Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Kubernetes

Bastian Hofmann
April 20, 2018
Programming
2
520

Introduction to Kubernetes

Getting started with Kubernetes Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this talk I will introduce you to Kubernetes, why you would want to use it and all the tooling around Kubernetes with the help of practical examples.

Bastian Hofmann

April 20, 2018
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
Monitoring in Kubernetes with Prometheus and Grafana
bastianhofmann
0
260
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
85
Highly available cross-region deployments with Kubernetes
bastianhofmann
1
120
From source to Kubernetes in 30 minutes
bastianhofmann
0
120
Introduction to Kubernetes
bastianhofmann
1
140
CI/CD with Kubernetes
bastianhofmann
0
140
Creating a fast Kubernetes Development Workflow
bastianhofmann
1
240
Deploying your first Micro-Service application to Kubernetes
bastianhofmann
2
160
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
160

Other Decks in Programming

See All in Programming
Elm Form Validation
bkuhlmann
0
510
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
680
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
930
Ruby GitHub Packages
bkuhlmann
0
630
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
250
Kotlin Multiplatform at Stable and Beyond (Android Makers 2024)
zsmb
0
290
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
1
110
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
380
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
360
PHPはいつから死んでいるかの調査
chiroruxx
1
400
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
210
SwiftUIで使いやすいToastの作り方 / How to build a Toast system which is easy to use in SwiftUI
lovee
3
150

Featured

See All Featured
A better future with KSS
kneath
231
16k
The Cult of Friendly URLs
andyhume
74
5.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
What's in a price? How to price your products and services
michaelherold
237
11k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Become a Pro
speakerdeck
PRO
11
4.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k

Transcript

  1. Introduction to Kubernetes @BastianHofmann

  2. None
  3. None
  4. None

  5. Container orchestration platform

  6. Deploy, run and scale your services in isolated containers

  7. Very Powerful

  8. Large community

  9. Lot’s of large company backers

  10. No vendor lock in

  11. Runs on

  12. AWS

  13. Azure

  14. Google Cloud Platform

  15. Bare metal

  16. Your laptop

  17. Minikube

  18. Included in Docker Desktop Clients

  19. Learning curve

  20. This talk is supposed to get you started

  21. I’m going to explain the basics

  22. I’ll start with deploying a simple PHP Web App

  23. and cover things like Logging, Monitoring,…

  24. But first

  25. Why containers?

  26. Services run in isolation

  27. Everything needed to run a service in one image

  28. Decouple Ops and Dev

  29. Make things …

  30. Easier to deploy

  31. Easier to upgrade system dependencies

  32. Easier to scale

  33. Easier to develop

  34. More performant than Virtual Machines

  35. None

  36. FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \

    apt-get install -y --no-install-recommends \ curl \ rm -rf /var/lib/apt/lists/* COPY composer.* /var/www/html/ ENV COMPOSER_HOME /tmp RUN composer install COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

  37. docker build -t symfony-demo:2.0.0 .

  38. docker run -p 8080:80 symfony-demo:2.0.0

  39. Kubernetes helps you running containers

  40. OK, sold

  41. Let’s define some core concepts first

  42. Kubernetes Cluster

  43. Image • A docker image built from a Dockerfile that

    contains everything a service needs to run

  44. • A container runs a docker image. • Only 1

    process can run inside of a container Container

  45. Pod • A group of 1 or more containers •

    Same port space • Ports are not accessible from outside of the pod

  46. Replica Set • Defines and manages how many instances of

    a pod should run

  47. Deployment • Manages updates and rollbacks of replica sets

  48. Service • Makes a port of a pod accessible to

    other pods

  49. Ingress • Makes a service accessible to the outside of

    Kubernetes

  50. Node • A physical server • Containers get distributed automatically

  51. ConfigMaps & Secrets • Configuration that can be mounted inside

    of a container

  52. Volumes • Volumes can be mounted into a container to

    access a ConfigMap, Secret or a folder on the host

  53. Namespaces • Dedicated environment to deploy services in

  54. Docker registries

  55. Example

  56. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD

  57. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD

  58. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 PHP Application POD PHP Application POD

