Slide 1

Slide 1 text

Google Cloud Platform News From The Front: v1.2 Bay Area Kubernetes Meetup #5 Feb 11, 2016 Tim Hockin Senior Staff SWE @thockin

Slide 2

Slide 2 text

Google Cloud Platform Kubernetes Greek for “Helmsman”; also the root of the words “governor” and “cybernetic” • Runs and manages containers • Inspired and informed by Google’s experiences and internal systems • Supports multiple cloud and bare-metal environments • Supports multiple container runtimes • 100% Open source, written in Go Manage applications, not machines

Slide 3

Slide 3 text

Google Cloud Platform 1. Setting up the cluster • Choose a cloud: GCE, AWS, Azure, Rackspace, on-premises, ... • Choose a node OS: CoreOS, Atomic, RHEL, Debian, CentOS, Ubuntu, ... • Provision machines: Boot VMs, install and run kube components, ... • Configure networking: IP ranges for Pods, Services, SDN, ... • Start cluster services: DNS, logging, monitoring, ... • Manage nodes: kernel upgrades, OS updates, hardware failures... Not the easy or fun part, but unavoidable This is where things like Google Container Engine (GKE) really help Container clusters: A story in two parts

Slide 4

Slide 4 text

Google Cloud Platform 2. Using the cluster • Run Pods & Containers • Replication controllers • Services • Volumes This is the fun part! A distinct set of problems from cluster setup and management Don’t make developers deal with cluster administration! Accelerate development by focusing on the applications, not the cluster Container clusters: A story in two parts

Slide 5

Slide 5 text

Google Cloud Platform Services

Slide 6

Slide 6 text

Google Cloud Platform Services A group of pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Client Virtual IP

Slide 7

Slide 7 text

Google Cloud Platform iptables kube-proxy iptables kube-proxy apiserver Node X

Slide 8

Slide 8 text

Google Cloud Platform iptables kube-proxy apiserver Node X watch services & endpoints iptables kube-proxy

Slide 9

Slide 9 text

Google Cloud Platform iptables kube-proxy apiserver Node X kubectl run ... watch iptables kube-proxy

Slide 10

Slide 10 text

Google Cloud Platform iptables kube-proxy apiserver Node X schedule watch iptables kube-proxy

Slide 11

Slide 11 text

Google Cloud Platform iptables kube-proxy apiserver Node X watch kubectl expose ... iptables kube-proxy

Slide 12

Slide 12 text

Google Cloud Platform iptables kube-proxy apiserver Node X new service! update iptables kube-proxy

Slide 13

Slide 13 text

Google Cloud Platform iptables kube-proxy apiserver Node X watch configure iptables kube-proxy

Slide 14

Slide 14 text

Google Cloud Platform iptables kube-proxy apiserver Node X watch VIP iptables kube-proxy

Slide 15

Slide 15 text

Google Cloud Platform iptables kube-proxy apiserver Node X new endpoints! update VIP iptables kube-proxy

Slide 16

Slide 16 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch configure iptables kube-proxy

Slide 17

Slide 17 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch iptables kube-proxy

Slide 18

Slide 18 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch Client iptables kube-proxy

Slide 19

Slide 19 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch Client iptables kube-proxy

Slide 20

Slide 20 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch Client iptables kube-proxy

Slide 21

Slide 21 text

Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch Client iptables kube-proxy

Slide 22

Slide 22 text

Google Cloud Platform External Services Services IPs are only available inside the cluster Need to receive traffic from “the outside world” Builtin: Service “type” • NodePort: expose on a port on every node • LoadBalancer: provision a cloud load-balancer DiY load-balancer solutions • socat (for nodePort remapping) • haproxy • nginx

Slide 23

Slide 23 text

Google Cloud Platform Ingress (L7) Services are assumed L3/L4 Lots of apps want HTTP/HTTPS Ingress maps incoming traffic to backend services • by HTTP host headers • by HTTP URL paths HAProxy, NGINX, AWS and GCE implementations in progress Now with SSL! Status: BETA in Kubernetes v1.2 URL Map Client

Slide 24

Slide 24 text

Google Cloud Platform ConfigMaps

Slide 25

Slide 25 text

Google Cloud Platform ConfigMaps Problem: how to manage app configuration • ...without making overly-brittle container images 12-factor says config comes from the environment • Kubernetes is the environment Manage config via the Kubernetes API Inject config as a virtual volume into your Pods • late-binding, live-updated (atomic) • also available as env vars Status: GA in Kubernetes v1.2 node API Pod Config Map

