Containing Chaos with Kubernetes

Slide 1

Slide 1 text

‹#› @tpryan Terry Ryan Developer Advocate Containing Chaos with Kubernetes

Slide 2

Slide 2 text

‹#› @tpryan Who are you?

Slide 3

Slide 3 text

‹#› @tpryan 01 Introduction Why Kubernetes?

Slide 4

Slide 4 text

‹#› @tpryan What problem are   we trying to solve?

Slide 5

Slide 5 text

‹#› @tpryan # FRONTEND AND SERVICES FROM nginx-php-fpm COPY nginx.conf /etc/nginx/nginx.conf ADD www /var/www/

Slide 6

Slide 6 text

‹#› @tpryan # BACKEND FROM ubuntu:12.04 ADD ./mysql-setup.sh /tmp/mysql-setup.sh RUN /bin/sh /tmp/mysql-setup.sh EXPOSE 3306 CMD ["/usr/sbin/mysqld"]

Slide 7

Slide 7 text

‹#› @tpryan

Slide 8

Slide 8 text

‹#› @tpryan # FRONTEND AND SERVICES FROM nginx-php-fpm COPY nginx.conf /etc/nginx/nginx.conf ADD www /var/www/ # JUST SERVICES FROM nginx-php-fpm COPY nginx.conf /etc/nginx/nginx.conf ADD www /var/www/

Slide 9

Slide 9 text

‹#› @tpryan # FRONTEND AND SERVICES FROM nginx-php-fpm COPY nginx.conf /etc/nginx/nginx.conf ADD www /var/www/ # FRONTEND FROM nginx COPY nginx.conf /etc/nginx/nginx.conf ADD www /var/www/

Slide 10

Slide 10 text

‹#› @tpryan

Slide 11

Slide 11 text

‹#› @tpryan # BACKEND FROM ubuntu:12.04 ADD ./mysql-setup.sh /tmp/mysql-setup.sh RUN /bin/sh /tmp/mysql-setup.sh EXPOSE 3306 CMD ["/usr/sbin/mysqld"] # BACKEND FROM ubuntu:12.04 ADD ./mysql-setup.sh /tmp/mysql-setup.sh RUN /bin/sh /tmp/mysql-setup.sh EXPOSE 3306 VOLUME ["/etc/mysql", "/var/lib/mysql"] CMD ["/usr/sbin/mysqld"]

Slide 12

Slide 12 text

‹#› @tpryan

Slide 13

Slide 13 text

‹#› @tpryan

Slide 14

Slide 14 text

‹#› @tpryan

Slide 15

Slide 15 text

‹#› @tpryan

Slide 16

Slide 16 text

‹#› @tpryan

Slide 17

Slide 17 text

‹#› @tpryan That’s a lot to manage.

Slide 18

Slide 18 text

‹#› @tpryan 4 3 2

Slide 19

Slide 19 text

‹#› @tpryan Kubernetes • Container Orchestration System • Open Source • Started by Google • Contributed to by others

Slide 20

Slide 20 text

‹#› @tpryan 02 Concepts Philosophies

Slide 21

Slide 21 text

‹#› @tpryan Cattle, not Pets

Slide 22

Slide 22 text

‹#› @tpryan Cattle • Has a number • One is much like any other • Run as a group • If it gets ill, you make hamburgers Pet • Has a name • Is unique or rare • Personal Attention • If it gets ill… you make it better

Slide 23

Slide 23 text

‹#› @tpryan Desired State

Slide 24

Slide 24 text

‹#› @tpryan Build Script ./create_docker_images.sh ./launch_backend.sh x 1 ./launch_services.sh x 2 ./launch_frontend.sh x 3

Slide 25

Slide 25 text

‹#› @tpryan Build Script ./create_docker_images.sh ./launch_backend.sh x 1 ./launch_services.sh x 2 ./launch_frontend.sh x 3

Slide 26

Slide 26 text

‹#› @tpryan Desired State There should be: 3 Frontends 2 Services 1 Backend

Slide 27

Slide 27 text

‹#› @tpryan Employees, not Children

Slide 28

Slide 28 text

‹#› @tpryan Child • Go upstairs • Get undressed • Put on pajamas • Brush your teeth • Pick out 2 stories Employee • “We had a tough day, go home and get some sleep”

Slide 29

Slide 29 text

‹#› @tpryan 03 Components What makes up Kubernetes?

Slide 30

Slide 30 text

‹#› @tpryan Nodes • Machines that run Kubernetes • Containers will run on these • Can by hardware or virtual

Slide 31

Slide 31 text

‹#› @tpryan Containers • Subatomic particles of Kubernetes • Dockerfiles just like you are used to.

