Kubenetes Zone "Hands-On Intro to Kubernetes" Workshop, TX
<h1>Intro to Kubernetes</h1>
<p>TECH(K)NOW DAY - London, UK - Tue 9 Oct 2018</p>
<a href=""></a>
<p>Hi! I'm Erica von Buelow.</p>
<img alt="EvB" src="" style="width:300px" />
<p><a href="">@evonbuelow</a></p>
<p>Software Engineer, Red Hat</p>
<p>OpenShift, Auth N/Z</p>
<img alt="go-gopher-nyc" src="" style="width:300px" />
Thank you to TECH(K)NOW DAYs, the CNCF, and Red Hat for sponsoring.
<h2>Workshop Overview</h2>
<li class='fragment'><a href="#/introduction">Introduction</a>
<li><a href="#/workshop-setup">Workshop Setup</a></li>
<li class='fragment'><a href="#/kubernetes-basics">Kubernetes Basics</a>
<li><a href="#/containers-overview">Overview of containers</a></li>
<li><a href="#/why-k8s">Why Kubernetes?</a></li>
<li><a href="#/terminology">Learn five K8s Primitives</a></li>
<li class='fragment'><a href="#/kubernetes-arch">Kubernetes Architecture</a>
<li><a href="#/firedrills">Architecture Experiments</a></li>
<li class='fragment'><a href="#/wrap-up">Wrap-up</a></li>
<h3>Intro Survey / Who are you?</h3>
<li class='fragment'>Doing anything with containers today?</li>
<li class='fragment'>Do you have any experience using Kubernetes?</li>
<li class='fragment'>Do you consider yourself to be proficient with the <code>kubectl</code> cli tool?</li>
<li class='fragment'>Can you name five basic primitives or resource types?</li>
<li class='fragment'>Can you name five pieces of k8s architecture?</li>

## Workshop Setup
Bring a laptop with the following:
1. [kubectl](#/kubectl)
2. [minikube](#/minikube)
3. [docker](#/docker)
4. [Optional tooling for advanced users](#/go)
Or, [use GKE for a managed Kuberentes environment](
<h3>install kubectl</h3>
<p>linux amd64:</p>
<pre><code contenteditable>curl -LO\
$(curl -s \
&& chmod +x kubectl \
&& sudo mv kubectl /usr/local/bin/
<p>osx amd64:</p>
<pre><code contenteditable>curl -LO\
$(curl -s \
&& chmod +x kubectl \
&& sudo mv kubectl /usr/local/bin/
<p>To verify <code>kubectl</code> availability:</p>
<pre><code contenteditable>kubectl version</code></pre>
<p><a href="">official <code>kubectl</code> setup notes</a></p>
<h3>install minikube</h3>
<pre><code contenteditable>curl -Lo minikube \ \
&& chmod +x minikube \
&& sudo mv minikube /usr/local/bin/</code></pre>
<pre><code contenteditable>curl -Lo minikube \ \
&& chmod +x minikube \
&& sudo mv minikube /usr/local/bin/</code></pre>
<p>to verify <code>minikube</code> availability:</p>
<pre><code contenteditable>minikube start</code></pre>
<p><a href="">official <code>minikube</code> setup notes</a></p>
<h4>minikube troubleshooting</h4>
<p>If your minikube environment does not boot correctly:</p>
<li>Minikube requires an OS virtualization back-end</li>
<li>Most OSes include some support for virtualization</li>
<li>You can use the <a href=""><code>--vm-driver</code></a> flag to select a specific virt provider</li>
<pre><code contenteditable>minikube start --vm-driver=virtualbox</code></pre>
<p>Check the project <a href=""><code>README</code></a> for more information about <a href="">supported virtualization options</a></p>
<h3>cri-o powered minikube (optional)</h3>
<p>To start <code>minikube</code> with <code>cri-o</code> enabled, try:</p>
<pre><code contenteditable>$ minikube start \
--network-plugin=cni \
--container-runtime=cri-o \
<p>to verify:</p>
<pre><code contenteditable>minikube ssh
$ docker ps # expect no containers here
$ podman ps # lists running containers</code></pre>
<h3>install the docker cli</h3>
<p>Download and install binary from <a href="">"the docker store"</a></p>
<p>Or, use a package manager to install:</p>
<pre><code contenteditable>brew install docker</code></pre>
<p>To verify <code>docker</code> availability:</p>
<pre><code contenteditable>docker version</code></pre>
<p>To <a href="">reference minikube's docker daemon from your host</a>, run:</p>
<pre><code contenteditable>eval $(minikube docker-env)</code></pre>
# *Ready?*
# Kubernetes Basics
<h3> Overview of Containers </h3>
<img alt="BOXPARK Shoreditch" src="" style="width:500px" />
A container provides the ability to run an isolated process that has its own resources in a shared environment.
<h3>Why Kubernetes?</h3>
Why Kubernetes?
