Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dive-In-Workshop: Kubernetes

Bastian Hofmann
May 07, 2019
Programming
0
420

Dive-In-Workshop: Kubernetes

Bastian Hofmann

May 07, 2019
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
Monitoring in Kubernetes with Prometheus and Grafana
bastianhofmann
0
230
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
79
Highly available cross-region deployments with Kubernetes
bastianhofmann
1
110
From source to Kubernetes in 30 minutes
bastianhofmann
0
100
Introduction to Kubernetes
bastianhofmann
1
140
CI/CD with Kubernetes
bastianhofmann
0
120
Creating a fast Kubernetes Development Workflow
bastianhofmann
1
230
Deploying your first Micro-Service application to Kubernetes
bastianhofmann
2
150
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
140

Other Decks in Programming

See All in Programming
社内AI勉強会 ChatGPT入門 ~生成AIの基本とその活用法~
beenos
0
330
Jakarta EE 10 - Simplicity for Modern and Lightweight Cloud
ivargrimstad
0
690
Construindo APIs resilientes: práticas de versionamento e documentação
monicaribeiro
0
140
CDK Day 2023 - Configure cross-account deployment using CDK
hassaku63
0
150
理解して導入するWebフレームワーク ~解決すべき課題に着目する~ / Understanding and implementing web frameworks ~focusing on the problems to be solved~
seike460
PRO
3
780
Help Collisions, Isolate the Worlds
tagomoris
0
110
iOSアプリ開発における効果的なUnitTestの戦略とその実装
mot_techtalk
1
240
The impact of API Platform on Open-Source
loic425
0
130
Compose で Android/iOS アプリを作る
m_coder
0
2.2k
Micro Frontends with Modern Angular
manfredsteyer
PRO
0
110
テーブル駆動テストと状態
hazumirr
2
1.1k
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
180

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
890
We Have a Design System, Now What?
morganepeng
40
6.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Done Done
chrislema
178
15k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.2k
YesSQL, Process and Tooling at Scale
rocio
159
13k
Designing for Performance
lara
601
66k
Adopting Sorbet at Scale
ufuk
66
8.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
318
23k
A Tale of Four Properties
chriscoyier
150
21k

Transcript

  1. @BastianHofmann
    Dive-In-Workshop: Kubernetes
    Bastian Hofmann
    Simon Pearce

    View Slide

  2. View Slide

  3. Container orchestration platform

    View Slide

  4. Deploy, run and scale your services
    in isolated containers

    View Slide

  5. Very Powerful

    View Slide

  6. Large community

    View Slide

  7. Lot’s of large company backers

    View Slide

  8. No vendor lock in

    View Slide

  9. Standardized APIs

    View Slide

  10. Runs on

    View Slide

  11. Your laptop

    View Slide

  12. View Slide

  13. Bare metal

    View Slide

  14. Cloud Providers

    View Slide

  15. AWS

    View Slide

  16. Azure

    View Slide

  17. Google Cloud Platform

    View Slide

  18. And if you don't want to install and
    maintain Kubernetes yourself

    View Slide

  19. Managed Kubernetes

    View Slide

  20. View Slide

  21. Easy setup

    View Slide

  22. Easy upgrades

    View Slide

  23. Easy scaling

    View Slide

  24. Features

    View Slide

  25. Load Balancing

    View Slide

  26. Distributed Persistent Storage

    View Slide

  27. Some do offer

    View Slide

  28. Backups

    View Slide

  29. Hyperscaling

    View Slide

  30. Premium support

    View Slide

  31. Carefree Usage & pro-active
    monitoring

    View Slide

  32. But this workshop is about
    how to use Kubernetes

    View Slide

  33. Learning curve

    View Slide

  34. Agenda

    View Slide

  35. View Slide

  36. You will get your own clusters

    View Slide

  37. • Deployments
    • CronJobs
    • Role-Based-Access-Control
    • Resource Requests, Limits & Quotas
    • Readiness and Liveness-Probes, NodeSelectors & PodAffinities
    • ConfigMaps & Secrets
    • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-controller
    • Running a MySQL DB
    • Helm
    • Service Discovery
    • Service Meshes with LinkerD
    • Monitoring with Prometheus, Grafana and Alertmanager
    • Logging with ElasticSearch, FluentD and Kibana
    • Continuous Delivery with Flux

