Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting started with Kubernetes

Bastian Hofmann
February 16, 2018
Programming
1
500

Getting started with Kubernetes

Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this talk I will introduce you to Kubernetes, why you would want to use it and all the tooling around Kubernetes with the help of practical examples.

Bastian Hofmann

February 16, 2018
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
Monitoring in Kubernetes with Prometheus and Grafana
bastianhofmann
0
210
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
74
Highly available cross-region deployments with Kubernetes
bastianhofmann
1
100
From source to Kubernetes in 30 minutes
bastianhofmann
0
100
Introduction to Kubernetes
bastianhofmann
1
140
CI/CD with Kubernetes
bastianhofmann
0
120
Creating a fast Kubernetes Development Workflow
bastianhofmann
1
220
Deploying your first Micro-Service application to Kubernetes
bastianhofmann
2
140
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
140

Other Decks in Programming

See All in Programming
LayerXにおける機械学習を活用した請求書OCR機能に関する取り組み / deim2023-layerx-ai-ocr
yuya4
8
1.3k
面倒なのは嫌なのでコンテナのマネージドサービスの極振りしたいと思います。
n1215
PRO
1
110
ゴーファーくんと辿るプログラミング言語の歴史/history-of-programming-languages-with-gopher
iwasiman
13
5.5k
いろいろなフレームワークの仕組みを index.php から読み解こう / index.php of each framework
okashoi
0
240
Spring Modulithで始めるモジュラモノリス開発
yutootsuka
2
260
gomicollector ガベコレ自作で辿る自作の森
speed1313
1
480
新社会人でも活躍したい!〜新卒1年目で活躍するためのコツ〜
ogijun2018
1
270
PHP8によるデザインパターン入門 / Introduction to Design Patterns with PHP8
fendo181
1
240
K/NとNSKeyedArchiverと私
ryunen344
0
170
PDF_TDX_2023_Apex__What_s_New_and_What_s_Coming.pdf
fishofprey
3
840
ゴーファーくんと学ぶGo言語の世界/golang-world-with-gopher
iwasiman
2
530
Androidアプリで安定して動作させ継続的に開発するために設計の原則を利用して開発した話
takahirom
0
690

Featured

See All Featured
Building Adaptive Systems
keathley
28
1.4k
Testing 201, or: Great Expectations
jmmastey
25
5.8k
Designing Experiences People Love
moore
130
22k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.9k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
Raft: Consensus for Rubyists
vanstee
130
5.7k
Documentation Writing (for coders)
carmenintech
51
3k
Learning to Love Humans: Emotional Interface Design
aarron
263
38k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
Adopting Sorbet at Scale
ufuk
65
7.9k

Transcript

  1. Introduction to
    Kubernetes
    @BastianHofmann

    View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. Container
    orchestration
    platform

    View Slide

  6. Run and scale your
    services in isolated
    containers

    View Slide

  7. Very Powerful

    View Slide

  8. Large community

    View Slide

  9. Lot’s of large
    company backers

    View Slide

  10. No vendor lock in

    View Slide

  11. Runs on

    View Slide

  12. AWS

    View Slide

  13. Azure

    View Slide

  14. Google Cloud
    Platform

    View Slide

  15. Bare metal

    View Slide

  16. Your laptop

    View Slide

  17. Minikube

    View Slide

  18. Included in Docker
    Desktop Clients

    View Slide

  19. Learning curve

    View Slide

  20. This talk is supposed
    to get you started

    View Slide

  21. I’m going to explain
    the basics

    View Slide

  22. I’ll start with
    deploying a simple
    PHP Web App

    View Slide

  23. look into some
    more ways to use
    Kubernetes

    View Slide

  24. and cover things
    like Logging,
    Monitoring,
    Security, …

    View Slide

  25. But first

    View Slide

  26. Why containers?

    View Slide

  27. Decouple
    Ops and Dev

    View Slide

  28. Make things …

    View Slide

  29. Easier to deploy

    View Slide

  30. Easier to upgrade
    system
    dependencies

    View Slide

  31. Easier to scale

    View Slide

  32. Easier to develop

    View Slide

  33. More performant
    than
    Virtual Machines

    View Slide

  34. OK, sold

    View Slide

  35. Let’s define some
    core concepts first

    View Slide

  36. Kubernetes
    Cluster

    View Slide

  37. Image
    • A docker image
    built from a
    Dockerfile that
    contains everything
    a service needs to
    run

