Introduction to Kubernetes

Slide 1

Slide 1 text

@BastianHofmann Introduction to Kubernetes Bastian Hofmann

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Container orchestration platform

Slide 4

Slide 4 text

Deploy, run and scale your services in isolated containers

Slide 5

Slide 5 text

Very Powerful

Slide 6

Slide 6 text

Large community

Slide 7

Slide 7 text

Lot’s of large company backers

Slide 8

Slide 8 text

No vendor lock in

Slide 9

Slide 9 text

Runs on

Slide 10

Slide 10 text

AWS

Slide 11

Slide 11 text

Azure

Slide 12

Slide 12 text

Google Cloud Platform

Slide 13

Slide 13 text

Bare metal

Slide 14

Slide 14 text

Your laptop

Slide 15

Slide 15 text

Minikube

Slide 16

Slide 16 text

Included in Docker Desktop Clients

Slide 17

Slide 17 text

SysEleven

Slide 18

Slide 18 text

Learning curve

Slide 19

Slide 19 text

This talk is supposed to get you started

Slide 20

Slide 20 text

I’m going to explain the basics

Slide 21

Slide 21 text

I’ll start with deploying a simple PHP Web App

Slide 22

Slide 22 text

and cover some internals

Slide 23

Slide 23 text

But ﬁrst

Slide 24

Slide 24 text

Why containers?

Slide 25

Slide 25 text

Services run in isolation

Slide 26

Slide 26 text

Everything needed to run a service in one image

Slide 27

Slide 27 text

Decouple Ops and Dev

Slide 28

Slide 28 text

Make things …

Slide 29

Slide 29 text

Easier to deploy

Slide 30

Slide 30 text

Easier to upgrade system dependencies

Slide 31

Slide 31 text

Easier to scale

Slide 32

Slide 32 text

Easier to develop

Slide 33

Slide 33 text

Better performance than Virtual Machines

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \ apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

Slide 36

Slide 36 text

docker build -t symfony-demo:2.0.0 .

Slide 37

Slide 37 text

docker run -p 8080:80 symfony-demo:2.0.0

Slide 38

Slide 38 text

Kubernetes helps you running containers

Slide 39

Slide 39 text

OK, sold

Slide 40

Slide 40 text

Let’s deﬁne some core concepts ﬁrst

Slide 41

Slide 41 text

Kubernetes Cluster

Slide 42

Slide 42 text

• A docker image built from a Dockerfile that contains everything a service needs to run Image

Slide 43

Slide 43 text

• A container runs a docker image. • Only 1 process can run inside of a container Container

Slide 44

Slide 44 text

• A group of 1 or more containers • Same port space • Ports are not accessible from outside of the pod Pod

Slide 45

Slide 45 text

• Defines and manages how many instances of a pod should run Replica Set

Slide 46

Slide 46 text

• Manages updates and rollbacks of replica sets Deployment

Slide 47

Slide 47 text

• Makes a port of a pod accessible to other pods Service

Slide 48

Slide 48 text

• Makes a service accessible to the outside of Kubernetes Ingress

Slide 49

Slide 49 text

• A physical server • Containers get distributed automatically Node

Slide 50

Slide 50 text

• Configuration that can be mounted inside of a container ConﬁgMap

Slide 51

Slide 51 text

• Volumes can be mounted into a container to access a ConfigMap, Secret or a folder on the host Volumes

Slide 52

Slide 52 text

• Dedicated environment to deploy services in Namespaces

Slide 53

Slide 53 text

Example

Slide 54

Slide 54 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD

Slide 55

Slide 55 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD

Slide 56

Slide 56 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 PHP Application POD PHP Application POD

Slide 57

Slide 57 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER ReplicaSet: 2 instances PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER CONFIG WEB :80 https://php-app.k8s.foo.com:443/ PHP Application POD PHP Application POD

Slide 58

Slide 58 text

To interact with Kubernetes

Slide 59

Slide 59 text

Tooling

Slide 60

Slide 60 text

kubectl

Slide 61

Slide 61 text

$ kubectl get pods

Slide 62

Slide 62 text

NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

Slide 63

Slide 63 text

REST API

Slide 64

Slide 64 text

$ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind": "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