    View Slide

  38. But first

    View Slide

  39. Why containers?

    View Slide

  40. Services run in isolation

    View Slide

  41. Everything needed to run a service in
    one image

    View Slide

  42. Decouple
    Ops and Dev

    View Slide

  43. Make things …

    View Slide

  44. Easier to deploy

    View Slide

  45. Easier to upgrade system
    dependencies

    View Slide

  46. Easier to develop

    View Slide

  47. Easier to scale

    View Slide

  48. Better resource usage

    View Slide

  49. #safeThePlanet

    View Slide

  50. View Slide

  51. FROM php:7.2-apache
    WORKDIR /var/www/html
    RUN apt-get update -y && \
    apt-get install -y --no-install-recommends curl \
    rm -rf /var/lib/apt/lists/*
    ENV TMP_DIR /tmp
    COPY . /var/www/html/
    EXPOSE 80
    ENTRYPOINT [“apache2”, “-DFOREGROUND”]

    View Slide

  52. docker build -t gitlab.syseleven.de/syseleven/symfony-
    demo:2.0.0 .

    View Slide

  53. docker run -p 8080:80 syseleven/symfony-demo:2.0.0
    docker push syseleven/symfony-demo:2.0.0

    View Slide

  54. Kubernetes helps you to run and
    deploy containers

    View Slide

  55. Let’s define some core concepts and
    terminology first

    View Slide

  56. Kubernetes Cluster

    View Slide

  57. • A docker image built from
    a Dockerfile that contains
    everything a service needs
    to run
    Image

    View Slide

  58. • A container runs a docker
    image.
    • Only 1 process can run
    inside of a container
    Container

    View Slide

  59. • A group of 1 or more
    containers
    • Same port space
    • Within a Pod:
    communication over
    localhost
    • Every Pod has it's own IP
    • All Pods can talk with each
    other
    • IPs change all the time
    Pod

    View Slide

  60. • Defines and manages how
    many instances of a pod
    should run
    • ReplicaSet is tied to a
    specific definition of a Pod
    which is tied to specific
    image versions of the
    container
    • Image versions in
    ReplicaSets can't be
    updated
    Replica Set

    View Slide

  61. • Manages updates and
    rollbacks of replica sets
    Deployment

    View Slide

  62. • Internal LoadBalancer
    • Makes all pods matching a
    set of labels accessible
    through a stable, internal
    IP address
    • You can attach external IP
    address through an cloud
    LoadBalancer
    Service

    View Slide

  63. • Makes a service
    accessible to the outside
    of Kubernetes through an
    ingress controller (e.g.
    nginx)
    • Traffic is routed by routing
    rules, usually Host header
    Ingress

    View Slide

  64. • A physical server
    • Containers get distributed
    automatically
    Node

    View Slide

  65. • Key/Value storage for
    configuration
    ConfigMap

    View Slide

  66. • Key/Value storage for
    configuration, usually
    passwords.
    Secret

    View Slide

  67. • Volumes can be mounted
    into a container to access
    a ConfigMap, Secret,
    persistent volumes with
    network storage or a folder
    on the node
    Volumes

    View Slide

  68. • Dedicated environment to
    deploy services in
    Namespaces

    View Slide

  69. • Includes a Pod that is
    started in a regular interval
    • Process in the container
    should finish at some point
    CronJob

    View Slide

  70. • Defines Pod that should
    run once on every Node
    • Useful for monitoring or
    logging daemons
    DaemonSet

    View Slide

  71. • Ensures that Pods are
    started and run in a
    specific order
    • Each Pod of a StatefulSet
    can have its own persistent
    volume
    • Pod names stay the same
    StatefulSet
    1 2

    View Slide

  72. ...

