Introduction to Kubernetes

Transcript

1. @BastianHofmann Introduction to Kubernetes Bastian Hofmann

2. None

3. Container orchestration platform

4. Deploy, run and scale your services in isolated containers

5. Very Powerful

6. Large community

7. Lot’s of large company backers

8. No vendor lock in

9. Runs on

10. AWS

11. Azure

12. Google Cloud Platform

13. Bare metal

14. Your laptop

15. Minikube

16. Included in Docker Desktop Clients

17. SysEleven

18. Learning curve

19. This talk is supposed to get you started

20. I’m going to explain the basics

21. I’ll start with deploying a simple PHP Web App

22. and cover some internals

23. But first

24. Why containers?

25. Services run in isolation

26. Everything needed to run a service in one image

27. Decouple Ops and Dev

28. Make things …

29. Easier to deploy

30. Easier to upgrade system dependencies

31. Easier to scale

32. Easier to develop

33. Better performance than Virtual Machines

34. None

35. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

36. docker build -t symfony-demo:2.0.0 .

37. docker run -p 8080:80 symfony-demo:2.0.0

38. Kubernetes helps you running containers

39. OK, sold

40. Let’s define some core concepts first

41. Kubernetes Cluster

42. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image

43. • A container runs a docker image. • Only 1

    process can run inside of a container Container

44. • A group of 1 or more containers • Same

    port space • Ports are not accessible from outside of the pod Pod

45. • Defines and manages how many instances of a pod

    should run Replica Set

46. • Manages updates and rollbacks of replica sets Deployment

47. • Makes a port of a pod accessible to other

    pods Service

48. • Makes a service accessible to the outside of Kubernetes

    Ingress

49. • A physical server • Containers get distributed automatically Node

50. • Configuration that can be mounted inside of a container

    ConfigMap

51. • Volumes can be mounted into a container to access

    a ConfigMap, Secret or a folder on the host Volumes

52. • Dedicated environment to deploy services in Namespaces

53. Example

54. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD

55. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD

56. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 PHP Application POD PHP Application POD

57. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 https://php-app.k8s.foo.com:443/ PHP Application POD PHP Application POD

58. To interact with Kubernetes

59. Tooling

60. kubectl

61. $ kubectl get pods

62. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

63. REST API

64. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

65. kubernetes-dashboard

66. None

67. Helm The package manager for Kubernetes

68. $ helm install stable/wordpress

69. Practical example

70. Preparations

71. Install Docker Client

72. None

73. Install helm

74. $ brew install kubernetes-helm

75. $ helm init

76. Install kubernetes-dashboard

77. $ helm install stable/kubernetes-dashboard -f kubernetes- dashboard.yaml

78. Install nginx-ingress-controller

79. $ helm install stable/nginx-ingress -f ingress- controller.yaml

80. Let’s deploy the symfony demo app

81. https:/ /github.com/symfony/demo

82. First the Dockerfile

83. PHP

84. Copy our code

85. Build the project

86. Composer install

87. yarn install

88. yarn run build

89. Build the image

90. docker build -t symfony-demo:2.0.0 .

91. Demo

92. Now we have to tell Kubernetes what to do with

    the image

93. Resources are defined in YAML or JSON

94. Deployment

95. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: metadata:

    labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.0.0 ports:

96. containers: - name: symfony-demo image: symfony-demo:1.0.0 ports: - containerPort: 80

    livenessProbe: httpGet: path: / port: 80 timeoutSeconds: 1 initialDelaySeconds: 10 readinessProbe: httpGet: path: /

97. Many more options configurable

98. Many more options • Setting environment variables • Mounting volumes

    • Requesting resources • Defining upgrade strategies • Defining command • Configure networking • Configure the scheduler • Listen on lifecycle events • Configure system capabilities for the container • …

99. Service

100. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

     name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

101. Ingress

102. kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: -

     host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80

103. Creating everything

104. kubectl apply -f deployment/webapp.yaml

105. None

106. Rolling Deployments

107. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

     containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

108. kubectl apply -f deployment/webapp.yaml

109. Demo

110. These are the basics

111. There are other types of deploying things into Kubernetes

112. CronJobs

113. Regularly repeating jobs

114. apiVersion: batch/v1beta1 kind: CronJob metadata: name: cron-job spec: schedule: "*/1

     * * * *" jobTemplate: spec: template: spec: containers: - name: cron-job image: your-cron-job restartPolicy: OnFailure

