Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introduction à Kubernetes
Search
Renaud Chaput
October 23, 2017
Technology
440
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Introduction à Kubernetes
Présenté à Sysadmin Days #7 :
https://sysadmindays.fr
Renaud Chaput
October 23, 2017
More Decks by Renaud Chaput
See All by Renaud Chaput
L'Infrastructure as Code au complet (par Benoit Petit)
renchap
1
710
Autour des requêtes des TSDB
renchap
2
710
Operate HBase clusters at Scale
renchap
1
450
Versions (par Olivier Delhomme)
renchap
1
490
Prevent business logic attacks using dynamic instrumentation
renchap
1
470
Atelier Paris Web : Introduction à Docker
renchap
0
110
Alkemics CI & CD with Jenkins and Docker
renchap
1
330
Les containers : décryptage
renchap
2
320
Kubernetes en production : un an après
renchap
1
360
Other Decks in Technology
See All in Technology
金融の未来を考える / Thinking About the Future of Finance
ks91
PRO
0
150
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
280
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
160
プロンプト_きのこカンファレンス2026_LT
yurufuwahealer
0
120
AIに「使われる」時代のSaaS戦略 〜既存WebAPIのMCPサーバー化における開発ノウハウ〜
ekispert_api
0
270
デジタル・デザイン構想 by Sayaka Ishizuka
y150saya
0
180
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
450
Fabricをフル活用する AI Agent Hub -製造業特化AIエージェントの設計
iotcomjpadmin
0
190
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
420
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
560
「軸足」は 固定しなくていい - 熱量と強みで描く、しなやかなキャリアの形
kakehashi
PRO
1
330
product engineering with qa
nealle
0
140
Featured
See All Featured
Prompt Engineering for Job Search
mfonobong
0
360
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
590
Joys of Absence: A Defence of Solitary Play
codingconduct
1
410
Tell your own story through comics
letsgokoyo
1
980
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
310
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
The Language of Interfaces
destraynor
162
27k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Unsuck your backbone
ammeep
672
58k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
300
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.7k
Transcript
Introduction à Kubernetes
Renaud Chaput @renchap
Kubernetes
Historique • Origine : Borg, l’orchestrateur de Google • En
2014, début du projet “Seven”, son remplaçant • Volonté de le rendre Open Source • Kubernetes est né ! • Version 1.0 en 2015, et don à la CNCF
Objectifs • Découpler infra et applications • Scale • Générique
/ Flexible • Automatisable • Extensible • Portable (cloud provider, bare metal, …)
Un gros projet 1500 contributeurs 32 000 PR depuis 2014
Structure • Code of Conduct et CLA • Doc claire
sur la participation • Special Interest Groups (SIGs) • Working groups • Committees
Releases
Releases
Features Alpha 1.5 Décembre 2016 Beta 1.7 Juin 2017 Stable
1.8 Septembre 2017 Alpha 1.6 Mars 2017
Fonctionnement
Objets apiVersion: v1 kind: Pod metadata: name: <name> namespace: default
spec: status:
Un même namespace / cgroup IP partagée (donc localhost commun)
Volumes communs IPC / … ./rails server ./log_processor.py Pod AppServer Sidecar
apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: -
name: nginx image: nginx:1.7.9 ports: - containerPort: 8080 Pod simple
Deployment apiVersion: apps/v1beta2 kind: Deployment metadata: name: nginx-deployment labels: app:
nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 8080
Service apiVersion: v1 kind: Service metadata: name: nginx-svc spec: selector:
app: nginx ports: - protocol: TCP port: 80 targetPort: 8080
db-1 volume-1 StatefulSet Db-2 Volume-2 Db-3 Volume-3
DaemonSet Jobs CronJobs NetworkPolicy Secret Ingress Volume …
Architecture
etcd etcd etcd Key/Value store Distribué Watch
etcd etcd etcd API Server Scheduler Controller manager
kubelet kube-proxy Pod Pod Pod Pod Pod Pod Pod Pod
Pod Pod
Pré-requis réseau • Tous les containers peuvent communiquer avec entre-eux
sans NAT • Tous les noeuds peuvent communiquer avec tous les containers sans NAT • L’IP d’un container vue de l’intérieur du container est la même que vu de l’extérieur
Container Runtime • Docker • CRI-O : interface OCI standard
• rkt (CoreOS) • Frakti : basé sur un hyperviseur
Node 1 Node 2 Node n etcd etcd etcd API
Server Scheduler Controller manager …
Kubectl $ kubectl apply -f nginx.yaml nginx-svc.yml $ kubectl get
all NAME READY STATUS RESTARTS AGE po/nginx 1/1 Running 0 12h NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/nginx-svc 10.0.0.116 <none> 80/TCP 7s
Federation
Add-ons
Kube DNS nginx-svc.my-namespace.svc.cluster.local _http._tcp.nginx-svc.my-namespace.svc.cluster.local 1-2-3-4.default.pod.cluster.local
Dashboard
Ingress controllers • GCP / AWS / … • nginx
• haproxy
Heapster + InfluxDB, Grafana
Sécurité
Namespaces et quotas apiVersion: v1 kind: ResourceQuota metadata: name: compute-resources
spec: hard: pods: "4" requests.cpu: "1" requests.memory: 1Gi limits.cpu: "2" limits.memory: 2Gi
PodSecurityPolicy apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: permissive spec: seLinux:
rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny hostPorts: - min: 8000 max: 8080 volumes: - '*' allowedCapabilities: - '*'
NetworkPolicy kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector:
matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true"
RBAC kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: pod-reader
rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", “list"] kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: read-pods namespace: default subjects: - kind: User name: jane apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io
Projets autour • Helm • Kops / Kube-AWS / Bootkube
/ … • Træfik • Prometheus / Sysdig / Datadog / … • Kube-lego, …
Ressources • Minikube! • kubernetes.io • Kubernetes the hard way
• Slack Kubernetes • Awesome Kubernetes
Questions ?