tell us what you want to learn! • Ecosystem • Quarterly meetups or more frequently if possible • Looking for sponsors, organizers, speakers (reach us via meetup.com) 4
interfering with each other Scheduling: Where should my job be run? Lifecycle: Keep my job running Discovery: Where is my job now? Constituency: Who is part of my job? Scale-up: Making my jobs bigger or smaller Auth{n,z}: Who can do things to my job? Monitoring: What’s happening with my job? Health: How is my job feeling?
the clusters • When clusters consist of multiple nodes • When complex containerized applications are deployed Controls different aspects of containers lifecycle • Placement and initial deployment • Scaling and replication Allows moving from from a host-centric infrastructure to a container-centric infrastructure Container Orchestration Definition
of the word “Governor” and “Cybernetics” • Container automation framework. • 100 %Open source, written in Go • K8s is an abbreviation derived by replacing the8letters "ubernete" with 8. Manage applications, not machines!
16 Co-locating helper processes Mounting storage systems Distributing secrets Application health checking Replicating application instances horizontal auto-scaling Naming and discovery Load balancing Rolling updates resource Monitoring Log access and ingestion support for debugging
and later Omega from Google • Runs hundreds of thousands of jobs.. • ..for many thousands of different applications (YouTube, Search Index, Maps, etc.).. • ..across a number of clusters (hundreds).. • ..each with up to tens of thousands of machines.. • Borg currently manages many millions of physical servers! • ~50K machines / SRE • In production since 2003! • Offers a declarative job specification language, name service integration, real-time job monitoring, and tools to analyze and simulate system behavior.
every day! • Huge spikes / demand for tickets • Global company = across time zones • Limited inventory (Beyonce Tickets!) • Multiple sales channels 0 to 150M transactions in minutes! BIG SCALE, BIG CHALLENGES Solution: • K8S + Tectonic • Fully automated = 60 second app updates • High Confidence • Unlocked Daily Delivery Culture
SLOs • Guaranteed SLO for <=5000 nodes • 150,000 podes supported • No more than 300 000 total containers • No more than 100 pods per node Note: Respecting <1s pod-startup policy
Each SIG has a Lead, meetings and Slack channel • Release cycles ~ 3 months • Features go through Alpha, Beta, Stable cycle • Incubator: kubespray, bootkube and more • Graduated: Helm, Kompose
specification proposed by CoreOS and adopted by Kubernetes. CNI is currnetly part of CNCF Goal of CNI: • To make network layer easy pluggable • CNM is not good option for K8s • Avoid code duplication Third-party CNI plugins: • flannel • weave • calico • Contiv and many more
on any machine able to access the API server $ kubectl run echoserver \ --image=gcr.io/google_containers/echoserver:1.4 \ --port=8080 deployment "echoserver" created
allows to: • get an overview of applications running on the cluster • deploy containerized applications to a Kubernetes cluster • troubleshoot containerized applications • manage the cluster and its resources itself (Optional) Deployed as an Addon
Compute Resources 2. Provisioning the CA and Generating TLS Certificates 3. Generating Kubernetes Configuration Files for Authentication 4. Generating the Data Encryption Config and Key 5. Bootstrapping the etcd Cluster 6. Bootstrapping the Kubernetes Control Plane 7. Bootstrapping the Kubernetes Worker Nodes 8. Configuring kubectl for Remote Access 9. Provisioning Pod Network Routes 10. Deploying the DNS Cluster Add-on
kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3
kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3
kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 Node join complete.
that allows to start Kubernetes cluster with 3 commands. The kubeadm tool is currently in alpha, however planned to be Beta soon. CONS • Infrastructure needs to be provisioned separately with Terrafom or similiar • Currently Alpha • Currently NON-HA • OpenStack cloudprovider experimental PROS • Advanced TLS BootStrap • All Kubernetes Features (RBAC, Calico, and etc.) • Always Up to date and close to upstream • Simple to use (3 commands to start a basic cluster ) • Runs anywhere • Can be further automated with (ansible, chef)
Kubernetes Incubator project that allows to deploy a Kubernetes cluster on Bare Metal, AWS, GCE and Openstack by using a combination of Terraform and Ansible playbooks.
Kubernetes Incubator project that allows to deploy a Kubernetes cluster on Bare Metal, AWS, GCE and Openstack by using a combination of Terraform and Ansible playbooks. PROS • Capable of provisioning Openstack resources • Can deploy a Multi-Master/HA kubernetes cluster • Runs K8s cluster components as containers • Support most popular Linux distributions • Choose the network plugin to be used within the cluster: ◦ Flannel: gre/vxlan (layer 2) networking ◦ Weave: lightweight container overlay network ◦ Calico: bgp (layer 3) networking • Running latest K8s 1.4 • TLS secured endpoints. • Provides DNS Addon integration CONS • KubeSpray is a great tool for advanced users. Can be used for integration with automation tools since KubeSpray provides a CLI only for deployment of K8s cluster. Therefore it is not very suitable for users or developers who are not comfortable with Ansible, Openstack env. and KubeSpray config file which has huge number of options.
lets you deploy production-grade, highly available, Kubernetes clusters from the command line. Deployment is currently supported on Amazon Web Services (AWS), with more platforms planned. KOPs 73
Volume Consumers git Repo Small group of containers & volumes Logical application Containers within a pod are tightly coupled Shared namespaces • Containers in a pod share IP, port and IPC namespaces • Containers in a pod talk to each other through localhost Ephemeral
improvements • Dashboard improvements • Pod Security Policy 1.5 • Introduction of CRI (Alpha) • Stateful Sets (Beta) • OpenAPI support • Support for Windows • Server-based containers (Alpha)
cncfcanada
cassininazir
popppiees
eileencodes
retrage
rkendrick25
.png){kind=avatar}
helenjbeal
mza
427marketing
62gerente
rmw
bermonpainter
tamaranovitovic
![• RBAC [Stable] • Network Policy Egress Traffic [Beta] •](https://files.speakerdeck.com/presentations/8a0024c0de6040d29d4df61dc4ea28ad/slide_112.jpg){kind=link}