Kube for Noobs

Transcript

1. how many have heard of k8s how many have used

   it how many use it in anger? KUBE FOR N00BS

2. k8s or something like it is how we're gonna be

   deploying stuff in the future no more capistrano or fabric, no more "oh this project uses cap 3 but this one uses cap 2 shit i need a different version of ruby-ssh for this one" no more maintaining capfiles or the tools you use for deployment not gonna get too far in the weeds but enough to help build a mental model users intro, not operators intro WHY

3. Kubernetes is an open-source system for automating deployment, scaling, and

   management of containerized applications -- kubernetes.io
4. None

5. automating - automating things is kinda what we do, right?

   At least in part? Why type things if you don't need to? deploying - we know what deploying means, right? At the end of the day, it means getting our software out in front of our users scaling - adding resources (RAM/CPU/DISK/servers?) management - deal with/control something containerized applications - an application inside a container - that's the key standardized interface how do we get started? DON'T PANIC ▸ automating ▸ deployment ▸ scaling ▸ management ▸ containerized applications

6. rails API that's running in a docker container quick show

   of hands - how many folks are comfortable with this part? any questions feel free to speak up and chloe will answer them CONTAINERIZED APPLICATION http://apps.octoconsulting.com/images/rubyIcon.png

7. ▸ Build the app ▸ Containerize it ▸ Test it

   ▸ Share it ▸ Get k8s to run it

8. building a new rails api, nbd RAILS $ rails new

   truth_or_lie --api create create README.md create Rakefile create config.ru create .gitignore create Gemfile ...

9. docker is the software that builds and runs our containers

   - "docker build/run blah blah blah" its a runtime/container format/spec all rolled together there are others like rkt/coreos/mesos end of the day, it's not magic - just software and processes written by people i'm using docker for mac - if you're using virtualbox or parallels or something else it'll look different DOCKER $ ps x | grep docker 2034 ?? S 0:06.52 /Applications/Docker.app/Contents/MacOS/com.docker.osx.hyperkit.linux -watchdog fd:0 -max-restarts 5 -restart-seconds 30 2038 ?? S 4:25.23 com.docker.db --url fd://3 --git /Users/mescamilla/Library/Containers/com.docker.docker/Data/database 19071 ?? S 0:00.13 com.docker.osxfs serve --address fd:3 --connect /Users/mescamilla/Library/Containers/com.docker.docker/Data/connect --control fd:4 19084 ?? S 0:55.44 com.docker.vpnkit --db /Users/mescamilla/Library/Containers/com.docker.docker/Data/s40 --branch state --ethernet fd:3 --port fd:4 --introspection fd:5 --diagnostics fd:6 --vsock-path /Users/mescamilla/Library/Containers/com.docker.docker/Data/connect --host-names docker.for.mac.localhost --listen-backlog 32 19087 ?? S 6:36.01 com.docker.driver.amd64-linux -addr fd:3 -debug 19134 ?? S 20:09.32 com.docker.hyperkit -A -m 2048M -c 4 -u -s 0:0,hostbridge -s 31,lpc -s 2:0,virtio-vpnkit,uuid=2b4714de-910d-455d-b26d-e290788a8e33, path=/Users/mescamilla/Library/Containers/com.docker.docker/Data/s50, macfile=/Users/mescamilla/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/mac.0 -s 3, virtio-blk,file:///Users/mescamilla/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/Docker.qcow2?sync=drive ...