Slide 32

Slide 32 text

‹#› @tpryan Pods • Atomic component of Kubernetes • Made from one or more containers • Share • IP Address • Local Storage • Namespace • It’s okay to have just one container • Examples • Sidecar (Webserver + File sync) • Ambassador • Adaptor • Converting an all in one box

Slide 33

Slide 33 text

‹#› @tpryan Pods apiVersion: v1 kind: Pod metadata: name: php labels: name: php spec: containers: - image: nginx-php-fpm:latest name: php ports: - containerPort: 80 name: http apiVersion: v1 kind: Pod metadata: name: php labels: name: php spec: containers: - image: nginx-php-fpm:latest name: php ports: - containerPort: 80 name: http

Slide 34

Slide 34 text

‹#› @tpryan Controllers • Handle turning current state into desired state • Example • Replication Controllers Observe Diff Act

Slide 35

Slide 35 text

‹#› @tpryan Controllers kind: "ReplicationController" apiVersion: "v1" id: fe-rc-1 metadata: name: "frontend-controller" labels: state: "serving" spec: replicas: 2 selector: app: "todotodo-fe" version: v1 template: metadata: labels: app: "todotodo-fe" version: v1 spec: volumes: null containers: - name: "php" image: "nginx-php-fpm:latest" ports: - containerPort: 80 protocol: "TCP" imagePullPolicy: "IfNotPresent" restartPolicy: "Always" dnsPolicy: "ClusterFirst" kind: "ReplicationController" apiVersion: "v1" id: fe-rc-1 metadata: name: "frontend-controller" labels: state: "serving" spec: replicas: 2 selector: app: "todotodo-fe" version: v1 template: metadata: labels: app: "todotodo-fe" version: v1 spec: volumes: null containers: - name: "php" image: "nginx-php-fpm:latest" ports: - containerPort: 80 protocol: "TCP" imagePullPolicy: "IfNotPresent" restartPolicy: "Always" dnsPolicy: "ClusterFirst"

Slide 36

Slide 36 text

‹#› @tpryan Replica Set • Everything that Replication Controllers do • Can do set-based selector • Lot of the docs will refer to Replication Controllers but you can move to Replica sets.

Slide 37

Slide 37 text

‹#› @tpryan Deployments • An improvement over previous rolling updates. • Allow for easy updates to application pieces.

Slide 38

Slide 38 text

‹#› @tpryan apiVersion: extensions/v1beta1 kind: Deployment metadata: name: frontend-deployment spec: replicas: 2 strategy: type: RollingUpdate template: metadata: labels: app: todotodo-fe spec: containers: - name: php image: nginx-php-fpm:latest ports: - containerPort: 80 Deployments apiVersion: extensions/v1beta1 kind: Deployment metadata: name: frontend-deployment spec: replicas: 2 strategy: type: RollingUpdate template: metadata: labels: app: todotodo-fe spec: containers: - name: php image: nginx-php-fpm:latest ports: - containerPort: 80

Slide 39

Slide 39 text

‹#› @tpryan Services • Defines an endpoint from which to access applications • Gets a virtual IP address • Can get a public load balancer • Used for exposing an application • Other Kubernetes clients • Non-Kubernetes clients 192.168.99.100

Slide 40

Slide 40 text

‹#› @tpryan Services apiVersion: v1 kind: Service metadata: labels: name: frontend name: frontend spec: type: LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP selector: app: "todotodo-fe" apiVersion: v1 kind: Service metadata: labels: name: frontend name: frontend spec: type: LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP selector: app: "todotodo-fe"

Slide 41

Slide 41 text

‹#› @tpryan Labels & Selectors • Metadata for Objects • Select sections of your infrastructure App Tier Env todo frontend stage App Tier Env todo frontend prod App Tier Env todo frontend dev App Tier Env todo frontend test App Tier Env todo api prod App Tier Env todo backend prod App Tier Env todo api stage App Tier Env todo api test App Tier Env todo api dev App Tier Env todo backend stage App Tier Env todo backend test App Tier Env todo backend dev

Slide 42

Slide 42 text

‹#› @tpryan Labels & Selectors & Services App todo-fe apiVersion: extensions/v1beta1 kind: Deployment metadata: name: fe-deployment spec: replicas: 4 strategy: type: RollingUpdate template: metadata: labels: app: todo-fe spec: containers: - name: php image: app ports: - containerPort: 80 App todo-fe App todo-fe App todo-fe apiVersion: v1 kind: Service metadata: labels: name: frontend name: frontend spec: type: LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP selector: app: "todo-fe" 192.168.99.100 130.91.xxx.xxx Public Private

Slide 43

Slide 43 text

‹#› @tpryan Networking • Pod IPs are routable • Docker default is private IP • Pods can reach each other without NAT • even across Kubernetes nodes

Slide 44

Slide 44 text

‹#› @tpryan Sum up Service Replication Controller Replica Set Deployment Pod Container

Slide 45

Slide 45 text

‹#› @tpryan Why?