    View Slide

  38. • A container runs a
    docker image.
    • Only 1 process
    can run inside of a
    container
    Container

    View Slide

  39. Pod
    • A group of 1 or more
    containers
    • Same port space
    • Ports are not
    accessible from
    outside of the pod

    View Slide

  40. Replica Set
    • Defines and
    manages how
    many instances
    of a pod should
    run

    View Slide

  41. Deployment
    • Manages
    updates and
    rollbacks of
    replica sets

    View Slide

  42. Service
    • Makes a port
    of a pod
    accessible to
    other pods

    View Slide

  43. Ingress
    • Makes a
    service
    accessible to
    the outside
    of
    Kubernetes

    View Slide

  44. Node
    • A physical server
    • Containers get
    distributed
    automatically

    View Slide

  45. ConfigMaps
    & Secrets
    • Configuration that
    can be mounted
    inside of a
    container

    View Slide

  46. Volumes
    • Volumes can be
    mounted into a
    container to access
    a ConfigMap, Secret
    or a folder on the
    host

    View Slide

  47. Namespaces
    • Dedicated
    environment
    to deploy
    services in

    View Slide

  48. Example

    View Slide

  49. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD

    View Slide

  50. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    ReplicaSet: 2 instances
    PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD

    View Slide

  51. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    ReplicaSet: 2 instances
    PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    CONFIG
    WEB :80
    PHP Application POD PHP Application POD

    View Slide

  52. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    ReplicaSet: 2 instances
    PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    CONFIG
    WEB :80
    https://php-app.k8s.foo.com:443/
    PHP Application POD PHP Application POD

    View Slide

  53. To interact with
    Kubernetes

    View Slide

  54. Tooling

    View Slide

  55. kubectl

    View Slide

  56. $ kubectl get pods

    View Slide

  57. NAME READY STATUS RESTARTS AGE
    kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d
    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d
    nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d
    mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d
    symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d
    symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

    View Slide

  58. REST API

    View Slide

  59. $ kubectl proxy --port=8080
    $ curl http://localhost:8080/api/v1/namespaces/default/pods
    {
    "kind": "PodList",
    "apiVersion": "v1",
    "metadata": {
    "selfLink": "/api/v1/namespaces/default/pods",
    "resourceVersion": "336834"
    },
    "items": [
    {
    "metadata": {
    "name": "kubernetes-dashboard-5b5bf59977-t9xb9",
    "generateName": "kubernetes-dashboard-5b5bf59977-",

    View Slide

  60. kubernetes-
    dashboard
    https://github.com/kubernetes/dashboard

    View Slide

  61. View Slide

  62. Helm
    The package manager for Kubernetes
    https://helm.sh/

    View Slide

  63. $ helm install stable/wordpress

    View Slide

  64. Practical example

    View Slide

  65. Preparations

    View Slide

  66. Install Docker Client

    View Slide

  67. $ brew cask install docker

    View Slide

  68. View Slide

  69. Install helm

    View Slide

  70. $ brew install kubernetes-helm

    View Slide

  71. $ helm init

    View Slide

  72. Install
    kubernetes-dashboard

    View Slide

  73. ingress:
    enabled: true
    hosts:
    - kubernetes-dashboard.local.k8s

    View Slide

  74. $ helm install stable/kubernetes-dashboard
    -f kubernetes-dashboard.yaml

    View Slide

  75. Install
    nginx-ingress-controller

    View Slide

  76. rbac:
    create: true
    controller:
    hostNetwork: true

    View Slide

  77. $ helm install stable/nginx-ingress -f
    ingress-controller.yaml

    View Slide

  78. Let’s deploy the
    symphony demo
    app

    View Slide

  79. https://github.com/symfony/demo

    View Slide

  80. First the Dockerfile

    View Slide

  81. PHP

    View Slide

  82. Copy our code

    View Slide

  83. Build the project

    View Slide

  84. Composer install

    View Slide

  85. yarn install

    View Slide

  86. https://docs.docker.com/develop/develop-images/
    multistage-build/

    View Slide

  87. FROM kkarczmarczyk/node-yarn:latest
    WORKDIR /var/www/html
    COPY package.json /var/www/html/
    COPY yarn.lock /var/www/html/
    RUN yarn install