    View Slide

  73. Everything is a resource

    View Slide

  74. You interact with Kubernetes by
    creating, receiving, updating and
    deleting resources

    View Slide

  75. Kubernetes has controllers to listen
    on these interactions and get the
    cluster in the desired state

    View Slide

  76. The Kubernetes API can be extended
    with additional Resources and
    Controllers

    View Slide

  77. CustomResourceDefinitions

    View Slide

  78. Certificate, Backup, Restore,
    MySQLCluster, Function, ...

    View Slide

  79. Operators

    View Slide

  80. View Slide

  81. kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    template:
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0
    ports:
    - containerPort: 80

    View Slide

  82. $ kubectl apply -f deployment.yaml

    View Slide

  83. $ kubectl get deployments
    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE
    AGE
    symfony-demo 1 1 1 1
    21h

    View Slide

  84. $ kubectl get deployment symfony-demo -o yaml
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
    annotations:
    ...
    spec:
    ...
    template:
    ...
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0

    View Slide

  85. $ kubectl delete deployment symfony-demo

    View Slide

  86. Tooling

    View Slide

  87. kubectl

    View Slide

  88. $ kubectl get pods

    View Slide

  89. NAME READY
    STATUS RESTARTS AGE
    kubernetes-dashboard-5b5bf59977-t9xb9 1/1
    Running 2 9d
    nginx-ingress-controller-5549f5597c-97kcw 0/1
    Running 2 9d
    nginx-ingress-default-backend-564d9d9477-tmnnr 1/1
    Running 4 9d
    mysql-556c9b5bcb-5jdrt 1/1
    Running 1 8d
    symfony-demo-5b75f5fc6-c7wr9 1/1
    Running 0 8d
    symfony-demo-5b75f5fc6-jg8n4 1/1
    Running 23 8d

    View Slide

  90. REST API

    View Slide

  91. $ kubectl proxy --port=8080
    $ curl http://localhost:8080/api/v1/namespaces/default/
    pods
    {
    "kind": "PodList",
    "apiVersion": "v1",
    "metadata": {
    "selfLink": "/api/v1/namespaces/default/pods",
    "resourceVersion": "336834"
    },
    "items": [
    {
    "metadata": {
    "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

    View Slide

  92. kubernetes-dashboard

    View Slide

  93. View Slide

  94. Helm
    The package manager for
    Kubernetes

    View Slide

  95. $ helm install stable/wordpress

    View Slide

  96. Demo

    View Slide

  97. Demo code and instructions:
    https:/
    /github.com/syseleven/
    golem-workshop

    View Slide

  98. # 01 Deploying a simple Web
    Application

    View Slide

  99. What did just happen?

    View Slide

  100. View Slide

  101. Deployment created

    View Slide

  102. Sees new Deployment
    And creates new
    ReplicaSet with 1 desired
    replica

    View Slide

  103. Sees new ReplicaSet and
    Creates Pod for ReplicaSet

    View Slide

  104. Sees new unscheduled Pod and
    Schedules it to Node

    View Slide

  105. Sees it is supposed to start a Pod
    And starts its Containers

    View Slide

  106. Service created

    View Slide

  107. Sees the new Service
    And configures
    IP Table Rules and DNS entries

    View Slide

  108. Sees the new Service has the
    Type LoadBalancer and creates
    An External LB at the Cloud Provider

    View Slide

  109. How is traffic routed to the Pod

    View Slide

  110. The Service loadbalances incoming
    traffic to all available Pods

    View Slide

  111. Every Service has a virtual IP

    View Slide

  112. Round Robin with IP Tables rules

    View Slide

  113. OpenStack LoadBalancer

    View Slide

  114. # 10 Using an Ingress with TLS

    View Slide

  115. The ingress controller (nginx) listens
    on Ingress Resources and configures
    itself to route incoming traffic based
    on the host header to the correct
    running pods

    View Slide

  116. Cert-manager listens on Ingresses
    and if they want TLS, requests a
    certificate from LetsEncrypt

    View Slide

  117. External-DNS listens on Ingresses
    and creates DNS entries at
    DigitalOcean

    View Slide

  118. How is traffic routed to the Pod

    View Slide

  119. OpenStack LoadBalancer

    View Slide

  120. # 15 Service Meshes

    View Slide

  121. What are Service Meshes?

    View Slide

  122. View Slide

  123. They provide

    View Slide

  124. Metrics and Traces

    View Slide

  125. Transparent End-To-End Encryption

    View Slide

  126. Advanced Routing

    View Slide

  127. Istio

    View Slide

  128. LinkerD

    View Slide

  129. $ linkerd install | kubectl apply -f -

    View Slide