Deploying your first Micro-Service application to Kubernetes

Transcript

1. @BastianHofmann Deploying your first Micro-Service application to Kubernetes Bastian Hofmann

2. None

3. Container orchestration platform

4. Deploy, run and scale your services in isolated containers

5. Very Powerful

6. Lot’s of large company backers

7. No vendor lock in

8. Standardized APIs

9. Runs on

10. Your laptop

11. None

12. Bare metal

13. Cloud Providers

14. And if you don't want to install and maintain Kubernetes

    yourself

15. Managed Kubernetes

16. None

17. Easy setup

18. Easy upgrades

19. Easy scaling

20. Features

21. Load Balancing

22. Distributed Persistent Storage

23. Backups

24. But this workshop is about how to use Kubernetes

25. Learning curve

26. Agenda

27. None

28. • Deployments • CronJobs • Readiness and Liveness-Probes, NodeSelectors &

    PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress- controller • Running a MySQL DB • Helm • Service Discovery

29. Optionally

30. • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana

    and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • GitOps with Flux • Development with Tilt and Telepresence

31. But first

32. Why containers?

33. Services run in isolation

34. Everything needed to run a service in one image

35. Make things …

36. Easier to deploy

37. Easier to upgrade system dependencies

38. Easier to develop

39. Easier to scale

40. Better resource usage

41. #safeThePlanet

42. None

43. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

44. docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

45. docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

46. Kubernetes helps you to run and deploy containers

47. Let’s define some core concepts and terminology first

48. Kubernetes Cluster

49. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image

50. • A container runs a docker image. • Only 1

    process can run inside of a container Container

51. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod

52. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set

53. • Manages updates and rollbacks of replica sets Deployment

54. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service

55. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress

56. • A physical server • Containers get distributed automatically Node

57. • Key/Value storage for configuration ConfigMap

58. • Key/Value storage for configuration, usually passwords. Secret

59. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes

60. • Dedicated environment to deploy services in Namespaces

61. • Includes a Pod that is started in a regular

    interval • Process in the container should finish at some point CronJob

62. • Defines Pod that should run once on every Node

    • Useful for monitoring or logging daemons DaemonSet

63. • Ensures that Pods are started and run in a

    specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2

64. ...

65. Everything is a resource

66. You interact with Kubernetes by creating, receiving, updating and deleting

    resources

67. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state

68. The Kubernetes API can be extended with additional Resources and

    Controllers

69. CustomResourceDefinitions

70. Certificate, Backup, Restore, MySQLCluster, Function, ...

71. Controllers / Operators

72. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

    containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

73. $ kubectl apply -f deployment.yaml

74. $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE

    symfony-demo 1 1 1 1 21h

75. $ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind:

    Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0

76. $ kubectl delete deployment symfony-demo

77. Tooling

78. kubectl

79. REST API

80. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

81. kubernetes-dashboard

82. None

83. Helm The package manager for Kubernetes

84. $ helm install stable/wordpress

85. Demo

86. Demo code and instructions: https:/ /github.com/bashofmann/kubernetes-workshop-halfday http:/ /bit.ly/2RwgrV8 => Download

    and copy to ~/.kube/config Install kubectl: https:/ /kubernetes.io/docs/tasks/tools/install-kubectl/ If you are not allowed to install kubectl locally: http:/ /bit.ly/2WZih1Z

87. # 01 Deploying a simple Web Application

88. What did just happen?

89. None

90. Deployment created

91. Sees new Deployment And creates new ReplicaSet with 1 desired

    replica

92. Sees new ReplicaSet and Creates Pod for ReplicaSet

93. Sees new unscheduled Pod and Schedules it to Node

94. Sees it is supposed to start a Pod And starts

    its Containers

95. Service created

96. Sees the new Service And configures IP Table Rules and

    DNS entries

97. Sees the new Service has the Type LoadBalancer and creates

    An External LB at the Cloud Provider

98. How is traffic routed to the Pod

99. The Service loadbalances incoming traffic to all available Pods

100. Every Service has a virtual IP

101. Round Robin with IP Tables rules

102. OpenStack LoadBalancer

103. # 10 Using an Ingress with TLS

104. The ingress controller (nginx) listens on Ingress Resources and configures

     itself to route incoming traffic based on the host header to the correct running pods

105. Cert-manager listens on Ingresses and if they want TLS, requests

     a certificate from LetsEncrypt

106. External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

107. How is traffic routed to the Pod

108. OpenStack LoadBalancer

109. Operators

110. None

111. # 15 Service Meshes

112. What are Service Meshes?

113. None

114. They provide

115. Metrics and Traces

116. Transparent End-To-End Encryption

117. Advanced Routing

118. Istio

119. LinkerD

120. $ linkerd install | kubectl apply -f -

121. Flux

122. None