    View Slide

  88. FROM php:7.2-apache
    WORKDIR /var/www/html
    # install packages
    RUN apt-get update -y && \
    apt-get install -y --no-install-recommends \
    curl git openssl \
    less vim wget unzip rsync git mysql-client \
    libcurl4-openssl-dev libfreetype6 libjpeg62-turbo
    libpng-dev libjpeg-dev libxml2-dev libxpm4 \
    libicu-dev coreutils openssh-client libsqlite3-dev &&
    \
    apt-get clean && \
    apt-get autoremove -y && \
    rm -rf /var/lib/apt/lists/*

    View Slide

  89. # install php extensions
    RUN docker-php-ext-configure gd --with-jpeg-dir=/usr/
    local/ && \
    docker-php-ext-install -j$(nproc) iconv intl
    pdo_sqlite curl json xml mbstring zip bcmath soap
    pdo_mysql gd
    # apache config
    RUN /usr/sbin/a2enmod rewrite && /usr/sbin/a2enmod
    headers && /usr/sbin/a2enmod expires
    COPY ./container/apache.conf /etc/apache2/sites-
    available/000-default.conf

    View Slide

  90. ENV COMPOSER_HOME /tmp
    ENV COMPOSER_VERSION 1.6.3
    RUN curl -s -f -L -o /tmp/installer.php https://
    raw.githubusercontent.com/composer/getcomposer.org/
    b107d959a5924af895807021fcef4ffec5a76aa9/web/installer \
    && php -r " \
    \$signature =
    '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fd
    fdd586475ca9813a858088ffbc1f233e9b180f061'; \
    \$hash = hash('SHA384', file_get_contents('/tmp/
    installer.php')); \
    if (!hash_equals(\$signature, \$hash)) { \
    unlink('/tmp/installer.php'); \
    echo 'Integrity check failed, installer is
    either corrupt or worse.' . PHP_EOL; \
    exit(1); \
    }" \
    && php /tmp/installer.php --no-ansi --install-dir=/usr/
    bin --filename=composer --version=${COMPOSER_VERSION} \
    && composer --ansi --version --no-interaction \
    && rm -rf /tmp/* /tmp/.htaccess

    View Slide

  91. COPY composer.* /var/www/html/
    RUN composer install
    COPY --from=0 /var/www/html/node_modules/ /var/www/html/
    node_modules/
    COPY . /var/www/html/
    RUN chown -R www-data:www-data /var/www/html && composer
    dump-autoload

    View Slide

  92. Command it runs

    View Slide

  93. apache2 -DFOREGROUND

    View Slide

  94. Build the image

    View Slide

  95. docker build -t symfony-demo:2.0.0 .

    View Slide

  96. Since it’s all local we
    don’t need to push it to
    a registry

    View Slide

  97. Now we have to tell
    Kubernetes what to do
    with the image

    View Slide

  98. Resources are defined
    in YAML or JSON

    View Slide

  99. Deployment

    View Slide

  100. kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    revisionHistoryLimit: 3
    template:
    metadata:
    labels:
    app: symfony-demo
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.0.0
    imagePullPolicy: Never
    ports:
    - containerPort: 80

    View Slide

  101. containers:
    - name: symfony-demo
    image: symfony-demo:latest
    imagePullPolicy: Never
    ports:
    - containerPort: 80
    livenessProbe:
    httpGet:
    path: /
    port: 80
    timeoutSeconds: 1
    initialDelaySeconds: 10
    readinessProbe:
    httpGet:
    path: /
    port: 80
    timeoutSeconds: 1

