Minimum Viable Kubernetes

Transcript

1. Minimum Viable Kubernetes Noah Kantrowitz - coderanger.net - March 10,

   2023 SCaLE Kubernetes Community Day 2023 1

2. NOAH KANTROWITZ » He/him » coderanger.net | cloudisland.nz/@coderanger » Kubernetes

   (ContribEx) and Python (webmaster@) » SRE/Platform for Geomagical Labs, part of IKEA » We do CV/AR for the home SCaLE Kubernetes Community Day 2023 2

3. WHAT IS KUBERNETES? “An open-source system for automating deployment, scaling,

   and management of containerized applications.” SCaLE Kubernetes Community Day 2023 3

4. YES BUT ACTUALLY NO SCaLE Kubernetes Community Day 2023 4

5. KUBERNETES AS AN API » POSIX - 1988 - Unix-like

   OS functions » CFEngine - 1993 - Desired state configuration » Puppet/Chef/Salt/Ansible - 2005-2012 - More! » Terraform - 2014 - Same but for infra » Kubernetes - 2014 - All of the above SCaLE Kubernetes Community Day 2023 5

6. GET /apis/v1/namespaces/default/pods SCaLE Kubernetes Community Day 2023 6

7. MODULARITY » Tool A cares about load balancers » Tool

   B also cares about load balancers » A and B don't have to know about each other SCaLE Kubernetes Community Day 2023 7

8. SHOULD I USE IT? SCaLE Kubernetes Community Day 2023 8

9. SHOULD I USE IT? “Only for big and/or complex systems

   with lots of microservices and lots of developers and [insert more marketing buzzwords here].” SCaLE Kubernetes Community Day 2023 9

10. SHOULD I USE IT? “Only for big and/or complex systems

    with lots of microservices and lots of developers and [insert more marketing buzzwords here].” Yes! (Probably!) SCaLE Kubernetes Community Day 2023 10

11. WHY NOT ...? » Docker? Not convergent itself SCaLE Kubernetes

    Community Day 2023 11

12. WHY NOT ...? » Docker? Not convergent itself » Docker

    Compose? Tricky for remote use, not extensible SCaLE Kubernetes Community Day 2023 12

13. WHY NOT ...? » Docker? Not convergent itself » Docker

    Compose? Tricky for remote use, not extensible » Ansible/Terraform? Intermittent convergence SCaLE Kubernetes Community Day 2023 13

14. WHY NOT ...? » Docker? Not convergent itself » Docker

    Compose? Tricky for remote use, not extensible » Ansible/Terraform? Intermittent convergence » ECS/Fargate/Cloud Run? Expensive, vendor lock-in SCaLE Kubernetes Community Day 2023 14

15. WHY NOT ...? » Docker? Not convergent itself » Docker

    Compose? Tricky for remote use, not extensible » Ansible/Terraform? Intermittent convergence » ECS/Fargate/Cloud Run? Expensive, vendor lock-in » Lambda/FaaS? More lock-in and limited architecture SCaLE Kubernetes Community Day 2023 15

16. REALLY? » Room to grow is important » Prototypes are

    forever, we all know this » PaaS and FaaS platforms are high-quality but limited SCaLE Kubernetes Community Day 2023 16

17. DRAMATIS PERSONA » Small team, definitely single pizza » New

    monolith web app or 2-3 services » MVP or a small standalone product » No ops team, probably just one "full stack" team » Cost sensitive but not shoestring SCaLE Kubernetes Community Day 2023 17

18. WHY SHOULD I? » Start small but grow with your

    project » Huge ecosystem of tools » Modular design means you swap components later » High-level APIs let you code only what you care about » Avoid the future lift-and-shift SCaLE Kubernetes Community Day 2023 18

19. BUT HOW CAN I? “Isn't Kubernetes really hard?” SCaLE Kubernetes

    Community Day 2023 19

20. BUT HOW CAN I? “Isn't Kubernetes really hard?” It doesn't

    have to be! SCaLE Kubernetes Community Day 2023 20

21. TL;DW USE K3S » Friendly fork of Kubernetes, mini all-in-one

    installer » Curlbash for systemd or k3d for existing Docker » Defaults to SQLite for easy single-node » But supports Postgres and MySQL too » That VPS server you were going to use? Install k3s first SCaLE Kubernetes Community Day 2023 21

22. HOSTED OPTIONS? SCaLE Kubernetes Community Day 2023 22

23. 90% IS IGNORABLE » You need Deployments, Pods » And

    Services, Ingresses » No really, that's it SCaLE Kubernetes Community Day 2023 23

24. HOW TO GET STARTED » Do it however you would

    without Kubernetes » But on Kubernetes » Does the thing have Docker install instructions? Done » Is there a community Docker Hub image? Use it » Find a guide with apt-get install something? Copy that into a Dockerfile and roll with it SCaLE Kubernetes Community Day 2023 24

25. ASIDE: DOING THINGS POORLY IT'S OKAY! SCaLE Kubernetes Community Day

    2023 25

26. THE TRIFECTA » Workloads - running stuff » Networking -

    connecting stuff » Storage - keeping stuff SCaLE Kubernetes Community Day 2023 26

27. WORKLOADS » Running stuff on your servers! » Pod ==

    a running container somewhere » Yes Pods have a million more options but simple for now » Deployments == run N copies of a Pod » N is frequently 1, that's okay SCaLE Kubernetes Community Day 2023 27

28. WORKLOADS » StatefulSets? DaemonSets? Jobs? Later! » CronJobs? Maybe, if

    you need them » apt-get install cron works too! SCaLE Kubernetes Community Day 2023 28

