Compete Guide to Kubernetes

@benzvan KUBERNETES THE COMPLEAT GUIDE TO ABRIDGED

@benzvan

@benzvan KUBERNETES? WHAT IS

@benzvan WHO IS THIS GUY? -Ben Zvan IMG: ben zvan

@benzvan A WORLD OF PAIN IN THE BEGINNING IMG: ben
zvan

@benzvan MORE PAIN AND THEN… IMG: ben zvan

@benzvan A BETTER PLACE NOW IMG: target.com

@benzvan COMPUTERS SERVERS AND IMG: ben zvan

@benzvan

@benzvan TOMCAT HAS AN API‽ -Ben Zvan IMG: ben zvan

@benzvan COMPUTERS VIRTUAL SERVERS AND

@benzvan CHEF PUPPET

@benzvan

@benzvan # v1.0 # Doesn’t care # v1.1 # installs
package package { 'cowsay': ensure => installed, } # v1.2 # deletes package package { 'cowsay': ensure => absent, } “Rolling back” with puppet

@benzvan FALLING BEHIND I WAS IMG: NASA

@benzvan SPINNAKER IS THE BEST! literally no-one ever

@benzvan SPINNER-KER? SPINNY-CURR?

@benzvan THANKS FOR THE HISTORY LESSON, BEN. CAN WE TALK
ABOUT KUBERNETES YET? You, probably TEXT

@benzvan CONTAINER ORCHESTRATION PLATFORM WHAT IS KUBERNETES?

@benzvan NAMESPACES + CGROUPS WHAT IS CONTAINER?

@benzvan IMG: docker.io

@benzvan 11:11:00 ~ $ docker run -it centos Unable to
find image 'centos:latest' locally latest: Pulling from library/centos 469cfcc7a4b3: Pull complete Digest: sha256:989b936d56b1ace20ddf855a301741e52abca38286382cba7f44443210e96d16 Status: Downloaded newer image for centos:latest [root@a742f712d4e6 /]# cat /etc/centos-release CentOS Linux release 7.4.1708 (Core)

@benzvan # conference-talk-title FROM php:7.0-apache MAINTAINER [email protected] RUN apt-get update
&& \ ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load COPY src/main/webapp/ /var/www/html/ EXPOSE 80

@benzvan KUBERNETES? SO WHAT IS

@benzvan $ docker run -d conference-title:latest $ systemctl start httpd
$ docker run -d -p 80:80 conference-title:latest Running apps in containers

@benzvan APP APP BINS/LIBS GUEST VM OS APP BINS/LIBS GUEST
VM OS HYPERVISOR VM HOST OS APP BINS/LIBS CONTAINER ENGINE CONTAINER HOST OS APP BINS/LIBS APP BINS/LIBS K8s pod K8s pod

@benzvan SERVICE { TYPE: LOAD BALANCER } DEPLOYMENT POD 1
POD 2 POD 3 POD 4 … POD N

@benzvan IMG: https://octodex.github.com/femalecodertocat

@benzvan # conference-talk-title FROM php:7.0-apache MAINTAINER [email protected] RUN apt-get update
&& \ ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load COPY src/main/webapp/ /var/www/html/ EXPOSE 80

@benzvan $ docker build . -t conference-title:latest $ docker run
-d -p 80:80 conference-title:latest

@benzvan IMG: http://conferencetitle.zvan.net/ cc-by-sa

@benzvan $ docker build . -t conference-title:latest $ docker push
conference-title:latest

@benzvan IMG: https://octodex.github.com/femalecodertocat

@benzvan # run tests on PR and push to master
test-code: when: branch: [ master ] event: [ push, pull_request ] image: php:7.0-apache commands: - ./runtests.sh

@benzvan # test docker build on PR test-build: when: branch:
[ master ] event: pull_request image: plugins/docker registry: us.gcr.io repo: us.gcr.io/project-name/conference-title secrets: - source: gcr_password target: plugin_password username: repo-user build_args: - version=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:7} - module=${DRONE_REPO_NAME} tags: - latest - "${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:7}" insecure: false force_tag: true dry_run: true

@benzvan # publish container on merge to master test-build: when:
branch: [ master ] event: push image: plugins/docker registry: us.gcr.io repo: us.gcr.io/project-name/conference-title secrets: - source: gcr_password target: plugin_password username: repo-user build_args: - version=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:7} - module=${DRONE_REPO_NAME} tags: - latest - "${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:7}" insecure: false force_tag: true

@benzvan $ kubectl run conference-title --image=conference-title:latest --port=80 $ kubectl expose
deployment conference-title —type=LoadBalancer

@benzvan apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: run: conference-title name:
conference-title namespace: default spec: replicas: 3 selector: matchLabels: run: conference-title strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: run: conference-title spec: containers: - image: us.gcr.io/project-name/conference-title:latest imagePullPolicy: Always name: conference-title ports: - containerPort: 80 protocol: TCP terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler terminationGracePeriodSeconds: 30

@benzvan apiVersion: v1 kind: Service metadata: name: conference-title spec: type:
LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP name: conference-title selector: app: conference-title clusterIP: x.x.x.x

