K8s_Meetup_Ottawa_N1_101

Transcript

1. K8s Ottawa Meetup #1 November 14, 2016

2. • Introduction • Kubernetes 101, KubeCon • K8s 1.4 •

   Operationalizing Kubernetes - Moving your App to Production Agenda

3. Page Thanks to our Sponsors 3 Contact us if you

   would like to be a sponsor!

4. Page Introduction 4 Organizers Toronto, Montreal, Ottawa - Initiative from

   CloudOps • Ayrat (Archy) Khayretdinov • Julia Simon

5. Page Kubernetes Ottawa - Plans for 2017 • Community-driven -

   tell us what you want to learn! • Ecosystem • Quarterly meetups or more frequently if possible • Looking for sponsors, organizers, speakers (reach us via meetup.com) 5

6. Page Kubernetes Ottawa - Topics • Kubernetes and ecosystem •

   Container ecosystem: Docker and Rkt • Networking, storage and scheduling for K8s • Using Kubernetes with CM, CI/CD • Unique use cases and how Kubernetes helped your team/company • Deploying and using Kubernetes in production in the enterprise • Containerized App Development • PaaS, IaaS integrations • Cool new tech and how it can be used with Kubernetes • Kubernetes + IoT • Day 2 Operations (monitoring, troubleshooting, upgrades) of K8s cluster • Orchestrating multi-host, multi-container, distributed applications • Using Kubernetes to manage and secure your application infrastructure

7. A little data from the K8s Maker

8. Page 8

9. Page 9 v1.3

10. Page 10

11. Page 11

12. Kubecon 2016 Seattle Dev Summit

13. Kubernetes (K8s) 101 History, Architecture

14. cloudops.com @cloudops_ Page Who am I? 14 Ayrat Khayretdinov •

    OpenStack/K8s Engineer at CloudOps • Part of SIG-Openstack Kubernetes community • Organizing OpenStack and K8s Meetup in Montreal

15. Page 15 Why containers?

16. Page Dependency Matrix Hell 16 Dev 1 Laptop Dev 2

    Laptop QA Stage Production OS OS X Windows Debian Debian Debian Frontend nginx (homebrew) nginx (download) nginx (apt-get) nginx (apt-get) nginx (apt-get) Services php (homebrew) php (download) php (apt-get) php (apt-get) php (apt-get) Database mysql (download) mysql (download) mysql (apt-get) mysql (apt-get) mysql (apt-get) Logs /usr/local/etc/nginx/logs/ C:\nginx-1.9.5\logs /var/log/nginx/ /var/log/nginx/ /var/log/nginx/

17. Page 17

18. Page 18 Docker Source: Google Trends

19. Page What is Docker again? 19 • Combines several things

    (cgroups / namespaces / Docker image) • An ecosystem (solutions, integrations, standards) • A company (funding, commercials) • A phenomenon! = The world is starting to adopt containers!

20. Page 20 Dependency Matrix Hell Solved Dev 1 Laptop Dev

    2 Laptop QA Stage Production OS Frontend Services Database Logs

21. Page I’m “Dockerized”, Now What? 21 Isolation: Keep jobs from

    interfering with each other Scheduling: Where should my job be run? Lifecycle: Keep my job running Discovery: Where is my job now? Constituency: Who is part of my job? Scale-up: Making my jobs bigger or smaller Auth{n,z}: Who can do things to my job? Monitoring: What’s happening with my job? Health: How is my job feeling?

22. Page 22 Kubernetes • Greek for “Helmsman”; also the root

    of the word “Governor” and “Cybernetics” • Container automation framework. • 100 %Open source, written in Go • K8s is an abbreviation derived by replacing the8letters "ubernete" with 8. Manage applications, not machines!

23. Page Kubernetes Origin 23 Inspired by Borg … and later

    Omega from Google • Runs hundreds of thousands of jobs.. • ..for many thousands of different applications (YouTube, Search Index, Maps, etc.).. • ..across a number of clusters (hundreds).. • ..each with up to tens of thousands of machines.. • Borg currently manages many millions of physical servers! • ~50K machines / SRE • In production since 2003! • Offers a declarative job specification language, name service integration, real-time job monitoring, and tools to analyze and simulate system behavior.

