Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. This training helps you understand key concepts within 3 hours.
2. Introduction
● very hands-on workshop
● fundamental concepts and features of Kubernetes
Over the course of multiple exercises we walk you through taking a
sample application from a simple first deployment to improving it step by
step, implementing best practices.
3. Our Journey
1. Review of Kubernetes Architecture
2. Deploy hello-world app
3. Play with pod
4. Services - How to expose the app
5. Zero Downtime Deployment
6. Information used by the containers
7. Useful tools & Commons Problems
5. Container Solutions
We are a Cloud Native consultancy based in Amsterdam, Berlin, London,
Montreal, Zurich and Warsaw.
Kubernetes Certified Service Provider (KCSP) and experts in Cloud Native
strategy and technology.
https://container-solutions.com/
We are hiring!
7. Who are you? What brings your here today?
1. Developer? Ops? Architect?
2. Where do you work?
3. Experience with Containers? Kubernetes?
Who are you?
8. ● Pair-up with your neighbour and support each other
● If you do get stuck, please let us know
Collaboration is Key
9. 16:00 - 16:20 Introduction
16:20 - 17:40 Theory in practice on core components
17:40 - 17:50 Break
17:50 - 19:00 Managing Resources
19:00 - 19:10 Break
19:10 - 19:50 Lifecycles and Troubleshooting
19:50 - 20:00 Q&A
Agenda
10. Your Own Environment
● Up and a running Kubernetes cluster via minikube
$ minikube status
● Installed kubectl
13. ● Open-source container orchestrator
● Based on Google’s experience with Borg and now Omega
● Maintained by the Cloud Native Computing Foundation
● Most cloud providers now offer managed Kubernetes
○ Google Kubernetes Engine
○ Amazon Elastic Container Service for Kubernetes
○ Azure Kubernetes Service
Background
21. kubectl get <resources>
List all resources in the current namespace
kubectl describe <resource> <resource-name>
Verbose output of a particular resource
kubectl apply -f <filename>
Create or update a resource from a file
Useful verbs and commands
22. Step #1
Run a simple “hello world” application
$ kubectl run hello-world
--image=containersol/k8s-in-3h:v1 --port=8080
What just happened?!
23. View the resources created
$ kubectl get pods
$ kubectl get pods -o wide
$ kubectl get deployments
$ kubectl get replicasets
$ kubectl get all
Step #2
24. Deployment
● Encapsulates ReplicaSet
● Controlled change from current
state to desired state
● Can rollback to a previous state
due to a deployment error
25. ReplicaSet
● Ensures a specified number of
pod replicas are running at any
given time
● Automatically created in
Deployment (usually)
26. Step #3
View more detail about a resource
$ kubectl describe pod <pod_name>
$ kubectl describe deployment <deployment_name>
$ kubectl describe replicaset <replicaset_name>
27. Step #4
Can i login into the pod? Yes, you can!
$ kubectl exec -it <pod_name> /bin/sh
28. Step #5
Scale the pods
$ kubectl scale deployment hello-world --replicas=4
Verify
$ kubectl get pod
$ kubectl get rs
30. ● Forward traffic to pod or a group of pods that work together
○ Grouped by a Label Selector
● Stable end-point that can be addressed by name
● Different types:
○ ClusterIP
○ NodePort
○ LoadBalancer
What’s a Service?
31. ● Default type
● Creates an internal IP
● Assigns Service to
internal ClusterIP
● Only reachable within cluster
ClusterIP
32. ● Exposes a port on all of the
nodes of the cluster
● Allocated in range of 30,000 -
32,767
● Same port on every host
NodePort
33. Step #1
Use a NodePort Service to expose the deployment
$ kubectl expose deployment hello-world
--name=hello-world-svc
--type=NodePort
--port=8080
34. Step #2
View the new Service
$ kubectl get svc
$ kubectl describe svc <svc_name>
Can we access the service on the Cluster IP?
$ kubectl get svc -o wide
$ curl <CLUSTER-IP>:<NODE-PORT>
No, we cannot
35. How about on the Node IP?
$ minikube ip
$ curl <MINIKUBE-IP>:<NODE-PORT>
Check the hostname
$ curl --silent <MINIKUBE-IP>:<NODE-PORT> | grep Hostname
<repeat a few times>
Step #3
36. You can do it via browser also!
http://<MINIKUBE-IP>:<NODE-PORT>
Check the logs:
$ kubectl logs -f <pod_name>
Step #4
37. Do you want Zero Downtime Deployment!?
Run check on different terminal
$ while true; do curl --silent <MINIKUBE-IP>:<NODE-PORT> | grep
Version; sleep 0.1; done;
Deploy!
$ kubectl set image deployment/hello-world
hello-world=containersol/k8s-in-3h:v2
Step #5
38. When deploying a new application, the switch from the old to the new
version can impact end users. This module will help you to use the right
deployment strategy depending on your use case.
