Kubereters
An open-source system for automating deployment, scaling, and management of containerized applications;
Traditional >> Hypervisor >> Container
Traditional:
No way to define resource boundaries for applications in a physical server before, run each applications on a different physical server;
Hypervisor:
Will run multi VMs on a single physical server's CPU;
Allow applications to be isolated between VMs and provides a level of securiy as the infomation of one application cannot be freely accessed by another application;
Each VM is a full machine running all the components, including its own operating system;
Container:
Have relaxed isolation properties to share the operating system among the applications;
Lightweight;
A container has its own filesytem/CPU/memory/process space/..
Are portable across clouds and OS distributions because they are decoupled from the underlying infrastrucure;
Benifits of containers:
1. Agile application creation and deployment: increased ease and efficiency of container image creation compared to VM image use
2. Continuous development, integrations and deployment:
provide for reliable and frequent container image build and deployment with quick and easy rollbacks;
3. Dev and Ops separation of concerns: create application container images at build/release time rather than deployment time, thereby decoupling applications from infrastructure;
4. Obervability not only surfaces OS-level information and metrics, but also application health and other signals;
5. Environmental consistency across development, testing, and production; Runs the same on a laptop as it does in the cloud;
6. Cloud and OS distribution portabilty: Runs on Ubuntu, RHEL, CoreOS, on-prem, Google Kubernetes Engine, and anywhrere else;
7. Application-centric management;
8. Loosely coupled, distributed;
9. Resource isolation;
10. Resource utilization;
Benefits of Kubernetes:
1. Service discovery and load balancing
kubernetes expose a container using the DNS name or using their own IP address;
if traffic to a container is high, kubernetes is able to load balance and distribute the network traffic so that the deployment is stable;
2. Stroage orchestartion
automatically mount a storage system of local storages/public cloud providers/..
3. Automated rollouts and rollbacks
automake kubernets to create new containers
4. Self-healing
restart fail containers, kill no-respond containers;
5. Automatic bin packing
tell kubernetes how much CPU and RAM each container needs, kubernets can fit containers onto your nodes to make the best use of you resources;
Kubernetes Master
When deploying kubernetes, we wil get a cluster, which is a set of machines (nodes),
that run containerzed applications managed by kubernetes.
A cluster has at least one worker node and at least one master node;
Kubernetes Master is a collection of three processes that run on a single node in your cluster, which is designed as the master node;
Three processes:
Kube-apiserver;
Kube-controller-manager;
Kube-scheduler;
Individual non-master node in cluster run two processes:
which communicates with the Kubernetes Master;
The primary node agent that runs on each node; It can register the node with tha apiserver using one of
the host name;
a flag to override the hostname;
specific logic for a cloud provider;
a network proxy which reflects Kubernetes networking services on each node;
Kubernets network proxy runs on each node, this relects services as defined in the Kubernetes API on each node
and can do simple TCP/UDP and SCTP stream forwarding or round robin TCP/UDP/SCTP forwarding across a set of backends/
Service cluster IPs and ports are currently found through Docker-links-compatible
Kubernetes Objects
Kubernetes contains serveral abstractions representing the state of system;
Basic Kubernetes objects include:
Kata-container
An open-source project and community working to build a standard implement of lightweight VM that feel and perform like containers, but provide the workload isolation and security advantages of VMs;
Kata container Components
- Agent -- The Kata-agent runs inside the virtual machine and sets up the container environment
- KSM throttler -- An optional utility that monitors containers and deduplicates memory to max container density on a host
- Proxy -- A process running on the host and co-ordinates access to the agent running inside the VM
- Runtime -- Be invoked by a container manager and provides high-level verbs to manage containersd
- Shim -- A process that runs on the host, acts as though it is the workload ( which actually runs inside the VM), required to be compliant with th expecations of the OCI runtime sepc
- Hypervisor --
- Kernel -- HV uses a linux kernel to boot the guest image
Docker
Following storage drivers:
- overlay2 is the preferred storage driver, for all currently supported linux distributions, and requires no extra conf
- aufs is the preferred stroage driver for Docker 18.06 or older, when running on Ubuntu 14 on Kernel 3.13 which has no support or ovrlay2
- devicemapper is supported, but requires direct-lvm for production environments, because loopback-lvm, while zero-conf, has very poor performance.