IBM开源技术微讲堂  容器技术与微服务系列  

 第五讲

Kubernetes  简介  

1  

h,p://ibm.biz/opentech-­‐ma  

“容器技术和微服务”系列公开课

• 每周四晚8点档  •  Docker——⼀一种全新的⼯工作⽅方式  • 容器编排⼯工具Docker  Swarm  • 数据中⼼心操作系统的内核——Apache  Mesos  • ⼤大数据、Web服务、CI/CD：⼀一个都不能少——深⼊入理解Mesos的资源调度及使⽤用案例  

•  Kubernetes简介  • 各取所⻓长——Kubernetes  on  Mesos  • 微服务平台端到端业务解决⽅方案  • 事件驱动⽆无服务器平台OpenWhisk  

2  

讲师介绍  

• 程启健  •  IBM中国开发中⼼心电⼦子商务开发部⻔门架构师  •  2015年⾄至今负责电⼦子商务系统的微服务化和容器化⼯工作  

3  

•  IntroducJon  to  Kubernetes  • Build  your  Microservice  applicaJon  with  Kubernetes    

4  

议程  

•  Kubernetes  is  an  open-­‐source  plaOorm  for  automaJng  deployment,  scaling,  and  operaJons  of  applicaJon  containers  across  clusters  of  hosts,  providing  container-­‐centric  infrastructure.    

•  With  Kubernetes,  you  are  able  to  quickly  and  efficiently  respond  to  customer  demand:    •  Deploy  your  applicaJons  quickly  and  predictably.    •  Scale  your  applicaJons  on  the  fly.  •  Seamlessly  roll  out  new  features.  •  OpJmize  use  of  your  hardware  by  using  only  the  resources  you  need    

•  Kubernetes  is:    •  portable:  public,  private,  hybrid,  mulJ-­‐cloud    •  extensible:  modular,  pluggable,  hookable,  composable    •  self-­‐healing:  auto-­‐placement,  auto-­‐restart,  auto-­‐  replicaJon,  auto-­‐scaling    

5  

What  is  Kubernetes?    

6  

Kubernetes  Architecture  

7  

Make  it  simple

master

worker nodes worker nodes

Kubectl

User

•  kubelet  •  The  kubelet  manages  pods  and  their  containers,  their  images,  their  volumes,  etc.    

•  kube-­‐proxy  •  Each  node  also  runs  a  simple  network  proxy  and  load  balancer.  This  reflects  services  as  defined  in  the  Kubernetes  API  (apiserver)  on  each  node  and  can  do  simple  TCP  and  UDP  stream  forwarding  (round  robin)  across  a  set  of  backends.    

8  

K8s  Node  –  Worker/Minion

•  API  Server  •  Serves  up  the  Kubernetes  API  •  Processes  REST  operaJons,  validates  them,  and  updates  the  corresponding  objects  in  etcd.  

•  Controller  Manager  Server  •  All  other  cluster-­‐level  funcJons  are  currently  performed  by  the  Controller  Manager    

•  Scheduler  Server  •  The  scheduler  binds  unscheduled  pods  to  nodes  via  the  /binding  API.    

•  Etcd  

9  

K8s  Node  – Master

Kubernetes  Master

API  Server Scheduler Controller  Manager

•  Namespace  •  Containers  •  Pod  •  ReplicaJon  Controller/ReplicaJon  Set  •  Service  •  Persistent  Volume  •  Persistent  Volume  Claim  

10  

Components  in  K8s

•  A  pod  is  a  co-­‐located  group  of  containers  

•  Shares  •  Volume  •  Network  

11  

Pods

Node  1

Pod1 Pod2 Container

Container Container

Container Container

Container

•  A  replicaJon  controller  ensures  that  a  specified  number  of  pod  replicas  are  running  at  any  Jme.    

•  Scaling  up/down  •  Handle  re-­‐creaJon  of  a  pod  

12  

Replica>on  Controller

Master

ReplicaJon  controller

Node  1

Pod1

Pod2

Node  2

Pod1

Pod2

•  A  service  defines  how  to  access  a  set  of  pods    

•  And  more…  •  Service  Discovery  •  Load  balancer  

•  Expose  your  applicaJon  to  external  world  •  Node  Port  •  Load  Balancer  

13  

Service

Worker Node

Service IP Kubernetes proxy

Kubernetes API Server

Endpoint pod1

10.0.66.67:80

Endpoint pod2

10.0.66.68:80

Endpoint pod3

10.0.66.69:80

•  Manage  the  storage  of  the  container  •  PV:Resources  in  the  cluster.    •  PVC:  Requests  for  those  resources  

•  Persistent  Volume  Types:  •  GCEPersistentDisk    •  AWSElasJcBlockStore  •  NFS  •  CephFS  •  Cinder  •  ……  

14  

Persistent  Volume

Node  1

Pod1 Pod2 Container

Container Container

Container Container

Container

•  Labels  are  key/value  pairs  that  are  a,ached  to  objects,  such  as  pods.  

•  Define  Label  Selectors  to  idenJfy  a  set  of  objects  

15  

Labels

• MulJ-­‐Level  Resource  Limits

16  

Feature  –  Resource  management

Resource  Quota Resource  request  &  limits

17  

Feature  –  Rolling  update •  Avoid  service  interrupJon  •  Update  Pod  one  by  one,  and  update  service

Service

Node Cluster

Env=Prod, App=Portal

容器

Env=Prod

App=Portal

Release=1.0

容器

Env=Prod

Container

Env=Prod

App=Portal

Release=1.0

Container

Env=Prod

App=Portal

Release=1.0

Container

Env=Prod

App=Portal

Release=1.0

容器

Env=Canary

容器

Env=Pre

容器

Env=Pre

Env=Pre, App=Portal

App=Portal

Release=1.0

Container

Env=Pre

App=Portal

Release=1.1

Container

Env=Pre

App=Portal

Release=1.1

App=Portal

Release=1.1

App=Portal

Release=1.1

App=Portal

Release=1.1

18  

Microservice

Images  from:  h,ps://www.nginx.com/blog/introducJon-­‐to-­‐microservices/

•  Requirement:  •  Dynamically  assigned  network  locaJon  

•  Kubernetes  prefer  pa,ern  •  Server-­‐side  discovery  

•  K8s  feature:  •  Service  –  Load  balancer  and  Service  Registry  •  DNS  •  ReplicaJon  controller  •  Health  checker  

19  

Service  Registra>on  and  Service  Discovery

•  SoluJon:  •  Spring  Cloud  Config  •  Consul  &  Consul-­‐Template  •  Etcd/ZK  &  Confd,  Disconf  •  NeOlix  Archaius  

•  ConfiguraJon  Store  in  Kubernetes  •  Config  Map

20  

Centralize  configura>on

ConfiguraJon

App  1 App  2 App  1 App  2

21  

Monitor  Kubernetes

Kube-­‐apiserver

Node kubelet

cadvisor

Node

kubelet

cadvisor

Heapster Other  opJons:  •  Prometheus

22  

Logging  in  Kubernetes

Node  1

Pod1 Daemon  Set Container

Container Container

Fluentd

Fluentd  +  ElasJc  Search  +  Kibana

Logging  Folder Log  File Log  File Log  File

ElasJc  Search

• Base  on  Namespaces  • Resource  isolaJon  in  

•  Container  •  Network  •  Service  •  Config  map  •  ….  

23  

Mul>-­‐tenant  Support

IBM开源技术微讲堂  容器技术与微服务系列  

 第五讲完

24  

h,p://ibm.biz/opentech-­‐ma