K8s_Meetup_Kitchener_N1_101

Transcript

1. Kubernetes Kitchener-Waterloo Welcome!

2. Thank you!

3. Page Introduction 3 Organizers of Toronto, Montreal, Ottawa, QC City,

   Kitchener-Waterloo meetups , a CloudOps initiative • Ayrat (Archy) Khayretdinov • Julia Simon

4. Page Kubernetes Kitchener-Waterloo - Plans for 2017-2018 • Community-driven -

   tell us what you want to learn! • Ecosystem • Quarterly meetups or more frequently if possible • Looking for sponsors, organizers, speakers (reach us via meetup.com) 4

5. http://K8scanadaslack.herokuapp.com Join the K8s Canada on Slack

6. Hands-on Vendor Agnostic Workshops Deepen your knowledge of containers and

   microservices and their ecosystems. • Docker and Kubernetes (2 days) • CI/CD (1 day) • Docker and Kubernetes Operations (2 days) • Kubernetes on Google Cloud (2 days) • Kubernetes on Azure (2 days) • Kubernetes on AWS (2 days) cloudops.com/docker-and-kubernetes-workshops [email protected]

7. cloudops.com @cloudops_ Page Introductions: Instructor 7 Ayrat Khayretdinov • OpenStack

   & K8s Engineer and Technical Instructor at CloudOps • Kubernetes Openstack SIG • OpenStack-Helm • Organizer of K8s and Openstack meetups in Canada

8. Kitchener K8s Meetup Q4 • State of Container technologies •

   History of Kubernetes • Architecture Kubernetes • Kubernetes 101 • Workshop

9. Page I’m “Dockerized”, Now What? 9 Isolation: Keep jobs from

   interfering with each other Scheduling: Where should my job be run? Lifecycle: Keep my job running Discovery: Where is my job now? Constituency: Who is part of my job? Scale-up: Making my jobs bigger or smaller Auth{n,z}: Who can do things to my job? Monitoring: What’s happening with my job? Health: How is my job feeling?

10. cloudops.com @cloudops_ Is an ability to coordinate the containers in

    the clusters • When clusters consist of multiple nodes • When complex containerized applications are deployed Controls different aspects of containers lifecycle • Placement and initial deployment • Scaling and replication Allows moving from from a host-centric infrastructure to a container-centric infrastructure Container Orchestration Definition

11. cloudops.com @cloudops_ Container Orchestration Landscape

12. © 2015 Rancher Labs, Inc. 12

13. © 2015 Rancher Labs, Inc. 13

14. cloudops.com @cloudops_ Reason N1 Kubernetes Origin

15. Page 15 Kubernetes • Greek for “Helmsman”; also the root

    of the word “Governor” and “Cybernetics” • Container automation framework. • 100 %Open source, written in Go • K8s is an abbreviation derived by replacing the8letters "ubernete" with 8. Manage applications, not machines!

16. Page A Toolkit for Running Containerized Distributed Systems in Production

    16 Co-locating helper processes Mounting storage systems Distributing secrets Application health checking Replicating application instances horizontal auto-scaling Naming and discovery Load balancing Rolling updates resource Monitoring Log access and ingestion support for debugging

17. Page Reason N1 Kubernetes Origin 17 Inspired by Borg …

    and later Omega from Google • Runs hundreds of thousands of jobs.. • ..for many thousands of different applications (YouTube, Search Index, Maps, etc.).. • ..across a number of clusters (hundreds).. • ..each with up to tens of thousands of machines.. • Borg currently manages many millions of physical servers! • ~50K machines / SRE • In production since 2003! • Offers a declarative job specification language, name service integration, real-time job monitoring, and tools to analyze and simulate system behavior.

18. cloudops.com @cloudops_ Reason N2 Production Adoption

19. cloudops.com @cloudops_ Pokemon GO (Gaming)

20. cloudops.com @cloudops_ Github (SAS based Software)

21. Ticketmaster - CoreOS Tectonic Summit 2016 Onsales = Black Friday

    every day! • Huge spikes / demand for tickets • Global company = across time zones • Limited inventory (Beyonce Tickets!) • Multiple sales channels 0 to 150M transactions in minutes! BIG SCALE, BIG CHALLENGES Solution: • K8S + Tectonic • Fully automated = 60 second app updates • High Confidence • Unlocked Daily Delivery Culture

