乐趣区

关于容器:Introduction-to-Containers-and-Kubernetes

Source: https://learn.ibm.com/course/…

1. Introduction to Containers

1.1 What is a container?
A container is an executable unit of software in which application code is packaged, along with its libraries and dependencies, in common ways so that it can be run anywhere, whether on a desktop, on-premises, or in the cloud.
To do this, containers take advantage of a form of operating system virtualization in which features of the operating system are leveraged to both isolate processes and control the amount of CPU, memory, and disk storage that those processes have access to. In the case of the Linux kernel, namespaces and cgroups are the operating system primitives that enable this virtualization.
Containers first appeared decades ago, but the modern container era began in 2013 with the introduction of Docker.

1.2 Benefits of a container

  • Lightweight – eliminating the need for a full operating system instance per application
  • Portable – carry all their dependencies with them
  • Architecture – ideal fit for modern development and application patterns that expect regular deployments of incremental changes
  • Utilization – enable developers and operators to improve the CPU and memory utilization of physical machines

1.3 Virtual Machine vs Container

  • Containers run on a container engine rather than directly at the operating system.
  • Containers can start up much faster than virtual machines.
  • There are three states a container can be in: waiting, running, and terminated.

1.4 Docker
Docker is an open-source software platform for building and running applications as containers.
Container runtime is software that executes containers. Docker is a container runtime.
Docker is likely the most popular and best-known container runtime, but Docker has also introduced the container runtime, which is gaining much popularity. Other runtimes include cri-o, the container engine included in OCP, and also rkt.

Docker Command Line Interface (CLI):

  • BUILD: Create container images
  • RUN: Test an image on local computer to ensure it is running correctly
  • PUSH: Store images in a remote location
  • PULL: Retrieve images that stored in a remote location
  • IMAGE: List all the images, their repositories, tags and sizes.
  • TAG: Copy an existing image and give the copy a new name

1.5 Building Container Images
An image (also known as a container image) is a template for the content of a container.
Images are then built layer by layer, with each Docker instruction creating a new layer on top of the existing layers.

Docker can automatically build container images by using the instructions from a Dockerfile. 
A Dockerfile is just a text file that contains all the commands a user would call on the command line to create the image. Docker provides a set of instructions that are used to make this process a bit more straightforward.
Dockerfile Instructions:

  • FROM
  • RUN
  • ENV
  • ADD and COPY
  • CMD

1.6 Registry
A container registry is used for the storage and distribution of named container images.

Registries store named images, and the Docker build and tag commands can be used to name images.
In general, there are three parts to an image name:

  • Hostname: hostname/repository:tag, identifies registry to which image is pushed, docer hub = docker.io, IBM Cloud Container Registry = us.icr.io
  • Repository: docer.io/ubuntu:18.04, group of related container images, usually different versions of same application, good name includes name of application or service
  • Tag

Note: Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.

2. Introduction to Kubernetes

2.1 Container orchestration

  • Aids in the provisioning and deployment of containers to make this a more automated, unified, and smooth process.
  • Ensures that containers are redundant and available so that applications experience minimal downtime.
  • Scales containers up and down to meet demand, and it load balances requests across instances so that no one instance is overwhelmed.
  • Handles the scheduling of containers to underlying infrastructure.
  • Performs health checks to ensure that applications are running, and takes necessary actions when checks fail.

2.2 What is Kubernetes
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
Kubernetes is sometimes abbreviated as “k8s.”

  • Open source
  • Container orchestration platform
  • Facilitates declarative management
  • Processes a growing ecosystem
  • Widely available

What Kubernetes is Not:

  • Not a traditional, all-inclusive platform as a service (PaaS)
  • Does not limit the types of applications
  • Does not deploy source code or build applications
  • Does not prescribe logging, monitoring, or alerting solutions
  • Does not provide built-in middleware, databases, or other services

What does Kubernetes do:

  • Aids in the provisioning and deployment of containers to make this a more automated, unified and smooth process
  • Perform health checks to ensure that applications are running, and take necessary actions when checks fail
  • Ensures that containers are redundant and available so that applications experience minimal downtime
  • Scales containers up and down to meet demand, and it load balances requests across instance so that no one instance is overwhelmed
  • Handles the scheduling of containers to underlying infrastructure

2.3 Architecture
A deployment of Kubernetes is called a cluster. On the left side of this diagram is the control plane, which makes decisions about the cluster and detects and responds to events in the cluster. The right side includes the worker nodes.

An example of a decision made by the control plane is scheduling of workloads, and an example of responding to an event is creating new resources when an application is deployed.