  59. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2

    instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 https://php-app.k8s.foo.com:443/ PHP Application POD PHP Application POD

  60. To interact with Kubernetes

  61. Tooling

  62. kubectl

  63. $ kubectl get pods

  64. NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d

    nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

  65. REST API

  66. $ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/pods { "kind": "PodList",

    "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9", "generateName": "kubernetes-dashboard-5b5bf59977-", …

  67. kubernetes- dashboard https://github.com/kubernetes/dashboard

  68. None

  69. Helm The package manager for Kubernetes https://helm.sh/

  70. $ helm install stable/wordpress

  71. Practical example

  72. Preparations

  73. Install Docker Client

  74. $ brew cask install docker

  75. None

  76. Install helm

  77. $ brew install kubernetes-helm

  78. $ helm init

  79. Install kubernetes-dashboard

  80. ingress: enabled: true hosts: - kubernetes-dashboard.local.k8s

  81. $ helm install stable/kubernetes-dashboard -f kubernetes-dashboard.yaml

  82. Install nginx-ingress-controller

  83. rbac: create: true controller: hostNetwork: true

  84. $ helm install stable/nginx-ingress -f ingress-controller.yaml

  85. Let’s deploy the symphony demo app

  86. https://github.com/symfony/demo

  87. First the Dockerfile

  88. PHP

  89. Copy our code

  90. Build the project

  91. Composer install

  92. yarn install

  93. Build the image

  94. docker build -t symfony-demo:2.0.0 .

  95. Demo

  96. Since it’s all local we don’t need to push it

    to a registry

  97. Now we have to tell Kubernetes what to do with

    the image

  98. Resources are defined in YAML or JSON

  99. Deployment

  100. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: revisionHistoryLimit: 3

    template: metadata: labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.0.0 imagePullPolicy: Never ports: - containerPort: 80

  101. containers: - name: symfony-demo image: symfony-demo:1.0.0 imagePullPolicy: Never ports: -

    containerPort: 80 livenessProbe: httpGet: path: / port: 80 timeoutSeconds: 1 initialDelaySeconds: 10 readinessProbe: httpGet: path: / port: 80 timeoutSeconds: 1

  102. Many more options configurable

  103. •Setting environment variables •Mounting volumes •Requesting resources •Defining upgrade strategies

    •Defining command •Configure networking •Configure affinities •LifeCycle events •…

  104. Service

  105. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

    name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

  106. Ingress

  107. kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: -

    host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80

  108. Creating everything

  109. kubectl apply -f deployment/webapp.yaml

  110. None

  111. Rolling Deployments

  112. kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: revisionHistoryLimit: 3

    template: metadata: labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.1.0 imagePullPolicy: Never ports: - containerPort: 80

  113. kubectl apply -f deployment/webapp.yaml

  114. Demo

  115. These are the basics

  116. Let’s talk about some other interesting and important aspects

  117. There are other types of deploying things into Kubernetes

  118. DaemonSets

  119. Ensure that a pod runs once on every node

  120. Log collection daemon

  121. Monitoring agent

  122. Service mesh containers

  124. Basically works like deployments

  125. But roll out strategy is different

  126. CronJobs

  127. Regularly repeating jobs

  128. apiVersion: batch/v1beta1 kind: CronJob metadata: name: cron-job spec: schedule: "*/1

    * * * *" jobTemplate: spec: template: spec: containers: - name: cron-job image: your-cron-job restartPolicy: OnFailure

  129. How does Kubernetes work internally

  130. Service Discovery

  131. Within a pod

  132. Shared port namespace

  133. Separate file systems

  134. Separate process spaces

  135. Network wise everything behaves like localhost

  136. Between pods

  137. You have to expose ports with services

  138. kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: -

    name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

  139. Every service has a virtual IP address

  140. $ kubectl get service symfony-demo NAME TYPE CLUSTER-IP PORT(S) AGE

    symfony-demo ClusterIP 10.106.119.24 80/TCP 6d

  141. Discoverable in other containers by

  142. Environment Variables

  143. SYMFONY_DEMO_SERVICE_HOST=10.106.119.24 SYMFONY_DEMO_SERVICE_PORT=80

  144. DNS

  145. $ nslookup symfony-demo Server: 10.0.0.10 Address 1: 10.0.0.10 Name: symfony-demo

