Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deploying your first Micro-Service application to Kubernetes

Deploying your first Micro-Service application to Kubernetes

Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this workshop you will deploy your first application which consists of multiple Micro-Services to Kubernetes and learn how you can use Persistant Storage and set upsensible Monitoring and Logging tooling.

Bastian Hofmann

June 24, 2019
Tweet

More Decks by Bastian Hofmann

Other Decks in Programming

Transcript

  1. @BastianHofmann
    Deploying your first
    Micro-Service application
    to Kubernetes
    Bastian Hofmann

    View full-size slide

  2. Container orchestration platform

    View full-size slide

  3. Deploy, run and scale your services
    in isolated containers

    View full-size slide

  4. Very Powerful

    View full-size slide

  5. Lot’s of large company backers

    View full-size slide

  6. No vendor lock in

    View full-size slide

  7. Standardized APIs

    View full-size slide

  8. Cloud Providers

    View full-size slide

  9. And if you don't want to install and
    maintain Kubernetes yourself

    View full-size slide

  10. Managed Kubernetes

    View full-size slide

  11. Easy upgrades

    View full-size slide

  12. Easy scaling

    View full-size slide

  13. Load Balancing

    View full-size slide

  14. Distributed Persistent Storage

    View full-size slide

  15. But this workshop is about
    how to use Kubernetes

    View full-size slide

  16. Learning curve

    View full-size slide

  17. • Deployments
    • CronJobs
    • Readiness and Liveness-Probes, NodeSelectors & PodAffinities
    • ConfigMaps & Secrets
    • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-
    controller
    • Running a MySQL DB
    • Helm
    • Service Discovery

    View full-size slide

  18. • Service Meshes with LinkerD
    • Monitoring with Prometheus, Grafana and Alertmanager
    • Logging with ElasticSearch, FluentD and Kibana
    • GitOps with Flux
    • Development with Tilt and Telepresence

    View full-size slide

  19. Why containers?

    View full-size slide

  20. Services run in isolation

    View full-size slide

  21. Everything needed to run a service in
    one image

    View full-size slide

  22. Make things …

    View full-size slide

  23. Easier to deploy

    View full-size slide

  24. Easier to upgrade system
    dependencies

    View full-size slide

  25. Easier to develop

    View full-size slide

  26. Easier to scale

    View full-size slide

  27. Better resource usage

    View full-size slide

  28. #safeThePlanet

    View full-size slide

  29. FROM php:7.2-apache
    WORKDIR /var/www/html
    RUN apt-get update -y && \
    apt-get install -y --no-install-recommends curl \
    rm -rf /var/lib/apt/lists/*
    ENV TMP_DIR /tmp
    COPY . /var/www/html/
    EXPOSE 80
    ENTRYPOINT [“apache2”, “-DFOREGROUND”]

    View full-size slide

  30. docker build -t gitlab.syseleven.de/syseleven/symfony-
    demo:2.0.0 .

    View full-size slide

  31. docker run -p 8080:80 syseleven/symfony-demo:2.0.0
    docker push syseleven/symfony-demo:2.0.0

    View full-size slide

  32. Kubernetes helps you to run and
    deploy containers

    View full-size slide

  33. Let’s define some core concepts and
    terminology first

    View full-size slide

  34. Kubernetes Cluster

    View full-size slide

  35. • A docker image built from
    a Dockerfile that contains
    everything a service needs
    to run
    Image

    View full-size slide

  36. • A container runs a docker
    image.
    • Only 1 process can run
    inside of a container
    Container

    View full-size slide

  37. • A group of 1 or more
    containers
    • Same port space
    • Within a Pod:
    communication over
    localhost
    • Every Pod has it's own IP
    • All Pods can talk with each
    other
    • IPs change all the time
    Pod

    View full-size slide

  38. • Defines and manages how
    many instances of a pod
    should run
    • ReplicaSet is tied to a
    specific definition of a Pod
    which is tied to specific
    image versions of the
    container
    • Image versions in
    ReplicaSets can't be
    updated
    Replica Set

    View full-size slide

  39. • Manages updates and
    rollbacks of replica sets
    Deployment

    View full-size slide

  40. • Internal LoadBalancer
    • Makes all pods matching a
    set of labels accessible
    through a stable, internal
    IP address
    • You can attach external IP
    address through an cloud
    LoadBalancer
    Service

    View full-size slide

  41. • Makes a service
    accessible to the outside
    of Kubernetes through an
    ingress controller (e.g.
    nginx)
    • Traffic is routed by routing
    rules, usually Host header
    Ingress

    View full-size slide

  42. • A physical server
    • Containers get distributed
    automatically
    Node

    View full-size slide

  43. • Key/Value storage for
    configuration
    ConfigMap

    View full-size slide

  44. • Key/Value storage for
    configuration, usually
    passwords.
    Secret

    View full-size slide

  45. • Volumes can be mounted
    into a container to access
    a ConfigMap, Secret,
    persistent volumes with
    network storage or a folder
    on the node
    Volumes