  • Kubernetes API Server: Exposes the Kubernetes API. All communication in the cluster utilizes this API. For example, the Kubernetes API server accepts commands to view or change the state of the cluster.
  • ETCD: A highly available key value store that contains all the cluster data. When you tell Kubernetes to deploy your application, that deployment configuration is stored in etcd. Etcd is thus the source of truth for the state in a Kubernetes cluster, and the system works to bring the cluster state into line with what is stored in etcd.
  • Kubernetes Scheduler: Assigns newly created Pods to nodes. This basically means that the kube-scheduler determines where your workloads should run within the cluster.
  • Kubernetes Controller Manager: Runs all the controller processes that monitor the cluster state and ensure that the actual state of a cluster matches the desired state. You will learn more about controllers shortly.
  • Cloud Controller Manager: Runs controllers that interact with the underlying cloud providers. Since Kubernetes is open source and would ideally be adopted by a variety of cloud providers and organizations, Kubernetes strives to be as cloud agnostic as possible. The cloud-controller-manager allows both Kubernetes and the cloud providers to evolve freely without introducing dependencies on the other.
  • Nodes: The worker machines in a Kubernetes cluster. In other words, user applications are run on nodes. Nodes can be virtual or physical machines. Each node is managed by the control plane and is able to run Pods. Nodes are not created by Kubernetes itself, but rather by the cloud provider. This allows Kubernetes to run on a variety of infrastructures. The nodes are then managed by the control plane. The components on a node enable that node to run Pods.
  • Pods: The simplest unit that you deploy in Kubernetes. A Pod represents a process running in your cluster; further, it represents a single instance of an application running in your cluster. Most often, a Pod wraps a single container.
  • Kubelet: The most important component. This controller communicates with the kube-apiserver to receive new and modified pod specifications and ensures that those Pods are their associated containers are running as desired. The kubelet also reports to the control plane on health and status. In order to start a Pod, the kubelet uses the container runtime, the last component on the nodes.
  • Kube-proxy: The container runtime is responsible for downloading images and running containers. Rather than providing a single container runtime, Kubernetes implements a Container Runtime Interface that permits pluggability of the container runtime.

A Control loop is a non-terminating loop that regulates the state of a system.
Controllers in Kubernetes work the same way, but they watch the state of a Kubernetes cluster and take action to ensure that the cluster’s state matches the desired state.

2.4 Kubernetes Objects
Kubernetes objects are persistent entities in Kubernetes, define the state of your cluster.
To work with these objects (create, update or delete) you use the Kubernetes API. Probably the most common way to do this is to use the kubectl command-line interface (CLI).

Kubernetes objects consist of two main fields:

  • Object spec: provided by the user, the desired state for this object.
  • Status: provided by Kubernetes, the actual current state of the object.

Examples of Kubernetes objects:

  • Namespaces: Convenient way to virtualize a physical cluster, make one cluster appear to be several distinct clusters. Logical seperation of a cluster into virtual clusters. Suitable for multiple teams or projects. (cluster will automatically have several namespaces)
  • Names: Each object has a name, must be unique for that resource type within that namespace.
  • Labels: Key value pairs that can be attached to objects as identification, allow objects to be grouped and organized. (not uniquely identify a single object)
  • Selectors: Core grouping primitive, identify a set of objects.

The Kubernetes Master is a collection of three processes that run on a single node in your cluster, which is designated as the master node. Those processes are:

  • kube-apiserver: validates and configures data for the API objects, which include Pods, services, replication controllers, and others. The API server services REST operations and provides the frontend to the cluster’s shared state through which all other components interact.
  • kube-controller-manager: is a daemon that embeds the core control loops shipped with Kubernetes. In applications of robotics and automation, a control loop is a non-terminating loop that regulates the state of the system. In Kubernetes, a controller is a control loop that watches the shared state of the cluster through the API server and makes changes attempting to move the current state towards the desired state.
  • kube-scheduler: is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity. The scheduler needs to take into account individual and collective resource requirements, quality of service requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, deadlines, and so on. Workload-specific requirements will be exposed through the API as necessary.

Basic Kubernetes objects:

  • Pods: The simplest unit that you deploy in Kubernetes. A pod represents a process running in your cluster; further, it represents a single instance of an application running in your cluster. Most often, a pod wraps a single container, though in some cases a pod may encapsulate multiple tightly coupled containers that share resources. This is a more advanced use case; in general, consider a Pod as a wrapper for a single container. When using the kubectl CLI to create objects, you often provide a YAML file that defines the object or objects that you want to create. Here is an example of a YAML file that defines a simple pod.

    Pod States inclues PENDING, RUNNING, SUCCEEDED, FAILED, UNKNOWN.
    Pod vs Container:
  • ReplicaSets: A group of identical pods that are running. Application can be horizontally scaled by running replicas of a pod. ReplicaSets are the object used to do this.
  • Deployments: An object that provides updates for both pods and ReplicaSets. Deployments run multiple replicas of an application by creating ReplicaSets and offering additional management capabilities on top of those ReplicaSets.

2.5 Kubectl CLI
Kubectl provides a myriad of functionality for working with Kubernetes clusters and managing the workloads that are running in a cluster.
There are many different types of commands available via kubectl, but let’s quickly discuss two key types of commands:

  • Declarative: Desired state, shared configuration file.

      kubectl apply -f nginx/
  • Imperative: Create, Update, Delete kubectl commands. Can be used during development, but not recommended for production systems.

      kubectl run nginx --image nginx
      kubectl create -f nginx.yaml
    

The “kubectl apply -f file.yaml” command is used to deploy an application.

退出移动版