$30 off During Our Annual Pro Sale. View Details »

Dive-In-Workshop: Kubernetes

Bastian Hofmann
May 07, 2019
Programming
0
410

Dive-In-Workshop: Kubernetes

Bastian Hofmann

May 07, 2019
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
Monitoring in Kubernetes with Prometheus and Grafana
bastianhofmann
0
190
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
73
Highly available cross-region deployments with Kubernetes
bastianhofmann
1
99
From source to Kubernetes in 30 minutes
bastianhofmann
0
100
Introduction to Kubernetes
bastianhofmann
1
140
CI/CD with Kubernetes
bastianhofmann
0
120
Creating a fast Kubernetes Development Workflow
bastianhofmann
1
220
Deploying your first Micro-Service application to Kubernetes
bastianhofmann
2
140
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
130

Other Decks in Programming

See All in Programming
Node.jsの2022年と未来 / Node.js in 2022 and Future
masashi
1
640
GISとDjango GEOS APIの話
mierune
0
290
レガシーフロントエンドからNext.jsへの段階移行を可能にするAWS構成
tamizuma
10
3.1k
Git 未経験者 が GitHub Actions で CICD できるようになるまで / 20221127-JJUGCCC-2022-Fall-Git-beginner-built-CICD-pipeline-with-GitHubActions
mackey0225
2
120
Vue + TypeScript で 0 → 1サービス開発
ryamakuchi
2
340
Ship Faster With Feature Flags
davidodari
0
150
XR技術をめちゃくちゃ流行らせるためにちゅらデータが取り組んでいること
mo84dan5
0
110
Elm_LandでElm入門
negiboudu
0
150
KubeCon + CNCon Europe 2022 Recap ~ Istio Today and Tomorrow: Sidecars and Beyond
ksudate
0
120
2022 - 默默會 - 重新學習 MVC 的 Model
elct9620
1
210
Kaigi_on_Rails_2022スポンサーLT登壇資料.pdf
yuta_onishi_97
1
270
良い設計と悪い設計の違い
masuda220
PRO
16
17k

Featured

See All Featured
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
175
8.9k
Product Roadmaps are Hard
iamctodd
35
7.5k
Optimizing for Happiness
mojombo
364
64k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
760
Reflections from 52 weeks, 52 projects
jeffersonlam
337
18k
Bash Introduction
62gerente
600
210k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
Building an army of robots
kneath
301
40k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
54k
Fantastic passwords and where to find them - at NoRuKo
philnash
31
1.8k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.3k

Transcript

  1. @BastianHofmann Dive-In-Workshop: Kubernetes Bastian Hofmann Simon Pearce

  2. None

  3. Container orchestration platform

  4. Deploy, run and scale your services in isolated containers

  5. Very Powerful

  6. Large community

  7. Lot’s of large company backers

  8. No vendor lock in

  9. Standardized APIs

  10. Runs on

  11. Your laptop

  12. None

  13. Bare metal

  14. Cloud Providers

  15. AWS

  16. Azure

  17. Google Cloud Platform

  18. And if you don't want to install and maintain Kubernetes

    yourself

  19. Managed Kubernetes

  20. None

  21. Easy setup

  22. Easy upgrades

  23. Easy scaling

  24. Features

  25. Load Balancing

  26. Distributed Persistent Storage

  27. Some do offer

  28. Backups

  29. Hyperscaling

  30. Premium support

  31. Carefree Usage & pro-active monitoring

  32. But this workshop is about how to use Kubernetes

  33. Learning curve

  34. Agenda

  35. None

  36. You will get your own clusters

  37. • Deployments • CronJobs • Role-Based-Access-Control • Resource Requests, Limits

    & Quotas • Readiness and Liveness-Probes, NodeSelectors & PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-controller • Running a MySQL DB • Helm • Service Discovery • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • Continuous Delivery with Flux

  38. But first

  39. Why containers?

  40. Services run in isolation

  41. Everything needed to run a service in one image

  42. Decouple Ops and Dev

  43. Make things …

  44. Easier to deploy

  45. Easier to upgrade system dependencies

  46. Easier to develop

  47. Easier to scale

  48. Better resource usage

  49. #safeThePlanet

  50. None

  51. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

  52. docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

  53. docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

  54. Kubernetes helps you to run and deploy containers

  55. Let’s define some core concepts and terminology first

  56. Kubernetes Cluster

  57. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image

  58. • A container runs a docker image. • Only 1

    process can run inside of a container Container

  59. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod

  60. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set

  61. • Manages updates and rollbacks of replica sets Deployment

  62. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service

  63. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress

  64. • A physical server • Containers get distributed automatically Node

  65. • Key/Value storage for configuration ConfigMap

  66. • Key/Value storage for configuration, usually passwords. Secret

  67. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes

  68. • Dedicated environment to deploy services in Namespaces

  69. • Includes a Pod that is started in a regular

    interval • Process in the container should finish at some point CronJob

  70. • Defines Pod that should run once on every Node

    • Useful for monitoring or logging daemons DaemonSet

  71. • Ensures that Pods are started and run in a

    specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2

  72. ...

  73. Everything is a resource

  74. You interact with Kubernetes by creating, receiving, updating and deleting

    resources

  75. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state

  76. The Kubernetes API can be extended with additional Resources and

    Controllers

  77. CustomResourceDefinitions

  78. Certificate, Backup, Restore, MySQLCluster, Function, ...

  79. Operators

  80. None

  81. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

    containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

  82. $ kubectl apply -f deployment.yaml

  83. $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE

    symfony-demo 1 1 1 1 21h

  84. $ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind:

    Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0

  85. $ kubectl delete deployment symfony-demo

  86. Tooling

  87. kubectl

  88. $ kubectl get pods

  89. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

  90. REST API

  91. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

  92. kubernetes-dashboard

  93. None

  94. Helm The package manager for Kubernetes

  95. $ helm install stable/wordpress

  96. Demo

  97. Demo code and instructions: https:/ /github.com/syseleven/ golem-workshop

  98. # 01 Deploying a simple Web Application

  99. What did just happen?

  100. None

  101. Deployment created

  102. Sees new Deployment And creates new ReplicaSet with 1 desired

    replica

  103. Sees new ReplicaSet and Creates Pod for ReplicaSet

  104. Sees new unscheduled Pod and Schedules it to Node

  105. Sees it is supposed to start a Pod And starts

    its Containers

  106. Service created

  107. Sees the new Service And configures IP Table Rules and

    DNS entries

  108. Sees the new Service has the Type LoadBalancer and creates

    An External LB at the Cloud Provider

  109. How is traffic routed to the Pod

  110. The Service loadbalances incoming traffic to all available Pods

  111. Every Service has a virtual IP

  112. Round Robin with IP Tables rules

  113. OpenStack LoadBalancer

  114. # 10 Using an Ingress with TLS

  115. The ingress controller (nginx) listens on Ingress Resources and configures

    itself to route incoming traffic based on the host header to the correct running pods

  116. Cert-manager listens on Ingresses and if they want TLS, requests

    a certificate from LetsEncrypt

  117. External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

  118. How is traffic routed to the Pod

  119. OpenStack LoadBalancer

  120. # 15 Service Meshes

  121. What are Service Meshes?

  122. None

  123. They provide

  124. Metrics and Traces

  125. Transparent End-To-End Encryption

  126. Advanced Routing

  127. Istio

  128. LinkerD

  129. $ linkerd install | kubectl apply -f -