Shulou(Shulou.com)06/02 Report--

Original articles, welcome to reprint. Reprint please indicate: reproduced from IT Story Association, thank you!

Original link address: "Advanced articles" docker understanding kubernetes (31)

Learn k8s for the last service orchestration tool. Kubernetes actually comes from the Greek meaning (helmsman, navigator). It is not easy to hesitate to squeeze or write, so there is another project called K8sQubernetes, which Google began to implement in 2014. At that time, google already had experience in large-scale service container management. The internal Borg system was responsible for scheduling and managing some services within google. Its purpose was to let users not have to worry about resource management and let them focus on their core business. And maximize data center utilization.

What is k8s?

Let's assume that there is a residential community, K8s is equivalent to the big landlord of this community, there is a building in the community, the building can be regarded as a virtual machine, commonly known as VM, there are many residents in the building, each resident represents a pod, then how can each household find their location? How each household finds their location is through the house number, we understand it as the location of IP. In each household, there are a lot of family members, father, mother, brothers and sisters, grandparents, grandparents, daughters and sons. These roles can be understood as container. The members in this pod share the resources in this room, the water and electricity network. Those resources can be understood as computing resources, ipu, memory, hard drives. For the big landlord K8s, his main function is to manage, how much resources each household Pod uses, that is, in order to make the whole building use a lot of resources more efficiently, for example: there are too many residents living in A building, too many Pod, they will directly compete with each other for resources, then it can coordinate some pod, that is, some residents move to Building B. This will make it more balanced to use.

K8s

Official website: https://kubernetes.io/ K8s is an automatic open source system that automatically deploys, scales, and manages containerized applications.

Compared with the previous mesos and swarm,k8s, the purpose is very simple and clear, to put it simply, it is for service orchestration, nothing else. Such a clear and clear purpose. Although the purpose is simple but focused, so professional, very flexible way of use, it takes into account a variety of problems that may be encountered in the landing process of the service, a variety of scenarios, so start from a simple, thoroughly eat it. Learn about all its components, and then look back at its architecture.

What the K8s cluster looks like

This diagram simply describes what a K8s cluster looks like. K8s must also need a cluster, and there must be a machine for service scheduling service orchestration, so a cluster is needed. The middle seven-sided rows are Master nodes, which can be understood as installing core components. The other hexagons identify Node nodes, which are called worker nodes in K8s, and then there are kubelet services and docker services in each node.

There are two more green parts, Deployment in master. In Node, Containerized app is a containerized application. The illustration is that a Deployment is deployed on Master, and one of the three nodes is selected to deploy the application. The blue circle in Node identifies pod.

Pod is a very important concept in K8s. All applications and services run in pod. Pod is the smallest unit in K8s, which can be understood as an atom of K8s, and pod is a container.

The first pod has an independent IP address, a container the second pod has an independent Ip address, a container, a disk storage the third pod has an independent Ip address, two containers, a disk storage, the two containers can share IP, shared network, shared disk. The third pod has an independent Ip address, three containers, and two disk storage. These three containers can share IP, shared network, and shared disk.

PS: through the four mini images above, you can see that there can be as many containers and stores as you want in the same pod.

Knowing that pod runs the container, where does pod run itself? Run on node, through kubelet, schedule kuelet to run pod. Multiple pod can be run on a node. Multiple pod can be established as long as the resources are sufficient.

Service

In the middle is the master node and the rest is the node under the node node, which runs on the outside of a pod,pod. There is a layer of dotted lines that identify service,pod 's Ip (10.10.10.1) and service (10.10.9.1). Unlike the Ip of service and pod, pod runs on a node. If pod or node suddenly fails, the orchestration tool must restart a pod under other node nodes. The affirmative ip of this pod has also changed. So we need a concept of serivce. When something goes wrong with pod, a new pod is generated, and the new pod is a new ip. We can find the pod through service. The Ip of serivce is consistent with the life cycle of service, and IP remains unchanged if the service is not deleted. The above two node and three pod are actually changed from one instance to three instances, expanding the capacity and providing conceivable services to the outside world. At this time, the service,ip has the other two functions. In addition to locating the address of the pod, it can load balance and poll the pod address.

Basic understanding of the concept of service, how to determine which pod belongs to a service, put forward a concept of service, service may be composed of one or more pod, how to define service, how to define service. On k8s, through the way of Master Label Selector, such as spod appellation An and pod B, the input pod equals An or pod equals B with this tag, all the tags belong to my little brother. This makes the coupling between service and pod very loose.

PS: (combing the concept) there are N containers in pod, and pod,Deployment in service may include service or pod.