    Address 1: 10.106.119.24

  146. $ curl http://symfony-demo

  147. Alternatively

  148. Service Mesh

  149. LinkerD https://linkerd.io/

  150. Istio https://istio.io/

  151. Conduit https://conduit.io/

  152. Runs as

  153. DaemonSet

  154. Sidecar container

  155. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD

  156. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD

  157. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD

  158. PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application

    POD NODEJS LINKERD STATSD Other service POD NODEJS LINKERD STATSD Other service POD

  159. Benefits

  160. Advanced routing

  161. Prefer service in current namespace, fall back to default namespace

  162. Canary deployments

  163. A/B Testing

  164. Advanced monitoring

  165. None

  166. Profiling

  167. Zipkin https://zipkin.io/

  168. None

  169. Accessing Kubernetes from the outside

  170. Port forwarding through kubectl

  171. $ kubectl port-forward $POD_NAME 8080:80

  172. The ingress controller

  173. Nginx

  174. haproxy

  175. Istio

  177. A controller listens to all ingresses and routes traffic from

    the outside to the correct service

  178. kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: -

    host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80

  179. What about data?

  180. Storage

  181. Volumes

  182. https://kubernetes.io/docs/concepts/storage/volumes/

  183. apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: -

    image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}

  184. Persistent Storage

  185. You define a Persistent Volume, e.g. NFS

  186. Each pod can specify a Persistent Volume Claim

  187. And then mount the Claim into a Volume in a

    container

  188. https://kubernetes.io/docs/concepts/storage/persistent- volumes/

  189. Configuration

  190. Should not be included in the docker image

  191. ConfigMap

  192. Key/Value Store

  193. kind: ConfigMap apiVersion: v1 metadata: name: special-config data: special-key: value

    bool-value: true

  194. Can be accessed in a pod through environment variables

  195. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "env" ] env: - name: SPECIAL_KEY valueFrom: configMapKeyRef: name: special-config key: special-key

  196. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "env" ] envFrom: - configMapRef: name: special-config

  197. Can be accessed through volumes

  198. spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh",

    "-c", "ls /etc/config/" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config

  199. https://kubernetes.io/docs/tasks/configure-pod-container/ configure-pod-configmap/

  200. Secret

  201. Storage for sensitive information

  202. https://kubernetes.io/docs/concepts/configuration/secret

  203. Figuring out what’s going on inside Kubernetes

  204. Monitoring

  205. Heapster

  206. https://github.com/kubernetes/heapster

  207. Takes metrics from Kubernetes and stores them in a monitoring

    solution

  208. InfluxDB

  209. Prometheus

  210. Grafana for displaying the data

  211. None
  212. None

  213. https://blog.kublr.com/how-to-utilize-the-heapster-influxdb- grafana-stack-in-kubernetes-for-monitoring- pods-4a553f4d36c9

  214. Logging

  215. kubectl logs

  216. $ kubectl logs symfony-demo-5b75f5fc6-c7wr9

  217. Log to stdout & stderr

  218. Automatically written to disk

  219. DaemonSet Log collector

  220. • Logstash • Fluentd • Filebeat

  221. Central log management

  222. None

  223. https://www.elastic.co/blog/shipping-kubernetes-logs-to- elasticsearch-with-filebeat

  224. Scaling

  225. Manual Scaling

  226. kubectl scale --replicas=3 deployment/my-app

  227. AutoScaling

  228. None

  229. https://kubernetes.io/docs/user-guide/horizontal-pod- autoscaling/

  230. Summary

  231. Powerful

  232. Helpful

  233. Fast paced development

  234. https://gravitational.com/blog/kubernetes-release-cycle/

  235. Keep up to date

  236. Documentation

  237. https://kubernetes.io/docs/

  238. KubeCons

  239. https://www.youtube.com/channel/UCvqbFHwN- nwalWPjPUKpvTA

  240. http://speakerdeck.com/u/bastianhofmann

  241. http://twitter.com/BastianHofmann http://lanyrd.com/people/BastianHofmann http://speakerdeck.com/u/bastianhofmann [email protected]