Google Kubernetes Engine 概要 & アップデート @ GCPUG Kansai Summit Day 2018

01dc8e954957a10b428aa60b28c89d52?s=47 Ian Lewis
October 23, 2018

Google Kubernetes Engine 概要 & アップデート @ GCPUG Kansai Summit Day 2018

01dc8e954957a10b428aa60b28c89d52?s=128

Ian Lewis

October 23, 2018
Tweet

Transcript

  1. Google Kubernetes Engine 概要 & アップデート

  2. Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer

    Advocate - Google Cloud Platform Tokyo, Japan @IanMLewis
  3. Copyright 2015 Google Inc Google has been running all our

    services in Containers for 10 years. We start over 2 billion containers every week. Images by Connie Zhou
  4. http://research.google.com/pubs/pub43438.html

  5. Image by Connie Zhou

  6. job hello_world = { runtime = { cell = 'ic'

    } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port = '%port%' } // Command line parameters requirements = { // Resource requirements ram = 100M disk = 100M cpu = 0.1 } replicas = 5 // Number of tasks } 10000 Developer View
  7. web browsers BorgMaster link shard UI shard BorgMaster link shard

    UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) Binary Developer View What just happened?
  8. Hello world! Hello world! Hello world! Hello world! Hello world!

    Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Image by Connie Zhou Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world!
  9. Container Image Dependencies Application Code Containers encapsulate application code and

    all dependencies. Applications can be depend less on the infrastructure where it runs. • In traditional IT environments, applications needed specific infrastructure. Dependencies needed to be installed beforehand. • Containers incorporate applications and their dependencies so deployment to development, test, and production can be made easier. • Don’t need to be dependent on on-premise, private or public cloud environments. What are Containers?
  10. はやい 数ミリセクで起動できる ポータビリティ サーバのOS環境に 依存しない 効率 オーバーヘッド少なめで 使える なぜコンテナ?

  11. None
  12. Copyright 2015 Google Inc Container Management Node Node Cluster Node

    ??? • How to deploy to multiple nodes? • How to deal with node failures? • How to deal with container failures? • How do you update your applications?
  13. Kubernetes κυβερνήτης: Greek for “pilot” or “helmsman of a ship”

    the open source cluster manager from Google
  14. Google Cloud Platform Cloud Native Computing Foundation

  15. web browsers BorgMaster link shard UI shard BorgMaster link shard

    UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) Binary Borg What just happened?
  16. web browsers BorgMaster link shard UI shard BorgMaster link shard

    UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borg Kubernetes Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) manifest.yaml Master Kubelet etcd Kubelet Kubelet Binary Docker Image Docker Hub/Private Repo Kubelet kubernetes-dashboard
  17. Google Cloud Platform Small group of containers & volumes Tightly

    coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod Pods
  18. Google Cloud Platform IPs are cluster-scoped • vs docker default

    private IP Pods can reach each other directly • even across nodes No brokering of port numbers • too complex, why bother? This is a fundamental requirement • can be L3 routed • can be underlayed (cloud) • can be overlayed (SDN) Kubernetes networking
  19. Google Cloud Platform 10.1.1.0/24 10.1.1.1 10.1.1.2 10.1.2.0/24 10.1.2.1 10.1.3.0/24 10.1.3.1

    Kubernetes networking
  20. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...
  21. Google Cloud Platform Deployments ReplicaSet - replicas: 4 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  22. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  23. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  24. Google Cloud Platform Rolling Updates ReplicaSet - replicas: 3 -

    selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...
  25. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 Rolling Updates ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v2 Deployment - name: MyApp
  26. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  27. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Deployment - app: MyApp Rolling Updates
  28. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  29. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  30. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  31. Google Cloud Platform ReplicaSet - replicas: 0 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  32. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  33. Google confidential │ Do not distribute Services A group of

    pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Virtual IP Client
  34. Google Cloud Platform Arbitrary metadata Attached to any API object

    Generally represent identity Queryable by selectors • think SQL ‘select ... where ...’ The only grouping mechanism • pods under a ReplicationController • pods in a Service • capabilities of a node (constraints) Labels
  35. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE Selectors
  36. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp Selectors
  37. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = FE Selectors
  38. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = BE Selectors
  39. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = prod Selectors
  40. Google Cloud Platform App: MyApp Phase: prod Role: FE App:

    MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = test Selectors
  41. Google Cloud Platform Run-to-completion, as opposed to run-forever • Express

    parallelism vs. required completions • Workflow: restart on failure • Build/test: don’t restart on failure Aggregates success/failure counts Built for batch and big-data work Status: GA in Kubernetes v1.2 ... Jobs
  42. Google Cloud Platform Problem: I have too much stuff! •

    name collisions in the API • poor isolation between users • don’t want to expose things like Secrets Solution: Slice up the cluster • create new Namespaces as needed • per-user, per-app, per-department, etc. • part of the API - NOT private machines • most API objects are namespaced • part of the REST URL path • Namespaces are just another API object • One-step cleanup - delete the Namespace • Obvious hook for policy enforcement (e.g. quota) Namespaces
  43. Google Cloud Platform • Managed Service - Master is fully

    managed, nodes partially managed • Auto Scaling - Scale the cluster up or down based on need • Heterogeneous Clusters - Clusters with different node types • Auto Repair - Auto repair unhealthy nodes • Load Balancing - Integration with Service & Ingress • GCP Features - Sustained Use Discounts, Preemptible instances, VPC, etc. GKE
  44. Google Cloud Platform • Binary Authorization (beta) • Container Native

    Load Balancing (beta) • Private Clusters (GA) • Stackdriver Kubernetes Monitoring (beta) • GPU (GA) • Cloud TPU (beta) GKE
  45. slack.kubernetes.io

  46. Thank You