Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Kubernetes API & Next Generation Automation...

The Kubernetes API & Next Generation Automation Tools

The Kubernetes API provides new ways to build automation tools that are highly available and scale to serve clusters with many thousands of nodes. During this session attendees will learn how to move beyond shell scripts and configuration management tools and leverage cluster level APIs and distributed systems design patterns to build next generation automation tools. Attendees will learn how to extend the Kubernetes API and utilize their own custom declarative configuration to build controllers that automate job scheduling or schedulers that allow you to place jobs based on your rules.

Ian Lewis

July 12, 2017
Tweet

More Decks by Ian Lewis

Other Decks in Technology

Transcript

  1. Ian Lewis Developer Advocate, Google Cloud Platform The Kubernetes API

    & Next Generation Automation Tools ContainerCon Beijing 2017
  2. Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer

    Advocate - Google Cloud Platform Tokyo, Japan +Ian Lewis @IanMLewis
  3. Google Cloud Platform Goal: Avoid vendor lock-in Runs in many

    environments, including “bare metal” and “your laptop” The API and the implementation are 100% open The whole system is modular and replaceable Workload portability
  4. Google Cloud Platform Goal: Write once, run anywhere* Don’t force

    apps to know about concepts that are cloud-provider-specific Examples of this: • Network model • Ingress • Service load-balancers • PersistentVolumes * approximately Workload portability
  5. Google Cloud Platform Goal: Avoid coupling Don’t force apps to

    know about concepts that are Kubernetes-specific Examples of this: • Namespaces • Services / DNS • Downward API • Secrets / ConfigMaps Workload portability
  6. Google Cloud Platform Result: Portability Build your apps on-prem, lift-and-shift

    into cloud when you are ready Don’t get stuck with a platform that doesn’t work for you Put your app on wheels and move it whenever and wherever you need Workload portability
  7. Google Cloud Platform UI CLI API users master nodes etcd

    scheduler controllers master The 10000 Foot View kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet
  8. Google Cloud Platform Small group of containers & volumes Tightly

    coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod Pods
  9. Google Cloud Platform Docker Containers IPC Network PID Hostname Mount

    nginx IPC Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx
  10. Google Cloud Platform IPC Network Pods docker … --net=container:id --ipc=container:id

    Hostname cgroup Web Server Pod cgroup File Puller localhost
  11. Google confidential │ Do not distribute Services A group of

    pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Virtual IP Client
  12. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...
  13. Google Cloud Platform Deployments ReplicaSet - replicas: 4 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  14. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  15. Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector:

    - app: MyApp - version: v1 Deployment - name: MyApp
  16. Google Cloud Platform Rolling Updates ReplicaSet - replicas: 3 -

    selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...
  17. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 Rolling Updates ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v2 Deployment - name: MyApp
  18. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  19. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Deployment - app: MyApp Rolling Updates
  20. Google Cloud Platform ReplicaSet - replicas: 2 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  21. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  22. Google Cloud Platform ReplicaSet - replicas: 1 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  23. Google Cloud Platform ReplicaSet - replicas: 0 - selector: -

    app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  24. Google Cloud Platform ReplicaSet - replicas: 3 - selector: -

    app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp
  25. Google Cloud Platform The 10000 Foot View etcd scheduler controller-manager

    apiserver kubelet docker kube-proxy iptables 1. User creates & pushes image 2. User creates Deployment 3. API server saves info to etcd 4. CM finds Deployment and creates ReplicaSet, which creates Pods (unscheduled) 5. Scheduler schedules pods. 6. Kubelet sees pod scheduled to it and tells docker to run the container. 7. Docker pulls and runs the container. Docker Hub / GCR
  26. Google Cloud Platform controller-manager Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: <null> ReplicaSet

    metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler
  27. Google Cloud Platform controller-manager Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: <null> ReplicaSet

    metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler
  28. Google Cloud Platform controller-manager Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 ReplicaSet

    metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler
  29. for { resp := http.Get(secretsEndpoint) list := json.Unmarshal(resp.Body) for _,

    secret := range list.Items { data := base64Decode(secret[“data”]) if len(data[“password”]) < 10 { log.Printf(“Insecure secret: %s”, secret.Metadata.Name) http.Delete(secretsEndpoint + secret.Metadata.Name) } } }
  30. for { resp := http.Get(crontabEndpoint) list := json.Unmarshal(resp.Body) for _,

    crontab := range list.Items { addIfNew(crontab) updateIfChanged(crontab) deleteIfOld(crontab) } }