Shulou(Shulou.com)05/31 Report--

This article introduces to you what are the 12 key features, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Introduction:

Kubernetes is now all the rage, and all major cloud service providers use it as a solution for deploying cloud native applications. What are the significant features and tool advantages of Kubernetes that make enterprises begin to accept it? In this paper, the author gives a systematic comb.

"Action without orchestration is burn out; orchestration WUnip o action is management."

Action without choreography is finished, choreography without action is management, and action plus choreography is leadership.

-Orrin Woodward "

Kubernetes is an abstract concept that optimizes resource utilization, allowing applications to be distributed efficiently across node clusters.

Kubernetes, helmsman!

Kubernetes is a Greek word meaning "helmsman".

It is an open source project started by Google, derived from Borg, used within Google for several years, and is now used in container management. It is currently hosted by CNCF.

Kubernetes (K8S for short) is an abstraction that optimizes the utilization of resources such as CPU and memory through containers so that applications can be distributed efficiently across multiple nodes. K8S can run anywhere in bare metal or any cloud infrastructure provider. This new tool is cloud-independent and focuses on deploying and scheduling containers within the infrastructure rather than directly leveraging nodes / hosts.

Some of the platform features provided by K8S are:

Use pod for container grouping, self-healing, auto-scaling, DNS management, load balancing, rolling updates or rolling back resource monitoring and logging

Kubernetes architecture

The Kubernetes cluster consists of a master node and a set of worker/ slave nodes.

The primary node components of Kubernetes are:

API server (API Server): users interact with manifestyaml through Rest operations or kubectl cli. It is used for all operations related to API objects, such as pod creation, and is the only component that stores the desired state in etcd.

Scheduler: the user uses kubectl cli to issue a command to the API server to create the pod. After doing this, the scheduler allocates pods to available nodes based on resource requirements.

Controller manager (Controller Manager): the controller manager manipulates resources based on the cluster state and makes changes according to the listing yaml to bring the current state application to the desired state. In other words, the controller manager can coordinate the actual state with the desired state. There are several dedicated controllers in the controller manager to simplify cluster management. For example, the node controller checks to see if there is currently running node downtime and takes corrective action, while the replication controller ensures the number of pod needed to actually run in the node.

Etcd: all configuration information about the state of the cluster is stored in etcd in the form of key/value pairs, which is implemented by CoreOS. These states show the nodes contained in the cluster and the pods that needs to be run on it.

Plug-in (Addons): in order to add server DNS records to Kubernetes, we need a cluster DNS plug-in. This plug-in helps to extend functionality related to Kubernetes clusters or nodes. There are many other plug-ins, such as fluntd for logging, rbac for role-based access, and so on.

The components installed in the Kubernetes node are:

Docker: the Docker daemon runs in each node. If the container image does not exist, it will be extracted and run from the docker registry.

Kubelet: the Kubelet node agent periodically checks the health status of the containers in the container. In addition, it ensures that you press manifest to install the volume and download the sensitive information needed to run the container. It also links the node to the API server.

Kube-proxy: Kube-proxy runs on each node to distribute load in pod and to provide available services to external hosts. It uses iptable rules or polling scheduling to forward requests to the correct container.

For highly available and fault-tolerant Kubernetes production and deployment, multiple master nodes and a separate etcd cluster are required. If three API servers are running, a network load balancer is required to correctly distribute the load to the server. The only remaining problem is that three roles are required to manage the controller manager and the scheduler to maintain cluster state and assign nodes. In order to execute it more efficiently and reliably, only one participant should make the actual change, but other instances are still needed in the event of machine downtime. To solve this problem, we can use lease-lock in API to perform the primary selection, and the flag to use it is leader- elect.

Kubernetes enables networking from Pod to Pod in any of the following ways:

1) layer 2 (switching solution) 2) layer 3 (bridging solution) 3) overlay solution (weave andflannel)

They allow communication between Pod and Pod in the cluster and provide a unique IP address for each Pod.

Key features of Kubernetes

Pod: Collection of Containers container set

Pod is a deployment unit in K8S that has a separate IP address. Within it, the Pause container handles the network by holding a network's namespace, port, and ip address, which is used by all containers in the pod.

ReplicationController

ReplicationController ensures the number of containers required to get up and running within a given time. The Pod template is used to define container image identifiers, ports, and labels. With liveness probes, it can automatically heal pods and maintain the number of pods in the desired state. You can also manually control the copy count by using kubectl.

Storage management

Pods is short-lived in nature-any information stored in a pod or container will be lost. In order to store data, a persistent system is necessary, even after a pod is killed or rescheduled, such as Amazon Elastic Block Storage (EBS), Google GCE PD, or a distributed file system, such as Network File system (NFS) or Gluster File system (GFS).

