

I Docker volumesI Docker Storage plugins




I State is provided via mountsI Binds (local FS)I Docker volumes

I Docker Storage plugins




I State is provided via mountsI Binds (local FS)I Docker volumesI Docker Storage plugins


SEPARATION AND RESOURCE LIMITING

I cgroups

I Linux kernel featureI Limiting: CPU, memory, disk I/O, network

I namespaces

I Linux kernel featureI process isolation

Each container "thinks" it’s the only one in the system(ps uax)



I cgroups

I Linux kernel featureI Limiting: CPU, memory, disk I/O, network

I namespaces





I cgroupsI Linux kernel feature

I Limiting: CPU, memory, disk I/O, network

I namespaces





I cgroupsI Linux kernel featureI Limiting: CPU, memory, disk I/O, network

I namespaces






I namespaces






I namespacesI Linux kernel feature

I process isolationEach container "thinks" it’s the only one in the system(ps uax)




I namespacesI Linux kernel featureI process isolation



SUMMARY

I Containers are pretty slick and useful for packagingapplications

I Docker is the standard de facto (for now) for runningcontainers

I Docker alone is not enough to run containers big time


SUMMARY





SUMMARY





SUMMARY





NEXT UP

Kubernetes Fundamentals

Documents

Kubernetes 101 - FrOSCon · Our motivation to do this talk Provide an overview of container architechture on the example of Docker and Kubernetes. INTRODUCTION Docker Fundamentals