29. KUBECTL RUN » YAML Engineering? » kubectl run redis --image=redis

    » --port 1234 - expose a port » --env "FOO=bar" - set environment variables » --replicas 5 - run multiple copies SCaLE Kubernetes Community Day 2023 29

30. MINIMUM VIABLE MANIFESTS apiVersion: apps/v1 kind: Deployment metadata: name: myapp

    SCaLE Kubernetes Community Day 2023 30

31. MINIMUM VIABLE MANIFESTS spec: selector: matchLabels: app: myapp template: metadata:

    labels: app: myapp SCaLE Kubernetes Community Day 2023 31

32. MINIMUM VIABLE MANIFESTS apiVersion: apps/v1 kind: Deployment metadata: name: myapp

    spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: mycompany/myapp:v1.2.3 SCaLE Kubernetes Community Day 2023 32

33. MINIMUM +1 containers: - name: myapp image: mycompany/myapp:v1.2.3 command: ["python",

    "main.py"] env: - name: PASSWORD value: secret SCaLE Kubernetes Community Day 2023 33

34. NETWORKS! » Inside vs Outside » Inside -> Inside -

    easy, flat network, just need DNS » Inside -> Outside - outgoing traffic, default allow » Outside -> Inside - the spicy one SCaLE Kubernetes Community Day 2023 34

35. INTERNAL NETWORK » Flat network, don't ask how » Do

    you care what a CNI is? NOPE! » Everything is open but dynamic IPs » Need DNS to help things find each other SCaLE Kubernetes Community Day 2023 35

36. SERVICES apiVersion: v1 kind: Service metadata: name: myapp spec: selector:

    app: myapp ports: - port: 8000 SCaLE Kubernetes Community Day 2023 36

37. POKING HOLES » Ingress - HTTP(S), you already have it

    » Load Balancer - any TCP/UDP port, cloud vs. on-prem » Node Port - works anywhere, weird, avoid SCaLE Kubernetes Community Day 2023 37

38. INGRESS apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp spec: rules:

    - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp port: number: 8000 SCaLE Kubernetes Community Day 2023 38

39. GETTING THE IP $ kubectl describe ingress myapp Name: myapp

    Address: 40.155.110.208 ... SCaLE Kubernetes Community Day 2023 39

40. SERVICE MESH? SCaLE Kubernetes Community Day 2023 40

41. DATA DATA EVERYWHERE BUT NOT A DROP TO DRINK SCaLE

    Kubernetes Community Day 2023 41

42. STORAGE OPTIONS » Don't - hosted databases, object storage »

    Host files - store things in a folder, like we used to » Cloud volumes - what the vendor wants you to use SCaLE Kubernetes Community Day 2023 42

43. HOST PATH containers: - name: postgres image: postgres volumeMounts: -

    path: /var/lib/postgresql/data name: data volumes: - name: data hostPath: path: /pgdata SCaLE Kubernetes Community Day 2023 43

44. MORE SERVERS, MORE PROBLEMS containers: - name: postgres image: postgres

    nodeName: mynode1 $ kubectl get nodes SCaLE Kubernetes Community Day 2023 44

45. PERSISTENT VOLUMES apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myapp-storage spec:

    accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 50Gi SCaLE Kubernetes Community Day 2023 45

46. USING A CLAIM containers: - name: postgres image: postgres volumeMounts:

    - path: /var/lib/postgresql/data name: data volumes: - name: data persistentVolumeClaim: claimName: myapp-storage SCaLE Kubernetes Community Day 2023 46

47. CLOUD VOLUMES » CSI - container storage interface » There's

    a lot of cloud and storage vendors » Take the problem and push it somewhere else » Vendors can own their plugin » Cloud controllers? SCaLE Kubernetes Community Day 2023 47

48. NON-CLOUD CLOUD » Longhorn » Rook? (Ceph) » OpenEBS? »

    Lots more SCaLE Kubernetes Community Day 2023 48

49. KUBECTL ROUND 2: FIGHT » kubectl apply - the important

    one » kubectl get <type> - list things » kubectl describe <type> - show details » kubectl delete <type> - what it sounds like SCaLE Kubernetes Community Day 2023 49

50. kubectl apply -f SCaLE Kubernetes Community Day 2023 50

51. KUBECTL <VERB> <TYPE> [<NAME>] » kubectl get pods - list

    all pods » kubectl get service myapp - list a single service » kubectl describe service myapp - details on one » kubectl delete pod myapp-5d5d5fc579-6kl82 » kubectl delete -f myapp.yaml SCaLE Kubernetes Community Day 2023 51

52. WHAT I'VE LEFT OUT A lot! SCaLE Kubernetes Community Day

    2023 52

53. THE USUAL SUSPECTS » Multi-server availability (Pod anti-affinities) » Secrets

    management (Secrets, sealed-secrets) » Access control (RBAC) » Monitoring and alertings (Prometheus and Grafana) SCaLE Kubernetes Community Day 2023 53

54. WHAT ABOUT THE FANCY FEATURES? SCaLE Kubernetes Community Day 2023

    54

55. START SMALL GROW AS NEEDED SWAP COMPONENTS NEVER STOP LEARNING

    SCaLE Kubernetes Community Day 2023 55

56. I'M HIRING - ML OPS MORE INFO AT GEOMAGICAL.COM SCaLE

    Kubernetes Community Day 2023 56

57. THANK YOU QUESTIONS? SCaLE Kubernetes Community Day 2023 57

58. » Intro » What is Kubernetes » Is it all

    just hype? No » Systems as APIs » POSIX » Salt/Ansible/Chef/Puppet » Kubernetes SCaLE Kubernetes Community Day 2023 58