<h3>Kubernetes is...</h3>
<li class='fragment'>The best way to manage distributed solutions at scale, based on years of industry expertise (Google-scale experience)</li>
<li class='fragment'>Agreement on a basis for open source container-driven distributed solution delivery, featuring a modular, HA architecture, and an extensible distributed solutions modeling language</li>
<li class='fragment'>An extensible modeling language with a huge community following</li>
## An API
API object primitives include the following attributes:
1. kind
2. apiVersion
3. metadata
4. spec
5. status
*mostly true
### Basic K8s Terminology
1. [node](#/node)
2. [pod](#/po)
3. [service](#/svc)
4. [deployment](#/deploy)
5. [replicaSet](#/rs)
### Node
A node is a host machine (physical or virtual) where containerized processes run.
Node activity is managed via one or more Master instances.
<p>Try using <code>kubectl</code> to list resources by type:</p>
<pre><code contenteditable>kubectl get nodes</code></pre>
<p>Request the same info, but output the results as structured yaml:</p>
<pre><code contenteditable>kubectl get nodes -o yaml</code></pre>
<p>Fetch an individual resource by <code>type/id</code>, output as <code>json</code>:</p>
<pre><code contenteditable>kubectl get node/minikube -o json</code></pre>
<p>View human-readable API output:</p>
<pre><code contenteditable>kubectl describe node/minikube</code></pre>
### Observations:
* Designed to exist on multiple machines (distributed system)
* high availability of nodes
* platform scale out
* The API ambidextriously supports both json and yaml
### Pod
A group of one or more co-located containers. Pods represent your minimum increment of scale.
> "Pods Scale together, and they Fail together" @theSteve0
<p>List resources by type:</p>
<pre><code contenteditable>kubectl get pods</code></pre>
<p>Create a new resource based on a json object specification:</p>
<pre><code contenteditable>curl</code></pre>
<pre><code contenteditable>kubectl create -f</code></pre>
<p>List resources by type:</p>
<pre><code contenteditable>kubectl get pods</code></pre>
<p>Fetch a resource by type and id, output the results as <code>yaml</code>:</p>
<pre><code contenteditable>kubectl get pod metrics-k8s -o yaml</code></pre>
<p>Notice any changes?</p>
### Observations:
* pods are scheduled to be run on nodes
* asyncronous fulfilment of requests
* declarative specifications
* automatic health checks, lifecycle management for containers (processes)
## Service (svc)
Establishes a single endpoint for a collection of replicated pods, distributing inbound traffic based on label selectors.
* Think about Services as a set of pods reachable from a common endpoint.
* It's up to the controller to make that happen.
* How it does that depends on the platform and can vary per cloud provider.
<h3>Contacting your App</h3>
<p>Expose the pod by creating a new <code>service</code> (or "loadbalancer"):</p>
<pre><code contenteditable>kubectl expose pod/metrics-k8s --port 2015 --type=NodePort</code></pre>
<p>Contact your newly-exposed pod using the associated service id:</p>
<pre><code contenteditable>minikube service metrics-k8s</code></pre>
<p>Schedule a pod to be deleted:</p>
<pre><code contenteditable>kubectl delete pod metrics-k8s</code></pre>
<p>Contact the related service. What happens?:</p>
<pre><code contenteditable>minikube service metrics-k8s</code></pre>
<p>Delete the service:</p>
<pre><code contenteditable>kubectl delete service metrics-k8s</code></pre>
### Observations:
* *"service"* gives you something like a *"loadbalancer"* in front of your containers
* Pods and Services exist independently, have disjoint lifecycles
### Deployment
A `deployment` helps you specify container runtime requirements (in terms of pods)
<p>Create a specification for your <code>deployment</code>:</p>
<pre><code contenteditable>kubectl run metrics-k8s \
--expose --port=2015 --service-overrides='{ "spec": { "type": "NodePort" } }' \
--dry-run -o yaml > deployment.yaml</code></pre>
<p>View the generated deployment spec file:</p>
<pre><code contenteditable>cat deployment.yaml</code></pre>
<p><i><b>Bug!:</b></i> Edit the file, adding "<code>---</code>" (on it's own line) between resource 1 and resource 2 for a workaround.</p>
<p>Can you think of another way to fix this issue? json compatible?</p>
<p>Create a new resource based on your yaml specification:</p>
<pre><code contenteditable>kubectl create -f deployment.yaml</code></pre>
<p>List resources by type:</p>
<pre><code contenteditable>kubectl get po,svc</code></pre>
<p>Connect to your new deployment via the associated service id:</p>
<pre><code contenteditable>minikube service metrics-k8s</code></pre>
<section id='replication'>
<p>Scale up the <code>metrics-k8s</code> deployment to 3 replicas:</p>
<pre><code contenteditable>kubectl scale deploy/metrics-k8s --replicas=3</code></pre>
<p>List pods:</p>
<pre><code contenteditable>kubectl get po</code></pre>
<p>Edit <code>deploy/metrics-k8s</code>, setting <code>spec.replicas</code> to <code>5</code>:</p>
<pre><code contenteditable>kubectl edit deploy/metrics-k8s -o json</code></pre>
<p>Save and quit. What happens?</p>
<pre><code contenteditable>kubectl get pods</code></pre>