10. A container image is a lightweight, stand-alone, executable package of

    a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings think of it as an artifact or a binary - a single thing you run that executes your application in fact, the only process running in your container is your application and the dope thing is that anyone running docker can run it! no need to bundle up gems or install ruby or anything imagine if instead of ruby it's a node app or elixir or scala - just run the container - no building required (because it's already built) DOCKER CONTAINERS

11. writing the docker file nbd do some apt-get, copy files

    in, bundle install, expose port 3000 and run rails s think of this kinda like a Makefile - a series of shell instructions you'd run to get your app running DOCKERFILE $ cat Dockerfile FROM ruby:2.2 MAINTAINER your butt RUN apt-get update && apt-get install -y build-essential RUN mkdir -p /app WORKDIR /app COPY Gemfile Gemfile.lock ./ RUN gem install bundler && bundle install --jobs 20 --retry 5 COPY . ./ EXPOSE 3000 CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"]

12. run docker build to make the actual container now we

    have this artifact (4a3bc85655fd) somewhere on our machine hard to show where it is, but docker knows $ DOCKER BUILD -T TRUTH-OR-LIE:V1 $ docker build -t gcr.io/kube-for-noobs-177116/truth-or-lie-api:v1 . Sending build context to Docker daemon 266.2kB Step 1/10 : FROM ruby:2.2 Step 2/10 : MAINTAINER your butt Step 3/10 : RUN apt-get update && apt-get install -y build-essential Step 4/10 : RUN mkdir -p /app Step 5/10 : WORKDIR /app Step 6/10 : COPY Gemfile Gemfile.lock ./ Step 7/10 : RUN gem install bundler && bundle install --jobs 20 --retry 5 Step 8/10 : COPY . ./ Step 9/10 : EXPOSE 3000 Step 10/10 : CMD bundle exec rails server -b 0.0.0.0 Successfully built 4a3bc85655fd Successfully tagged gcr.io/kube-for-noobs-177116/truth-or-lie-api:v1

13. $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/kube-for-noobs-177116/truth-or-lie-api

    v1 4a3bc85655fd 2 days ago 837MB

14. $ DOCKER RUN TRUTH-OR-LIE:V1 $ docker run -it -p 3000:3000

    gcr.io/kube-for-noobs-177116/truth-or-lie-api:v1 => Booting Puma => Rails 5.1.3 application starting in development on http://0.0.0.0:3000 => Run `rails server -h` for more startup options Puma starting in single mode... * Version 3.9.1 (ruby 2.2.7-p470), codename: Private Caller * Min threads: 5, max threads: 5 * Environment: development * Listening on tcp://0.0.0.0:3000 Use Ctrl-C to stop

15. $ docker ps IMAGE COMMAND CREATED STATUS PORTS gcr.io/kube-for-noobs-177116/truth-or-lie-api:v1 "bundle

    exec rails..." 6 seconds ago Up 5 seconds 0.0.0.0:3000->3000/tcp

16. now we've got a docker container (the artifact) and its

    running locally inside of the docker vm managed by the docker daemon we should share it so the world can run it (or at least our coworkers and k8s) SANITY CHECK $ curl localhost:3000 <!DOCTYPE html> <html> <head> <title>Ruby on Rails</title>

17. gotta get the container into a registry (some place where

    kubernetes can pull it from) since we'll be running this in gke, we use google container registry (gcr) and that's why there's a gcloud in the command $ DOCKER PUSH $ gcloud docker -- push gcr.io/kube-for-noobs-177116/truth-or-lie-api:v1 The push refers to a repository [gcr.io/kube-for-noobs-177116/truth-or-lie-api] 1173991e89eb: Pushed 77d537ca1fa7: Pushed 522211a30f3c: Pushed 28ad8da36b47: Pushed 585fc5f5919f: Pushed 7f79a65253a2: Pushed 45b2ff956b64: Pushed ce0d7264cb97: Pushed 9c509a7c287b: Layer already exists 5616a6292c16: Layer already exists f3ed6cb59ab0: Layer already exists 654f45ecb7e3: Layer already exists 2c40c66f7667: Layer already exists v1: digest: sha256:bcc86e4c7b90e0395265672431cb89c9451441fdf8c7fddfcf2789920cf0d66d size: 3049

18. now we've got our app and we want it running

    in production let's talk a little bit about how that used to work !