@benzvan $ kubectl apply -f conference-title.yaml

@benzvan spec: containers: - image: us.gcr.io/project-name/conference-title:latest imagePullPolicy: Always name: conference-title
ports: - containerPort: 80 protocol: TCP

@benzvan spec: replicas: 3 selector: matchLabels: run: conference-title strategy: rollingUpdate:
maxSurge: 1 maxUnavailable: 1 type: RollingUpdate

@benzvan $ kubectl config use-context conference-title-dev $ kubectl set image
deployment/conference-title conference-title=conference-title:1.0.1 $ kubectl rollout deployment/conference-title $ kubectl rollout undo deployment/conference-title

@benzvan $ kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret spec:
containers: - env: - name: ENVIRONMENT_VARIABLE valueFrom: secretKeyRef: key: key1 name: my-secret - name: ANOTHER_ENVIRONMENT_VARIABLE valueFrom: secretKeyRef: key: key2 name: my-secret

@benzvan $ kubectl apply -f conference-title.yaml

@benzvan HELM? SO WHAT IS

@benzvan TILLER

@benzvan $ helm create conference-title $ exa -T conference-title/  conference-title 
"## Chart.yaml  "## charts  "## templates  $ "## _helpers.tpl $ "## deployment.yaml  $ "## NOTES.txt  $ %## service.yaml  %## values.yaml

@benzvan apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ template "fullname"
. }} labels: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" spec: replicas: {{ .Values.replicaCount }} template: metadata: labels: app: {{ template "fullname" . }} spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} livenessProbe: httpGet: path: / port: {{ .Values.service.internalPort }} readinessProbe: httpGet: path: / port: {{ .Values.service.internalPort }} resources: {{ toYaml .Values.resources | indent 12 }} apiVersion: extensions/v1beta1 kind: Deployment metadata: name: conference-title spec: replicas: 3 spec: containers: - name: conference-title image: “us.gcr.io***" imagePullPolicy: always ports: - containerPort: 80 livenessProbe: httpGet: path: / port: 80 readinessProbe: httpGet: path: / port: 80

@benzvan replicaCount: 1 image: repository: us.gcr.io tag: latest pullPolicy: Always
service: name: conference-title type: ClusterIP externalPort: 80 internalPort: 80 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi

@benzvan $ helm install \ --kube-context conference-title-dev \ --tiller-namespace conference-title
\ conference-title \ --values development.yaml

@benzvan

@benzvan helm_deploy: when: branch: [ master ] event: push image:
quay.io/ipedrazas/drone-helm skip_tls_verify: true chart: conference-title values: image.repository=us.gcr.io…***,image.tag=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:7} values_files: - deploy/app.yaml - deploy/dev.yaml release: ${DRONE_REPO_NAME}-${DRONE_BRANCH}

@benzvan KUBERNETES? READY FOR THE AMAZING

@benzvan * docker.io  * kubernetes.io * helm.sh * drone.io   
$ brew install kubernetes-cli  $ brew install kubernetes-helm

@benzvan KUBERNETES! DOWNSIDES OF

@benzvan RADICALLY EPHEMERAL PODS ARE

@benzvan NOT FIREWALLS PODS ARE IMG: ben zvan

@benzvan apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: conference-title namespace: conference-title-dev
spec: maxReplicas: 5 minReplicas: 1 scaleTargetRef: apiVersion: extensions/v1beta1 kind: Deployment name: conference-title targetCPUUtilizationPercentage: 60

@benzvan CUSTOM METRICS BUILD YOUR OWN IMG: ben zvan

@benzvan GOOD DESIGN KUBERNETES LIKES IMG: ben zvan

@benzvan IMMUTABLE VMS? WHY NOT

@benzvan spec: replicas: 3 selector: matchLabels: run: conference-title strategy: rollingUpdate:
maxSurge: 1 maxUnavailable: 1 type: RollingUpdate

@benzvan CRON LETS TALK ABOUT IMG: ben zvan

@benzvan To: [email protected] Loaded plugins: priorities, update-motd, upgrade-helper No packages
marked for update

@benzvan CRON LETS ELIMINATE IMG: lucasﬁlm

@benzvan BUT I REALLY NEED CRON -you, I guess? IMG:
ben zvan

@benzvan apiVersion: batch/v2alpha1 kind: CronJob metadata: labels: name: annoying-cron-job namespace:
conference-title-dev spec: concurrencyPolicy: Forbid failedJobsHistoryLimit: 3 schedule: '*/10 * * * *' successfulJobsHistoryLimit: 3 suspend: false jobTemplate: spec: template: spec: containers: * pretty much a regular deployment spec after this *

@benzvan CRONJOB JOB POD POD CONTAINER PROCESS CONTAINER PROCESS CONTAINER
PROCESS

@benzvan * docker.io  * kubernetes.io * helm.sh * drone.io   
$ brew install kubernetes-cli  $ brew install kubernetes-helm #slack  -> @ben.zvan -> #kubernetes

@benzvan ANY QUESTIONS? -brain on drugs commercial IMG: ben zvan

Compete Guide to Kubernetes

Compete Guide to Kubernetes

More Decks by Ben Zvan

Other Decks in Technology

Featured

Transcript