Kubernetes: Applying Lessons from a Decade of Containers @ iTHome Cloud & Datacenter Expo

Kubernetes: Applying Lessons from a Decade of Containers @ iTHome Cloud & Datacenter Expo

01dc8e954957a10b428aa60b28c89d52?s=128

Ian Lewis

June 21, 2016
Tweet

Transcript

  1. Ian Lewis Developer Advocate, Google Cloud Platform Kubernetes Applying Lessons

    from a Decade of Containers
  2. Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer

    Advocate - Google Cloud Platform Tokyo, Japan +Ian Lewis @IanMLewis
  3. Agenda • Current Practice • Containers • Kubernetes • Wrap

    Up
  4. Confidential & Proprietary Google Cloud Platform 4 Current Practice

  5. Confidential & Proprietary Google Cloud Platform 5 Database Batch processing

    Cache Webservers Webservers Webservers Webservers
  6. 6 No isolation No namespacing Common libs Highly coupled apps

    and OS Shared Machines 6 kernel libs app app app app
  7. 7 Some isolation Inefficient Still highly coupled to the guest

    OS Hard to manage Virtual Machines 7 app libs kernel libs app app kernel app libs libs kernel kernel
  8. Confidential & Proprietary Google Cloud Platform 8 Database Batch processing

    Cache Webservers Webservers Webservers Webservers
  9. Confidential & Proprietary Google Cloud Platform 9 Database Batch processing

    Cache Webservers Webservers Webservers Webservers Chef?
  10. Confidential & Proprietary Google Cloud Platform 10 Database Batch processing

    Cache Webservers Webservers Webservers Webservers Chef? Puppet?
  11. Confidential & Proprietary Google Cloud Platform 11 Database Batch processing

    Cache Webservers Webservers Webservers Webservers Chef? Ansible? Puppet?
  12. Confidential & Proprietary Google Cloud Platform 12 Database Batch processing

    Cache Webservers Webservers Webservers Webservers Chef? Ansible? Puppet? Versioning?
  13. Confidential & Proprietary Google Cloud Platform 13 Database Batch processing

    Cache Webservers Webservers Webservers Webservers Chef? Ansible? Deployment? Puppet? Versioning?
  14. Confidential & Proprietary Google Cloud Platform 14 Containers

  15. For the last 15 years Google has been building the

    world’s fastest, most powerful infrastructure.
  16. None
  17. Monitoring Mobile Development Compute Network Big Data Storage

  18. Cloud Technology Innovations 2012 2013 MapReduce Spanner/F1 2003 2006 2007

    2010 2011 GFS Omega Colossus Cloud Storage Dremel BigQuery Big Table Cloud Datastore Paxos impl. 2004 Cloud Bigtable
  19. Copyright 2015 Google Inc Google has been running all our

    services in Containers for over 10 years. We start over 2 billion containers every week. Images by Connie Zhou
  20. http://research.google.com/pubs/pub43438.html

  21. Image by Connie Zhou

  22. job hello_world = { runtime = { cell = 'ic'

    } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port = '%port%' } // Command line parameters requirements = { // Resource requirements ram = 100M disk = 100M cpu = 0.1 } replicas = 5 // Number of tasks } 10000 Developer View
  23. Developer View

  24. web browsers BorgMaster link shard UI shard BorgMaster link shard

    UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) Binary Developer View What just happened?
  25. Hello world! Hello world! Hello world! Hello world! Hello world!

    Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Image by Connie Zhou Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world!
  26. Container Image Dependencies Application Code Containers encapsulate application code and

    all dependencies. Applications can be depend less on the infrastructure where it runs. • In traditional IT environments, applications needed specific infrastructure. Dependencies needed to be installed beforehand. • Containers incorporate applications and their dependencies so deployment to development, test, and production can be made easier. • Don’t need to be dependent on on-premise, private or public cloud environments. What are Containers?
  27. Fast Simple and Fast compared to VMs. Can be started

    in just a few milliseconds. Portable Can be run in a many environments. Efficiency Low overhead. Resources use by containers can be limited. Why Containers?
  28. 28 Containers 28 libs app kernel libs app libs app

    libs app
  29. Confidential & Proprietary Google Cloud Platform 29 Compute Continuum More

    agility More Flexibility IaaS Containers PaaS • VMs • Install anything • Manage yourself • Docker/rkt etc. • Install nearly anything • Easier deployment • App Engine/Heroku etc. • Limited libraries & APIs • Simple deployment
  30. Google confidential │ Do not distribute But it’s all so

    different! • Deployment • Management, monitoring • Isolation (very complicated!) • Updates • Discovery • Scaling, replication, sets A fundamentally different way of managing applications requires different tooling and abstractions Images by Connie Zhou
  31. None
  32. Copyright 2015 Google Inc Container Management Node Node Cluster Node

    ??? • How to deploy to multiple nodes? • How to deal with node failures? • How to deal with container failures? • How do you update your applications? • How can your containers discover and communicate with each other?
  33. Confidential & Proprietary Google Cloud Platform 33 Kubernetes

  34. Enter Kubernetes Greek for “Helmsman”; also the root of the

    word “Governor” • Container orchestrator • Runs containers • Supports multiple cloud and bare- metal environments • Inspired and informed by Google’s experiences and internal systems • Open source, written in Go Manage applications, not machines
  35. CNCF(Cloud Native Computing Foundation)

