$30 off During Our Annual Pro Sale. View Details »

How to become a gophernetes

How to become a gophernetes

The Go community well knows what a Cryptogopher is! Today is the way where you will learn about how a Gophernetes looks like! Kubernetes is all about extendibility. That’s why every cloud provider is able to plug their network implementation, storage layer or compute platform to it. But in order to do so, you have to write code to glue your platform or external project with Kubernetes itself. Gophers are in a unique position when it comes to writing code for Kubernetes because even if there is an API that gives you the opportunity to write integration in any language, it is written in Go, and that’s a huge benefit. This talk is for Gopher that want to become Kubernetes developers also called gopherneters. I participated in various efforts around integration at storage layers, with the container storage interface, or container runtime interface and recently with cluster-api, the abstract that drives the Kubernetes provisioning in a declarative way. It means that I wrote a good amount of Custom Resource Definitions (CRDs), Shared Informers and so on. It is a jungle and I will share what I learned in terms of best practices, testing to write solid Kubernetes integrations.

Gianluca Arbezzano

May 21, 2020
Tweet

More Decks by Gianluca Arbezzano

Other Decks in Programming

Transcript

  1. How to Become a Gophernetes
    Gianluca Arbezzano / @gianarb

    View Slide

  2. K8s is Hard
    and there’s nothing wrong with that

    View Slide

  3. What is a Gophernetes?
    What does it look like?

    View Slide

  4. What is a Gophernetes?
    • Develop applications running in Kubernetes
    • Develop Kubernetes
    • Develop on the Kubernetes Foundation

    View Slide

  5. What does it look like?

    View Slide

  6. Where are they?
    • Kubernetes Slack
    • GitHub around the kubernetes or kubernetes-sigs organization

    View Slide

  7. https://kubernetes.io/docs/concepts/architecture/cloud-controller/

    View Slide

  8. https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/

    View Slide

  9. https://github.com/kubernetes/website/blob/master/content/en/blog/_posts/2017-11-00-Containerd-Container-Runtime-Options-Kubernetes.md


    View Slide

  10. Extensibility is the key
    Kubernetes is a blob of APIs
    ● API Server
    ● CRI (Container Runtime
    Interface: docker, containerd)
    ● CNI (Container Networking
    Interface: calico, flannel)
    ● CSI (Container Storage
    Interface: aws-ebs, packet-csi)
    This is how it abstracts your
    workflow from your infrastructure
    API Server
    kubelet
    CSI CNI CRI

    View Slide

  11. About Me

    Gianluca Arbezzano
    • Gophernetes at Packet.com
    • www.gianarb.it / @gianarb
    What I like:
    • I make dirty hacks that look awesome
    • I grow my vegetables
    • Travel for fun and work

    View Slide

  12. Workflow?
    Workflow is the reason behind why we have Kubernetes. It is the end goal for any
    good Gophernetes.
    Being able to leverage kubernetes extendibility to implement the best workflow you
    can even image.
    Examples of workflows:
    ● Troubleshooting and debugging
    ● Observability (data pipeline for logs, metrics, traces)
    ● Delivery (canary release, blue green deployment, progressive delivery, your own
    one)

    View Slide

  13. Workflow
    The Gophernetes is the limitation.
    It means that in theory with good code you can whatever you image

    View Slide

  14. Extensibility is the key

    View Slide

  15. • Event system
    • Share informers
    • Custom Resource Definitions
    • Kubecutl plugin
    • ClusterAPI (Packet implementation is under active development! Watch
    out!)
    How do you extend Kubernetes in practice?

    View Slide

  16. Gophernetes toolchain
    • kubernetes/client-go
    • kubernetes/cli-runtime
    • kubernetes-sigs/kind

    View Slide

  17. Kubectl Plugin
    $ cat > /usr/local/bin/kubectl-hello
    #!/bin/bash
    echo "this is a simple kubectl plugin. But gophernetes can do better, because this is bash..."
    ^C
    $ chmod +x /usr/local/bin/kubectl-hello
    $ kubectl hello
    this is a simple kubectl plugin. But gophernetes can do better, because this is bash...

    View Slide

  18. Shared
    Informer
    https://gianarb.it/blog/kubernetes-shared-informer

    View Slide

  19. The UX is crucial.
    Keep it as close as
    possible with the
    Kubernetes one...

    View Slide

  20. Authentication

    View Slide

  21. Flags
    Companies and teams invests a lot of time learning kubernetes and its cli.

    Tools developed to Gophernetes has to keep the same flavour.
    It should be the same as running a bike, does not matter which one you own, it
    always looks familiar.

    View Slide

  22. Flags: github.com/kubernetes/cli-runtime
    This library is a shared dependency for clients to work with Kubernetes API
    infrastructure which allows to maintain kubectl compatible behavior. Its first
    consumer is k8s.io/kubectl.

    View Slide

  23. Flags: kubectl-profefe uses it as well
    My expectations as a kubernetes user for examples are (at least):
    ● When I have to do filtering
    ○ Label Selection: -l app=dev -l runtime=1.14 (--selector)
    ○ Namespace selection: -n namespace (--namespace)
    ○ -a (--all-namespaces)
    ● When it comes to authentication
    ○ --kubeconfig
    ● Output
    ○ -o yaml | json (--output)

    View Slide

  24. View Slide

  25. • kubernetes-sigs/krew-index
    • kubernetes-sigs/krew
    Krew makes plugins easy to install and discover
    $ kubectl krew install profefe

    $ kubectl krew install tree

    $ kubectl krew install ctx


    View Slide

  26. The CLI runtime contains utils to
    print tables from cli, but I didn’t use
    it yet!

    View Slide

  27. Production is a dangerous place.

    Usually hard to work with (reasonable)…


    View Slide

  28. Kubernetes gives you for free a couple of things:
    • As we saw, a consistent API and a solid ecosystem to interact with it
    • Authentication (that you can plug with your identity management)
    • Authorization with RBAC
    • Audit logs
    Why?

    View Slide

  29. • Kubernetes Assemble
    • https://get.oreilly.com/ind_extending-kubernetes.html
    • Programming Kubernetes: Developing Cloud-Native Applications
    • Krew kubectl plugin index
    • jtblin/kube2iam
    • https://gianarb.it
    THANKS
    LINKS

    View Slide

  30. Thanks
    @gianarb / gianarb.it

    View Slide