22. cloudops.com @cloudops_

23. cloudops.com @cloudops_ Reason N3 Docker supports K8s

24. cloudops.com @cloudops_

25. Reason N4 Kubernetes Community & Ecosystem

26. Velocity 1.0 1.1 1.2 1.3 Total Commits Commits Since July

    2014 1.4 1.5 1.6

27. Page 27 ~4k Commits in 1.5 +25% Unique Contributors Top

    0.01% of all Github Projects 3500+ External Projects Based on K8s Companies Contributing Companies Using Community

28. Page 28

29. Page 29 Scalabilty v1.8 Goal: Support Large clusters & meet

    SLOs • Guaranteed SLO for <=5000 nodes • 150,000 podes supported • No more than 300 000 total containers • No more than 100 pods per node Note: Respecting <1s pod-startup policy

30. Page 30 Kubernetes Community • Special Interest Groups (SIGs) •

    Each SIG has a Lead, meetings and Slack channel • Release cycles ~ 3 months • Features go through Alpha, Beta, Stable cycle • Incubator: kubespray, bootkube and more • Graduated: Helm, Kompose

31. Kubecon 2017 Europe in Berlin

32. Kubecon 2017 North America Austin

33. Craig McLuckie Founder, CTO of Heptio Kubernetes key people Kelsey

    Hightower Developer advocate @Google Joe Beda Founder, CTO of Heptio Tim Hockin Developer @Google Brendan Burns Founder of kubernetes

34. Kelsey Hightower Kelsey Hightower Developer advocate

35. Kelsey Hightower Kelsey Hightower Developer advocate

36. Kelsey Hightower Kelsey Hightower Developer advocate

37. Key Players MONETIZATION STRATEGIES

38. Complementary Vendors and OpenSource tools NAMES WE HEAR, WHEN IT

    COMES TO… Deployment Configuration Management Storage Monitoring Networking Tectonic Kismatic Kubeadm Kops Kargo GKE ACS GiantSwarm StackPointCloud Terraform Ansible SaltStack Chef Cloudproviders GlusterFS Portworx Trident NetApp NFS Ceph/Rook Minio LongHorn Datagod Heapster Prometheus Sysdig Telegraf Hawkular Cloudproviders Calico Flannel Canal Weaveworks Envoy/Istio Contrail Contiv Romano

39. Kubernetes (K8s) 101 Architecture, Concepts and Features

40. Page Architecture 40

41. Page Container Runtime Interface (CRI) 1.7 - GA 41 AVOID

    LOCK-IN Goal of CRI: • Remove docker kubelet code of out Kubernetes • Simplify integration of K8s with other runtimes CRI runtimes • cri-docker • rktlet • cri-o (based on OCI) • cri-containerd (alpha) • virtlet (alpha) • frakti (alpha)

42. Page 42 Architecture

43. Page 43 Container Network Interface (CNI) 43 CNI is a

    specification proposed by CoreOS and adopted by Kubernetes. CNI is currnetly part of CNCF Goal of CNI: • To make network layer easy pluggable • CNM is not good option for K8s • Avoid code duplication Third-party CNI plugins: • flannel • weave • calico • Contiv and many more

44. Page 44 What about Windows ? 44

45. Page 45 Cloud Providers

46. Page Cloud Providers

47. Page Where you can run Kubernetes ? 47 • From

    Scratch • Public Cloud ◦ GCE, Amazon, Azure • Private Cloud ◦ OpenStack ◦ CloudStack • Bare-Metal • Hosted • On premises VMs ◦ VMware • Local-machine Solutions

48. How to use Kubernetes?

49. cloudops.com @cloudops_ Page Kubernetes CLI (kubectl) 49 Can be installed

    on any machine able to access the API server $ kubectl run echoserver \ --image=gcr.io/google_containers/echoserver:1.4 \ --port=8080 deployment "echoserver" created

50. cloudops.com @cloudops_ Page Kubernetes Web UI (Dashboard) 50 Dashboard UI

    allows to: • get an overview of applications running on the cluster • deploy containerized applications to a Kubernetes cluster • troubleshoot containerized applications • manage the cluster and its resources itself (Optional) Deployed as an Addon

51. cloudops.com @cloudops_ Page 51

52. Page Kubernetes Pod Manifest 52 apiVersion: v1 kind: Pod metadata:

    name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 1 - kubernetes API version

53. Page Kubernetes Pod Manifest 53 apiVersion: v1 kind: Pod metadata:

    name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 2 - Type of kubernetes object

54. Page Kubernetes Pod Manifest 54 apiVersion: v1 kind: Pod metadata:

    name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 3 - Pod metadata (name, labels, annotations)

55. Page Kubernetes Pod Manifest 55 apiVersion: v1 kind: Pod metadata:

    name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 4 - Pod specifications: (list of containers, volumes, ports etc.)

