Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Creating a fast Kubernetes Development Workflow

Creating a fast Kubernetes Development Workflow

Bastian Hofmann

May 26, 2019
Tweet

More Decks by Bastian Hofmann

Other Decks in Programming

Transcript

  1. @BastianHofmann
    Creating a fast
    Kubernetes Development Workflow
    Bastian Hofmann

    View full-size slide

  2. Container orchestration platform

    View full-size slide

  3. Deploy, run and scale your services
    in isolated containers

    View full-size slide

  4. Very Powerful

    View full-size slide

  5. Large community

    View full-size slide

  6. Lot’s of large company backers

    View full-size slide

  7. No vendor lock in

    View full-size slide

  8. Standardized APIs

    View full-size slide

  9. Cloud Providers

    View full-size slide

  10. Google Cloud Platform

    View full-size slide

  11. And if you don't want to install and
    maintain Kubernetes yourself

    View full-size slide

  12. Managed Kubernetes

    View full-size slide

  13. Easy upgrades

    View full-size slide

  14. Easy scaling

    View full-size slide

  15. Load Balancing

    View full-size slide

  16. Distributed Persistent Storage

    View full-size slide

  17. You can focus on what is important

    View full-size slide

  18. But this talk is about
    how to use Kubernetes

    View full-size slide

  19. Not only for production workloads

    View full-size slide

  20. But in your development workflows

    View full-size slide

  21. Kubernetes has standardized apis

    View full-size slide

  22. More and more integrations

    View full-size slide

  23. Introduction to Kubernetes

    View full-size slide

  24. Deployment of a simple application

    View full-size slide

  25. Deployment of a micro-service
    application

    View full-size slide

  26. Some tools for development with
    Kubernetes

    View full-size slide

  27. Why containers?

    View full-size slide

  28. Services run in isolation

    View full-size slide

  29. Everything needed to run a service in
    one image

    View full-size slide

  30. Make things …

    View full-size slide

  31. Easier to develop

    View full-size slide

  32. Easier to deploy

    View full-size slide

  33. Easier to upgrade system
    dependencies

    View full-size slide

  34. Easier to scale

    View full-size slide

  35. Better resource usage

    View full-size slide

  36. #safeThePlanet

    View full-size slide

  37. Kubernetes helps you to deploy, run
    and scale containers

    View full-size slide

  38. Let’s define some core concepts and
    terminology first

    View full-size slide

  39. Kubernetes Cluster

    View full-size slide

  40. • A docker image built from
    a Dockerfile that contains
    everything a service needs
    to run
    Image

    View full-size slide

  41. • A container runs a docker
    image.
    • Only 1 process can run
    inside of a container
    Container

    View full-size slide

  42. • A group of 1 or more
    containers
    • Same port space
    • Within a Pod:
    communication over
    localhost
    • Every Pod has it's own IP
    • All Pods can talk with each
    other
    • IPs change all the time
    Pod

    View full-size slide

  43. • Defines and manages how
    many instances of a pod
    should run
    • ReplicaSet is tied to a
    specific definition of a Pod
    which is tied to specific
    image versions of the
    container
    • Image versions in
    ReplicaSets can't be
    updated
    Replica Set

    View full-size slide

  44. • Manages updates and
    rollbacks of replica sets
    Deployment

    View full-size slide

  45. • Internal LoadBalancer
    • Makes all pods matching a
    set of labels accessible
    through a stable, internal
    IP address
    • You can attach external IP
    address through an cloud
    LoadBalancer
    Service

    View full-size slide

  46. • Makes a service
    accessible to the outside
    of Kubernetes through an
    ingress controller (e.g.
    nginx)
    • Traffic is routed by routing
    rules, usually Host header
    Ingress

    View full-size slide

  47. • A physical server
    • Containers get distributed
    automatically
    Node