Slide 65

Slide 65 text

kubernetes-dashboard

Slide 66

Slide 66 text

No content

Slide 67

Slide 67 text

Helm The package manager for Kubernetes

Slide 68

Slide 68 text

$ helm install stable/wordpress

Slide 69

Slide 69 text

Practical example

Slide 70

Slide 70 text

Preparations

Slide 71

Slide 71 text

Install Docker Client

Slide 72

Slide 72 text

No content

Slide 73

Slide 73 text

Install helm

Slide 74

Slide 74 text

$ brew install kubernetes-helm

Slide 75

Slide 75 text

$ helm init

Slide 76

Slide 76 text

Install kubernetes-dashboard

Slide 77

Slide 77 text

$ helm install stable/kubernetes-dashboard -f kubernetes- dashboard.yaml

Slide 78

Slide 78 text

Install nginx-ingress-controller

Slide 79

Slide 79 text

$ helm install stable/nginx-ingress -f ingress- controller.yaml

Slide 80

Slide 80 text

Let’s deploy the symfony demo app

Slide 81

Slide 81 text

https:/ /github.com/symfony/demo

Slide 82

Slide 82 text

First the Dockerﬁle

Slide 83

Slide 83 text

PHP

Slide 84

Slide 84 text

Copy our code

Slide 85

Slide 85 text

Build the project

Slide 86

Slide 86 text

Composer install

Slide 87

Slide 87 text

yarn install

Slide 88

Slide 88 text

yarn run build

Slide 89

Slide 89 text

Build the image

Slide 90

Slide 90 text

docker build -t symfony-demo:2.0.0 .

Slide 91

Slide 91 text

Demo

Slide 92

Slide 92 text

Now we have to tell Kubernetes what to do with the image

Slide 93

Slide 93 text

Resources are deﬁned in YAML or JSON

Slide 94

Slide 94 text

Deployment

Slide 95

Slide 95 text

kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: metadata: labels: app: symfony-demo spec: containers: - name: symfony-demo image: symfony-demo:1.0.0 ports:

Slide 96

Slide 96 text

containers: - name: symfony-demo image: symfony-demo:1.0.0 ports: - containerPort: 80 livenessProbe: httpGet: path: / port: 80 timeoutSeconds: 1 initialDelaySeconds: 10 readinessProbe: httpGet: path: /

Slide 97

Slide 97 text

Many more options conﬁgurable

Slide 98

Slide 98 text

Many more options • Setting environment variables • Mounting volumes • Requesting resources • Defining upgrade strategies • Defining command • Configure networking • Configure the scheduler • Listen on lifecycle events • Configure system capabilities for the container • …

Slide 99

Slide 99 text

Service

Slide 100

Slide 100 text

kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

Slide 101

Slide 101 text

Ingress

Slide 102

Slide 102 text

kind: Ingress apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: rules: - host: symfony-demo.local.k8s http: paths: - path: / backend: serviceName: symfony-demo servicePort: 80

Slide 103

Slide 103 text

Creating everything

Slide 104

Slide 104 text

kubectl apply -f deployment/webapp.yaml

Slide 105

Slide 105 text

No content

Slide 106

Slide 106 text

Rolling Deployments

Slide 107

Slide 107 text

kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec: containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

Slide 108

Slide 108 text

kubectl apply -f deployment/webapp.yaml

Slide 109

Slide 109 text

Demo

Slide 110

Slide 110 text

These are the basics

Slide 111

Slide 111 text

There are other types of deploying things into Kubernetes

Slide 112

Slide 112 text

CronJobs

Slide 113

Slide 113 text

Regularly repeating jobs

Slide 114

Slide 114 text

apiVersion: batch/v1beta1 kind: CronJob metadata: name: cron-job spec: schedule: "*/1 * * * *" jobTemplate: spec: template: spec: containers: - name: cron-job image: your-cron-job restartPolicy: OnFailure

