$30 off During Our Annual Pro Sale. View Details »

Deploying your first Micro-Service application to Kubernetes

Deploying your first Micro-Service application to Kubernetes

Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this workshop you will deploy your first application which consists of multiple Micro-Services to Kubernetes and learn how you can use Persistant Storage and set upsensible Monitoring and Logging tooling.

Bastian Hofmann

June 24, 2019

More Decks by Bastian Hofmann

Other Decks in Programming


  1. @BastianHofmann Deploying your first Micro-Service application to Kubernetes Bastian Hofmann

  2. None
  3. Container orchestration platform

  4. Deploy, run and scale your services in isolated containers

  5. Very Powerful

  6. Lot’s of large company backers

  7. No vendor lock in

  8. Standardized APIs

  9. Runs on

  10. Your laptop

  11. None
  12. Bare metal

  13. Cloud Providers

  14. And if you don't want to install and maintain Kubernetes

  15. Managed Kubernetes

  16. None
  17. Easy setup

  18. Easy upgrades

  19. Easy scaling

  20. Features

  21. Load Balancing

  22. Distributed Persistent Storage

  23. Backups

  24. But this workshop is about how to use Kubernetes

  25. Learning curve

  26. Agenda

  27. None
  28. • Deployments • CronJobs • Readiness and Liveness-Probes, NodeSelectors &

    PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress- controller • Running a MySQL DB • Helm • Service Discovery
  29. Optionally

  30. • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana

    and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • GitOps with Flux • Development with Tilt and Telepresence
  31. But first

  32. Why containers?

  33. Services run in isolation

  34. Everything needed to run a service in one image

  35. Make things …

  36. Easier to deploy

  37. Easier to upgrade system dependencies

  38. Easier to develop

  39. Easier to scale

  40. Better resource usage

  41. #safeThePlanet

  42. None
  43. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]
  44. docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

  45. docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

  46. Kubernetes helps you to run and deploy containers

  47. Let’s define some core concepts and terminology first

  48. Kubernetes Cluster

  49. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image
  50. • A container runs a docker image. • Only 1

    process can run inside of a container Container
  51. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod
  52. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set
  53. • Manages updates and rollbacks of replica sets Deployment

  54. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service
  55. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress
  56. • A physical server • Containers get distributed automatically Node

  57. • Key/Value storage for configuration ConfigMap

  58. • Key/Value storage for configuration, usually passwords. Secret

  59. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes
  60. • Dedicated environment to deploy services in Namespaces

  61. • Includes a Pod that is started in a regular

    interval • Process in the container should finish at some point CronJob
  62. • Defines Pod that should run once on every Node

    • Useful for monitoring or logging daemons DaemonSet
  63. • Ensures that Pods are started and run in a

    specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2
  64. ...

  65. Everything is a resource

  66. You interact with Kubernetes by creating, receiving, updating and deleting

  67. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state
  68. The Kubernetes API can be extended with additional Resources and

  69. CustomResourceDefinitions

  70. Certificate, Backup, Restore, MySQLCluster, Function, ...

  71. Controllers / Operators

  72. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

    containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80
  73. $ kubectl apply -f deployment.yaml

  74. $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE

    symfony-demo 1 1 1 1 21h
  75. $ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind:

    Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0
  76. $ kubectl delete deployment symfony-demo

  77. Tooling

  78. kubectl

  79. REST API

  80. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",
  81. kubernetes-dashboard

  82. None
  83. Helm The package manager for Kubernetes

  84. $ helm install stable/wordpress

  85. Demo

  86. Demo code and instructions: https:/ /github.com/bashofmann/kubernetes-workshop-halfday http:/ /bit.ly/2RwgrV8 => Download

    and copy to ~/.kube/config Install kubectl: https:/ /kubernetes.io/docs/tasks/tools/install-kubectl/ If you are not allowed to install kubectl locally: http:/ /bit.ly/2WZih1Z
  87. # 01 Deploying a simple Web Application

  88. What did just happen?

  89. None
  90. Deployment created

  91. Sees new Deployment And creates new ReplicaSet with 1 desired

  92. Sees new ReplicaSet and Creates Pod for ReplicaSet

  93. Sees new unscheduled Pod and Schedules it to Node

  94. Sees it is supposed to start a Pod And starts

    its Containers
  95. Service created

  96. Sees the new Service And configures IP Table Rules and

    DNS entries
  97. Sees the new Service has the Type LoadBalancer and creates

    An External LB at the Cloud Provider
  98. How is traffic routed to the Pod

  99. The Service loadbalances incoming traffic to all available Pods

  100. Every Service has a virtual IP

  101. Round Robin with IP Tables rules

  102. OpenStack LoadBalancer

  103. # 10 Using an Ingress with TLS

  104. The ingress controller (nginx) listens on Ingress Resources and configures

    itself to route incoming traffic based on the host header to the correct running pods
  105. Cert-manager listens on Ingresses and if they want TLS, requests

    a certificate from LetsEncrypt
  106. External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

  107. How is traffic routed to the Pod

  108. OpenStack LoadBalancer

  109. Operators

  110. None
  111. # 15 Service Meshes

  112. What are Service Meshes?

  113. None
  114. They provide

  115. Metrics and Traces

  116. Transparent End-To-End Encryption

  117. Advanced Routing

  118. Istio

  119. LinkerD

  120. $ linkerd install | kubectl apply -f -

  121. Flux

  122. None