    View full-size slide

  48. • Key/Value storage for
    configuration
    ConfigMap

    View full-size slide

  49. • Key/Value storage for
    configuration, usually
    passwords.
    Secret

    View full-size slide

  50. • Volumes can be mounted
    into a container to access
    a ConfigMap, Secret,
    persistent volumes with
    network storage or a folder
    on the node
    Volumes

    View full-size slide

  51. • Dedicated environment to
    deploy services in
    Namespaces

    View full-size slide

  52. CronJobs, DaemonSets,
    StatefulSets, ...

    View full-size slide

  53. Everything is a resource

    View full-size slide

  54. You interact with Kubernetes by
    creating, receiving, updating and
    deleting resources

    View full-size slide

  55. Kubernetes has controllers to listen
    on these interactions and get the
    cluster in the desired state

    View full-size slide

  56. The Kubernetes API can be extended
    with additional Resources and
    Controllers

    View full-size slide

  57. CustomResourceDefinitions

    View full-size slide

  58. Certificate, Backup, Restore,
    MySQLCluster, Function, ...

    View full-size slide

  59. kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    template:
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0
    ports:
    - containerPort: 80

    View full-size slide

  60. $ kubectl apply -f deployment.yaml

    View full-size slide

  61. $ kubectl get deployments
    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE
    AGE
    symfony-demo 1 1 1 1
    21h

    View full-size slide

  62. $ kubectl get deployment symfony-demo -o yaml
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
    annotations:
    ...
    spec:
    ...
    template:
    ...
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0

    View full-size slide

  63. $ kubectl delete deployment symfony-demo

    View full-size slide

  64. Practical example

    View full-size slide

  65. We need a cluster

    View full-size slide

  66. Let’s deploy an application

    View full-size slide

  67. What did just happen?

    View full-size slide

  68. Deployment created

    View full-size slide

  69. Sees new Deployment
    And creates new
    ReplicaSet with 1 desired
    replica

    View full-size slide

  70. Sees new ReplicaSet and
    Creates Pod for ReplicaSet

    View full-size slide

  71. Sees new unscheduled Pod and
    Schedules it to Node

    View full-size slide

  72. Sees it is supposed to start a Pod
    And starts its Containers

    View full-size slide

  73. Service created

    View full-size slide

  74. Sees the new Service
    And configures
    IP Table Rules and DNS entries

    View full-size slide

  75. Sees the new Service has the
    Type LoadBalancer and creates
    An External LB at the Cloud Provider

    View full-size slide

  76. What about Configuration

    View full-size slide

  77. What about TLS and DNS

    View full-size slide

  78. You don't want to implement TLS
    certificate handling in every public
    service

    View full-size slide

  79. Ingress Controller and cert-manager

    View full-size slide

  80. The ingress controller (nginx) listens
    on Ingress Resources and configures
    itself to route incoming traffic based
    on the host header to the correct
    running pods

    View full-size slide

  81. Cert-manager listens on Ingresses
    and if they want TLS, requests a
    certificate from LetsEncrypt

    View full-size slide

  82. External-DNS listens on Ingresses
    and creates DNS entries at
    DigitalOcean

    View full-size slide

  83. How is traffic routed to the Pod

    View full-size slide

  84. OpenStack LoadBalancer

    View full-size slide

  85. What about Persistent Storage and
    Databases

    View full-size slide

  86. Writing this YAML files is tedious

    View full-size slide

  87. YAML files are tied to a specific
    version and a specific environment

    View full-size slide

  88. Per Development team

    View full-size slide

  89. Per developer

    View full-size slide

  90. Still we'd need to maintain multiple
    very similar YAML files with slightly
    different versions and configuration.