Slide 115

Slide 115 text

How does Kubernetes work internally

Slide 116

Slide 116 text

Service Discovery

Slide 117

Slide 117 text

Within a pod

Slide 118

Slide 118 text

Shared port namespace

Slide 119

Slide 119 text

Separate ﬁle systems

Slide 120

Slide 120 text

Separate process spaces

Slide 121

Slide 121 text

Network wise everything behaves like localhost

Slide 122

Slide 122 text

Between pods

Slide 123

Slide 123 text

You have to expose ports with services

Slide 124

Slide 124 text

kind: Service apiVersion: v1 metadata: name: symfony-demo spec: ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: app: symfony-demo

Slide 125

Slide 125 text

Every service has a virtual IP address

Slide 126

Slide 126 text

$ kubectl get service symfony-demo NAME TYPE CLUSTER-IP PORT(S) AGE symfony-demo ClusterIP 10.106.119.24 80/TCP 6d

Slide 127

Slide 127 text

Discoverable in other containers by

Slide 128

Slide 128 text

Environment Variables

Slide 129

Slide 129 text

SYMFONY_DEMO_SERVICE_HOST=10.106.119.24 SYMFONY_DEMO_SERVICE_PORT=80

Slide 130

Slide 130 text

DNS

Slide 131

Slide 131 text

$ nslookup symfony-demo Server: 10.0.0.10 Address 1: 10.0.0.10 Name: symfony-demo Address 1: 10.106.119.24

Slide 132

Slide 132 text

$ curl http://symfony-demo

Slide 133

Slide 133 text

Alternatively

Slide 134

Slide 134 text

Service Mesh

Slide 135

Slide 135 text

LinkerD https:/ /linkerd.io/

Slide 136

Slide 136 text

Istio https:/ /istio.io/

Slide 137

Slide 137 text

Conduit https:/ /conduit.io/

Slide 138

Slide 138 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD

Slide 139

Slide 139 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

Slide 140

Slide 140 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

Slide 141

Slide 141 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

Slide 142

Slide 142 text

PHP-FPM NGINX LINKERD STATSD MEM CACHED MONGO ROUTER PHP Application POD NodeJS LINKERD NodeJS Service POD NodeJS LINKERD NodeJS Service POD

Slide 143

Slide 143 text

Beneﬁts

Slide 144

Slide 144 text

Advanced routing

Slide 145

Slide 145 text

Prefer service in current namespace, fall back to default namespace

Slide 146

Slide 146 text

Canary deployments

Slide 147

Slide 147 text

A/B Testing

Slide 148

Slide 148 text

Advanced monitoring

Slide 149

Slide 149 text

No content

Slide 150

Slide 150 text

Proﬁling

Slide 151

Slide 151 text

Zipkin

Slide 152

Slide 152 text

No content

Slide 153

Slide 153 text

What about data?

Slide 154

Slide 154 text

Storage

Slide 155

Slide 155 text

Volumes

Slide 156

Slide 156 text

https:/ /kubernetes.io/docs/concepts/ storage/volumes/

Slide 157

Slide 157 text

apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: - image: k8s.gcr.io/test-webserver name: test-container volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}

Slide 158

Slide 158 text

Persistent Storage

Slide 159

Slide 159 text

You deﬁne a Persistent Volume or Storage Class, e.g. NFS, …

Slide 160

Slide 160 text

Depends on your Kubernetes Setup

Slide 161

Slide 161 text

Each pod can specify a Persistent Volume Claim

Slide 162

Slide 162 text

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgresql-pv-claim labels: name: postgresql spec: storageClassName: generic accessModes: - ReadWriteOnce resources: requests: storage: 10Gi

Slide 163

Slide 163 text

And then mount the Claim into a Volume in a container

Slide 164

Slide 164 text

apiVersion: extensions/v1beta1 kind: Deployment metadata: name: postgresql spec: template: spec: containers: … volumes: - name: postgresql-data persistentVolumeClaim: claimName: postgresql-pv-claim

