Slide 1
Slide 1 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 1
© Copyright 2020 Rancher Labs. All Rights Reserved. 1
Rancher
Online Workshop
Cheng
Rancher Labs
Slide 2
Slide 2 text
© Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 2
Objectives for the day
l
Docker͓ΑͼKubernetes͓͞Β͍
l
Labڥ HobbyFarm
આ໌
l
RKEʹΑΔΫϥελʔߏங
l
Rancher Serverߏங(v2.5)
l
RancherʹΑΔΫϥελʔߏங
l
hello-worldΞϓϦέʔγϣϯΛΫϥελʔʹσϓϩΠ
l
WordPressΛΫϥελʔʹσϓϩΠ
Slide 3
Slide 3 text
© Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 3
Forewarning
l
͜ͷWorkShopɺKubernetesͱRancherͷॳ৺ऀ͚ʹઃܭ͞Ε͍ͯ·͢
l
͜͜ʹհ͞Ε͍ͯΔ༰ɺඞͣ͠ຊ൪ڥͰͷӡ༻ํ๏Ͱ͋Γ·ͤ
Μ͕ɺຊ൪ڥ͚ͷجૅࣝͱߟ͍͖͍͑ͯͨͩͨͰ͢
Slide 4
Slide 4 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 4 4
Container Images
Slide 5
Slide 5 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 5
Container Image
Application Code Application Dependencies
Container Image
Slide 6
Slide 6 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 6
Container Image
Slide 7
Slide 7 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 7
Container Image
Slide 8
Slide 8 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 8
Container Image
Container Image
Container
Container
Container
Slide 9
Slide 9 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 9 9
Containers
Slide 10
Slide 10 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 10
Containers
l
ΠϝʔδΛݩʹ࡞͞ΕΔԾڥͷ࣮ߦ෦ʢinstanceʣ
l
ϙʔλϏϦςΟr ΠϝʔδΛ̍ճϏϧυ͢ΕɺͲ͜Ͱಉ࣮͘͡ߦͰ͖Δ
l
ΞϓϦέʔγϣϯΛɺܰྔͳִ͞Εͨڥʹ࣮ߦͰ͖Δ
l
ΞϓϦέʔγϣϯͷΠϯελϯεΛਫฏํʹ؆୯ʹεέʔϦϯάͰ͖Δ
Slide 11
Slide 11 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 11
Containers
Source : https://www.docker.com/resources/what-container
Slide 12
Slide 12 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 12 12
Registries
Slide 13
Slide 13 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 13
Registries
Slide 14
Slide 14 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 14
Registries
l
ΠϝʔδΛ֨ೲ͢ΔͨΊͷॴ
l
Public
l
Private
l
ྫ
l
Amazon Elastic Container Registry
l
Azure Container Registry
l
Docker Hub
l
Ұ෦ͷػೳ֦ு͍ͯ͠Δ
l
Vulnerability scanning
l
LDAP / AD Support
l
Auditing
l
Replication
l
etc
Slide 15
Slide 15 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 15
Containers are great……..but
Managing a couple – no problem
Slide 16
Slide 16 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 16
Containers are great……..but
How about managing many? How do we address:
Networking, Security, Scheduling, Automation, etc?
