Kubernetes-related notes have reached 99, which is a summary. As a summary of the two years of working on container cloud platforms, this article begins with an introduction to all the components used. First, let’s look at the architecture diagram.
As shown in the figure, the container platform mainly involves the following components:
- Docker
- Kubernetes
- Etcd
- Flannel
- Ceph
- Harbor
- Drone
- Promethues
- EFK
- GIT/SVN
- Ingress-nginx
- Dashboard(Lens)
## is the so-called opening a picture, the back all rely on plait, ha ha, open dry…
First, introduce Docker, without further ado, first picture aboveWhat is ###docker? According to the website, a container is a standard unit that packages code and all its dependencies so that you can quickly and reliably move an application from one environment to another. Docker image is a lightweight, stand-alone, executable software package that contains everything you need to run an application.
Basically, the application and its dependencies are packaged into a file that, when run, generates a virtual container. Programs run just as they would on a physical machine or virtual machine. ~ ~ ~ true man
The purpose of the # # # docker
- Simplify the configuration
- Code pipelining management
- Improve development efficiency
- Isolation of application
- Consolidation server
- Rapid deployment
- Provide a consistent environment
- Flexible service
### The disadvantages of Docker and why the lightweight of Kubernetes Docker container means that more container instances can be created on the basis of the same amount of resources. However, in the face of large-scale applications with many containers (hundreds or thousands) distributed across multiple hosts, traditional single-machine container management solutions become inadequate. In addition, the number of containers in a container cluster is becoming smaller and smaller due to the increasing native support for microservices. In this case, the container management platform is needed to achieve scheduling, load balancing, and task allocation.
Container cluster management tool can more containers on a set of server management, application of each cluster in container layout tools appears to be a deployment or management entity, full container cluster management tool to implement automation application clusters, including application instance to deploy, update, health examination, flexibility, automatic fault tolerance and so on. Haha, coincidentally, Kubernetes provides these functions, which is why we use Kubernetes.
What is ###Kubernetes? Kubernetes: Google open source container management system, derived from the Borg system. Open source system for automated deployment, extension, and management of containerized applications. It groups the containers that make up the application into logical units for easy administration and service discovery.
Kubernetes architecture diagram
The purpose of the # # # Kubernetes
- Service discovery and load balancing
- self-healing
- Automated on-line and rollback
- Configuration management
- Store layout
- Batch execution
- The Service topology
- Breakpoint section
- Automatic packing
- Horizontal scalability
- Double protocol stack
As the core of the platform, Kubernetes is powerful, but in terms of its architecture, it is not cheap to learn.
- Kubernetes has so many concepts that you may not be able to get started in a month or even build a cluster.
- Learning Kubernetes requires relatively high technical ability of operation and maintenance. There are certain differences with traditional operation and maintenance, and it requires the ability to modify the code.
- The birth of Kubernetes, the shift from traditional operations to DevOps, requires a lot of new technology.
- But once you’ve mastered the core uses of the K8S, you’ll benefit.
Docker-registry: docker-registry: docker-registry: docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry: Docker-registry Docker’s warehouse includes public warehouse and private warehouse. Total of warehouse such as hub.docker.com, GCR. IO, k8s. GCR. IO, etc., generally download speed is slow, especially k8s related images, science and the Internet. The private warehouse is generally built by the company itself, which is used to store the docker image built internally. When deploying the service, it is downloaded from the private warehouse, which is very fast. Harbor is an enterprise Registry service for storing Docker images. It has many advantages over the native Regisrty.
- Provides a layered transmission mechanism to optimize network transmission
- Provides a WEB interface to optimize user experience
- Supports horizontal scaling of clusters
- Good security mechanism
- Harbor provides role-based access control mechanisms and projects to organize and control access to images
Harbor architecture diagram
Among the many services that can provide storage services for Kubernetes, ceph has the advantage of providing diversified storage methods, including object storage, block storage, file system three. As a unified distributed storage system, CEPH provides high performance, high availability and scalability. For Kubernetes, these features are essential as a basic service.
Ceph architecture diagram
Here are some of the features of CEPH:
- High performance CRUSH algorithm, balanced data distribution, high parallelism. Dr Domain isolation can implement copy placement rules for various loads, such as cross-equipment room and rack awareness. It can support thousands of storage nodes and supports TB to PB data.
- The number of high availability copies can be flexibly controlled. Fault domains are separated to ensure data consistency. Automatic recovery in multiple fault scenarios. No single point of failure, automatic management.
- High scalability and decentralization. Scalability is flexible. It grows linearly as you add nodes.
- Supports three storage ports: block storage, file storage, and object storage
- Support custom interface, support multiple language drivers
Of course, ceph, as a standalone system, can be deployed on bare metal machines or kubernetes clusters. **PS: ** If you use the public cloud to deploy Kubernetes, you can directly use the public cloud to provide storage services, simple and easy.