  36. Confidential & Proprietary Google Cloud Platform 36 Community • Current

    stable version: 1.2 • 780+ contributors • over 14,000 github stars Project Partners
  37. Google Cloud Platform UI CLI API users master nodes etcd

    scheduler controllers master The 10000 Foot View kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet
  38. Google Cloud Platform The 10000 Foot View etcd scheduler controller-manager

    apiserver kubelet docker kube-proxy iptables 1. User creates Deployment 2. API server saves info to etcd 3. CM finds Deployment and creates ReplicaSet, which creates Pods (unscheduled) 4. Scheduler schedules pods. 5. Kubelet sees pod scheduled to it and tells docker to run the container. 6. Docker pulls and runs the container. 1 2 6 3 5 4 Docker Hub / GCR
  39. Google Cloud Platform IPC Network PID Hostname Mount nginx IPC

    Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx Docker Containers
  40. Google Cloud Platform IPC Network PID Hostname Mounts nginx IPC

    Network PID Hostname Mount git pull IPC Network PID Hostname Mount nginx Docker Containers
  41. Google Cloud Platform IPC Network PID Hostname IPC Network PID

    Hostname Mount git pull IPC Network PID Hostname Mount nginx VOLUME nginx Pods
  42. Google Cloud Platform IPC Network docker … --net=container: id --ipc=container:id

    Hostname cgroup Web Server Pod cgroup File Puller localhost Pods
  43. Google confidential │ Do not distribute Pods Small group of

    containers & volumes Tightly coupled The atom of scheduling & placement in Kubernetes Shared namespace • share IP address & localhost • share IPC Mortal • can die, cannot be reborn Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod
  44. Google confidential │ Do not distribute Volumes Very similar to

    Docker’s concept Pod scoped storage Share the pod’s lifetime & fate Support many types of volume plugins • Empty dir (and tmpfs) • Host path • Git repository • GCE Persistent Disk • AWS Elastic Block Store • iSCSI • NFS • GlusterFS • Ceph File and RBD • Cinder • Secret • ...
  45. Google confidential │ Do not distribute Arbitrary metadata Attached to

    any API object Generally represent identity Queryable by selectors • think SQL ‘select ... where ...’ The only grouping mechanism • pods under a ReplicationController • pods in a Service • capabilities of a node (constraints) Labels
  46. Google confidential │ Do not distribute App: MyApp Phase: prod

    Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE Selectors
  47. Google confidential │ Do not distribute App: MyApp Phase: prod

    Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp Selectors
  48. Google confidential │ Do not distribute App: MyApp Phase: prod

    Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = FE Selectors
  49. Google confidential │ Do not distribute App: MyApp Phase: prod

    Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = BE Selectors
  50. Google confidential │ Do not distribute Selectors App: MyApp Phase:

    prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = prod
  51. Google confidential │ Do not distribute App: MyApp Phase: prod

    Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = test Selectors
  52. FE FE FE FE replicas: 4 template: ... labels: role:

    frontend stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler ReplicaSets
  53. FE replicas: 1 template: ... labels: role: frontend stage: production

    Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler ReplicaSets
  54. FE FE FE replicas: 3 template: ... labels: role: frontend

    stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler ReplicaSets
  55. FE FE FE replicas: 3 template: ... labels: role: frontend

    stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler ReplicaSets
  56. FE FE FE replicas: 3 template: ... labels: role: frontend

    stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler ReplicaSets FE
  57. Google Cloud Platform observe diff act ReplicaSets

  58. Google confidential │ Do not distribute ReplicaSets An example of

    control loops Runs out-of-process wrt API server Have 1 job: ensure N copies of a pod • if too few, start new ones • if too many, kill some • grouped by a selector Cleanly layered on top of the core • all access is by public APIs Replicated pods are fungible • No implied order or identity ReplicaSet - name = “my-rs” - selector = {“App”: “MyApp”} - podTemplate = { ... } - replicas = 4 API Server How many? 3 Start 1 more OK How many? 4
  59. Google Cloud Platform Rolling Updates ReplicaSet - replicas: 3 -

    selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...
  60. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 Rolling Updates ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v2 Deployment - name: MyApp
  61. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  62. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  63. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  64. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  65. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  66. Google Cloud Platform ReplicaSet - replicas: 0 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  67. Google confidential │ Do not distribute Services A group of

    pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Virtual IP Client
  68. Google Cloud Platform Efficiency

  69. Google Cloud Platform Efficiency

  70. Confidential & Proprietary Google Cloud Platform 70 Wrap Up

  71. Google Container Engine - Inspired by a decade within Google

    - Reimagines Cluster computing - Designed for a multi-cloud world Photo by Connie Zhou
  72. Google Container Engine New service for cluster-based compute • Provisioned

    cluster in seconds. Fully configured. • Fine-grained control over cluster. • Designed for multi-cloud. Runs Kubernetes. Releases • Now GA!! • No additional cost for up to 5 nodes Resources • Google Container Engine: http://cloud.google.com/container-engine • Kubernetes: http://kubernetes.io
  73. 謝謝 Thank You