Kubernetes

• Kubernetes is a portable, extensible open-

source platform for managing
containerized workloads and services.

• Google open-sourced the Kubernetes

project in 2014.

• Kubernetes provides a container-centric

management environment.
 Kubernetes
• The name Kubernetes originates from
Greek, meaning helmsman or pilot.
• K8s is an abbreviation derived by
replacing the 8 letters “ubernete” with “8”.
• With modern web services, users expect
applications to be available 24/7, and
developers expect to deploy new versions
of those applications several times a day.
 Kubernetes
• Containerization helps package software
to serve these goals, enabling applications
to be released and updated in an easy and
fast way without downtime.

• Kubernetes helps you make sure those

containerized applications run where and
when you want, and helps them find the
resources and tools they need to work.
 Kubernetes Cluster

• A Kubernetes cluster is a collection of

hosts, storage and networking resources
that Kubernetes uses to run the various
workloads.
 Kubernetes Architecture
• Without Cloud Controller.
 Kubernetes Architecture
• With Cloud Controller..
 Kubernetes Architecture
• Master Components

• Master components provide the cluster’s

control plane.

• Master components make global decisions

about the cluster (for example,
scheduling), and they detect and respond
to cluster events .
 Kubernetes Architecture
• Master components can be run on any
machine in the cluster.

• However, for simplicity, set up scripts

typically start all master components on
the same machine, and do not run user
containers on this machine.
 Kubernetes Architecture
• kube-apiserver

• Component on the master that exposes

the Kubernetes API. It is the front-end for
the Kubernetes control plane.

• It is designed to scale horizontally – that

is, it scales by deploying more instances.
 Kubernetes Architecture
• etcd
• Consistent and highly-available key value store used
as Kubernetes’ backing store for all cluster data.

• Kubernetes uses etcd to store all its data – its

configuration data, its state, and its metadata.

• Kubernetes is a distributed system, so it needs a

distributed data store like etcd. etcd lets any of the
nodes in the Kubernetes cluster read and write data.
 Kubernetes Architecture
• kube-scheduler

• Component on the master that watches newly

created pods that have no node assigned, and
selects a node for them to run on.

• Factors taken into account for scheduling decisions

include individual and collective resource
requirements, hardware/software/policy constraints,
affinity and anti-affinity specifications, data locality,
inter-workload interference and deadlines.
 Kubernetes Architecture
• kube-controller-manager

• Component on the master that runs controllers

.

• Logically, each controller is a separate

process, but to reduce complexity, they are all
compiled into a single binary and run in a
single process.
 Kubernetes Architecture
• These controllers include:
• Node Controller: Responsible for noticing and
responding when nodes go down.
• Replication Controller: Responsible for maintaining
the correct number of pods for every replication
controller object in the system.
• Endpoints Controller: Populates the Endpoints
object (that is, joins Services & Pods).
• Service Account & Token Controllers: Create
default accounts and API access tokens for new
namespaces.
 Kubernetes Architecture
• cloud-controller-manager
• cloud-controller-manager runs controllers that
interact with the underlying cloud providers.

• cloud-controller-manager runs cloud-provider-

specific controller loops only.

• cloud-controller-manager allows the cloud

vendor’s code and the Kubernetes code to evolve
independently of each other.
 Kubernetes Architecture
• The following controllers have cloud provider
dependencies:
• Node Controller: For checking the cloud provider to
determine if a node has been deleted in the cloud
after it stops responding
• Route Controller: For setting up routes in the
underlying cloud infrastructure
• Service Controller: For creating, updating and
deleting cloud provider load balancers
• Volume Controller: For creating, attaching, and
mounting volumes, and interacting with the cloud
provider to orchestrate volumes.
 Kubernetes Architecture
• Node Components

• Node components run on every node,

maintaining running pods and providing the
Kubernetes runtime environment.

• A node is a worker machine in Kubernetes,

previously known as a minion.
 Kubernetes Architecture
• A node may be a VM or physical machine,
depending on the cluster.

• Each node contains the services necessary to

run pods and is managed by the master
components.