    View Slide

  102. Many more options
    configurable

    View Slide

  103. •Setting environment variables
    •Mounting volumes
    •Requesting resources
    •Defining upgrade strategies
    •Defining command
    •Configure networking
    •Configure affinities
    •LifeCycle events
    •…

    View Slide

  104. Service

    View Slide

  105. kind: Service
    apiVersion: v1
    metadata:
    name: symfony-demo
    spec:
    ports:
    -
    name: http
    port: 80
    targetPort: 80
    protocol: TCP
    selector:
    app: symfony-demo

    View Slide

  106. Ingress

    View Slide

  107. kind: Ingress
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    rules:
    - host: symfony-demo.local.k8s
    http:
    paths:
    - path: /
    backend:
    serviceName: symfony-demo
    servicePort: 80

    View Slide

  108. Creating everything

    View Slide

  109. kubectl apply -f deployment/webapp.yaml

    View Slide

  110. View Slide

  111. Rolling
    Deployments

    View Slide

  112. kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    revisionHistoryLimit: 3
    template:
    metadata:
    labels:
    app: symfony-demo
    spec:
    containers:
    - name: symfony-demo
    image: symfony-demo:1.1.0
    imagePullPolicy: Never
    ports:
    - containerPort: 80

    View Slide

  113. kubectl apply -f deployment/webapp.yaml

    View Slide

  114. These are the
    basics

    View Slide

  115. Let’s talk about
    some other
    interesting and
    important aspects

    View Slide

  116. There are other
    types of deploying
    things into
    Kubernetes

    View Slide

  117. DaemonSets

    View Slide

  118. Ensure that a pod
    runs once on every
    node

    View Slide

  119. Log collection
    daemon

    View Slide

  120. Monitoring agent

    View Slide

  121. Service mesh
    containers

    View Slide


  122. View Slide

  123. Basically works like
    deployments

    View Slide

  124. But roll out strategy
    is different

    View Slide

  125. https://kubernetes.io/docs/tasks/manage-daemon/update-
    daemon-set/

    View Slide

  126. apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
    name: kubernetes-ingress-nginx
    labels:
    k8s-app: kubernetes-ingress-nginx
    spec:
    updateStrategy:
    type: RollingUpdate
    rollingUpdate:
    maxUnavailable: 1
    minReadySeconds: 5
    template:

    View Slide

  127. CronJobs

    View Slide

  128. Regularly repeating
    jobs

    View Slide

  129. apiVersion: batch/v1beta1
    kind: CronJob
    metadata:
    name: cron-job
    spec:
    schedule: "*/1 * * * *"
    jobTemplate:
    spec:
    template:
    spec:
    containers:
    - name: cron-job
    image: your-cron-job
    restartPolicy: OnFailure

    View Slide

  130. How does
    Kubernetes work
    internally

    View Slide

  131. Service Discovery

    View Slide

  132. Within a pod

    View Slide

  133. Shared port
    namespace

    View Slide

  134. Everything behaves
    like localhost

    View Slide

  135. Between pods

    View Slide

  136. You have to expose
    ports with services

    View Slide

  137. kind: Service
    apiVersion: v1
    metadata:
    name: symfony-demo
    spec:
    ports:
    -
    name: http
    port: 80
    targetPort: 80
    protocol: TCP
    selector:
    app: symfony-demo

    View Slide

  138. Every service has a
    virtual IP address

    View Slide

  139. $ kubectl get service symfony-demo
    NAME TYPE CLUSTER-IP PORT(S) AGE
    symfony-demo ClusterIP 10.106.119.24 80/TCP 6d

    View Slide

  140. Discoverable in
    other containers by

    View Slide

  141. Environment
    Variables

    View Slide

  142. SYMFONY_DEMO_SERVICE_HOST=10.106.119.24
    SYMFONY_DEMO_SERVICE_PORT=80

    View Slide

  143. DNS

    View Slide

  144. $ nslookup symfony-demo
    Server: 10.0.0.10
    Address 1: 10.0.0.10
    Name: symfony-demo
    Address 1: 10.106.119.24