Slide 17
Slide 17 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 17 17
K8s – Container Orchestration
Slide 18
Slide 18 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 18
Kubernetes
l
KubernetesɺίϯςφԽ͞ΕͨϫʔΫϩʔυαʔϏεΛཧ͢ΔͨΊͷɺ
ϙʔλϒϧͰ֦ுੑͷ͋ΔΦʔϓϯιʔεϓϥοτϗʔϜͰ͢
l
KubernetesɺYAMLܗࣜJSONܗࣜͰهड़ͨ͠એݴతͳίʔυʢظͳঢ়
ଶʣʹΑͬͯɺσϓϩΠ͢ΔίϯςφपลϦιʔεΛཧ͠·͢
Slide 19
Slide 19 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 19
Kubernetes Architecture
l
ControlplaneΫϥε
λʔཧػೳɺ"1*Πϯ
λϑΣʔεΛఏڙ
l
Etcd: ΩʔόϦϡʔετ
ΞͰɺKubernetesͷશͯ
ͷΫϥελʔใͷอଘ
ॴ
l
Worker: ίϯςφʢϫʔ
Ϋϩʔυʣ͕࣮ࡍʹσϓ
ϩΠ͞ΕΔϚγϯ
API / CLI
Slide 20
Slide 20 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 20
Kubernetes Resources - Pod
l
ϫʔΫϩʔυͷ࠷খ୯Ґ
l
αʔόʔԾԽʹ͓͍ͯɺhypervisor্ͷ1ͭͷ
VM૬ͷײ͡
l
1ͭҎ্ͷίϯςφΛؚΉ
l
ԼهϦιʔεؚΉ:
l
Storage (ie shared volumes)
l
Networking
l
1ͭͷϊʔυׂ͕ΓͯΒΕ͍ͯΔ
Slide 21
Slide 21 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 21
Kubernetes Resources - Deployment
l
ෳͷಉ͡ Pod Λཧ͢ΔͨΊͷϦιʔε
l
ෳͷಉ͡ 1PEΛάϧʔϓͰཧ
l
Updating
l
Scaling
l
Rollback
l
ݱࡏͷঢ়ଶΛࢦఆ͞Εͨঢ়ଶมߋ
Slide 22
Slide 22 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 22
Kubernetes – Declarative Syntax
✓
Slide 23
Slide 23 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 23
Kubernetes Resources - Service
l
Podඞͣ͠Ӭଓੑ͕ߴ͍ͷͰͳ͍
l
PodʹΞΫηε͠ͳ͍Ͱʂ
l
Podsͷू߹Ͱ࣮ߦ͞Ε͍ͯΔΞϓϦέʔγϣϯΛ
ωοτϫʔΫαʔϏεͱͯ͠ެ։͢Δநతͳํ๏
l
Podͷηοτʹର͢Δ୯ҰͷIP/DNS໊Λఏڙ
l
Services෦ΞΫηε͚(ClusterIP)ͱ ֎෦ΞΫη
ε͚(NodePort & Loadbalancer)ͷ2छྨ
Slide 24
Slide 24 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 24
Kubernetes Resources - Service
10.42.0.4 10.42.0.5 10.42.0.6
Endpoints:
10.42.0.4
10.42.0.5
10.42.0.6
Type : LoadBalancer
10.42.0.7
Endpoints:
10.42.0.4
10.42.0.5
10.42.0.7
Slide 25
Slide 25 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 25
Kubernetes Resources - Ingress
l
ΫϥελʔͷServiceʹର͢Δ֎෦͔ΒͷΞΫηεΛ
ཧ
l
ओʹHTTP
l
Serviceʹରͯ͠ɺ֎෦͔ΒΞΫηεͳՄೳURLΛఏڙ
l
ෛՙࢄ(Load Balance traffic) ͷػೳΛఏڙ
l
SSLऴ(Terminate) ͷػೳΛఏڙ
l
໊લϕʔεͷԾϗεςΟϯάͷػೳΛఏڙ
Slide 26
Slide 26 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 26
Kubernetes Resources - Ingress
Kubernetes Cluster
/bar
/foo
ServiceA ServiceB
foo.bar.com/bar
foo.bar.com/foo
Slide 27
Slide 27 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 27
Kubernetes
KubernetesΤίγεςϜ͕ɺେͳͷͰ͢ - https://landscape.cncf.io
(These are just the
Storage projects)
Slide 28
Slide 28 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 28
RancherがKubernetesにもたらすもの
28
Network & Storage
Registry
App Catalog
Monitoring
Kubernetes
Container Runtime
CI/CD
Service Mesh
Logging
Security RBAC & PSP
Authentication
What Rancher takes an SLA on
Manage all this? … or this?