• The services on a node include the container

runtime, kubelet and kube-proxy.
 Kubernetes Architecture
• kubelet
• An agent that runs on each node in the cluster. It
makes sure that containers are running in a pod.

• The kubelet takes a set of PodSpecs that are

provided through various mechanisms and ensures
that the containers described in those PodSpecs are
running and healthy.

• The kubelet doesn’t manage containers which were

not created by Kubernetes.
 Kubernetes Architecture
• kube-proxy
• kube-proxy is a network proxy that runs on each
node in the cluster.
• It enables the Kubernetes service abstraction by
maintaining network rules on the host and performing
connection forwarding.
• kube-proxy is responsible for request forwarding.
• kube-proxy allows TCP and UDP stream forwarding
or round robin TCP and UDP forwarding across a set
of backend functions..
 Kubernetes Architecture
• Container Runtime

• The container runtime is the software that is

responsible for running containers.

• Kubernetes supports several container runtimes:

Docker, containerd, cri-o, rktlet and any
implementation of the Kubernetes CRI (Container
Runtime Interface).
 Kubernetes Architecture
• Addons
• Addons are pods and services that implement cluster
features.

• DNS

• While the other addons are not strictly required, all

Kubernetes clusters should have cluster DNS, as
many examples rely on it.
 Kubernetes Architecture
• Cluster DNS is a DNS server, in addition to the other
DNS server(s) in your environment, which serves
DNS records for Kubernetes services.
• Containers started by Kubernetes automatically
include this DNS server in their DNS searches.

• Web UI (Dashboard)
• Dashboard is a general purpose, web-based UI for
Kubernetes clusters. It allows users to manage and
troubleshoot applications running in the cluster, as
well as the cluster itself
 Kubernetes Architecture
• Container Resource Monitoring
• Container Resource Monitoring records generic time-
series metrics about containers in a central database,
and provides a UI for browsing that data.

• Cluster-level Logging
• A Cluster-level logging mechanism is responsible for
saving container logs to a central log store with
search/browsing interface.
 Kubernetes Components
• Pod

• Pods are important feature of Kubernetes.

• A pod is the unit of work in Kubernetes.

• Each pod contains one or more containers.

• Pods are always scheduled together (always run on

the same machine).
 Kubernetes Components
• Pod
• All the containers in a pod have the same IP address
and port space; they can communicate using
localhost or standard inter-process communication.

• In addition, all the containers in a pod can have

access to shared local storage on the node hosting
the pod.

• The shared storage will be mounted on each

container. .
 Kubernetes Components
• Label

• Labels are key-value pairs that are used to

group together sets of objects, very often
pods.

• This is important for several other concepts,

such as replication controller, replica sets, and
services that operate on dynamic groups of
objects and need to identify the members of
the group.
 Kubernetes Components
• There are certain restrictions by design on labels.

• Each label on an object must have a unique key.

• The label key must adhere to a strict syntax.

• It has two parts: prefix and name.

• The prefix is optional.

 Kubernetes Components

• If it exists then it is separated from the name by a

forward slash (/) and it must be a valid DNS sub-
domain.

• The prefix must be 253 characters long at most.

• The name is mandatory and must be 63

characters long at most.
 Kubernetes Components

• Names must start and end with an

alphanumeric character (a-z, A-Z, 0-9) and
contain only alphanumeric characters, dots,
dashes, and underscores.

• Values follow the same restrictions as names.

 Kubernetes Components
• Annotation

• Annotations let you associate arbitrary metadata with

Kubernetes objects.

• Kubernetes just stores the annotations and makes

their metadata available.

• Unlike labels, they don't have strict restrictions about

allowed characters and size limits.
 Kubernetes Components
• Label selector
• Label selectors are used to select objects based on
their labels.
• Equality-based selectors specify a key name and a
value.
• There are two operators, = (or ==) and !=, for equality
or inequality based on the value.
• For example:
• role = webserver
• This will select all objects that have that label key and
value.
 Kubernetes Components
• Replication controller and replica set
• Replication controllers and replica sets both
manage a group of pods identified by a label
selector and ensure that a certain number is
always up and running.