    View full-size slide

  91. "Templating"

    View full-size slide

  92. Great tools because of standardized
    Kubernetes API

    View full-size slide

  93. Allows to install applications

    View full-size slide

  94. So called "charts"

    View full-size slide

  95. Writing your own charts if fairly easy

    View full-size slide

  96. Charts can depend on other charts

    View full-size slide

  97. Multiple deployments of one chart
    possible

    View full-size slide

  98. Different namespaces

    View full-size slide

  99. Different release names

    View full-size slide

  100. Configuration over values

    View full-size slide

  101. Different versions

    View full-size slide

  102. Different ingress urls

    View full-size slide

  103. $ helm install stable/wordpress --namespace bastian --name
    my-wordpress --values dev.yaml --values bastian.yaml

    View full-size slide

  104. Make a code change

    View full-size slide

  105. Build docker image

    View full-size slide

  106. Push docker image

    View full-size slide

  107. Run helm install/upgrade with new
    image version

    View full-size slide

  108. Can this be quicker?

    View full-size slide

  109. Watches for changes

    View full-size slide

  110. Rebuilds docker image

    View full-size slide

  111. Deploys to Kubernetes

    View full-size slide

  112. You can use your helm templates

    View full-size slide

  113. Demo application

    View full-size slide

  114. web
    quote-svc
    hello-svc

    View full-size slide

  115. Not all services have an ingress

    View full-size slide

  116. Accessing Kubernetes from the
    outside

    View full-size slide

  117. web
    quote-svc
    hello-svc

    View full-size slide

  118. Getting a shell in a running container

    View full-size slide

  119. $ kubectl exec $POD_NAME -i -t -- /bin/bash

    View full-size slide

  120. Port forwarding through kubectl

    View full-size slide

  121. $ kubectl port-forward pod/$POD_NAME 8080:80

    View full-size slide

  122. $ kubectl port-forward service/$SERVICE_NAME 8080:80

    View full-size slide

  123. What about step debugging?

    View full-size slide

  124. Of course you can run everything
    locally

    View full-size slide

  125. But you develop only on one service

    View full-size slide

  126. There may be lots of services

    View full-size slide

  127. You don't want to expose all services
    publicly

    View full-size slide

  128. Port-forwarding all services is also
    work

    View full-size slide

  129. Telepresence

    View full-size slide

  130. Creates a two-way proxy between
    the Kubernetes cluster and you

    View full-size slide

  131. $ telepresence
    T: Starting proxy with method 'vpn-tcp'...
    @fhgbvx65xg|bash-3.2$ curl http://quote-svc/quote | jq '.'
    [
    {
    "ID": 503,
    "title": "stefan sagmeister",
    "content": "...\n",
    "link": "https://quotesondesign.com/stefan-
    sagmeister-2/"
    }
    ]

    View full-size slide

  132. Swap a running deployment in the
    cluster with a local process

    View full-size slide

  133. ... or a locally running docker
    container

    View full-size slide

  134. $ telepresence --swap-deployment quote-svc --namespace
    dev-flow-demo --expose 3000 --run npm run debug
    T: Starting proxy with method 'vpn-tcp',...
    T: Forwarding remote port 3000 to local port 3000....
    > [email protected] debug /Users/bhofmann/forge_test/quote-
    svc
    > nodemon --inspect quote-svc.js
    [nodemon] watching: *.*
    [nodemon] starting `node --inspect quote-svc.js`
    Debugger listening on ws://127.0.0.1:9229/83aa27ac-
    d879-4b50-a228-440354cca791
    quote svc listening on port 3000!

    View full-size slide

  135. Great tooling because of common
    APIs

    View full-size slide

  136. Especially great if you have multiple
    services and don't want to run
    everything locally

    View full-size slide

  137. I just picked helm, tilt and
    telepresence. There is more for
    different use-cases.

    View full-size slide

  138. http:/
    /speakerdeck.com/
    u/bastianhofmann

    View full-size slide

  139. https:/
    /github.com/bashofmann/
    kubernetes-dev-flow-demo

    View full-size slide

  140. [email protected]
    https:/
    /twitter.com/BastianHofmann

    View full-size slide