Managing Kubernetes with Puppet

Transcript

1. Managing Kubernetes with Puppet Puppet Labs Gareth Rushgrove Declarative code

   for Pods, Services and ReplicationControllers

2. Gareth Rushgrove @garethr

3. Gareth Rushgrove

4. Human vs computer interfaces Concepts and demos Alternatives and interoperability

   Gareth Rushgrove - - -

5. But isn’t YAML declarative? And other user interface tales

6. Yes Gareth Rushgrove

7. But code has advantages over just data Gareth Rushgrove

8. Avoid repetition Combine external inputs Correctness Abstractions Gareth Rushgrove -

   - - -

9. And context matters to the user interface Gareth Rushgrove

10. Team size Regulation/compliance Multi-tenancy Infrastructure size Skills and experience Gareth

    Rushgrove - - - - -

11. Also changes with kubectle patch diverge from the model $

    kubectl patch --help Update field(s) of a resource using strategic merge patch JSON and YAML formats are accepted. Usage: kubectl patch (-f FILENAME | TYPE NAME) -p PATCH [flags] Examples: # Partially update a node using strategic merge patch kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}' Gareth Rushgrove

12. $ kubectl apply --help Apply a configuration to a resource

    by filename or stdin. JSON and YAML formats are accepted. Usage: kubectl apply -f FILENAME [flags] Examples: # Apply the configuration in pod.json to a pod. $ kubectl apply -f ./pod.json And kubectl apply requires the full object serialisation Gareth Rushgrove

13. Puppet A programming language for infrastructure

14. Declarative code with an idempotent runtime model Gareth Rushgrove

15. Describe what you want Gareth Rushgrove

16. Converge from any state Gareth Rushgrove

17. A familiar Kubernetes Pod definition in YAML Gareth Rushgrove

18. What happens if you run the same YAML file twice?

    Gareth Rushgrove

19. How many times do you have to repeat the same

    label? Gareth Rushgrove

20. kubectl is actually pretty low-level Gareth Rushgrove

21. kubectl get pod mypod -o yaml \ | sed 's/\(image:

    myimage\):.*$/\1:v4/' \ | kubectl replace -f - This is from the official kubectl help. It pipes to sed. Gareth Rushgrove

22. The same Kubernetes Pod described in Puppet Gareth Rushgrove

23. $ puppet apply examples/init.pp --test Info: Loading facts Notice: Compiled

    catalog for gareths in environment production in 1.24 seconds Info: Applying configuration version '1453298602' Info: Checking if sample-pod exists Info: Creating kubernetes_pod sample-pod Notice: /Stage[main]/Main/Kubernetes_pod[sample-pod]/ensure: created Notice: Applied catalog in 0.23 seconds Running without that Pod already existing will create it Gareth Rushgrove

24. Running a second time, nothing changes because the Pod already

    exists Gareth Rushgrove $ puppet apply examples/init.pp --test Info: Loading facts Notice: Compiled catalog for garethr in environment production in 1.33 seconds Info: Applying configuration version '1453298688' Info: Checking if sample-pod exists Notice: Applied catalog in 0.15 seconds

25. $ puppet resource kubernetes_pod sample-pod kubernetes_pod { 'sample-pod': ensure =>

    'present', metadata => { 'creationTimestamp' => '2016-01-20T14:03:23Z', 'name' => 'sample-pod', 'namespace' => 'default', 'resourceVersion' => '4579', 'selfLink' => '/api/v1/namespaces/default/pods/sample-pod’, 'uid' => '91c8a550-bf7e-11e5-816e-42010af001b1' }, spec => { 'containers' => [{ ‘image' => 'nginx', 'imagePullPolicy' => 'IfNotPresent', 'name' => ‘container-name', 'resources' => {'requests' => {'cpu' => '100m'}}, 'terminationMessagePat [{'mountPath' => '/var/run/secrets/kubernetes.io/serviceaccount', 'name' 'dnsPolicy' => 'ClusterFirst', 'nodeName' => 'gke-guestbook-dc15a31a-nod puppet resource allows for interrogating an existing Kubernetes installation Gareth Rushgrove

26. $ kubectl describe pod sample-pod Name: sample-pod Namespace: default Image(s):

    nginx Node: gke-guestbook-dc15a31a-node-fyb6/10.240. Start Time: Wed, 20 Jan 2016 14:03:23 +0000 Labels: <none> Status: Running Reason: Message: IP: 10.24.1.7 Replication Controllers: <none> Containers: container-name: Container ID: docker://542389c5b2a98616ba3a8001029bc4a3f00d7c0 Image: nginx Image ID: docker://407195ab8b07 The same information is still accessible via other tooling Gareth Rushgrove

27. kubernetes_pod kubernetes_service kubernetes_replication_controller kubernetes_node kubernetes_event kubernetes_endpoint kubernetes_namespace Gareth Rushgrove -

    - - - - - - kubernetes_secret kubernetes_resource_quota kubernetes_limit_range kubernetes_peristent_volume kubernetes_persistent_volume_claim kubernetes_component_status kubernetes_service_account - - - - - - - - Support for most of the Kubernetes primitives Gareth Rushgrove

28. DEMO

29. Reporting Change control Static analysis/unit testing tools Access control Gareth

    Rushgrove - - - - Not mentioning other features that come in handy

30. Alternatives and interoperability Why options are a good thing

31. Deis, OpenShift, Fabric8, Kubectl, Helm, Deployment Manager, Dashboard… Gareth Rushgrove

32. Interoperable because of a stable set of primitives Gareth Rushgrove

33. Allow for different use-cases and different life-cycles on the same

    infrastructure Gareth Rushgrove

34. The Puppet interface targets operations use-cases where managing a model

    over time is useful Gareth Rushgrove

35. Gareth Rushgrove The Puppet Kubernetes module is available on GitHub

    and on the Puppet Forge Gareth Rushgrove

36. Gareth Rushgrove More details on the official Kubernetes blog Gareth

    Rushgrove

37. Questions? And thanks for listening