• The main difference between them is that

replication controllers test for membership by
name equality and replica sets can use set-based
selection.
 Kubernetes Components
• Kubernetes guarantees that you will always have
the same number of pods running as you
specified in a replication controller or a replica
set.
•
• Whenever the number drops due to a problem
with the hosting node or the pod itself,
Kubernetes will fire up new instances.

• Note that, if you manually start pods and exceed

the specified number, the replication controller
will kill some extra pods.
 Kubernetes Components
• Service
• Services are used to expose some functionality to
users or other services.
• They usually encompass a group of pods, usually
identified by a label.
• You can have services that provide access to
external resources, or to pods you control directly at
the virtual IP level.
• Native Kubernetes services are exposed through
convenient endpoints.
 Kubernetes Components
• Volume
• Local storage on the pod is ephemeral and goes
away with the pod.

• Sometimes that's all you need, if the goal is just

to exchange data between containers of the
node, but sometimes it's important for the data
to outlive the pod, or it's necessary to share data
between pods.

• The volume concept supports that need.

 Kubernetes Components
• There are many volume types.
• Kubernetes currently directly supports
following volume type.
• awsElasticBlockStore
• azureDisk
• azureFile
• cephfs
• cinder
• configMap
• csi
 Kubernetes Components
• downwardAPI • nfs
• emptyDir • persistentVolumeClaim
• fc (fibre channel) • projected
• flexVolume • portworxVolume
• flocker • quobyte
• gcePersistentDisk • rbd
• gitRepo (deprecated) • scaleIO
• glusterfs • secret
• hostPath • storageos
• iscsi • vsphereVolume
• local
 Kubernetes Components
• Secret
• Secrets are small objects that contain
sensitive info such as credentials and tokens.
• They are stored as plaintext in etcd,
accessible by the Kubernetes API server, and
can be mounted as files into pods that need
access to them.
• The same secret can be mounted into
multiple pods.
 Kubernetes Components
• Kubernetes itself creates secrets for its
components, and you can create your own
secrets.

• Another approach is to use secrets as

environment variables.

• Note that secrets in a pod are always stored

in memory (tmpfs in the case of mounted
secrets) for better security.
 Kubernetes Components
• Name
• Each object in Kubernetes is identified by a UID
and a name.

• The name is used to refer to the object in API

calls.

• Names should be up to 253 characters long and

use lowercase alphanumeric characters, dash (-)
and dot (.).
 Kubernetes Components
• Name

• If you delete an object, you can create

another object with the same name as the
deleted object, but the UIDs must be
unique across the lifetime of the cluster.

• The UIDs are generated by Kubernetes.

 Kubernetes Components
• Namespace
• A namespace is a virtual cluster.

• You can have a single physical cluster that

contains multiple virtual clusters segregated by
namespaces.

• Each virtual cluster is totally isolated from other

virtual clusters, and they can only communicate
through public interfaces.
 Kubernetes Components
• Namespace
• Note that Node objects and persistent
volumes don't live in a namespace.

• Kubernetes may schedule pods from different

namespaces to run on the same node.

• Likewise, pods from different namespaces

can use the same persistent storage.
Minikube Installation
 Minikube
• Minikube is a tool that makes it easy to run
Kubernetes locally.

• Minikube runs a single-node Kubernetes

cluster inside a Virtual Machine (VM) on
your laptop for users looking to try out
Kubernetes or develop with it day-to-day.
 Minikube
• Minikube Installation
• Minikube installation on Centos 7

• Disable SELINUX
vi /etc/selinux/config and change
SELINUX=enforcing to SELINUX=disabled and save
the file.