    View Slide

  145. $ curl http://symfony-demo

    View Slide

  146. Alternatively

    View Slide

  147. Service Mesh

    View Slide

  148. LinkerD
    https://linkerd.io/

    View Slide

  149. Istio
    https://istio.io/

    View Slide

  150. Conduit
    https://conduit.io/

    View Slide

  151. Runs as

    View Slide

  152. DaemonSet

    View Slide

  153. Sidecar container

    View Slide

  154. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD

    View Slide

  155. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    NODEJS LINKERD
    STATSD
    Other service POD
    NODEJS LINKERD
    STATSD
    Other service POD

    View Slide

  156. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    NODEJS LINKERD
    STATSD
    Other service POD
    NODEJS LINKERD
    STATSD
    Other service POD

    View Slide

  157. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    NODEJS LINKERD
    STATSD
    Other service POD
    NODEJS LINKERD
    STATSD
    Other service POD

    View Slide

  158. Benefits

    View Slide

  159. Advanced routing

    View Slide

  160. Prefer service in
    current
    namespace, fall
    back to default
    namespace

    View Slide

  161. Advanced
    monitoring

    View Slide

  162. View Slide

  163. Profiling

    View Slide

  164. Zipkin
    https://zipkin.io/

    View Slide

  165. View Slide

  166. Accessing
    Kubernetes from
    the outside

    View Slide

  167. Port forwarding
    through kubectl

    View Slide

  168. $ kubectl port-forward $POD_NAME 8080:80

    View Slide

  169. The ingress
    controller

    View Slide

  170. Nginx

    View Slide

  171. haproxy

    View Slide

  172. Istio

    View Slide


  173. View Slide

  174. A controller listens
    to all ingresses and
    routes traffic from
    the outside to the
    correct service

    View Slide

  175. kind: Ingress
    apiVersion: extensions/v1beta1
    metadata:
    name: symfony-demo
    spec:
    rules:
    - host: symfony-demo.local.k8s
    http:
    paths:
    - path: /
    backend:
    serviceName: symfony-demo
    servicePort: 80

    View Slide

  176. What about data?

    View Slide

  177. Storage

    View Slide

  178. Volumes

    View Slide

  179. https://kubernetes.io/docs/concepts/storage/volumes/

    View Slide

  180. apiVersion: v1
    kind: Pod
    metadata:
    name: test-pd
    spec:
    containers:
    - image: k8s.gcr.io/test-webserver
    name: test-container
    volumeMounts:
    - mountPath: /cache
    name: cache-volume
    volumes:
    - name: cache-volume
    emptyDir: {}

    View Slide

  181. Persistent Storage

    View Slide

  182. You define a
    Persistent Volume,
    e.g. NFS

    View Slide

  183. Each pod can
    specify a Persistent
    Volume Claim

    View Slide

  184. And then mount
    the Claim into a
    Volume in a
    container

    View Slide

  185. https://kubernetes.io/docs/concepts/storage/persistent-
    volumes/

    View Slide

  186. Configuration

    View Slide

  187. Less data, so either
    than Persistent
    Volumes

    View Slide

  188. ConfigMap

    View Slide

  189. Key/Value Store

    View Slide

  190. kind: ConfigMap
    apiVersion: v1
    metadata:
    name: special-config
    data:
    special-key: value
    bool-value: true

    View Slide

  191. Can be accessed
    in a pod through
    environment
    variables

    View Slide

  192. spec:
    containers:
    - name: test-container
    image: k8s.gcr.io/busybox
    command: [ "/bin/sh", "-c", "env" ]
    env:
    - name: SPECIAL_KEY
    valueFrom:
    configMapKeyRef:
    name: special-config
    key: special-key

    View Slide

  193. spec:
    containers:
    - name: test-container
    image: k8s.gcr.io/busybox
    command: [ "/bin/sh", "-c", "env" ]
    envFrom:
    - configMapRef:
    name: special-config

    View Slide

  194. Can be accessed
    through volumes

    View Slide

  195. spec:
    containers:
    - name: test-container
    image: k8s.gcr.io/busybox
    command: [ "/bin/sh", "-c", "ls /etc/config/" ]
    volumeMounts:
    - name: config-volume
    mountPath: /etc/config
    volumes:
    - name: config-volume
    configMap:
    name: special-config