Slide 46

Slide 46 text

‹#› @tpryan

Slide 47

Slide 47 text

‹#› @tpryan Demo: Kubernetes in Action

Slide 48

Slide 48 text

‹#› @tpryan Before the demo

Slide 49

Slide 49 text

‹#› @tpryan PHP & Apache Frontend & API Mysql Backend

Slide 50

Slide 50 text

‹#› @tpryan

Slide 51

Slide 51 text

‹#› @tpryan Demo: Kubernetes in Action

Slide 52

Slide 52 text

‹#› @tpryan Demo: Larger Kubernetes install

Slide 53

Slide 53 text

‹#› @tpryan Is this the right way to set up a database?

Slide 54

Slide 54 text

‹#› @tpryan Not really

Slide 55

Slide 55 text

‹#› @tpryan Sum up Service Replication Controller Replica Set Deployment Pod Container

Slide 56

Slide 56 text

‹#› @tpryan Replica Set Service Stateful Set Service replicas: 1

Slide 57

Slide 57 text

‹#› @tpryan apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: mysql labels: name: mysql spec: serviceName: "mysql" replicas: 1 template: metadata: labels: name: mysql Stateful Set spec: terminationGracePeriodSeconds: 0 containers: - name: mysql image: "gcr.io/gke-test-tpryan/mysql-php" ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysqlpet mountPath: /var/lib/mysql volumeClaimTemplates: - metadata: name: mysqlpet spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: mysql labels: name: mysql spec: serviceName: "mysql" replicas: 1 template: metadata: labels: name: mysql spec: terminationGracePeriodSeconds: 0 containers: - name: mysql image: "gcr.io/gke-test-tpryan/mysql-php" ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysqlpet mountPath: /var/lib/mysql volumeClaimTemplates: - metadata: name: mysqlpet spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi

Slide 58

Slide 58 text

‹#› @tpryan Why isn’t yours using Stateful Set

Slide 59

Slide 59 text

‹#› @tpryan Not a huge difference for MySQL

Slide 60

Slide 60 text

‹#› @tpryan We also talked about • Rolling Updates • Persistent Volumes

Slide 61

Slide 61 text

‹#› @tpryan Secrets • Secrets interface for sensitive data • Can be mounted as files • Can be imported directly to ENV

Slide 62

Slide 62 text

‹#› @tpryan apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm username: YWRtaW4= Secrets apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm username: YWRtaW4=

Slide 63

Slide 63 text

‹#› @tpryan containers: - name: php image: gcr.io/gke-test-tpryan/php ports: - containerPort: 80 env: - name: USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: PASSWORD valueFrom: secretKeyRef: name: mysecret key: password Secrets containers: - name: php image: gcr.io/gke-test-tpryan/php ports: - containerPort: 80 env: - name: USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: PASSWORD valueFrom: secretKeyRef: name: mysecret key: password

Slide 64

Slide 64 text

‹#› @tpryan Horizontal Autoscaler • Upscales or downscales as necessary • Processor utilization • Custom Application metrics • Allows for pods to autoscale but not nodes.

Slide 65

Slide 65 text

‹#› @tpryan apiVersion: extensions/v1beta1 kind: HorizontalPodAutoscaler metadata: name: frontend-deployment spec: cpuUtilization: targetPercentage: 80 maxReplicas: 5 minReplicas: 1 scaleRef: apiVersion: extensions/v1beta1 kind: Deployment name: frontend-deployment subresource: scale Horizontal Autoscaler apiVersion: extensions/v1beta1 kind: HorizontalPodAutoscaler metadata: name: frontend-deployment spec: cpuUtilization: targetPercentage: 80 maxReplicas: 5 minReplicas: 1 scaleRef: apiVersion: extensions/v1beta1 kind: Deployment name: frontend-deployment subresource: scale

Slide 66

Slide 66 text

‹#› @tpryan There’s More • Logging • Monitoring • Events • Web Interface • Configmaps • Jobs • Ubernetes

Slide 67

Slide 67 text

‹#› @tpryan 04 Comparisons What about Docker Compose, or Swarm, or …

Slide 68

Slide 68 text

‹#› @tpryan Kubernetes Docker Swarm Docker Compose Docker Machine Launch Container hosts in several clouds Cluster of Container Hosts Replication Orchestration Scheduling Routable Network Scheduled Jobs Stateful Set Autoscaling Secrets Config Maps Multiple containers on same localhost Manage Remote Container Hosts Docker

Slide 69

Slide 69 text

‹#› @tpryan But

Slide 70

Slide 70 text

‹#› @tpryan Docker’s logos are much cooler than ours.