56. Page Example: Creating a Pod Create a pod: $ kubectl

    create -f nginx.yaml pod "nginx" created List all created pod: $ kubectl get pods NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 32s

57. Kubernetes Commercial Platforms Google Container Engine (GKE)

58. Kubernetes Cluter

59. cloudops.com @cloudops_ Page Kubernetes The Hard Way 59 Kelsey Hightower

    Developer advocate

60. cloudops.com @cloudops_ Page Kubernetes The Hard Way 60 1. Provisioning

    Compute Resources 2. Provisioning the CA and Generating TLS Certificates 3. Generating Kubernetes Configuration Files for Authentication 4. Generating the Data Encryption Config and Key 5. Bootstrapping the etcd Cluster 6. Bootstrapping the Kubernetes Control Plane 7. Bootstrapping the Kubernetes Worker Nodes 8. Configuring kubectl for Remote Access 9. Provisioning Pod Network Routes 10. Deploying the DNS Cluster Add-on

61. Page Minikube 61 Develop and test K8s apps locally Develop

    against local K8s Cluster Status: GA since Kubernetes 1.3 Check out: Minikube repo! Limitations: Cloud Provider features

62. cloudops.com @cloudops_ KubeAdm

63. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init

64. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3

65. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3

66. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 Node join complete.

67. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 Node join complete. master.myco.com# kubectl apply -f https://git.io/weave-kube

68. Steps: Simplified Setup master.myco.com# apt-get install -y kubelet kubeadm kubectl

    kubernetes-cni master.myco.com# kubeadm init Kubernetes master initialized successfully! You can now join any number of nodes by running the following command: kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 node-01.myco.com# apt-get install -y kubelet kubeadm kubectl kubernetes-cni node-01.myco.com# kubeadm join --token 48b69e.b61e2d0dd5c 10.140.0.3 Node join complete. master.myco.com# kubectl apply -f https://git.io/weave-kube Network setup complete.

69. cloudops.com @cloudops_ Page KubeAdm Kubeadm is the official Kubernetes Project

    that allows to start Kubernetes cluster with 3 commands. The kubeadm tool is currently in alpha, however planned to be Beta soon. CONS • Infrastructure needs to be provisioned separately with Terrafom or similiar • Currently Alpha • Currently NON-HA • OpenStack cloudprovider experimental PROS • Advanced TLS BootStrap • All Kubernetes Features (RBAC, Calico, and etc.) • Always Up to date and close to upstream • Simple to use (3 commands to start a basic cluster ) • Runs anywhere • Can be further automated with (ansible, chef)

70. cloudops.com @cloudops_ KubeSpray incubated Kubernetes community project for deploying K8s

    clusters on premises or in the cloud.

71. cloudops.com @cloudops_ Page KubeSpray (ex. Kargo) 71 KubeSpray is a

    Kubernetes Incubator project that allows to deploy a Kubernetes cluster on Bare Metal, AWS, GCE and Openstack by using a combination of Terraform and Ansible playbooks.

72. cloudops.com @cloudops_ Page KubeSpray (ex. Kargo) 72 KubeSpray is a

    Kubernetes Incubator project that allows to deploy a Kubernetes cluster on Bare Metal, AWS, GCE and Openstack by using a combination of Terraform and Ansible playbooks. PROS • Capable of provisioning Openstack resources • Can deploy a Multi-Master/HA kubernetes cluster • Runs K8s cluster components as containers • Support most popular Linux distributions • Choose the network plugin to be used within the cluster: ◦ Flannel: gre/vxlan (layer 2) networking ◦ Weave: lightweight container overlay network ◦ Calico: bgp (layer 3) networking • Running latest K8s 1.4 • TLS secured endpoints. • Provides DNS Addon integration CONS • KubeSpray is a great tool for advanced users. Can be used for integration with automation tools since KubeSpray provides a CLI only for deployment of K8s cluster. Therefore it is not very suitable for users or developers who are not comfortable with Ansible, Openstack env. and KubeSpray config file which has huge number of options.