• Disable firewalld.
systemctl disable firewalld
 Minikube
• Restart the system once.
• init 6 or restart

• After restart Install Oracle VirtualBox

1. yum update -y
2. yum install kernel-devel kernel-headers gcc make
perl -y
3. wget
https://www.virtualbox.org/download/oracle_vbox.asc
4. rpm --import oracle_vbox.asc
 Minikube
5. wget
http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.
repo -O /etc/yum.repos.d/virtualbox.repo
6. yum install VirtualBox-6.0
7. /usr/lib/virtualbox/vboxdrv.sh setup
8. usermod -aG vboxusers root
• Install Kubectl
1. curl -LO https://storage.googleapis.com/kubernetes-
release/release/$(curl -s
https://storage.googleapis.com/kubernetes-release/releas
e/stable.txt)/bin/linux/amd64/kubectl
 Minikube
2. mv kubectl /usr/local/bin
3. chmod +x /usr/local/bin/kubectl

• Install minikube
1. wget
https://storage.googleapis.com/minikube/releases/late
st/minikube-linux-amd64
2. mv minikube-linux-amd64
/usr/local/bin/minikube
3. chmod +x /usr/local/bin/minikube
 Minikube
• Start minikube cluster
1. minikube start
This command creates and configures a Virtual
Machine that runs a single-node Kubernetes cluster.
This command also configures your kubectl installation
to communicate with this cluster.
 Minikube
• Check Minikube
use command minikube status
 Minikube
• Get list of minikube services
• minikube service list
 Minikube
• Minikube cluster info
kubectl cluster-info
 Minikube
• Deploy nginx application on minikube
• Create a pod for the application
kubectl run firstapp1 --image=nginx --
port=80
 Minikube
• Create a service for the pod
kubectl expose deployment firstapp --type=NodePort

check with kubectl get pods

 Kubernetes - Services
• Although each Pod has a unique IP
address, those IPs are not exposed
outside the cluster without a Service.

• Services allow your applications to receive

traffic. Services can be exposed in
different ways by specifying a type in the
ServiceSpec.
 Kubernetes - Services
• ClusterIP (default) - Exposes the Service
on an internal IP in the cluster. This type
makes the Service only reachable from
within the cluster.
• NodePort - Exposes the Service on the
same port of each selected Node in the
cluster using NAT. Makes a Service
accessible from outside the cluster using
<NodeIP>:<NodePort>. Superset of
ClusterIP.
 Kubernetes - Services
• LoadBalancer - Creates an external load
balancer in the current cloud (if supported)
and assigns a fixed, external IP to the
Service. Superset of NodePort.
• ExternalName - Exposes the Service using
an arbitrary name (specified by
externalName in the spec) by returning a
CNAME record with the name. No proxy is
used. This type requires v1.7 or higher of
kube-dns.
 Minikube
• Get info about the services
kubectl get services

Find node ip with minikube ip

 Minikube
• Access the service
 Minikube
• Dashboard
• To access the Kubernetes Dashboard, run this
command in a shell after starting Minikube to get the
address:
1. minikube dashboard
 Minikube
• Dashboard
 Minikube
• Delete service and deployment
 Minikube
• Stop minikube cluster

• Delete minikube cluster

Deploy Kubernetes
Cluster - Centos 7
 Deploy Kubernetes Cluster
• The following steps will configure a 3 node Kubernetes
cluster.

• One node will be the master and other 2 nodes will be

the worke nodes (minions).

• You can use physical servers or virtual servers to

perform this practical.

• For all nodes minimum 2 processors are recommended

 Deploy Kubernetes Cluster
• Allocate 2 to 4 GB RAM based on the configuration.

• Perform the following tasks on all the nodes which will

be part of the kubernetes cluster.

• Install Centos on all the nodes and update the OS.

• Configure IP address and hostname. (If you are using

virtual machines then configure network adapter for
bridged mode.)
 Deploy Kubernetes
Cluster
• Update the hosts file with IP address and hostname
for each node.

• Similarly disable SELINUX. Edit the

/etc/selinux/config file and change
SELINUX=Enforcing to SELINUX=disabled and
save the file
• Give setenforce 0 command. (Its zero and not O)
 Deploy Kubernetes Cluster
• Enable br_netfilter kernel module
Give the following commands
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-
ip6tables
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
• To make these settings permanent, create following file
and add following parameters.
vi /etc/sysctl.d/k8s.conf and add
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
 Deploy Kubernetes
Cluster
• Disable Swap
Give command swapoff -a to disable swap
immediately.