Rancher Certified Integrations
Cloud
Datacenter
Dev Branch Edge
Google
GKE
Azure
AKS
Amazon
EKS
Slide 29
Slide 29 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 29
29
What is RKE
RKEɺΫϥυɺΦϯϓϨϛεɺٴͼϩʔΧϧڥʹkubernetesΫϥελ
Λ؆୯ʹσϓϩΠͰ͖ΔCLIπʔϧͰ͢ɻ
Slide 30
Slide 30 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 30
30
What is RKE
ಛ
• ରϊʔυʹ44)ଓͯ͠ϓϩϏδϣχϯάΛ࣮ࢪ
• LVCFSOFUFTͷ֤छίϯϙʔωϯτ FUDEBQJTFSWFSͳ
Ͳ
Λίϯςφͱͯ͠ىಈ
• )"ͳΫϥελΛߏஙՄೳ
Slide 31
Slide 31 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 31
31
What is RKE
͍ํ
• ࣄલʹΫϥελʔ༻ͷϊʔυΛ༻ҙ
• SLFఆٛϑΝΠϧΛ࡞
• SLF VQ࣮ߦͰΫϥελʔߏங
Slide 32
Slide 32 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 32
32
What is RKE
Slide 33
Slide 33 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 33
Lab環境(HobbyFarm)説明
l
https://learn.eu1.hobbyfarm.io/login ΞΫηε
l
[e-mail] ɺ [Access Code]ɺٴͼ[password] ͰϢʔβʔΛొ
l
Access Code:
Slide 34
Slide 34 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 34
Lab環境(HobbyFarm)説明
l
[e-mail] ɺ [password] ͰϩάΠϯ
Slide 35
Slide 35 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 35
Lab環境(HobbyFarm)説明
l
[Start Scenario] Ͱ։࢝
Slide 36
Slide 36 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 36
Lab環境(HobbyFarm)説明
l
[Start Scenario] Ͱ։࢝
Slide 37
Slide 37 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 37
Lab環境(HobbyFarm)説明
l
ڥߏ
αʔόʔɿrancher01 αʔόʔɿcluster01
Slide 38
Slide 38 text
© Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 38
© Copyright 2020 Rancher Labs. All Rights Reserved. 38
Intermission
Slide 39
Slide 39 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 39
• CNCF認証付きのK8sクラスター上に
Rancherをインストールできるよう
になった
• より充実したユーザーインターフェ
イスを提供
Installable On Any Cluster
Slide 40
Slide 40 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 40
New Dashboard
Cluster Manager Cluster Explorer
Slide 41
Slide 41 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 41
• Prometheus Operatorをベースとしたモ
ニタリングのソリューション
• カスタムメトリックの収集、アラーム
ルールなどは、CRs(Custom Resources)
により簡単に定義できる
• 全てのモニタリング定義が、CRsのyaml
で定義出来る為、GitOpsベースのワーク
フローを簡単に構築できる
Rancher Monitoring v2
Slide 42
Slide 42 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 42
Rancher Continuous Delivery
• Rancher FleetをベースとしたGitOpsのソ
リューション
• Gitリポジトリから複数のクラスタにアプリ
ケーションと構成設定をデプロイ可能
• シングルクラスターだけではなく、マルチク
ラスターにも対応
• アプリケーションや構成設定は、Kubernetes
YAML,Helm,Kustomizeというフォーマットを
対応
Slide 43
Slide 43 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 43