24. Page A Toolkit for Running Containerized Distributed Systems in Production

    24 Co-locating helper processes Mounting storage systems Distributing secrets Application health checking Replicating application instances horizontal auto-scaling Naming and discovery Load balancing Rolling updates resource Monitoring Log access and ingestion support for debugging

25. Page Container Runtime 25 Not all containers are Docker containers

    Kubernetes support rkt containers runtime start from v 1.3 In devel: hyper_ (Hyper.sh), LXC AVOID LOCK-IN

26. Page 26 Architecture

27. Page 27 Architecture

28. Page How to consume Kubernetes ? 28 • From Scratch

    - anywhere • Public Cloud ◦ GCE, Amazon, Azure • Private Cloud ◦ OpenStack (Murano, Magnum) ◦ CloudStack • Hosted • On premises VMs ◦ VMware • Local-machine Solutions ◦ MiniKube ◦ Kubeadm (alpha 1.4)

29. Page Minikube 29 Develop and test K8s apps locally: •

    Provide access to all portable K8s features Develop against local K8s Cluster • Lightweight single-command installation • Works across Limux, Mac OSx and Windows • Include all dependencies • Local cluster can managed via kubectl • Built-in Dashboard Status: GA since Kubernetes 1.3 Check out: Minikube repo!

30. cloudops.com @cloudops_ Page Kubernetes Web UI (Dashboard) 30 (Optional) Deployed

    as an Addon Dashboard UI allows to: • get an overview of applications running on the cluster • deploy containerized applications to a Kubernetes cluster • troubleshoot containerized applications • manage the cluster and its resources itself Kubernetes 1.4 Dashboard UI exposes 90% of resources that accesible via kubectl API.

31. cloudops.com @cloudops_ Page 31

32. cloudops.com @cloudops_ Page Tools 32 • Native tools ◦ Kubernetes

    Web UI (Dashboard) ◦ Kubectl • Third-party tools ◦ Helm ◦ Kompose

33. cloudops.com @cloudops_ Page Kubernetes CLI (kubectl) 33 Can be installed

    on any machine able to access the API server $ kubectl run echoserver \ --image=gcr.io/google_containers/echoserver:1.4 \ --port=8080 deployment "echoserver" created

34. Page Install kubelet and kubeadm on your hosts # apt-get

    install -y docker.io kubelet kubeadm kubectl kubernetes-cni Initializing your master: #kubeadm init Joining your nodes: #kubeadm join --token <token> <master-ip> Installing a pod network: # kubectl apply -f https://git.io/weave-kube daemonset "weave-net" created Kubeadm (alpha in Kubernetes 1.4) 34

35. Demo 1 • MiniKube • Kubectl • K8s Dashboard •

    Creating Pod

36. Page Storage 36

37. Page Concept: Pods 37 Pod Git Synchronizer Node.js App Container

    Volume Consumers git Repo Logical Application Can be used to group multiple containers & shared volumes Containers within a pod are tightly coupled Shared namespaces • Containers in a pod share IP, port and IPC namespaces • Containers in a pod talk to each other through localhost Ephemeral

38. Page Concept: Pods Create a single container pod and a

    deployment $ kubectl run example --image=nginx deployment "example" created Create a pod $ kubectl create -f mypod.yaml pod "mypod" created

39. Page Networking 39 Pod-to-Pod Communication: • Pods have IPs which

    are routable • Pods can reach each other without NAT Even across nodes • No Brokering of Port Numbers Pod-to-Service Communication External-to-Internal Communication Many solutions: Flannel, Weave, OpenVSwitch, Cloud Provider, Calico 10.1.2.0/24 10.1.1.2 10.1.2.106 10.1.3.0/24 10.1.3.45 10.1.3.17 10.1.3.0/24

40. Page Working with configuration files Kubernetes supports two different file

    formats YAML and JSON. Each format can describe the same function of K8s: • YAML The YAML format is very simple with less syntax rules. Refer to http://www.yaml.org/spec/1.2/spec.html The following example uses the YAML format to set up the nginx pod: • JSON The JSON format is also simple and easy to read by humans, but more program-friendly. Because it has data types (number, string, Boolean, and object), it is popular to exchange the data between systems. Refer to http://json.org/ • SWAGGER There is an alternative way, because Kubernetes is also using swagger (http://swagger.io/) to generate the REST API; therefore, you can access swagger-ui via http://<kubernetes-master>:8080/swagger-ui/. Example of configs: https://github.com/kubernetes/kubernetes/tree/master/examples 40

41. Page Concept: Labels 41 • Arbitrary metadata • Attached to

    any API object • Generally represent identity • Queryable by selectors – think SQL ‘select ... where ...’ • The only grouping mechanism – pods under a ReplicationController – pods in a Service – capabilities of a node (constraints) Example: “phase: Dev” App: Nifty Phase: Dev Role: FE App: Nifty Phase: Dev Role: BE App: Nifty Phase: Test Role: FE App: Nifty Phase: Test Role: BE

