~$ whoami

Denis Germain

• Site Reliability Engineer
• French tech blogger : blog.zwindler.fr*
  
  

@zwindler(@framapiaf.org)

#geek #SF #runner

*the slides are on the blog

"Kubernetes is magic " (no, it's not)

In reality :

• Manage infrastructure with APIs (& YAML)
• Applications lifecycle and scale management
• Native high availability
• Super extensible

A few notions

Node or Worker : the server running the Pods

Pod : Kubernetes compute unit.
1-n containers sharing 0-n volumes and an IP address

Let's deploy an app!

3 APIs :

• Deployment
  (application)
• Service (loadbalancer)
• Ingress
  (reverse proxy)

What does it look like in YAML?

I want to play a game

• I'm going to deploy a web server in V(lang) using YAML manifests (easy)

• BUT, we'll deploy before that a Kubernetes cluster, binary by binary first

github.com/zwindler/demystifions-kubernetes

API server

• Centralize the APIs (extensible)
• Abstract our infrastructure components

etcd

• key value database
• distributed / fault-tolerant (raft)

It's time to D-D-D-D-D-DEMO !

Controller Manager

Controllers are independant control loop softwares:

• Subscribe to events
• Act on events

A few controllers

• ReplicationController
• endpoints controller
• namespace controller
• ServiceAccounts controller

But also :

• CRDs / operators
• storage providers (CSI)

Let's add a controller-manager

Scheduler

How does Kubernetes know "where" to put a new Pod?

• CPUs & RAM requests / Affinity & anti-affinity / nodeSelector / taints & toleration (see official documentation)

Let's add a scheduler

kubelet

• Send/receive Node information
• Controls container runtime
  • adds/deletes Pods
  • checks Pods health
    
    

Official documentation - kubelet

Container runtime

To run the containers in the pods, we need a container runtime

At first,
(dockershim is unsupported in 1.24)

Often replaced by containerd now, lot's of alternatives!

Internal network

uses iptables, ipvs, ou eBPF to simulate the (virtual) network

There is no IP

CNI plugin

• Container Network Interface
• Kubernetes internal network
• CNI plugins = implementations of the CNI
  • 
  • 
  • 

kube-proxy (optional)

Component responsible of creating/managing dynamically iptables rules to route trafic from Services to living Pods

We only need one more thing, I promise

IngressController

Routing HTTP(S) requests

• IngressController is a third party component managing Ingress

Note: Ingress API is being replaced by tge Gateway API (more powerful and more agnostic)

• Kubernetes Gateway API

End of the demo

is "only"

• an API server
• a scheduler
• control loops
• a container runtime
• a virtual network

@zwindler(@framapiaf.org)

Slides and sources on blog.zwindler.fr/conférences

Sources / articles

• Sources
  • github.com/zwindler/demystifions-kubernetes
• Kubernetes "the hard way"
  • github.com/kelseyhightower/kubernetes-the-hard-way
• Medium.com - Madhavan Nagarajan - Kubernetes Internals: Architecture Overview
• github.com/shubheksha/kubernetes-internals
• K8s: A Closer Look at Kube-Proxy

Talks / conferences on the same topic

• Carson Anderson - Kubernetes Deconstructed

  • Version talk Kubecon
  • Version talk complet

• Jérôme Petazzoni - Dessine moi un cluster

  • github.com/jpetazzo/dessine-moi-un-cluster
  • Talk Lisa19

• Kubernetes Design Principles: Understand the Why

What is a container ?

It's a box!

• Process (or software)
• Run by "runtime"
• Isolated from other process on host
• Not only !
  (microVMs, container , WASM ...)

What is Kubernetes?

• Container orchestrator
• Inspired by a Google production tool
• Open sourced and given to the CNCF in 2015
• Won the "orchestrator war"
  • Docker swarm
  • Mesos Marathon