Introduction to Kubernetes

Introduction to Kubernetes

Getting started with Kubernetes Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this talk I will introduce you to Kubernetes, why you would want to use it and all the tooling around Kubernetes with the help of practical examples.

Ded87c77266697ee6981c2277bb97633?s=128

Bastian Hofmann

April 20, 2018
Tweet

Transcript

  1. Introduction to Kubernetes @BastianHofmann

  2. None
  3. None
  4. None
  5. Container orchestration platform

  6. Deploy, run and scale your services in isolated containers

  7. Very Powerful

  8. Large community

  9. Lot’s of large company backers

  10. No vendor lock in

  11. Runs on

  12. AWS

  13. Azure

  14. Google Cloud Platform

  15. Bare metal

  16. Your laptop

  17. Minikube

  18. Included in Docker Desktop Clients

  19. Learning curve

  20. This talk is supposed to get you started

  21. I’m going to explain the basics

  22. I’ll start with deploying a simple PHP Web App

  23. and cover things like Logging, Monitoring,…

  24. But first

  25. Why containers?

  26. Services run in isolation

  27. Everything needed to run a service in one image

  28. Decouple Ops and Dev

  29. Make things …

  30. Easier to deploy

  31. Easier to upgrade system dependencies

  32. Easier to scale

  33. Easier to develop

  34. More performant than Virtual Machines

  35. None
  36. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends \ curl \ rm -rf /var/lib/apt/lists/* COPY composer.* /var/www/html/ ENV COMPOSER_HOME /tmp RUN composer install COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]
  37. docker build -t symfony-demo:2.0.0 .

  38. docker run -p 8080:80 symfony-demo:2.0.0

  39. Kubernetes helps you running containers

  40. OK, sold

  41. Let’s define some core concepts first

  42. Kubernetes Cluster

  43. Image • A docker image built from a Dockerfile that

    contains everything a service needs to run
  44. • A container runs a docker image. • Only 1

    process can run inside of a container Container
  45. Pod • A group of 1 or more containers •

    Same port space • Ports are not accessible from outside of the pod
  46. Replica Set • Defines and manages how many instances of

    a pod should run
  47. Deployment • Manages updates and rollbacks of replica sets

  48. Service • Makes a port of a pod accessible to

    other pods
  49. Ingress • Makes a service accessible to the outside of

    Kubernetes
  50. Node • A physical server • Containers get distributed automatically

  51. ConfigMaps & Secrets • Configuration that can be mounted inside

    of a container
  52. Volumes • Volumes can be mounted into a container to

    access a ConfigMap, Secret or a folder on the host
  53. Namespaces • Dedicated environment to deploy services in

  54. Docker registries

  55. Example

  56. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD
  57. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD
  58. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 PHP Application POD PHP Application POD
  59. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 https://php-app.k8s.foo.com:443/ PHP Application POD PHP Application POD
  60. To interact with Kubernetes

  61. Tooling

  62. kubectl

  63. $ kubectl get pods

  64. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d
  65. REST API

  66. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/pods { "kind": "PodList",

    "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9", "generateName": "kubernetes-dashboard-5b5bf59977-", …
  67. kubernetes- dashboard https://github.com/kubernetes/dashboard

  68. None
  69. Helm The package manager for Kubernetes https://helm.sh/

  70. $ helm install stable/wordpress

  71. Practical example

  72. Preparations

  73. Install Docker Client

  74. $ brew cask install docker

  75. None
  76. Install helm

  77. $ brew install kubernetes-helm

  78. $ helm init

  79. Install kubernetes-dashboard

  80. ingress: enabled: true hosts: - kubernetes-dashboard.local.k8s

  81. $ helm install stable/kubernetes-dashboard -f kubernetes-dashboard.yaml

  82. Install nginx-ingress-controller

  83. rbac: create: true controller: hostNetwork: true

  84. $ helm install stable/nginx-ingress -f ingress-controller.yaml

  85. Let’s deploy the symphony demo app

  86. https://github.com/symfony/demo

  87. First the Dockerfile

  88. PHP

  89. Copy our code

  90. Build the project

  91. Composer install

  92. yarn install

  93. Build the image

  94. docker build -t symfony-demo:2.0.0 .

  95. Demo

  96. Since it’s all local we don’t need to push it

    to a registry
  97. Now we have to tell Kubernetes what to do with

    the image
  98. Resources are defined in YAML or JSON

  99. Deployment

  100. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: revisionHistoryLimit: 3

    template: metadata: labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.0.0 imagePullPolicy: Never ports: - containerPort: 80
  101. containers: - name: symfony-demo image: symfony-demo:1.0.0 imagePullPolicy: Never ports: -

    containerPort: 80 livenessProbe: httpGet: path: / port: 80 timeoutSeconds: 1 initialDelaySeconds: 10 readinessProbe: httpGet: path: / port: 80 timeoutSeconds: 1
  102. Many more options configurable

  103. •Setting environment variables •Mounting volumes •Requesting resources •Defining upgrade strategies

    •Defining command •Configure networking •Configure affinities •LifeCycle events •…
  104. Service

  105. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

    name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo
  106. Ingress

  107. kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: -

    host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80
  108. Creating everything

  109. kubectl apply -f deployment/webapp.yaml

  110. None
  111. Rolling Deployments

  112. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: revisionHistoryLimit: 3

    template: metadata: labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.1.0 imagePullPolicy: Never ports: - containerPort: 80
  113. kubectl apply -f deployment/webapp.yaml