Deployment completes application expansion

A Deplyment is released in Master. In fact, the internal pod,service is to expand the capacity of service. It is only a logical existence to form a logical group of pod into a logical group, that is, service. After the expansion is completed, the other two nodes have pod instances. Service starts the external load balancer endpoint to find the corresponding pod.

Scroll through the update, stop an old pod, start a new pod, and the service has both new and old ones, until all the old ones have been updated. The Ip of all the update and expansion processes of serivce remains the same.

The overall architecture of K8s

First of all, on the whole, the upper part is the Master node, and there are two worker nodes below. The core modules deployed in master are the core modules of K8s, and the dashed wireframe represents API Server, which provides the core module of resources, authentication and authorization and access control of K8s. You can access API server through kubectl or self-developed userClient,restApi. Thus complete the access of the entire cluster.

ControllerManager is responsible for maintaining the state of the cluster, such as fault detection, scaling, rolling updates, and so on. Scheduler is responsible for resource scheduling, according to the predetermined policy to schedule pod to the specified node node ETCD for executed storage, pod,service cluster and other information, K8s needs to persist data is stored on this. Kubelet is responsible for maintaining the life and volumes, network of containers on the current node. A kube-proxy can be run on each Node, which is responsible for service to provide internal service discovery and load balancing, and to do a landing function for the service method. Kube-dns is responsible for the dns service of the entire cluster. This component is not required and is generally accessible by name. GUI interface for dashboard cluster data.

PS: carding the whole process

Kubectl initiates a request that is authenticated. The strategy and score of scheduler are calculated to get the node of the target. APIServer requests Node to run the Node pod through kublet. APIServer sends the information to ETCD and saves it. After pod is running, you manage the status of each pod through ControllerManager, and if you suddenly hang up, find a way to create a pod. Give pod a separate ip address, and you can use this ip to access it throughout the cluster. However, the ip of pod is volatile, and it is impossible to pay attention to the Ip of a pod when you restart and upgrade abnormally. The following dotted line indicates that there are three pod in a service,service, and the one that is not in the dashed line is a separate pod, which does not provide an entry to the service. The module that completes the specific work of the service is kube-proxy, which has a kube-proxy on each node, and then assigns an ip to the service to access the pod in the service. Therefore, the service corresponding to the kube-proxy will have an ip direction, and the load balancer will visit them. Kube-proxy (service) can expose ports and ip directly to the node. External requests can access the ip on the node and can be associated with this service. Kube-dns is for the convenience of the name to directly access the node node. Any pod can be accessed by name. The design concept of K8s

Understand the design concept can be a more in-depth understanding of k8s, the design is really too good, it is very worthy of our study and reference.

Design principles of API

All api are declarative (stable for repetitive operations, all objects are nouns, not verbs, users can easily expect what the user will look like, whether the current system meets the requirements, define the user's purpose, and trigger the design with system-managed business intentions) the design principles of the control machine (assume all kinds of possible errors, and do fault-tolerant processing It is normal to have local and temporary errors, errors may exist in physical failure disks, external system failures, code problems of the system itself, take into account any possible errors, and do fault-tolerant treatment, after each module has an error, restore processing, it is impossible to guarantee that every module is always connected in the system, so any module should have the ability to repair automatically. Self-collapse caused by ensuring that you cannot connect to other modules. In many cases, it can be gracefully degraded, requiring basic and advanced functions in the design process, without causing the collapse of advanced functions, affecting the use of this module, and making it easier to introduce advanced functions, which will cause advanced functions to affect basic functions. )

K8s network

CNIFlannel,Calico,WeavePod network

Scheduler-preselect

NodiskConflict mounts the selector FitRescoure CPU of the conflicting checkNodeMemMemoryPressure memory pressure Nodeselect node. The memory limit Affinity satisfies the pod connection state limit scheduler-optimize-select.

Priority rules, node is scored, and pre-selection rules are carried out through priority functions. Each priority function can return a function of 0-10. The higher the score, the more suitable the host is, corresponding to a weight.

SelectorSpreadPriorityLeastRequestedPriorityAffinityPriority

Pod internal communication

Different pod communication on the same node

Access through pod's Ip

Different node, different pod communication

Meeting pod,ip cannot conflict.

Service Discovery of K8s

Kube-proxy (ClusterIp)

For each service, all pod is given to the virtual Ip, and the virtual Ip can only be accessed internally.

Kube-proxy (NodePort)

Services are exposed to nodes, and external ones can access pod through NodeIp

Kube-DNS

Responsible for the dns resolution within the cluster, and the pod can be accessed by name within the cluster.

So much for PS:k8s 's theory, but the focus is still on practice. Next time, we will start to build a K8s cluster.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.