115. How does Kubernetes work internally

116. Service Discovery

117. Within a pod

118. Shared port namespace

119. Separate file systems

120. Separate process spaces

121. Network wise everything behaves like localhost

122. Between pods

123. You have to expose ports with services

124. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

     name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

125. Every service has a virtual IP address

126. $ kubectl get service symfony-demo NAME TYPE CLUSTER-IP PORT(S) AGE

     symfony-demo ClusterIP 10.106.119.24 80/TCP 6d

127. Discoverable in other containers by

128. Environment Variables

129. SYMFONY_DEMO_SERVICE_HOST=10.106.119.24 SYMFONY_DEMO_SERVICE_PORT=80

130. DNS

131. $ nslookup symfony-demo Server: 10.0.0.10 Address 1: 10.0.0.10 Name: symfony-demo

     Address 1: 10.106.119.24

132. $ curl http://symfony-demo

133. Alternatively

134. Service Mesh

135. LinkerD https:/ /linkerd.io/

136. Istio https:/ /istio.io/

137. Conduit https:/ /conduit.io/

138. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

     POD

139. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

     POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

140. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

     POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

141. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

     POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

142. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

     POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

143. Benefits

144. Advanced routing

145. Prefer service in current namespace, fall back to default namespace

146. Canary deployments

147. A/B Testing

148. Advanced monitoring

149. None

150. Profiling

151. Zipkin

152. None

153. What about data?

154. Storage

155. Volumes

156. https:/ /kubernetes.io/docs/concepts/ storage/volumes/

157. apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: -

     image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}

158. Persistent Storage

159. You define a Persistent Volume or Storage Class, e.g. NFS,

     …

160. Depends on your Kubernetes Setup

161. Each pod can specify a Persistent Volume Claim

162. apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgresql-pv-claim labels: name: postgresql

     spec: storageClassName: generic accessModes: - ReadWriteOnce resources: requests: storage: 10Gi

163. And then mount the Claim into a Volume in a

     container

164. apiVersion: extensions/v1beta1 kind: Deployment metadata: name: postgresql spec: template: spec:

     containers: … volumes: - name: postgresql-data persistentVolumeClaim: claimName: postgresql-pv-claim

165. https:/ /kubernetes.io/docs/concepts/ storage/persistent-volumes/

166. Configuration

167. Should not be included in the docker image

168. ConfigMap

169. Key/Value Store

170. kind: ConfigMap apiVersion: v1 metadata: name: special-config data: special-key: value

     bool-value: true

171. Can be accessed in a pod through environment variables

172. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

     "-c", "env" ] env: - name: SPECIAL_KEY valueFrom: configMapKeyRef: name: special-config key: special-key

173. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

     "-c", "env" ] envFrom: - configMapRef: name: special-config

174. Can be accessed through volumes

175. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

     "-c", "ls /etc/config/" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config

176. https:/ /kubernetes.io/docs/tasks/ configure-pod-container/configure-pod- configmap/

177. Secret

178. Storage for sensitive information

179. https:/ /kubernetes.io/docs/concepts/ configuration/secret

180. Scaling

181. Manual Scaling

182. kubectl scale --replicas=3 deployment/my-app

183. AutoScaling

184. https:/ /kubernetes.io/docs/user-guide/ horizontal-pod-autoscaling/

185. Summary

186. Powerful

187. Helpful

188. Fast paced development

189. https:/ /gravitational.com/blog/ kubernetes-release-cycle/

190. Keep up to date

191. Documentation

192. https:/ /kubernetes.io/docs/

193. KubeCons

194. https:/ /www.youtube.com/channel/ UCvqbFHwN-nwalWPjPUKpvTA

195. http:/ /speakerdeck.com/ u/bastianhofmann

196. [email protected] https:/ /twitter.com/BastianHofmann

197. Backup Slides

198. Figuring out what’s going on inside Kubernetes

199. Monitoring

200. Heapster

201. https:/ /github.com/kubernetes/heapster

202. Takes metrics from Kubernetes and stores them in a monitoring

     solution

203. InfluxDB

204. Prometheus

205. Grafana for displaying the data

206. None
207. None

208. https:/ /blog.kublr.com/how-to-utilize-the- heapster-influxdb-grafana-stack-in- kubernetes-for-monitoring- pods-4a553f4d36c9

209. Logging

210. kubectl logs

211. $ kubectl logs symfony-demo-5b75f5fc6- c7wr9

212. Log to stdout & stderr

213. Automatically written to disk

214. DaemonSet Log collector

215. • Logstash • Fluentd • Filebeat

216. Central log management

217. None

218. https:/ /www.elastic.co/blog/shipping- kubernetes-logs-to-elasticsearch-with- filebeat