42. Page Concept: Selectors 42 App: Nifty Phase: Dev Role: FE

    App: Nifty Phase: Test Role: FE App: Nifty Phase: Dev Role: BE App: Nifty Phase: Test Role: BE App == Nifty Role == FE

43. Page Selectors 43 App: Nifty Phase: Dev Role: FE App:

    Nifty Phase: Test Role: FE App: Nifty Phase: Dev Role: BE App: Nifty Phase: Test Role: BE App == Nifty Phase == Dev

44. Page Selectors App: Nifty Phase: Dev Role: FE App: Nifty

    Phase: Test Role: FE App: Nifty Phase: Dev Role: BE App: Nifty Phase: Test Role: BE App == Nifty Phase == Test

45. Page Replication Controllers and Deployments Controller manages a set of

    pods • Makes sure that the cluster is in the specified state • Runs in Controller Manager Controller types • Replication controller (soon to be deprecated) Responsible for running the specified number of pod’s copies ("replicas") across the cluster • Deployment controller (prefered way: next gen. RC) Responsible for changing the actual state to the desired state at a controlled rate

46. Page Replication Controllers 46 node 1 f0118 node 3 node

    4 node 2 d9376 b0111 a1209 Replication Controller - Desired = 4 - Current = 4

47. Page Replication Controllers 47 node 1 f0118 node 3 node

    4 node 2 d9376 b0111 a1209 Replication Controller - Desired = 4 - Current = 4

48. Page Replication Controllers 48 node 1 f0118 node 3 node

    4 b0111 a1209 Replication Controller - Desired = 4 - Current = 3

49. Page Replication Controllers 49 node 1 f0118 node 3 node

    4 c9bad a1209 Replication Controller - Desired = 4 - Current = 4 b0111

50. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1

51. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

52. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

53. Page Feature: Rolling Update Node1 Node3 Node2 ghost Pod app

    v1 Service ghost Pod app v1 Pod app v1 Pod app v2

54. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2

55. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

56. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

57. Page Feature: Rolling Update Node1 Node3 Node2 Service ghost Pod

    app v1 Pod app v1 Pod app v2 Pod app v2

58. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2

59. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

60. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

61. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

62. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v1 Pod app v2 Pod app v2 Pod app v2

63. Page Feature: Rolling Update Node1 Node3 Node2 Service Pod app

    v2 Pod app v2 Pod app v2

64. Page Deployment - next gen. RC - Beta in Kubernetes

    1.3 64 64 ... Defines a desired state for logical group of • Pods • Replica Sets (RS) Deployment controller drives the actual state to the desired state at a controlled rate • Creates new resources, if necessary • Replaces the existing resources, if necessary Deployment can be • Updated • Rolled out • Rolled back

65. Page Concept: Services 65 • A group of pods that

    act as one == Service – group == selector • Services Types: – Load balanced (from CloudProvider) – NodePort (Minikube) – ClusterIP (interal only) Portal (VIP) Client Service - Name = “nifty-svc” - Selector = {“App”: “Nifty”} - Port = 9376 - ContainerPort = 8080 Portal IP is assigned

66. Page Services 10.0.0.1 : 9376 Client kube-proxy Service - Name

    = “nifty-svc” - Selector = {“App”: “Nifty”} - Port = 9376 - ContainerPort = 8080 Portal IP is assigned iptables DNAT TCP / UDP apiserver watch 10.240.2.2 : 8080 10.240.1.1 : 8080 10.240.3.3 : 8080 TCP / UDP

67. Demo 3 (All together) • Pods • Services • Deployments

68. Page Recap Kubernetes as of v.1.1

69. 1.2 • Deployments • DaemonSets • New UI • Simplified

    Deployments • Automated Cluster Management • Improved Scale 1.3 • Legacy application support • Cluster Federation • More nodes • In-cluster IAM • Scheduled jobs • Cluster autoscaling • Public cloud dashboard

70. Page Kubernetes 1.4 release update 70 • Kubeadm - create

    K8s cluster with 2 commands • Extended stateful apps support ◦ Tested Helm Charts • Cluster federation for following resources: ◦ RS, Namespaces, Secrets, Events, Ingress for Multy-Zone Clusters • Nicer Kubernetes Dashboard • Infra enhancement and more!@

71. Page How to consume Kubernetes ? 71 • From Scratch

    - anywhere • Public Cloud ◦ GCE, Amazon, Azure • Private Cloud ◦ OpenStack (Murano, Magnum) ◦ CloudStack • Hosted • Rancher

72. Page Rancher on cloud.ca 72 Turnkey solution to run your

    private container service from a Canadian cloud provider to maintain data sovereignty trial.cloud.ca