Resource monitoring

Monitoring is one of the keys to the successful operation of the infrastructure, and it is the basis of the reliability level. Heapster is a plug-in that collects metrics from kubelet and integrates with cAdvisor. CAdvisor is used to collect metrics related to the CPU, memory, Imax O, and network statistics of the running container. The data collected by Heapster is stored in influx DB and displayed in UI using Grafana. There are other available receivers, such as Kafka or Elastic Search, that can be used to store data and display it in the user interface.

Health examination

The health check of kubernetes is performed by kubelet agent. It is divided into liveness and readiness probes.

There are three main types of handlers:

ExecAction: execute the Shell command, and if the generated exit code is 0, it means that the instance is healthy. In any other case, the instance is not healthy. TCPAction: Kubelet will attempt to connect to the specified port, and if it establishes a connection to the given socket, the diagnosis is successful. HTTPGetAction: based on the HTTP endpoint exposed by the application, kubelet executes a HTTP GET request for the container IP address on the specified path. If 200 to 300 response codes are returned, the diagnosis is successful.

Each probe usually has three results:

Success: the container passed the diagnosis. Failed: the container failed diagnostics. Unknown: the diagnosis failed. Do not take any action.

Horizontal automatic stretching function

Automatic scaling uses load-based computing resources. K8S scale pod automatically uses Horizontal Pod Autoscaler objects to get measurement data from Heapster and reduce or increase the number of pod accordingly. For example, if automatic scaling is based on memory utilization, the controller starts observing memory usage in pod and expands the replica count based on capacity.

Service discovery

Kubernetes pods is short-lived, and ReplicationController creates them dynamically on any node, so discovering services in a cluster is a challenge. The service needs to discover an IP address and a dynamic port to communicate in the cluster.

There are two main ways to find it-- environment variables (Environment variables) and DNS.

Preferably, DNS-based service discovery can be used as a cluster add-on. Track new services in the cluster and create a set of DNS records for each service.

The network

To fully manage the cluster, the network must be set up correctly and three network problems must be solved:

1. Container-to-container communication: pods communicates through the local host and uses the Pause container network namespace to solve this problem. 2.Pod-to-Pod communication: solved by a software-defined network, as shown in the architecture above. 3. External to pod communication: covered by service.

Kubernetes offers a wide range of network options. The Container Network Interface (CNI) plug-in is now also supported, which is the common plug-in architecture for containers. Currently supports a variety of orchestration tools, such as Kubernetes, Mesos, and CloudFoundry.

There are various coverage plug-ins:

1.Flannel comes from CoreOS and is a very simple etcd back-end overlay network. It creates another virtual, routable IP / Pod network that runs on the underlying network; ergo, called an overlay network. In this overlay network, each Pod will be assigned an IP address and will communicate directly using their IP. 2.Weave provides Kubernetes-compatible overlay networks through the CNI plug-in.

Service

A Kubernetes service is an abstraction that routes traffic to a set of pod to provide a micro-service. Kube-proxy runs on each node and manages the service by setting up a set of iptable rules.

There are three modes of setting up services:

1.ClusterIP (internal access only) 2.NodePort (firewall needs to be turned on on the port; public access is not recommended) 3. Load balancer (owned by public cloud providers such as AWS or GKE)

ConfigMap and Secret

ConfigMap makes it possible to inject environment-based configurations while keeping container images consistent across multiple environments. These can be injected by installing volumes or environment variables (environment variables) and storing these values in key/value format.

Secrets is used to store sensitive data, such as passwords, OAuth tokens, and so on.

Rolling deployment and rollback

The deployment object holds one or more replica sets to support the rollback mechanism. In other words, each time you change the deployment configuration, a new replica set is created and the previous version is retained so that there is a rollback option. Only one copy set will be active at a specific time.

For rolling deployment, the required policy types are RollingUpdate and minReadySecs, which specify how long the application spends on service traffic. If you leave the application pod in its default state when it is not ready, it will not be available. This can be done with the following command:

Or

By replacing the contents of the deployment yaml file and running the following command:

If the new version is not as expected, you can roll back to the previous version by running the following command:

If the desired version is a version other than the previous version, run:

Logging record

To monitor the behavior of your application, you must check the logs-- multiple logs are generated per pod. To start searching for logs in the dashboard UI, there must be some mechanism to collect and aggregate them into a log viewer. To illustrate this point, Fluentd is an open source tool that is part of CNCF and works well with Elastic Search and Kibana.

About the 12 key features are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.