2. За SAP
82 400
SAP служители
130
държави
320 000
клиента в 190 страни
#1
компания за бизнес софтуер в света
€10.8 млрд
годишни приходи за 2015
€2.85 млрд
инвестиции в R&D за 2015
7. Resource Isolation
Implemented by a number of Linux APIs:
• cgroups: Restrict resources a process can consume
• CPU, memory, disk IO, ...
• namespaces: Change a process’s view of the system
• Network interfaces, PIDs, users, mounts, ...
• capabilities: Limits what a user can do
• mount, kill, chown, ...
• chroots: Determines what parts of the filesystem a user can
see
8. What we need?
• Scheduling: Where should my containers run?
• Lifecycle and health: Keep my containers running despite
failures
• Discovery: Where are my containers now?
• Monitoring: What’s happening with my containers?
• Auth{n,z}: Control who can do things to my containers
• Aggregates: Compose sets of containers into jobs
• Scaling: Making jobs bigger or smaller
9. kubernetes is an open-source system for
automating deployment, scaling, and
management of containerized applications.
10. Key Features
• Horizontal scaling
• Automated rollouts and rollbacks
• Storage orchestration
• Self-healing
• Service discovery and load balancing
• Secret and configuration management
• Batch execution
• Automatic binpacking
12. Concepts
• Container: A sealed application package (Docker or
equivalent)
• Pod: A small group of tightly coupled Containers
• Labels: Identifying metadata attached to objects
• Selector: A query against labels, producing a set result
• Controller: A reconciliation loop that drives current state
towards desired state
• Service: A set of pods that work together
14. Control loops
Drive current state => desired state
Act independently
APIs - no shortcuts or back doors
Observed state is truth
Recurring pattern in the system
Example: ReplicationController
Typically a cloud cluster node is a VM running a specific version of Linux.
User applications comprise components each of which may have different and conflicting requirements from libraries, runtimes and kernel features.
Applications are coupled to the version of the host operating system: bad.
Evolution of the application components is coupled to (and in tension with) the evolution of the host operating system: bad.
Also need to deal with node failures, spinning up and turning down replicas to deal with varying load, updating components with disruption …
We need a way to represent workloads to be deployed on nodes. We could wrap each application component in its own virtual machine and then compose these machines through network ports, shared disks etc. However, there is a large overhead with this approach e.g. three separate copies of Ubuntu 14.04 in the example below. These large images are slow are slow to deploy.
Docker takes care of the difference between the guest operating system that the container was written for and the actual host operating system. It provides a high-level API for managing (in our case) lightweight containers based on cgroups and namespaces. Since this is not full virtualization the application is still coupled to some degree to its host e.g. all the containers run with the host’s OS kernel.
Each application component can be bundled together with its own dependencies and shrink-wrapped for deployment. This avoids issues with missing dependencies from the environment (e.g. DLL hell). Although we have replaced it with DLL hell in the cloud with DockerHub. Docker containers aim to provide a mechanism for building an application component once and then deploying anywhere, but with a lot of caveats. “build once, run anywhere”... where have we heard that before :-)
Greek for “Helmsman”; also the root of the word “Governor” and “cybernetic” (кормчия)
Container orchestrator
Builds on Docker containers
also supporting other container technologies
Multiple cloud and bare-metal environments
Supports existing OSS apps
cannot require apps becoming cloud-native
Inspired and informed by Google’s experiences and internal systems
100% Open source, written in Go
Let users manage applications, not machines
Scale your application up and down with a simple command, with a UI, or automatically based on CPU usage.
Kubernetes progressively rolls out changes to your application or its configuration, while monitoring application health to ensure it doesn’t kill all your instances at the same time. If something goes wrong, Kubernetes will rollback the change for you. Take advantage of a growing ecosystem of deployment solutions.
Automatically mount the storage system of your choice, whether from local storage, a public cloud provider such as GCP or AWS, or a network storage system such as NFS, iSCSI, Gluster, Ceph, Cinder, or Flocker
Restarts containers that fail, replaces and reschedules containers when nodes die, kills containers that don’t respond to your user-defined health check, and doesn’t advertise them to clients until they are ready to serve.
No need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers, and can load-balance across them.
Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
In addition to services, Kubernetes can manage your batch and CI workloads, replacing containers that fail, if desired.