What is Kubernetes and Industry Use Case for Kubernetes
🔰 KUBERNETES :
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services (open-source container-orchestration system), that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem.
🔰 The Rise of Kubernetes
First released in 2014, Kubernetes is an open-source container orchestration tool that can automatically scale, distribute and manage fault tolerance on containers. Originally created by Google and then donated to Cloud Native Computing Foundation , Kubernetes is widely used in production environments to handle Docker containers and other container tools in a fault-tolerant manner. As an open-source product, it is available on various platforms and systems.
The popularity of Kubernetes has steadily increased, with more than four major releases in 2017. K8s also was the most discussed project in Github during 2017, and was the project with the second most reviews .
🔰 Kubernetes is often chosen for the following reasons:
- Kubernetes has a better infrastructure than many of the DevOps tools
- Kubernetes breaks down containers into smaller modules to enable more granular management
- Kubernetes deploys software updates often and seamlessly
- Kubernetes lays the foundation for cloud-native apps
🔰 Features Of Kubernetes
Kubernetes’ features are :
🔰 Kubernetes Architecture
Kubernetes architecture comprises the following components.
Cluster
- A collection of servers that combines available resources
- Includes RAM, CPU, disk, and devices
Master
- A collection of components that make up the control panel of Kubernetes
- Consists of both scheduling and cluster events
Node
- A single host capable of running on a virtual machine
- Runs both Kube-proxy and Kubelet, which are a part of the cluster
Hardware Components
Nodes
A node is a worker machine on Kubernetes. It is a Virtual Machine or a physical machine based on the cluster. The master maintains the code, and each node contains the necessary components required to run the Kubernetes cluster.
In Kubernetes, there are two types of nodes, Master Node and Slave Node.
Cluster
Kubernetes does not work with individual nodes; it works with the cluster as a whole. Kubernetes clusters make up the master and slave node and manage it as a whole. There can be more than one cluster in Kubernetes.
Persistent Volumes
Kubernetes persistent volumes are administrator provisioned volumes with the following characteristics.
- Allocated either dynamically or by an administrator
- Created with a particular file system
- It has a specific size.
- Has identifying characteristics such as volume IDs and a name.
Kubernetes Persistent Volumes remain on a pod even after the pod is deleted. It’s used for the temporary storage of data.
Software Components
Containers
Containers are used everywhere, as they create self-contained environments where applications are executed. The programs are bundled up into single files (known as containers) and then shared on the internet. Multiple programs can be added to a single container; be sure to limit one process per container. Programs run on the Linux package as containers.
Pods
A Kubernetes pod is a group of containers deployed together on the same host. Pods operate one level higher than individual containers, and these groups of containers work together to operate for a single process. Pods provide two different types of shared resources: networking and storage, and are the units of replication in Kubernetes.
Deployment
A deployment is a set of identical pods. It runs multiple replicas of the application, and if in case an instance fails, deployment replaces those instances. Pods cannot be launched on a cluster directly; instead, they are managed by one more layer of abstraction. The manual management of pods is eradicated when deployment is used.
Ingress
Ingress is a collection of routing rules that decide how the external services access the services running inside a Kubernetes cluster. Ingress provides load balancing, SSL termination, and name-based virtual hosting.
Kubernetes Architecture
Kubernetes has two nodes — Master Node and Server Node.
Master
The master node is the most vital component of Kubernetes architecture. It is the entry point of all administrative tasks. There is always one node to check for fault tolerance.
The master node has various components, such as:
- ETCD
- Controller Manager
- Scheduler
- API Server
- Kubectl
Slave
The slave node has the following components:
1. Pod
- A pod is one or more containers controlled as a single application
- It encapsulates application containers, storage resources, and is tagged by a unique network ID and other configurations that regulate the operation of containers
2. Docker
- One of the basic requirements of nodes is Docker
- It helps run the applications in an isolated, but lightweight operating environment. It runs the configured pods
- It is responsible for pulling down and running containers from Docker images
3. Kubelet
- Service responsible for conveying information to and from to the control plane service
- It gets the configuration of a pod from the API server and ensures that the containers are working efficiently
- The kubelet process is responsible for maintaining the work status and the node server
4. Kubernetes Proxy
- Acts as a load balancer and network proxy to perform service on a single worker node
- Manages pods on nodes, volumes, secrets, the creation of new containers, health check-ups, etc.