After introducing ceph, we will introduce another storage, ETCD
###ETCD introduces ETCD as the storage core of Kubernetes, as the background database to save all the cluster data of Kubernetes. Etcd is a consistent and highly available key-value database.
Etcd architecture diagram
Etcd has the following features:
- Simple: It is simple to install and configure, and it provides an HTTP API for interaction and is simple to use
- Security: Supports SSL certificate authentication
- Fast: A single instance supports 2k+ reads per second, according to official benchmark data
- Reliability: Raft algorithm is adopted to achieve the availability and consistency of distributed system data
In order to ensure high availability of data, clusters with odd numbers of nodes are generally used.
Next, the network plug-in for kubernetes cluster is introduced
Flannel: CoreOS is an open source network solution designed for Kubernetes. It enables Docker containers created by different node hosts in a cluster to have unique virtual IP addresses for the whole cluster. Flannel supports many underlying communication protocols, such as UDP, VXlan, and AWS VPC. The communication efficiency of different Flannel protocols varies greatly. By default, THE Flannel protocol is UDP, which is easy to deploy and manage. Flannel background data is also stored in ETCD.
Flannel architecture diagram
Such as just build kubernetes cluster environment, the above components are enough, the following continue to introduce the components, mainly based on Kubernetes on the application, mainly used to build pipeline, monitoring cluster, log analysis.
Before we begin, let’s introduce two concepts: CI and CD
What is the CI/CD
Continous Intergration (CI) is a software development practice in which team development members integrate their work frequently, usually at least once a day per member, meaning that multiple integrations may occur per day. Each integration needs to be verified through automated compilation, release, and automated regression testing to find integration errors as quickly as possible. These automated operations are performed by CI software.
Continuous deployment (Continous Delivery (CD) On the basis of continuous integration, the integrated code is deployed to the real runtime environment (in this article, deployment to kubernetes cluster). Delivery Team -> Version Control -> Build and Unit Testing -> Automated Acceptance Testing -> Release
Drone is a scalable continuous integration engine based on Docker container technology for automated testing, build, and release. Each build is performed in a temporary Docker container, giving developers full control over their build environment and ensuring isolation. Developers only need to include.drone.yml file in the project and push the code to git repository, and drone can be automatically compiled, tested and released.
The process is shown in figure
Prometheus: an excellent monitoring tool or monitoring scheme for metheus. It provides a complete solution for data collection, storage, processing, visualization and alarm. Prometheus is an official monitoring system recommended by Kubernetes to monitor the health of kubernetes clusters and applications running on them.
Prometheus architecture diagram
So what does Prometheus Operator do? Operator was developed by CoreOS to extend the Kubernetes API, a specific application controller used to create, configure, and manage complex stateful applications such as databases, caches, and monitoring systems. It can be understood that the Prometheus Operator is a tool for managing the deployment of Prometheus to Kubernetes in order to simplify and automate the maintenance of Prometheus components.
Prometheus Operator architecture
Kubernetes uses EFK as a log collection solution for Elasticsearch and Fluentd Kibana. With EFK, you can collect all logs of a cluster into Elasticsearch and analyze the logs. Generally used for troubleshooting, data analysis, etc.
Data flow chart
There are many dashboards of Kubernetes, such as official Dashboards, Rancher, Kuboard, Octant, Lens, etc. Here is a brief introduction to Lens
Lens is an open source IDE for managing Kubernetes clusters, supporting MacOS, Windows and Linux. Lens makes it easy to manage multiple Kubernetes clusters.
Directly above, their own experience, the effect is better.
Finally, GIT/SVN and ingress-nginx will not be introduced
So far, all components of container cloud platform have been basically introduced. Now, from the perspective of users, the process is briefly summarized:
- Developers submit code to Git (Gitlab/Github/Gogs), which must contain Dockerfile and.drone.yml files
- Commit the code to the remote repository
- Service type, service name, number of resources, number of instances and other information need to be filled in when releasing the application, and automatic construction of DRONE will be triggered after confirmation
- The CI pipeline of Drone automatically compiles the code and packages it into docker image and pushes it to Harbor image warehouse
- Drone’s CI pipeline includes custom scripts that replace variables with user-entered options based on kubernetes’ prepared YAML templates
- Generate the Kubernetes YAML configuration file for the application
- Update the Ingress configuration. Add a routing information to the Ingress configuration file based on the name of the newly deployed application
- Update DNS to insert a DNS record with the IP address of the ingress node.
- Drone’s CI pipeline includes a custom script to call Kubernetes API, deployment applications.
PS: Finishing + typeset took several days, I was really difficult %#¥@ ~¥! … #… It’s too difficult ~~~~ next, send actual combat hydrology &…… % $# @!
Tips: for more good articles, please pay attention to the first wechat public number “Rookie operation and maintenance talk”!!