  114. Demo

  115. These are the basics

  116. Let’s talk about some other interesting and important aspects

  117. There are other types of deploying things into Kubernetes

  118. DaemonSets

  119. Ensure that a pod runs once on every node

  120. Log collection daemon

  121. Monitoring agent

  122. Service mesh containers

  123. Basically works like deployments

  124. But roll out strategy is different

  125. CronJobs

  126. Regularly repeating jobs

  127. apiVersion: batch/v1beta1 kind: CronJob metadata: name: cron-job spec: schedule: "*/1

    * * * *" jobTemplate: spec: template: spec: containers: - name: cron-job image: your-cron-job restartPolicy: OnFailure
  128. How does Kubernetes work internally

  129. Service Discovery

  130. Within a pod

  131. Shared port namespace

  132. Separate file systems

  133. Separate process spaces

  134. Network wise everything behaves like localhost

  135. Between pods

  136. You have to expose ports with services

  137. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

    name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo
  138. Every service has a virtual IP address

  139. $ kubectl get service symfony-demo NAME TYPE CLUSTER-IP PORT(S) AGE

    symfony-demo ClusterIP 10.106.119.24 80/TCP 6d
  140. Discoverable in other containers by

  141. Environment Variables

  142. SYMFONY_DEMO_SERVICE_HOST=10.106.119.24 SYMFONY_DEMO_SERVICE_PORT=80

  143. DNS

  144. $ nslookup symfony-demo Server: 10.0.0.10 Address 1: 10.0.0.10 Name: symfony-demo

    Address 1: 10.106.119.24
  145. $ curl http://symfony-demo

  146. Alternatively

  147. Service Mesh

  148. LinkerD https://linkerd.io/

  149. Istio https://istio.io/

  150. Conduit https://conduit.io/

  151. Runs as

  152. DaemonSet

  153. Sidecar container

  154. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD
  155. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD
  156. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD
  157. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD
  158. Benefits

  159. Advanced routing

  160. Prefer service in current namespace, fall back to default namespace

  161. Canary deployments

  162. A/B Testing

  163. Advanced monitoring

  164. None
  165. Profiling

  166. Zipkin https://zipkin.io/

  167. None
  168. Accessing Kubernetes from the outside

  169. Port forwarding through kubectl

  170. $ kubectl port-forward $POD_NAME 8080:80

  171. The ingress controller

  172. Nginx

  173. haproxy

  174. Istio

  175. A controller listens to all ingresses and routes traffic from

    the outside to the correct service
  176. kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: -

    host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80
  177. What about data?

  178. Storage

  179. Volumes

  180. https://kubernetes.io/docs/concepts/storage/volumes/

  181. apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: -

    image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}
  182. Persistent Storage

  183. You define a Persistent Volume, e.g. NFS

  184. Each pod can specify a Persistent Volume Claim

  185. And then mount the Claim into a Volume in a

    container
  186. https://kubernetes.io/docs/concepts/storage/persistent- volumes/

  187. Configuration

  188. Should not be included in the docker image

  189. ConfigMap

  190. Key/Value Store

  191. kind: ConfigMap apiVersion: v1 metadata: name: special-config data: special-key: value

    bool-value: true
  192. Can be accessed in a pod through environment variables

  193. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "env" ] env: - name: SPECIAL_KEY valueFrom: configMapKeyRef: name: special-config key: special-key
  194. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "env" ] envFrom: - configMapRef: name: special-config
  195. Can be accessed through volumes

  196. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "ls /etc/config/" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config
  197. https://kubernetes.io/docs/tasks/configure-pod-container/ configure-pod-configmap/

  198. Secret

  199. Storage for sensitive information

  200. https://kubernetes.io/docs/concepts/configuration/secret

  201. Figuring out what’s going on inside Kubernetes

  202. Monitoring

  203. Heapster

  204. https://github.com/kubernetes/heapster

  205. Takes metrics from Kubernetes and stores them in a monitoring

    solution
  206. InfluxDB

  207. Prometheus

  208. Grafana for displaying the data

  209. None
  210. None
  211. https://blog.kublr.com/how-to-utilize-the-heapster-influxdb- grafana-stack-in-kubernetes-for-monitoring- pods-4a553f4d36c9

  212. Logging

  213. kubectl logs

  214. $ kubectl logs symfony-demo-5b75f5fc6-c7wr9

  215. Log to stdout & stderr

  216. Automatically written to disk

  217. DaemonSet Log collector

  218. • Logstash • Fluentd • Filebeat

  219. Central log management

  220. None
  221. https://www.elastic.co/blog/shipping-kubernetes-logs-to- elasticsearch-with-filebeat

  222. Scaling

  223. Manual Scaling

  224. kubectl scale --replicas=3 deployment/my-app

  225. AutoScaling

  226. None
  227. https://kubernetes.io/docs/user-guide/horizontal-pod- autoscaling/

  228. Summary

  229. Powerful

  230. Helpful

  231. Fast paced development

  232. https://gravitational.com/blog/kubernetes-release-cycle/

  233. Keep up to date

  234. Documentation

  235. https://kubernetes.io/docs/

  236. KubeCons

  237. https://www.youtube.com/channel/UCvqbFHwN- nwalWPjPUKpvTA

  238. http://speakerdeck.com/u/bastianhofmann

  239. http://twitter.com/BastianHofmann http://lanyrd.com/people/BastianHofmann http://speakerdeck.com/u/bastianhofmann mail@bastianhofmann.de