73. Page KOPS (Kubernetes Operations) - kubectl for K8s clusters. Kops

    lets you deploy production-grade, highly available, Kubernetes clusters from the command line. Deployment is currently supported on Amazon Web Services (AWS), with more platforms planned. KOPs 73

74. Kubernetes Concepts

75. Pods

76. Page Concept: Pods 76 Pod Git Synchronizer Node.js App Container

    Volume Consumers git Repo Small group of containers & volumes Logical application Containers within a pod are tightly coupled Shared namespaces • Containers in a pod share IP, port and IPC namespaces • Containers in a pod talk to each other through localhost Ephemeral

77. Page Kubernetes Pod Manifest 77 apiVersion: v1 kind: Pod metadata:

    name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80

78. Page Example: Creating a Pod Create a pod: $ kubectl

    create -f nginx.yaml pod "nginx" created List all created pod: $ kubectl get pods NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 32s

79. DB API Frontend Labels

80. Page Kubernetes Pod Manifest with Label 80 apiVersion: v1 kind:

    Pod metadata: labels: app: frontend name: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80

81. DB API Frontend Deployments

82. Page Deployment - (Replication Controller v2) 82 82 ... Defines

    a desired state for logical group of Pods • Replica Sets (RS) Features • Replication • Rolling upgrade

83. cloudops.com @cloudops_ Replication

84. Page Deployments (Replication Controllers V2) 84 node 1 f0118 node

    3 node 4 node 2 d9376 b0111 a1209 Replication Controller - Desired = 4 - Current = 4

85. Page Deployments (Replication Controllers V2) 85 node 1 f0118 node

    3 node 4 node 2 d9376 b0111 a1209 Replication Controller - Desired = 4 - Current = 4

86. Page Deployments (Replication Controllers V2) 86 node 1 f0118 node

    3 node 4 b0111 a1209 Replication Controller - Desired = 4 - Current = 3

87. Page Deployments (Replication Controllers V2) 87 node 1 f0118 node

    3 node 4 c9bad a1209 Replication Controller - Desired = 4 - Current = 4 b0111

88. cloudops.com @cloudops_ Rolling Update

89. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1

90. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

91. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

92. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

93. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2

94. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

95. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

96. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

97. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2

98. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

99. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

100. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

     v1 Pod app v2 Pod app v2 Pod app v2

101. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

     v1 Pod app v2 Pod app v2 Pod app v2

102. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

     v2 Pod app v2 Pod app v2

103. Page Example: Defining a Replication Controller template: metadata: name: nginx

     labels: app: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80 apiVersion: apps/v1beta2 kind: Deployment metadata: name: nginx spec: replicas: 3 selector: app: nginx template: ... Pod template

104. DB API Frontend Services

105. Page Concept: Services 105 • A group of pods that

     act as one == Service – group == selector • Services Types: – Load balanced (from CloudProvider) – NodePort (Minikube) – ClusterIP (interal only) – Ingress (HTTP/ HTTPS) Portal (VIP) Client Service - Name = “nifty-svc” - Selector = {“App”: “Nifty”} - Port = 9376 - ContainerPort = 8080 Portal IP is assigned

106. cloudops.com @cloudops_ Example: Defining a Service apiVersion: v1 kind: Service

     metadata: name: my-service spec: ports: - port: 80 protocol: TCP targetPort: 9376 selector: app: MyApp

107. cloudops.com @cloudops_ Example: Service Operations Create a service $ kubectl

     create -f myservice.yaml List all services on a cluster $ kubectl get services Delete a service $ kubectl delete service myservice

108. DB API Frontend Services

109. cloudops.com @cloudops_ • Liveness • Readiness • ConfigMaps • Secrets

     • Volumes • Jobs and CronJobs • Init Containers Kubernetes of Kubernetes • Stateful Sets • Autoscaling • Network Policies • RBAC • Federation • Helm

110. 1.2 • Deployments • DaemonSets • New UI • Ingress

     • TPR • Improved Scale 1.3 • Legacy application support • Cluster Federation • More nodes • In-cluster IAM • Scheduled jobs • Cluster autoscaling • Public cloud dashboard

111. 1.4 • Kubeadm • Extended stateful apps • Cluster Fed

     improvements • Dashboard improvements • Pod Security Policy 1.5 • Introduction of CRI (Alpha) • Stateful Sets (Beta) • OpenAPI support • Support for Windows • Server-based containers (Alpha)

112. 1.6 • 5000 Nodes clusters • RBAC (Alpha) • Controlled

     scheduling • Dynamic Storage Provisioning 1.7 • Encrypting Secrets in etcd • Stateful Set Upgrades • CRD • Local Storage (alpha)

113. • RBAC [Stable] • Network Policy Egress Traffic [Beta] •

     Spark on Kubernetes [Beta] • Volume Resize and Snapshots 1.8