Slide 71

Slide 71 text

‹#› @tpryan Kubernetes • Management software for containers • Has strong opinions • Service Discovery • Logging • Can run on top of Mesos Mesos • Multi machine kernel • Turns datacenter (or all installed machines) into a single logical system • Can do containers • Can do other distributed jobs

Slide 72

Slide 72 text

‹#› @tpryan 05 Container Engine Hosted Kubernetes

Slide 73

Slide 73 text

‹#› @tpryan I’ve mostly talked about developing on Kubernetes

Slide 74

Slide 74 text

‹#› @tpryan Setting up a cluster

Slide 75

Slide 75 text

‹#› @tpryan Setting up a cluster • Choose an infrastructure: • Google Cloud Platform, AWS, Azure, Rackspace, on-premises, …

Slide 76

Slide 76 text

Slide 77

Slide 77 text

Slide 78

Slide 78 text

‹#› @tpryan Setting up a cluster • Choose an infrastructure: • Google Cloud Platform, AWS, Azure, Rackspace, on-premises, … • Choose a node OS: • CoreOS, Atomic, RHEL, Debian, CentOS, Ubuntu, ... • Provision machines: • Boot VMs, install and run kube components, ... • Configure networking: • IP ranges for Pods, Services, SDN, ...

Slide 79

Slide 79 text

Slide 80

Slide 80 text

Slide 81

Slide 81 text

‹#› @tpryan Or…

Slide 82

Slide 82 text

‹#› @tpryan

Slide 83

Slide 83 text

‹#› @tpryan Container Engine • Hosted Kubernetes • A few smart defaults set • Allow for dipping your feet in • Allows for node autoscaling

Slide 84

Slide 84 text

‹#› @tpryan Container Registry • Hosted • Private • Can be used with GKE or not

Slide 85

Slide 85 text

‹#› @tpryan 06 Conclusions Bring it home

Slide 86

Slide 86 text

‹#› @tpryan Kubernetes is Open Source We want your help! • http://kubernetes.io • https://github.com/kubernetes/kubernetes • irc.freenode.net #google-containers • @kubernetesio

Slide 87

Slide 87 text

‹#› @tpryan Roadmap Kubernetes 1.5 Released: December 2016 • Stateful State beta • Pod Disruption Budget beta • Federated Kubernetes CLI • Windows Containers alpha http://blog.kubernetes.io/2016/12/kubernetes-1.5-supporting-production-workloads.html

Slide 88

Slide 88 text

‹#› @tpryan Roadmap Kubernetes 1.6 Target: March 2017 https://github.com/kubernetes/kubernetes/milestones/

Slide 89

Slide 89 text

‹#› @tpryan If you like Kubernetes, but wonder “What the hell am I getting into here?”

Slide 90

Slide 90 text

‹#› @tpryan Container Engine can make dipping your toes in a little easier.

Slide 91

Slide 91 text

‹#› @tpryan There’s also Minikube https://github.com/kubernetes/minikube

Slide 92

Slide 92 text

Google has been developing and using containers to manage our applications for over 10 years.

Slide 93

Slide 93 text

‹#› @tpryan Everything at Google runs on Containers: • Gmail, Web Search, Maps, ... • MapReduce, batch, ... • GFS, Colossus, ... • Even Google’s Cloud Platform: VMs run in containers! We launch 2 Billion Containers a week

Slide 94

Slide 94 text

‹#› @tpryan We think containers are the way to manage scale.

Slide 95

Slide 95 text

‹#› @tpryan You should carefully consider whether running everything on containers is right for you.

Slide 96

Slide 96 text

‹#› @tpryan You should run everything on containers.

Slide 97

Slide 97 text

‹#› @tpryan You should carefully consider whether running everything on containers is right for you.

Slide 98

Slide 98 text

‹#› @tpryan Thank You terrenceryan.com @tpryan This preso: http://bit.ly/tpryan-chaos