Upgrade to Pro — share decks privately, control downloads, hide ads and more …

From source to Kubernetes in 30 minutes

From source to Kubernetes in 30 minutes

Bastian Hofmann

October 21, 2019

More Decks by Bastian Hofmann

Other Decks in Programming


  1. @BastianHofmann From source to Kubernetes In 30 Minutes Bastian Hofmann

  2. CI/CD

  3. None
  4. None
  5. None
  6. Container orchestration platform

  7. Deploy, run and scale your services in isolated containers

  8. Your application is bundled in an image

  9. The image contains everything the application needs to run

  10. The image is started in an isolated container

  11. No vendor lock in

  12. Standardized APIs

  13. Your laptop

  14. Bare metal

  15. Cloud Providers

  16. And if you don't want to install and maintain Kubernetes

  17. Managed Kubernetes

  18. None
  19. So we have code, how do we get this into

  20. Angular demo application

  21. Demo

  22. We have to

  23. Build a docker image

  24. Contains everything that the service needs to run

  25. Make the build as fast as possible

  26. Make the image as small as possible

  27. Demo

  28. Tell Kubernetes to

  29. Start containers

  30. In Kubernetes

  31. • A group of 1 or more containers • Same

    port space • Within a Pod: communication over localhost • Every container has their own filesystem • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod
  32. Deployment

  33. LoadBalancer

  34. Everything in Kubernetes is a resource (document) defined in YAML

  35. Demo

  36. Also all those YAML files are not nice

  37. Helm

  38. Also we need

  39. DNS

  40. TLS

  41. Monitoring

  42. CI/CD pipeline

  43. Make use of Kubernetes "magic"

  44. Demo

  45. Magic recap

  46. LoadBalancers

  47. Automatically creates a highly available LoadBalancer with a public IP

  48. Ingress controller

  49. The ingress controller (nginx) listens on routing rules in Ingress

    Resources and configures itself to route incoming traffic to the correct running and healthy pods
  50. cert-manager

  51. Cert-manager listens on Ingress Resources and if they need TLS,

    requests a certificate from LetsEncrypt
  52. external-dns

  53. External-DNS listens on Ingress Resources and creates DNS entries

  54. Sealed Secrets

  55. Secrets are stored encrypted in Git and decrypted inside of

    the cluster
  56. Prometheus

  57. Kubernetes and Node metrics are automatically included

  58. Kubernetes and Node alerts are automatically included

  59. Kubernetes and Node dashboards are automatically included

  60. Scraping targets can be automatically discovered

  61. Service Meshes

  62. None
  63. Recommendation: Start playing around with Kubernetes

  64. Alternatives

  65. Flux

  66. None
  67. Knative

  68. Kubernetes-based platform to deploy and manage modern serverless workloads

  69. Tekton CD

  70. CI that runs completely within Kubernetes with Kubernetes Custom Resources

  71. Resources

  72. https:/ /gitlab.com/bashofmann/ angular-test-app

  73. https:/ /gitlab.com/bashofmann/ angular-test-app-finished

  74. https:/ /github.com/syseleven/ golem-workshop

  75. mail@bastianhofmann.de https:/ /twitter.com/BastianHofmann http:/ /speakerdeck.com/u/bastianhofmann