Dive-In-Workshop: Kubernetes

Transcript

1. @BastianHofmann Dive-In-Workshop: Kubernetes Bastian Hofmann Simon Pearce

2. None

3. Container orchestration platform

4. Deploy, run and scale your services in isolated containers

5. Very Powerful

6. Large community

7. Lot’s of large company backers

8. No vendor lock in

9. Standardized APIs

10. Runs on

11. Your laptop

12. None

13. Bare metal

14. Cloud Providers

15. AWS

16. Azure

17. Google Cloud Platform

18. And if you don't want to install and maintain Kubernetes

    yourself

19. Managed Kubernetes

20. None

21. Easy setup

22. Easy upgrades

23. Easy scaling

24. Features

25. Load Balancing

26. Distributed Persistent Storage

27. Some do offer

28. Backups

29. Hyperscaling

30. Premium support

31. Carefree Usage & pro-active monitoring

32. But this workshop is about how to use Kubernetes

33. Learning curve

34. Agenda

35. None

36. You will get your own clusters

37. • Deployments • CronJobs • Role-Based-Access-Control • Resource Requests, Limits

    & Quotas • Readiness and Liveness-Probes, NodeSelectors & PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-controller • Running a MySQL DB • Helm • Service Discovery • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • Continuous Delivery with Flux

38. But first

39. Why containers?

40. Services run in isolation

41. Everything needed to run a service in one image

42. Decouple Ops and Dev

43. Make things …

44. Easier to deploy

45. Easier to upgrade system dependencies

46. Easier to develop

47. Easier to scale

48. Better resource usage

49. #safeThePlanet

50. None

51. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

52. docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

53. docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

54. Kubernetes helps you to run and deploy containers

55. Let’s define some core concepts and terminology first

56. Kubernetes Cluster

57. • A docker image built from a Dockerfile that contains

    everything a service needs to run Image

58. • A container runs a docker image. • Only 1

    process can run inside of a container Container

59. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod

60. • Defines and manages how many instances of a pod

    should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set

61. • Manages updates and rollbacks of replica sets Deployment

62. • Internal LoadBalancer • Makes all pods matching a set

    of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service

63. • Makes a service accessible to the outside of Kubernetes

    through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress

64. • A physical server • Containers get distributed automatically Node

65. • Key/Value storage for configuration ConfigMap

66. • Key/Value storage for configuration, usually passwords. Secret

67. • Volumes can be mounted into a container to access

    a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes

68. • Dedicated environment to deploy services in Namespaces

69. • Includes a Pod that is started in a regular

    interval • Process in the container should finish at some point CronJob

70. • Defines Pod that should run once on every Node

    • Useful for monitoring or logging daemons DaemonSet

71. • Ensures that Pods are started and run in a

    specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2

72. ...

73. Everything is a resource

74. You interact with Kubernetes by creating, receiving, updating and deleting

    resources

75. Kubernetes has controllers to listen on these interactions and get

    the cluster in the desired state

76. The Kubernetes API can be extended with additional Resources and

    Controllers

77. CustomResourceDefinitions

78. Certificate, Backup, Restore, MySQLCluster, Function, ...

79. Operators

80. None

81. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec:

    containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

82. $ kubectl apply -f deployment.yaml

83. $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE

    symfony-demo 1 1 1 1 21h

84. $ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind:

    Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0

85. $ kubectl delete deployment symfony-demo

86. Tooling

87. kubectl

88. $ kubectl get pods

89. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

90. REST API

91. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind":

    "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

92. kubernetes-dashboard

93. None

94. Helm The package manager for Kubernetes

95. $ helm install stable/wordpress

96. Demo

97. Demo code and instructions: https:/ /github.com/syseleven/ golem-workshop

98. # 01 Deploying a simple Web Application

99. What did just happen?

100. None

101. Deployment created

102. Sees new Deployment And creates new ReplicaSet with 1 desired

     replica

103. Sees new ReplicaSet and Creates Pod for ReplicaSet

104. Sees new unscheduled Pod and Schedules it to Node

105. Sees it is supposed to start a Pod And starts

     its Containers

106. Service created

107. Sees the new Service And configures IP Table Rules and

     DNS entries

108. Sees the new Service has the Type LoadBalancer and creates

     An External LB at the Cloud Provider

109. How is traffic routed to the Pod

110. The Service loadbalances incoming traffic to all available Pods

111. Every Service has a virtual IP

112. Round Robin with IP Tables rules

113. OpenStack LoadBalancer

114. # 10 Using an Ingress with TLS

115. The ingress controller (nginx) listens on Ingress Resources and configures

     itself to route incoming traffic based on the host header to the correct running pods

116. Cert-manager listens on Ingresses and if they want TLS, requests

     a certificate from LetsEncrypt

117. External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

118. How is traffic routed to the Pod

119. OpenStack LoadBalancer

120. # 15 Service Meshes

121. What are Service Meshes?

122. None

123. They provide

124. Metrics and Traces

125. Transparent End-To-End Encryption

126. Advanced Routing

127. Istio

128. LinkerD

129. $ linkerd install | kubectl apply -f -