● RollingUpdate
● Recreate
● Rolling Back
● Blue/Green
● Canary
● A/B
Deployment Strategies
42. Namespaces
Namespaces are intended for use in environments with many users
spread across multiple teams, or projects, such that cluster resources can
be divided over multiple users
43. Working with Namespaces
List all namespaces
$ kubectl get ns
Create a new namespace
$ kubectl create ns <namespace-name>
List all in all namespaces
$ kubectl get all --all-namespaces
44. Standard Namespaces
● default - empty, default namespace
● kube-public - readable by all users, contains CA as a ConfigMap
● kube-system - for object created by kubernetes system
48. apiVersion: v1
kind: Service
metadata:
name: hello-world-svc
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
selector:
run: hello-world
Service
Manifest
● Matches objects with label of
“run: hello-world”
● Exposes application listening on
port 8080
$ kubectl get svc -o yaml
49. Setup a sample application
You will find a sample application here:
https://github.com/ContainerSolutions/ws-kubernetes-essentials-app
Start by cloning the repository to your environment:
$ mkdir cs-k8sin3h
$ cd cs-k8sin3h
$ git clone https://tinyurl.com/y7jbczea .
50. Instructions
1. Create a Deployment using the “app-deployment.yaml” manifest
2. Create the Service specified in the “app-service.yaml” manifest
3. Find the IP and Port of the NodePort Service
4. Open the application in your browser
Attempt it on your own, if you get stuck refer to the next 3 slides.
You have 10 minutes...
51. Step #1
Deploy the application using the manifest file:
$ kubectl apply -f manifests/app-deployment.yaml
What happened? What was created?
$ kubectl get deploy
$ kubectl describe deploy sample-app
$ kubectl get pods
52. Expose the application using the manifest file:
$ kubectl apply -f manifests/app-service.yaml
What happened? What was created?
$ kubectl get svc sample-app-svc -o wide
$ kubectl describe svc sample-app-svc
Access the application:
$ curl <MINIKUBE-IP>:<NODE-PORT>
Step #2
54. Introduction
Any reasonable web application has information that needs to be kept
from prying eyes and decoupled from the application. This has become
more complicated with microservices. Ephemeral nature of
services/containers means we need automation.
56. Creating ConfigMaps
ConfigMaps can be created directly from the CLI:
$ kubectl create configmap ...
Or through Manifests:
$ kubectl apply -f configmap.yaml
57. apiVersion: v1
kind: ConfigMap
metadata:
name: webapp-config
data:
timeout: 3600
loglevel: debug
Property-like
● Property-like keys represent
smaller, individual pieces of
Configuration data.
● Typically used to populate
Environment Variables for
application properties or
command line arguments.
58. ...
spec:
containers:
- name: test-container
...
env:
- name: TITLE
valueFrom:
configMapKeyRef:
name: workshop-config
key: TITLE
Environmental
Variables
The key from the ConfigMap becomes
the environment variable name in the
Pod.
59. We want to use a ConfigMap to supply details to our application.
1. Apply the ConfigMap in “manifests/app-configmap.yaml”
2. Update the “app-deployment” with ENVs from the ConfigMap
a. Look at the config map for naming
3. Apply the updated deployment
4. View the results
You have 10 minutes...
Instructions
60. Bonus
Readiness
● Do your Pods have a
readiness probe?
● Is your Pod “Ready”?
Liveness
● Do your Pods have a liveness
probe?
● Is it successful or failing?
containers:
- name: app-frontend
image: containersol/k8s-sample-app:1.0
ports:
- containerPort: 9292
readinessProbe:
httpGet:
path: /readiness
port: 9292
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 1
livenessProbe:
httpGet:
path: /liveness
port: 9292
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 5
63. Kubectl Autocomplete
Kubectl includes autocompletion support, which can save a lot of typing!
Follow the Instructions here:
https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-
autocompletion
64. ● Simple Web User Interface
● Decent high-level overview of the
cluster
● Can drill down into details
● Useful for debugging
Dashboard
$ minikube dashboard
65. ● Port-forwarding is a useful debugging tool
● Map a local port to a port inside a Pod
● Meant for testing services that are not exposed
$ kubectl port-forward <pod_name> 8080 &
$ curl 0.0.0.0:8080
Port-Forward
70. Pod Status = “ImagePullBackoff”
Check the image exists on the Registry (e.g. hub.docker.com)
$ docker pull <image-name>
Check for permission issues
$ kubectl describe po <failing-pod>
Review the Pod’s “Events”
Problem Pulling Image
71. Pod Status = “Pending”
Means your Pod cannot be Sheduled onto a Node. Maybe because your
Nodes are overloaded, you only have a single node cluster or your
Deployment is asking for too much CPU or Memory.
Check your nodes with
$ kubectl get nodes
$ kubectl describe node <node-name>
Pod Cannot Be Scheduled
72. A Pod is Behaving “weirdly”
Check the Status and Events
$ kubectl describe pod <pod_name>
Check the Logs
$ kubectl logs <pod_name> <container_name>
Run a shell into the container
$ kubectl exec -it <pod_name> -- /bin/bash
73. What Selector is your Service using?
$ kubectl describe svc <svc_name> -o wide
Are any of the Pods ready?