    View full-size slide

  46. • Dedicated environment to
    deploy services in
    Namespaces

    View full-size slide

  47. • Includes a Pod that is
    started in a regular interval
    • Process in the container
    should finish at some point
    CronJob

    View full-size slide

  48. • Defines Pod that should
    run once on every Node
    • Useful for monitoring or
    logging daemons
    DaemonSet

    View full-size slide

  49. • Ensures that Pods are
    started and run in a
    specific order
    • Each Pod of a StatefulSet
    can have its own persistent
    volume
    • Pod names stay the same
    StatefulSet
    1 2

    View full-size slide

  50. Everything is a resource

    View full-size slide

  51. You interact with Kubernetes by
    creating, receiving, updating and
    deleting resources

    View full-size slide

  52. Kubernetes has controllers to listen
    on these interactions and get the
    cluster in the desired state

    View full-size slide

  53. The Kubernetes API can be extended
    with additional Resources and
    Controllers

    View full-size slide

  54. CustomResourceDefinitions

    View full-size slide

  55. Certificate, Backup, Restore,
    MySQLCluster, Function, ...

    View full-size slide

  56. Controllers / Operators

    View full-size slide

  57. kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    template:
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0
    ports:
    - containerPort: 80

    View full-size slide

  58. $ kubectl apply -f deployment.yaml

    View full-size slide

  59. $ kubectl get deployments
    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE
    AGE
    symfony-demo 1 1 1 1
    21h

    View full-size slide

  60. $ kubectl get deployment symfony-demo -o yaml
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
    annotations:
    ...
    spec:
    ...
    template:
    ...
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0

    View full-size slide

  61. $ kubectl delete deployment symfony-demo

    View full-size slide

  62. $ kubectl proxy --port=8080
    $ curl http://localhost:8080/api/v1/namespaces/default/
    pods
    {
    "kind": "PodList",
    "apiVersion": "v1",
    "metadata": {
    "selfLink": "/api/v1/namespaces/default/pods",
    "resourceVersion": "336834"
    },
    "items": [
    {
    "metadata": {
    "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

    View full-size slide

  63. kubernetes-dashboard

    View full-size slide

  64. Helm
    The package manager for
    Kubernetes

    View full-size slide

  65. $ helm install stable/wordpress

    View full-size slide

  66. Demo code and instructions:
    https:/
    /github.com/bashofmann/kubernetes-workshop-halfday
    http:/
    /bit.ly/2RwgrV8 => Download and copy to ~/.kube/config
    Install kubectl:
    https:/
    /kubernetes.io/docs/tasks/tools/install-kubectl/
    If you are not allowed to install kubectl locally:
    http:/
    /bit.ly/2WZih1Z

    View full-size slide

  67. # 01 Deploying a simple Web
    Application

    View full-size slide

  68. What did just happen?

    View full-size slide

  69. Deployment created

    View full-size slide

  70. Sees new Deployment
    And creates new
    ReplicaSet with 1 desired
    replica

    View full-size slide

  71. Sees new ReplicaSet and
    Creates Pod for ReplicaSet

    View full-size slide

  72. Sees new unscheduled Pod and
    Schedules it to Node

    View full-size slide

  73. Sees it is supposed to start a Pod
    And starts its Containers

    View full-size slide

  74. Service created

    View full-size slide

  75. Sees the new Service
    And configures
    IP Table Rules and DNS entries

    View full-size slide

  76. Sees the new Service has the
    Type LoadBalancer and creates
    An External LB at the Cloud Provider

    View full-size slide

  77. How is traffic routed to the Pod

    View full-size slide

  78. The Service loadbalances incoming
    traffic to all available Pods

    View full-size slide

  79. Every Service has a virtual IP

    View full-size slide

  80. Round Robin with IP Tables rules

    View full-size slide

  81. OpenStack LoadBalancer

    View full-size slide

  82. # 10 Using an Ingress with TLS

    View full-size slide

  83. The ingress controller (nginx) listens
    on Ingress Resources and configures
    itself to route incoming traffic based
    on the host header to the correct
    running pods

    View full-size slide

  84. Cert-manager listens on Ingresses
    and if they want TLS, requests a
    certificate from LetsEncrypt

    View full-size slide

  85. External-DNS listens on Ingresses
    and creates DNS entries at
    DigitalOcean

    View full-size slide

  86. How is traffic routed to the Pod

    View full-size slide

  87. OpenStack LoadBalancer

    View full-size slide

  88. # 15 Service Meshes

    View full-size slide

  89. What are Service Meshes?

    View full-size slide

  90. They provide

    View full-size slide

  91. Metrics and Traces

    View full-size slide

  92. Transparent End-To-End Encryption

    View full-size slide

  93. Advanced Routing

    View full-size slide

  94. $ linkerd install | kubectl apply -f -

    View full-size slide