• To permanently disable swap edit /etc/fstab file and

put a # infront of the line that mounts swap partition.
 Deploy Kubernetes Cluster
• Install Docker
• Install following packages first. The packages may be
already installed based on installation type selected.
yum install -y yum-utils device-mapper-
persistent-data lvm2

• Then install docker.

yum install docker -y
 Deploy Kubernetes
Cluster
• Check Docker version installed.

• The docker version installed should be minimum

1.13.0.
 Deploy Kubernetes
Cluster
• Check the cgroup driver used by the docker.

• Make sure the Cgroup driver is systemd.

• Now you are ready to install kubernetes packages.

• Configure the kubernetes repository first.
 Deploy Kubernetes Cluster
• Go to the yum.repos.d directory cd /etc/yum.repos.d
• create a file vi kubernetes.repo and add following lines
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/
kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-
key.gpg https://packages.cloud.google.com/yum/doc/rpm-
package-key.gpg
 Deploy Kubernetes Cluster
• Now install the kubernetes packages
yum install -y kubelet kubeadm kubectl

• Start and enable docker service

systemctl start docker
systemctl enable docker
• Start and enable kubelet service
systemctl start kubelet
systemctl enable kubelet
 Deploy Kubernetes Cluster

• You have to perform all these earlier steps on all

the nodes which will participate in the kubernetes
cluster.
 Deploy Kubernetes Cluster
• Initialize the Kubernetes Cluster
• Perform the following steps only on the node which
will perform as a master node in the cluster.
• Configure following firewall rules
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd --reload
 Deploy Kubernetes Cluster
• Now start cluster initialization using followng command.
kubeadm init

• Once the command completes successfuly, it will

display a join token that you need to execute on the
worker nodes to join them as nodes in the cluster,

• Copy this join token in a file and save it for later use on
the nodes.
 Deploy Kubernetes Cluster
• Copy and configure the admin token to root user home
directory so as to manage the kubernetes cluster.

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf
$HOME/.kube/config

sudo chown $(id -u):$(id -g)

$HOME/.kube/config
 Deploy Kubernetes Cluster
• Add te network plugin for kubernetes.

• There are several network pluggins are available, but

here we use weave network plugin.

export kubever=$(kubectl version | base64 | tr -d '\n')

kubectl apply -f "https://cloud.weave.works/k8s/net?

k8s-version = $kubever"
 Deploy Kubernetes
Cluster
• Now the master node is ready.
• To make sure master is working correctly use
following commands.

• The status of all the services should be running.

 Deploy Kubernetes
Cluster
• The following command will display only the master
node entry.

• Also check with following command.

 Deploy Kubernetes Cluster
• Add nodes to the cluster
• Perform following steps on the nodes which will join the
cluster as a worker node.

• copy the join token stored in a file on the master node

to the worker node.

• You can use scp command to copy file to all the worker
nodes.
 Deploy Kubernetes
Cluster
• Once the file is copied execute the join command.

• Execute the command on all the worker nodes.

• Now check on master node whether the worker
nodes are successfully added.
 Deploy Kubernetes
Dashboard
• The kubernetes cluster is ready now.

• To install web UI for kubernetes cluster (dashboard) use

following command

• kubectl apply -f
https://raw.githubusercontent.com/kubernetes/dash
board/master/aio/deploy/recommended/kubernetes-
dashboard.yaml
 Deploy Kubernetes
Dashboard
• Create a dashboard-admin.yaml file.
• Add following to the file.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
 Deploy Kubernetes
Dashboard
• Assign full admin privileges to the service account for
dashboard
kubectl create -f dashboard-admin.yaml
To access dashboard only on the master node you can
give the command kubectl proxy.
• To access dashboard from anywhere give
• nohup kubectl proxy --address="Master-node-ip" -p 443 --
accept-hosts='^*$' &
• Access dashboard using following URL
• http://Master-node-ip:443/api/v1/namespaces/kube-system/
services/https:kubernetes-dashboard:/proxy/
Thanks!