$ kubectl get pods -l <selector_key>=<selector_value> --
show-labels
My Service Doesn’t Work
74. Check how many containers are there in a Pod:
$ kubectl get pods
Check the Containers section in the Pod description:
$ kubectl describe pod <pod_name>
Access logs of a specific Container:
$ kubectl logs <pod_name> -c <container_name>
Multiple Pods & Containers
76. Apply a badly written Deployment and Service to your cluster
$ kubectl apply -f manifests/bad-deployment.yaml
$ kubectl apply -f manifests/bad-service.yaml
Good luck!
Homework
79. Give us your Feedback
Your feedback is really important to us. We use it to continually improve
our training (we want it to kick-ass). We value your positive and
constructive comments.
Your feedback will be kept anonymous and used to improve our
workshops.
To help us, please spend 2 minutes completing the feedback card
provided by your trainer.
Do:
Explain goal of this program - “Why are we here?”
We will learn all the basic elements of Kubernetes, its architecture and experience hands-on. On day 2 you will learn how it is implemented in B.Platform.
Say:
Today you will learn about the architecture of Kubernetes and how to use it.
Do:
Tell participants what topics are going to be covered.
Say:
We have a separate module on Troubleshooting & debugging, but actually you will do this throughout these two days.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Do:
Introduce yourself.
Get to know your audience. Ask them to raise their hands if
DevOps/Engineer/?
Experience with Docker?
Made own Docker image?
Experience with Kubernetes?
Running Kubernetes in production?
Respond appropriately to the messages and make connections between participants.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Say:
Clusters have lot of machines, nodes. Master nodes and worker nodes, only the worker nodes are doing the work and Master nodes control the whole system. You will use your laptop and CLI tool to talk to the master.
Different components on the Master and Worker nodes, who are all connected.
WHAT SHOULD THE TRAINER SAY?
API Server
Main point of interaction with the cluster
Etcd
Distributed Key/Value store
Storage for state of cluster
Controller/Control Manager
Checks API server for events and reacts
Scheduler
Calculate and schedule pod
WHAT SHOULD THE TRAINER DO?
Use the image.
Do:
Use the image.
Say:
Here you need Docker, Kubernetes needs CRI.
Do:
Use the image.
Say:
In this one picture we have all the components we just discussed. Kubernetes has two types of nodes; Master or Worker and the smallest piece of software we can schedule is a pod.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Say:
Get and describe are the most used. Describe provides you variables output, it is a more human-readable way than get.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Do:
Use the image.
Say:
About the workload. Most of the time we will not create pods, but deployments. Deployments will not directly manage pods, but replicasets. This defined how much replicas (that is pods) you would like to have.
Do:
Use the image.
Say: One pods dies, and the replicaset will create and use the new one.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Say:
We need an mechanism to address pods.
You will have addressable names.
Do:
Use the image. Node 2 and Node 3 have ClusterIP’s, do not use the names because they can change when the pods are rescheduled. Therefore, use a ClusterIP, which is assigned to the service rather than the nodes. ClusterIP is an IP address, virtual, that belongs to the service name. Good for pod-to-pod communication.
Do:
Use the image for example.
Say:
Service is reachable from outside, use Service NodePort. Every load will reserve a port number, where the service will be available.
Port allocation on each node. For outside communication.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Say:
Different way of exposing.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Do:
Use the commands and show in terminal.
Do:
Use the commands and show in terminal.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Say:
Imperative: use commands e.g. run,
declarative: define desired state and Kubernetes does it for you.
Do:
Use the example.
Say:
v1 = stable.
Do:
Use the example.
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
WHAT SHOULD THE TRAINER SAY?
?
WHAT SHOULD THE TRAINER DO?
?
Do:
Use the example file.
Say:
New top-level property: data. Before we declared only spec and metadata. We have to keys (beast.color and beast.type) in the form of simple strings
Do:
Use the example file.
Say:
Volume belongs to pods, as containers do too. In the YAML file they are both at the same level.
This code tells us the the volume points to the the VolumeMap and the VolumeMap points to the volume.
Dot is not allowed in environmental variable names
Introduce the exercise and tell participant that they have 5 minutes to solve it.
Say:
Keep in mind spacing. YAML only likes spaces and no tabs.
Say:
Different way of exposing.
Use this. Be lazy. It gives you the list of available commands and completes names e.g. extensive names of your pods.
Minikube has an add-ons. Use “minikube addons list” to see which are enabled and disabled. Dashboard consumes lot of CPU.
It is very useful if you are working with Kubernetes that is far away. e.g from external laptop connecting to API Server, like ssh port forwarding
It is very useful if you are working with Kubernetes that is far away. e.g from external laptop connecting to API Server, like ssh port forwarding
It is very useful if you are working with Kubernetes that is far away. e.g from external laptop connecting to API Server, like ssh port forwarding
It is very useful if you are working with Kubernetes that is far away. e.g from external laptop connecting to API Server, like ssh port forwarding
Use logs. Difference between Docker logs and Kubectl logs. You have to specify the name of the container, or you get everything in the node.
Say:
The application is broken, look at the files and identify the problems. As motivation; if you are done, you can have lunch.