    View Slide

  196. https://kubernetes.io/docs/tasks/configure-pod-container/
    configure-pod-configmap/

    View Slide

  197. Secret

    View Slide

  198. Storage for sensitive
    information

    View Slide

  199. https://kubernetes.io/docs/concepts/configuration/secret

    View Slide

  200. How about
    complex init
    processes

    View Slide

  201. Init Containers

    View Slide

  202. Run a process in a
    container before
    the pod starts

    View Slide

  203. Use cases

    View Slide

  204. Database
    Migrations

    View Slide

  205. Multiple containers
    need the same
    sources

    View Slide

  206. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD

    View Slide

  207. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    INIT

    View Slide

  208. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    INIT
    The only image that contains the source code

    View Slide

  209. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    INIT emptyDir Volume
    Mounts

    View Slide

  210. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    INIT emptyDir Volume
    Copies source

    View Slide

  211. PHP-FPM
    NGINX
    LINKERD
    STATSD
    MEM

    CACHED
    MONGO

    ROUTER
    PHP Application POD
    INIT
    emptyDir Volume
    with source
    Mounts and uses

    View Slide

  212. Figuring out what’s
    going on inside
    Kubernetes

    View Slide

  213. Monitoring

    View Slide

  214. Heapster

    View Slide

  215. https://github.com/kubernetes/heapster

    View Slide

  216. Takes metrics from
    Kubernetes and
    stores them in a
    monitoring solution

    View Slide

  217. InfluxDB

    View Slide

  218. Prometheus

    View Slide

  219. Grafana for
    displaying the data

    View Slide

  220. View Slide

  221. View Slide

  222. https://blog.kublr.com/how-to-utilize-the-heapster-influxdb-
    grafana-stack-in-kubernetes-for-monitoring-
    pods-4a553f4d36c9

    View Slide

  223. Logging

    View Slide

  224. kubectl logs

    View Slide

  225. $ kubectl logs symfony-demo-5b75f5fc6-c7wr9

    View Slide

  226. Log to
    stdout & stderr

    View Slide

  227. Automatically
    written to disk

    View Slide

  228. DaemonSet Log
    collector

    View Slide

  229. • Logstash
    • Fluentd
    • Filebeat

    View Slide

  230. Central log
    management

    View Slide

  231. View Slide

  232. https://www.elastic.co/blog/shipping-kubernetes-logs-to-
    elasticsearch-with-filebeat

    View Slide

  233. Scaling

    View Slide

  234. Manual Scaling

    View Slide

  235. kubectl scale
    --replicas=3
    deployment/my-app

    View Slide

  236. AutoScaling

    View Slide

  237. View Slide

  238. https://kubernetes.io/docs/user-guide/horizontal-pod-
    autoscaling/

    View Slide

  239. Keeping services
    secure

    View Slide

  240. Docker Container
    Security

    View Slide

  241. https://kubernetes.io/docs/tasks/configure-pod-container/
    security-context/

    View Slide

  242. Role Based Access
    Control

    View Slide

  243. Users

    View Slide

  244. ServiceAccounts

    View Slide

  245. https://kubernetes.io/docs/admin/authorization/rbac/

    View Slide

  246. Summary

    View Slide

  247. Powerful

    View Slide

  248. Helpful

    View Slide

  249. Fast paced
    development

    View Slide

  250. https://gravitational.com/blog/kubernetes-release-cycle/

    View Slide

  251. Keep up to date

    View Slide

  252. Documentation

    View Slide

  253. https://kubernetes.io/docs/

    View Slide

  254. KubeCons

    View Slide

  255. https://www.youtube.com/channel/UCvqbFHwN-
    nwalWPjPUKpvTA

    View Slide

  256. http://speakerdeck.com/u/bastianhofmann

    View Slide

  257. http://twitter.com/BastianHofmann
    http://lanyrd.com/people/BastianHofmann
    http://speakerdeck.com/u/bastianhofmann
    [email protected]

    View Slide