19. hi this is 90s mando im super into DMX i

    mean he really changed the face of hip hop you know he was like this big middle finger to puffy and those guys and people don't really give him the respect i think he deserves also i'm super into running linux on the desktop this is the year i can feel it hi this is 90s chloe im 9 and i need you to run this perl web page ok sure thing. i mean, it's gonna take a bit - i gotta call like HP or Dell, get a box in a couple of weeks, rack it up then i gotta install an OS on there, set up users, install perl and the perl modules, install apache but dont worry i've got some pretty brittle shell scripts to

20. hi this is 2000s mando im super into Rihanna and

    TPain and i'm 100% sure this is the year of linux on the desktop hi this is 2000s chloe i'm 19 and i need you to run this j2ee application no problem i've got this new beta stuff called chef i've been using on this new thing called AWS EC2 lemme just write a new cookbook real quick here java you say? kk cant use ubuntu because i cant use auto-agree to oracle user agreement maybe openjdk? no? k

21. hi this is 2017 mando i fucking can't even with

    anything let alone linux on the desktop hi this is 2017 chloe and i fucking can't even either but i need you to run this rails app for me is it in a container? cool cool kubectl run/kubectl expose done now lets head down to the protest

22. this is what a k8s cluster looks like, made up

    of a master and a set of nodes/minions masters and nodes are just linux computers running different parts of the k8s codebase it's got some processes called api-server, controller- manager, etc the master is what users submit work to - it does cluster management, work scheduling, etc we talk to the master via the kubectl command over http

23. this is my local k8s config that defines where the

    api server is and how i auth $ cat ~/.kube/config apiVersion: v1 kind: Config preferences: colors: true clusters: - cluster: certificate-authority-data: OMGMAHSECRETS server: https://35.188.116.23 name: gke_kube-for-noobs-177116_us-central1-a_noob-1 contexts: - context: cluster: gke_kube-for-noobs-177116_us-central1-a_noob-1 user: gke_kube-for-noobs-177116_us-central1-a_noob-1 name: gke_kube-for-noobs current-context: gke_kube-for-noobs users: - name: gke_kube-for-noobs-177116_us-central1-a_noob-1 user: auth-provider: config: access-token: OMGSTOPTRYINGTOSTEALMYSECRETS cmd-args: config config-helper --format=json cmd-path: /usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/bin/gcloud expiry: 2017-08-19T15:21:41Z expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp

24. straight up http request to the api server process on

    the master it inspects the state of the cluster and returns it in this case we're asking about nodes nodes are just linux boxes that run docker, kubelet and a bit more kubelet is what talks to docker and runs our containers (as pods) $ kubectl -v10 get nodes I0819 09:21:58.204928 42474 loader.go:357] Config loaded from file /Users/mescamilla/.kube/config ... snip cached data ... I0819 09:21:58.216071 42474 round_trippers.go:386] curl -k -v -XGET -H "Accept: application/json" -H "User-Agent: kubectl/v1.7.3 (darwin/amd64) kubernetes/2c2fe6e" https://35.188.116.23/api/v1/nodes I0819 09:21:58.419695 42474 round_trippers.go:405] GET https://35.188.116.23/api/v1/nodes 200 OK in 203 milliseconds I0819 09:21:58.419737 42474 round_trippers.go:411] Response Headers: I0819 09:21:58.419752 42474 round_trippers.go:414] Content-Type: application/json I0819 09:21:58.419759 42474 round_trippers.go:414] Date: Sat, 19 Aug 2017 14:21:58 GMT I0819 09:21:58.452687 42474 request.go:991] Response Body: {"kind":"NodeList","apiVersion":"v1","metadata":{"selfLink":"/api/v1/node NAME STATUS AGE VERSION gke-noob-1-default-pool-c407de45-pjf8 Ready 1h v1.7.3 gke-noob-1-default-pool-c407de45-rcrc Ready 1h v1.7.3 gke-noob-1-default-pool-c407de45-vn3m Ready 1h v1.7.3

25. LIVE DEMO TIME Y'ALL

26. None