• Banzai Logging Operatorをベースとした
ロギングパイプラインのソリューション
• 軽量のFluentBitがログ収集で、Fluentdが
ログフィルタリングで、CRs(Custom
Resources)によりロギングパイプライン
を簡単に定義できる
• 全てのロギングパイプライン定義が、
CRsのyamlで定義出来る為、GitOpsベー
スのワークフローを簡単に構築可能
Rancher Logging v2
Slide 44
Slide 44 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 44
Rancher Logging v2
引⽤︓https://github.com/banzaicloud/logging-operator
Slide 45
Slide 45 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 45
• AWS-nativeのEKS管理より、もっとよ
いユーザーエクスペリエンスを提供
• Import, provision, upgrade, configure,
observe, secureなどの操作をRancher
単独で実行可能
EKSクラスターのフルマネジメント
Lifecycle Management EKS with Rancher 2.5 EKS Only
Configure & Provision
Rancher GUI/API経由でクラスター
構築とインポート
AWS Console; 3rd party
tools
Manage
インフラレイアの設定機能を増強 AWS Console
K8sの全てのリソースをCluster
Exploerから参照
Kubectl; 3rd party tools
Monitoring v2 [Prometheus]機能
Logging v2 [Fluentbit / Fluentd] 機能
手動で導入
Istio 1.7 手動で導入
Secure
RBAC Policyをロールで一元管理
ユーザー認証の一元管理
CIS Scan
OPA Gatekeeper
Kubernetes native
Upgrades
Rancher GUI/API経由でクラスター
アップグレード
AWS Console; 3rd party
tools
Apps
Rancher Certified packages
Custom Rancher Catalogs
Helm
Kubectl
Helm; Kubectl
Slide 46
Slide 46 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 46
その他
• CentOS/RHEL 8, SLES 15 SP2 (v2.5.2+)
• CIS Scan機能増強
• Istio 1.17
• K8s 1.19
• RKE Government(RKE2)
• Rancherd – 新しいRancherインストール方式
…etc
Slide 47
Slide 47 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 47
• RKE2 –ηΩϡϦςΟཁ͕݅ݫ͍͠ͳͲ
ͷެڞػ͚ؔͷK8sσΟετϦϏϡʔγϣ
ϯ
• FIPS-enabled
• SELinux Support
• CIS Benchmark Certification
• Container-dΛσϑΥϧτͷϥϯλΠϜͱ͠
ͯ༻
• ΦϑϥΠϯ(AirGap)ͷΠϯετʔϧΛα
ϙʔτ
RKE Government(RKE2)
2
Slide 48
Slide 48 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 48
--- Dockerfile (master)
+++ Dockerfile (boringcrypto)
# Start with an official image
-FROM golang:1.13.4
+FROM goboring/golang:1.13.4b4
RKE2 FIPS-enabled
• ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴʢNISTʣɺถࠃ࿈ػ͚ؔͷ҉߸Ϟδϡʔϧͷཁ
݅Λنఆ͢ΔηΩϡϦςΟඪ४ͱͯ͠ɺ࿈ใॲཧඪ४ʢFIPSʣύϒϦέʔγϣϯ
140-2 Λ࡞
• ػؔۚ༥ػؔɺ͜ΕΒͷن֨Λج४ʹ͢Δ͜ͱͰɺ໌ه͞ΕͨηΩϡϦςΟʔཁ
݅ʹ͕४ڌ͍ͯ͠Δ͜ͱΛ֬ೝ͍ͯ͠·͢ɻ
• RKE2ɺ FIPS140-2ͷج४Λຬͨ͢Α͏ʹɺK8sͷίϯϙʔωϯτΛGoboring libraryͰɺ
ίϯύΠϧͨ͠σΟετϦϏϡʔγϣϯ
Slide 49
Slide 49 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 49
今後のロードマップ
Slide 50
Slide 50 text
© Copyright 2020 Rancher Labs. All Rights Reserved. 50
ロードマップ
• Cluster Explorerの機能増強:クラスタープロビジョニング、認証設定など
• AKSとGKEΫϥελʔͷϑϧϚωδϝϯτ
• GitOpsベースのワークフローで、Rancher自体の設定変更
…etc