Slide 165

Slide 165 text

https:/ /kubernetes.io/docs/concepts/ storage/persistent-volumes/

Slide 166

Slide 166 text

Conﬁguration

Slide 167

Slide 167 text

Should not be included in the docker image

Slide 168

Slide 168 text

ConﬁgMap

Slide 169

Slide 169 text

Key/Value Store

Slide 170

Slide 170 text

kind: ConfigMap apiVersion: v1 metadata: name: special-config data: special-key: value bool-value: true

Slide 171

Slide 171 text

Can be accessed in a pod through environment variables

Slide 172

Slide 172 text

spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] env: - name: SPECIAL_KEY valueFrom: configMapKeyRef: name: special-config key: special-key

Slide 173

Slide 173 text

spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "env" ] envFrom: - configMapRef: name: special-config

Slide 174

Slide 174 text

Can be accessed through volumes

Slide 175

Slide 175 text

spec: containers: - name: test-container image: k8s.gcr.io/busybox command: [ "/bin/sh", "-c", "ls /etc/config/" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config

Slide 176

Slide 176 text

https:/ /kubernetes.io/docs/tasks/ configure-pod-container/configure-pod- configmap/

Slide 177

Slide 177 text

Secret

Slide 178

Slide 178 text

Storage for sensitive information

Slide 179

Slide 179 text

https:/ /kubernetes.io/docs/concepts/ conﬁguration/secret

Slide 180

Slide 180 text

Scaling

Slide 181

Slide 181 text

Manual Scaling

Slide 182

Slide 182 text

kubectl scale --replicas=3 deployment/my-app

Slide 183

Slide 183 text

AutoScaling

Slide 184

Slide 184 text

https:/ /kubernetes.io/docs/user-guide/ horizontal-pod-autoscaling/

Slide 185

Slide 185 text

Summary

Slide 186

Slide 186 text

Powerful

Slide 187

Slide 187 text

Helpful

Slide 188

Slide 188 text

Fast paced development

Slide 189

Slide 189 text

https:/ /gravitational.com/blog/ kubernetes-release-cycle/

Slide 190

Slide 190 text

Keep up to date

Slide 191

Slide 191 text

Documentation

Slide 192

Slide 192 text

https:/ /kubernetes.io/docs/

Slide 193

Slide 193 text

KubeCons

Slide 194

Slide 194 text

https:/ /www.youtube.com/channel/ UCvqbFHwN-nwalWPjPUKpvTA

Slide 195

Slide 195 text

http:/ /speakerdeck.com/ u/bastianhofmann

Slide 196

Slide 196 text

[email protected] https:/ /twitter.com/BastianHofmann

Slide 197

Slide 197 text

Backup Slides

Slide 198

Slide 198 text

Figuring out what’s going on inside Kubernetes

Slide 199

Slide 199 text

Monitoring

Slide 200

Slide 200 text

Heapster

Slide 201

Slide 201 text

https:/ /github.com/kubernetes/heapster

Slide 202

Slide 202 text

Takes metrics from Kubernetes and stores them in a monitoring solution

Slide 203

Slide 203 text

InﬂuxDB

Slide 204

Slide 204 text

Prometheus

Slide 205

Slide 205 text

Grafana for displaying the data

Slide 206

Slide 206 text

No content

Slide 207

Slide 207 text

No content

Slide 208

Slide 208 text

https:/ /blog.kublr.com/how-to-utilize-the- heapster-inﬂuxdb-grafana-stack-in- kubernetes-for-monitoring- pods-4a553f4d36c9

Slide 209

Slide 209 text

Logging

Slide 210

Slide 210 text

kubectl logs

Slide 211

Slide 211 text

$ kubectl logs symfony-demo-5b75f5fc6- c7wr9

Slide 212

Slide 212 text

Log to stdout & stderr

Slide 213

Slide 213 text

Automatically written to disk

Slide 214

Slide 214 text

DaemonSet Log collector

Slide 215

Slide 215 text

• Logstash • Fluentd • Filebeat

Slide 216

Slide 216 text

Central log management

Slide 217

Slide 217 text

No content

Slide 218

Slide 218 text

https:/ /www.elastic.co/blog/shipping- kubernetes-logs-to-elasticsearch-with- ﬁlebeat