- A proxy service that runs on every node that makes services available to the external host
🔰 Industry Use Case :
✔ Case Study- IBM
Challenge :
IBM Cloud offers public, private, and hybrid cloud functionality across a diverse set of runtimes from its OpenWhisk-based function as a service (FaaS) offering, managed Kubernetes and containers, to Cloud Foundry platform as a service (PaaS). These runtimes are combined with the power of the company’s enterprise technologies, such as MQ and DB2, its modern artificial intelligence (AI) Watson, and data analytics services. Users of IBM Cloud can exploit capabilities from more than 170 different cloud native services in its catalog, including capabilities such as IBM’s Weather Company API and data services. In the later part of 2017, the IBM Cloud Container Registry team wanted to build out an image trust service.
Solution
The work on this new service culminated with its public availability in the IBM Cloud in February 2018. The image trust service, called Portieris, is fully based on the Cloud Native Computing Foundation (CNCF) open source project Notary, according to Michael Hough, a software developer with the IBM Cloud Container Registry team. Portieris is a Kubernetes admission controller for enforcing content trust. Users can create image security policies for each Kubernetes namespace, or at the cluster level, and enforce different levels of trust for different images. Portieris is a key part of IBM’s trust story, since it makes it possible for users to consume the company’s Notary offering from within their IKS clusters. The offering is that Notary server runs in IBM’s cloud, and then Portieris runs inside the IKS cluster. This enables users to be able to have their IKS cluster verify that the image they’re loading containers from contains exactly what they expect it to, and Portieris is what allows an IKS cluster to apply that verification.
Impact
IBM’s intention in offering a managed Kubernetes container service and image registry is to provide a fully secure end-to-end platform for its enterprise customers. “Image signing is one key part of that offering, and our container registry team saw Notary as the de facto way to implement that capability in the current Docker and container ecosystem,” Hough says. The company had not been offering image signing before, and Notary is the tool it used to implement that capability. “We had a multi-tenant Docker Registry with private image hosting,” Hough says. “The Docker Registry uses hashes to ensure that image content is correct, and data is encrypted both in flight and at rest. But it does not provide any guarantees of who pushed an image. We used Notary to enable users to sign images in their private registry namespaces if they so choose.”
“With our IBM Cloud Kubernetes as-a-service offering and the admission controller we have made available, it allows both IBM services as well as customers of the IBM public cloud to use security policies to control service deployment.”
— MICHAEL HOUGH, A SOFTWARE DEVELOPER WITH THE IBM CLOUD CONTAINER REGISTRY TEAM
✔ CASE STUDY- Huawei
Challenge
A multinational company that’s the largest telecommunications equipment manufacturer in the world, Huawei has more than 180,000 employees. In order to support its fast business development around the globe, Huawei has eight data centers for its internal I.T. department, which have been running 800+ applications in 100K+ VMs to serve these 180,000 users. With the rapid increase of new applications, the cost and efficiency of management and deployment of VM-based apps all became critical challenges for business agility. “It’s very much a distributed system so we found that managing all of the tasks in a more consistent way is always a challenge,” says Peixin Hou, the company’s Chief Software Architect and Community Director for Open Source. “We wanted to move into a more agile and decent practice.”
Solution
After deciding to use container technology, Huawei began moving the internal I.T. department’s applications to run on Kubernetes. So far, about 30 percent of these applications have been transferred to cloud native.
“If you’re a vendor, in order to convince your customer, you should use it yourself. Luckily because Huawei has a lot of employees, we can demonstrate the scale of cloud we can build using this technology.”
— PEIXIN HOU, CHIEF SOFTWARE ARCHITECT AND COMMUNITY DIRECTOR FOR OPEN SOURCE
Impact
“By the end of 2016, Huawei’s internal I.T. department managed more than 4,000 nodes with tens of thousands containers using a Kubernetes-based Platform as a Service (PaaS) solution,” says Hou. “The global deployment cycles decreased from a week to minutes, and the efficiency of application delivery has been improved 10 fold.” For the bottom line, he says, “We also see significant operating expense spending cut, in some circumstances 20–30 percent, which we think is very helpful for our business.” Given the results Huawei has had internally — and the demand it is seeing externally — the company has also built the technologies into FusionStage™, the PaaS solution it offers its customers.
