Kubernetes Architecture

adapted for minikube

bit.ly/k8s-miniarch

presented by @ryanj, Developer Advocate at Red Hat

ryanj

# Kubernetes Architecture

Kubernetes is designed ...

  1. for managing distributed solutions at scale, based on years of industry expertise (Google-scale experience)
  2. for high availabilty of the control plane and user workloads (when using pod replication), avoiding most single points of failure
  3. with a modular control plane architecture, allowing many peices to be replaced without disrupting workload availability
  4. to persist all of it's internal platform state within an etcd database
## etcd ![etcd logo](https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-glyph-color.png) * distributed key-value store * implements the [RAFT](https://raft.github.io/raft.pdf) consensus protocol

CAP theorum

  1. Consistency
  2. Availability
  3. Partition tolerance

etcd focuses on: "CA"

more reading: CAP Twelve Years Later

## Degraded Performance Fault tolerance sizing chart: ![etcd cluster sizing chart](http://cloudgeekz.com/wp-content/uploads/2016/10/etcd-fault-tolerance-table.png)
### play.etcd.io [play.etcd.io/play](http://play.etcd.io/play)
## Kubernetes API * gatekeeper for etcd (the only way to access the db) * not required for pod uptime
### API outage simulation Example borrowed from [Brandon Philips' "Fire Drills" from OSCON 2016](https://github.com/philips/2016-OSCON-containers-at-scale-with-Kubernetes#fire-drills): https://github.com/philips/2016-OSCON-containers-at-scale-with-Kubernetes#fire-drills
Create a pod and a service. Verify that the service is responding. ``` kubectl run metrics-k8s --image=quay.io/ryanj/metrics-k8s \ --expose --port=2015 --service-overrides='{ "spec": { "type": "NodePort" } }' ``` ``` minikube service metrics-k8s ``` ssh into minikube, kill the control plane: ``` minikube ssh ps aux | grep "kube-apiserver" sudo killall kube-apiserver logout ``` Use kubectl to list pods: ``` kubectl get pods The connection to the server mycluster.example.com was refused - did you specify the right host or port? ``` The API server is down! Reload your service. Are your pods still available?
## Kubelet Runs on each node, listens to the API for new items with a matching `NodeName`
## Kubernetes Scheduler Assigns workloads to Node machines
## Bypass the Scheduler Examine both of these pod specs before sending them to the API: ``` kubectl create -f https://raw.githubusercontent.com/ryanj/metrics-k8s/master/pod.json kubectl create -f https://gist.githubusercontent.com/ryanj/893e0ac5b3887674f883858299cb8b93/raw/0cf16fd5b1c4d2bb1fed115165807ce41a3b7e20/pod-scheduled.json ``` What are the differences between these two files? View events: ``` kubectl get events ``` Did both pods get scheduled? Were both started?
## Kube DNS
## Kube Proxy
## CNI * flannel * canal
## CRI * containerd (docker) * cri-o * rkt each compatible with the OCI image spec., runtime
### K8s Controllers Controllers work to regulate the declarative nature of the platform state, reconsiling imbalances via a basic control loop https://kubernetes.io/docs/admin/kube-controller-manager/ Kubernetes allows you to introduce your own custom controllers!
### Architecture Diagram ![arch diagram](https://cdn.thenewstack.io/media/2016/08/Kubernetes-Architecture-1024x637.png)
### Interaction Diagram ![interaction diagram](https://i1.wp.com/blog.docker.com/wp-content/uploads/swarm_kubernetes2.png?resize=1024) [(copied from blog.docker.com)](https://blog.docker.com/2016/03/swarmweek-docker-swarm-exceeds-kubernetes-scale/)

Congratulations on completing:

Kubernetes Architecture (adapted for minikube)

bit.ly/k8s-miniarch


Next Steps

Continue learning with other k8s-workshops:

  1. Local Development with minikube
    bit.ly/k8s-minidev
Presented by: @ryanj