Slide 26

Slide 26 text

Google Cloud Platform Secrets

Slide 27

Slide 27 text

Google Cloud Platform Secrets Problem: how to grant a pod access to a secured something? • don’t put secrets in the container image! 12-factor says config comes from the environment • Kubernetes is the environment Manage secrets via the Kubernetes API Inject secrets as virtual volumes into your Pods • late-binding, tmpfs - never touches disk • also available as env vars node API Pod Secret

Slide 28

Slide 28 text

Google Cloud Platform Deployments

Slide 29

Slide 29 text

Google Cloud Platform Deployments Rolling update is too imperative Deployment manages RC changes for you • stable object name • updates are done server-side rather than client • kubectl edit or kubectl apply is all you need Aggregates stats Can have multiple updates in flight Status: BETA in Kubernetes v1.2 ...

Slide 30

Slide 30 text

Google Cloud Platform Jobs

Slide 31

Slide 31 text

Google Cloud Platform Jobs Run-to-completion, as opposed to run-forever • Express parallelism vs. required completions • Workflow: restart on failure • Build/test: don’t restart on failure Aggregates success/failure counts Built for batch and big-data work Status: GA in Kubernetes v1.2 ...

Slide 32

Slide 32 text

Google Cloud Platform HorizontalPodAutoscalers

Slide 33

Slide 33 text

Google Cloud Platform HorizontalPodAutoScalers Automatically scale ReplicationControllers to a target utilization • CPU utilization for now • Probably more later Operates within user-defined min/max bounds Set it and forget it Status: GA in Kubernetes v1.2 ... Stats

Slide 34

Slide 34 text

Google Cloud Platform DaemonSets

Slide 35

Slide 35 text

Google Cloud Platform DaemonSets Problem: how to run a Pod on every node • or a subset of nodes Similar to ReplicationController • principle: do one thing, don’t overload “Which nodes?” is a selector Use familiar tools and patterns Status: BETA in Kubernetes v1.2 Pod

Slide 36

Slide 36 text

Google Cloud Platform PersistentVolumes

Slide 37

Slide 37 text

Google Cloud Platform PersistentVolumes A higher-level abstraction • insulation from any one cloud environment Admin provisions them, users claim them NEW: auto-provisioning (alpha in v1.2) Independent lifetime and fate Can be handed-off between pods and lives until user is done with it Dynamically “scheduled” and managed, like nodes and pods Claim

Slide 38

Slide 38 text

Google Cloud Platform Network Plugins

Slide 39

Slide 39 text

Google Cloud Platform Network Plugins Introduced in Kubernetes v1.0 • VERY experimental Uses CNI (CoreOS) in v1.1 • Simple exec interface • Not using Docker libnetwork • but can defer to Docker for networking Cluster admins can customize their installs • DHCP, MACVLAN, Flannel, custom net Plugin Plugin Plugin

Slide 40

Slide 40 text

Google Cloud Platform New and coming soon • Cron (scheduled jobs) • Custom metrics • “Apply” a config (even more declarative) • Interactive containers • Bandwidth shaping • Third-party API objects • Scalability: 1000 nodes, 100+ pods/node • Performance • Machine-generated Go clients (less deps!) • Volume usage stats • Multi-zone (AZ) support • Multi-scheduler support • Node affinity and anti-affinity • Multi-cluster federation • API federation • More volume types • Private Docker registry • External DNS integration • Volume classes and auto-provisioning • Node fencing • DiY Cloud Provider plugins • More container runtimes (e.g. Hyper) • Better auth{n,z} • Network policy (microsegmentation) • Big data integrations • Device scheduling (e.g. GPUs)

Slide 41

Slide 41 text

Google Cloud Platform Kubernetes status & plans Open sourced in June, 2014 • v1.0 in July, 2015 • v1.1 in November, 2015 • v1.2 ... soon! Google Container Engine (GKE) • hosted Kubernetes - don’t think about cluster setup PaaSes: • RedHat OpenShift, Deis, Stratos Distros: • CoreOS Tectonic, Mirantis Murano (OpenStack),RedHat Atomic, Mesos Hitting a ~3 month release cadence

Slide 42

Slide 42 text

Google Cloud Platform The Goal: Shake things up Containers are a new way of working Requires new concepts and new tools Google has a lot of experience... ...but we are listening to users Workload portability is important!

Slide 43

Slide 43 text

Google Cloud Platform Kubernetes is Open - open community - open design - open source - open to ideas http://kubernetes.io https://github.com/kubernetes/kubernetes slack: kubernetes twitter: @kubernetesio