Dive-In-Workshop: Kubernetes

Dive-In-Workshop: Kubernetes

8e82eb7e128a14a16d642ae55227339b?s=128

Bastian Hofmann

May 07, 2019
Tweet

Transcript

  1. @BastianHofmann Dive-In-Workshop: Kubernetes Bastian Hofmann Simon Pearce

  2. None
  3. Container orchestration platform

  4. Deploy, run and scale your services in isolated containers

  5. Very Powerful

  6. Large community

  7. Lot’s of large company backers

  8. No vendor lock in

  9. Standardized APIs

  10. Runs on

  11. Your laptop

  12. None
  13. Bare metal

  14. Cloud Providers

  15. AWS

  16. Azure

  17. Google Cloud Platform

  18. And if you don't want to install and maintain Kubernetes

    yourself
  19. Managed Kubernetes

  20. None
  21. Easy setup

  22. Easy upgrades

  23. Easy scaling

  24. Features

  25. Load Balancing

  26. Distributed Persistent Storage

  27. Some do offer

  28. Backups

  29. Hyperscaling

  30. Premium support

  31. Carefree Usage & pro-active monitoring

  32. But this workshop is about how to use Kubernetes

  33. Learning curve

  34. Agenda

  35. None
  36. You will get your own clusters

  37. • Deployments • CronJobs • Role-Based-Access-Control • Resource Requests, Limits

    & Quotas • Readiness and Liveness-Probes, NodeSelectors & PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-controller • Running a MySQL DB • Helm • Service Discovery • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • Continuous Delivery with Flux
  38. But first

  39. Why containers?

  40. Services run in isolation

  41. Everything needed to run a service in one image

  42. Decouple Ops and Dev

  43. Make things …

  44. Easier to deploy

  45. Easier to upgrade system dependencies

  46. Easier to develop

  47. Easier to scale

  48. Better resource usage

  49. #safeThePlanet

  50. None
  51. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]
  52. docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

  53. docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

  54. Kubernetes helps you to run and deploy containers

  55. Let’s define some core concepts and terminology first

  56. Kubernetes Cluster

  57. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image
  58. • A container runs a docker image. • Only 1

    process can run inside of a container Container
  59. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod
  60. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set
  61. • Manages updates and rollbacks of replica sets Deployment

  62. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service
  63. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress
  64. • A physical server • Containers get distributed automatically Node

  65. • Key/Value storage for configuration ConfigMap

  66. • Key/Value storage for configuration, usually passwords. Secret

  67. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes
  68. • Dedicated environment to deploy services in Namespaces

  69. • Includes a Pod that is started in a regular

    interval • Process in the container should finish at some point CronJob
  70. • Defines Pod that should run once on every Node

    • Useful for monitoring or logging daemons DaemonSet
  71. • Ensures that Pods are started and run in a

    specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2
  72. ...

  73. Everything is a resource

  74. You interact with Kubernetes by creating, receiving, updating and deleting

    resources
  75. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state
  76. The Kubernetes API can be extended with additional Resources and

    Controllers
  77. CustomResourceDefinitions

  78. Certificate, Backup, Restore, MySQLCluster, Function, ...

  79. Operators

  80. None
  81. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

    containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80
  82. $ kubectl apply -f deployment.yaml

  83. $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE

    symfony-demo 1 1 1 1 21h
  84. $ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind:

    Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0
  85. $ kubectl delete deployment symfony-demo

  86. Tooling

  87. kubectl

  88. $ kubectl get pods

  89. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d
  90. REST API

  91. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",
  92. kubernetes-dashboard

  93. None
  94. Helm The package manager for Kubernetes

  95. $ helm install stable/wordpress

  96. Demo

  97. Demo code and instructions: https:/ /github.com/syseleven/ golem-workshop

  98. # 01 Deploying a simple Web Application

  99. What did just happen?

  100. None
  101. Deployment created

  102. Sees new Deployment And creates new ReplicaSet with 1 desired

    replica
  103. Sees new ReplicaSet and Creates Pod for ReplicaSet

  104. Sees new unscheduled Pod and Schedules it to Node

  105. Sees it is supposed to start a Pod And starts

    its Containers
  106. Service created

  107. Sees the new Service And configures IP Table Rules and

    DNS entries
  108. Sees the new Service has the Type LoadBalancer and creates

    An External LB at the Cloud Provider
  109. How is traffic routed to the Pod

  110. The Service loadbalances incoming traffic to all available Pods

  111. Every Service has a virtual IP

  112. Round Robin with IP Tables rules

  113. OpenStack LoadBalancer

  114. # 10 Using an Ingress with TLS

  115. The ingress controller (nginx) listens on Ingress Resources and configures

    itself to route incoming traffic based on the host header to the correct running pods
  116. Cert-manager listens on Ingresses and if they want TLS, requests

    a certificate from LetsEncrypt
  117. External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

  118. How is traffic routed to the Pod

  119. OpenStack LoadBalancer

  120. # 15 Service Meshes

  121. What are Service Meshes?

  122. None
  123. They provide

  124. Metrics and Traces

  125. Transparent End-To-End Encryption

  126. Advanced Routing

  127. Istio

  128. LinkerD

  129. $ linkerd install | kubectl apply -f -