<section id='autorecovery'>
<p>Watch for changes to <code>pod</code> resources:</p>
<pre><code contenteditable>kubectl get pods --watch</code></pre>
<p>In another terminal, delete several pods by id:</p>
<pre><code contenteditable>kubectl delete pod \
$(kubectl get pods | grep ^metrics-k8s | cut -f1 -s -d' ' | head -n 3 | tr '\n' ' ')</code></pre>
<p>What happend? How many pods remain?</p>
<pre><code contenteditable>kubectl get pods</code></pre>
### Observations:
* Use the `--dry-run` flag to generate new resource specifications
* A deployment spec contains a pod spec
### ReplicaSet
A `replicaset` provides replication and lifecycle management for a specific image release
<p>Watch deployments (leave this running until the 'cleanup' section):</p>
<pre><code contenteditable>kubectl get deploy --watch</code></pre>
<p>View the current state of your deployment:</p>
<pre><code contenteditable>minikube service metrics-k8s</code></pre>
<p>Update your deployment's image spec to rollout a new release:</p>
<pre><code contenteditable>kubectl set image deploy/metrics-k8s</code></pre>
<p>Reload your browser to view the state of your deployment</p>
<pre><code contenteditable>kubectl get rs,deploy</code></pre>
<p>View the list of previous rollouts:</p>
<pre><code contenteditable>kubectl rollout history deploy/metrics-k8s</code></pre>
<p>Rollback to the previous state:</p>
<pre><code contenteditable>kubectl rollout undo deployment metrics-k8s</code></pre>
<p>Reload your browser to view the state of your deployment</p>
<p>Cleanup old resources if you don't plan to use them:</p>
<pre><code contenteditable>kubectl delete service,deployment metrics-k8s</code></pre>
<p>Close any remaining <code>--watch</code> listeners</p>
### Observations:
* The API allows for watch operations (in addition to get, set, list)
* ReplicaSets provide lifecycle management for pod resources
* Deployments create ReplicaSets to manage pod replication per rollout (per change in podspec: image:tag, environment vars)
# Kubernetes Architecture
## etcd
![etcd logo](
* distributed key-value store
* implements the RAFT consensus protocol
### CAP theorem
1. Consistency
2. Availability
3. Partition tolerance
[etcd is "CA"](
## Degraded Performance
Fault tolerance sizing chart:
Fault tolerance sizing chart:
## Kubernetes API
* gatekeeper for etcd (the only way to access the db)
* not required for pod uptime
### API outage simulation
Example borrowed from [Brandon Philips' "Fire Drills" from OSCON 2016](
Create a pod and a service (repeat our deployment drill). Verify that the service is responding.
ssh into minikube, kill the control plane:
minikube ssh
ps aux | grep "localkube"
sudo killall localkube
Use kubectl to list pods:
kubectl get pods
The connection to the server was refused - did you specify the right host or port?
The API server is down!
Reload your service. Are your pods still available?
## Kubelet
Runs on each node, listens to the API for new items with a matching `NodeName`
## Kubernetes Scheduler
Assigns workloads to Node machines
## Replace the Scheduler
Create two pods:
kubectl create -f \
kubectl create -f \
View events:
kubectl get events
Did both pods get scheduled? run?
<section data-markdown>
<section data-markdown>
## CNI
* flannel
* canal
## CRI
* containerd
* cri-o
* rkt
* oci
### K8s Controllers
Controllers work to regulate the declarative nature of the platform state, reconciling imbalances via a basic control loop
Kubernetes allows you to introduce your own custom controllers!
### Architecture Diagram
Architecture Diagram
### Interaction Diagram
Interaction Diagram
[(copied from](
# Kubernetes Extensibility
<h3>What is an SRE?</h3>
What is an SRE?
"how Google runs production systems"
<p><i>"how Google runs production systems"</i></p>
<li><a href="">Google's SRE book - free to read online</a></li>
<li><a href="">SRE blog post series on Medium</a></li>
<h3>What are Operators?</h3>
<p class='fragment'>Kube Operators establish a pattern for introducing higher-order interfaces that represent the logical domain expertise (and perhaps the ideal product output) of a Kubernetes SRE</p>
<p class='fragment'><a href="">blog post: "Introducing Operators"</a></p>
### Custom Resource Definitions (CRDs)
CRDs allow you to establish new k8s primitives, extending the capabilities of the platform by allowing you to add your own terminology to the modeling language
### Writing Operators
Get started with the [operator-sdk]( </section>
## Operator Examples
### Etcd
blog post:
demo video:
### Prometheus
blog post:
demo video:
### And so many more!
Learn more about operators and the Operator Framework: [](
## Wrap Up
<h3>Exit Interview</h3>
<li class='fragment'>Can you name five Kubernetes primitives?</li>
<li class='fragment'>Do you consider yourself to be proficient with kubernetes and the kubectl cli tool?</li>
<li class='fragment'>Did this workshop provide enough hands-on experience with Kubernetes?</li>
<li class='fragment'>Can you name five architectural components?</li>
### Red Hat is hiring!
<h1>Thank You!</h1>
<p>for joining us for this</p>
<h1>Intro to Kubernetes Workshop</h1>
<a href=""><h5 class='fragment grow'></h5></a>
