Tweet
Tweet

Slide 1

Slide 1 text

@BastianHofmann Dive-In-Workshop: Kubernetes Bastian Hofmann Simon Pearce

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Container orchestration platform

Slide 4

Slide 4 text

Deploy, run and scale your services in isolated containers

Slide 5

Slide 5 text

Very Powerful

Slide 6

Slide 6 text

Large community

Slide 7

Slide 7 text

Lot’s of large company backers

Slide 8

Slide 8 text

No vendor lock in

Slide 9

Slide 9 text

Standardized APIs

Slide 10

Slide 10 text

Runs on

Slide 11

Slide 11 text

Your laptop

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

Bare metal

Slide 14

Slide 14 text

Cloud Providers

Slide 15

Slide 15 text

AWS

Slide 16

Slide 16 text

Azure

Slide 17

Slide 17 text

Google Cloud Platform

Slide 18

Slide 18 text

And if you don't want to install and maintain Kubernetes yourself

Slide 19

Slide 19 text

Managed Kubernetes

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Easy setup

Slide 22

Slide 22 text

Easy upgrades

Slide 23

Slide 23 text

Easy scaling

Slide 24

Slide 24 text

Features

Slide 25

Slide 25 text

Load Balancing

Slide 26

Slide 26 text

Distributed Persistent Storage

Slide 27

Slide 27 text

Some do offer

Slide 28

Slide 28 text

Backups

Slide 29

Slide 29 text

Hyperscaling

Slide 30

Slide 30 text

Premium support

Slide 31

Slide 31 text

Carefree Usage & pro-active monitoring

Slide 32

Slide 32 text

But this workshop is about how to use Kubernetes

Slide 33

Slide 33 text

Learning curve

Slide 34

Slide 34 text

Agenda

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

You will get your own clusters

Slide 37

Slide 37 text

• Deployments • CronJobs • Role-Based-Access-Control • Resource Requests, Limits & Quotas • Readiness and Liveness-Probes, NodeSelectors & PodAffinities • ConfigMaps & Secrets • External DNS, Let'sEncrypt with cert-manager, nginx-ingress-controller • Running a MySQL DB • Helm • Service Discovery • Service Meshes with LinkerD • Monitoring with Prometheus, Grafana and Alertmanager • Logging with ElasticSearch, FluentD and Kibana • Continuous Delivery with Flux

Slide 38

Slide 38 text

But first

Slide 39

Slide 39 text

Why containers?

Slide 40

Slide 40 text

Services run in isolation

Slide 41

Slide 41 text

Everything needed to run a service in one image

Slide 42

Slide 42 text

Decouple Ops and Dev

Slide 43

Slide 43 text

Make things …

Slide 44

Slide 44 text

Easier to deploy

Slide 45

Slide 45 text

Easier to upgrade system dependencies

Slide 46

Slide 46 text

Easier to develop

Slide 47

Slide 47 text

Easier to scale

Slide 48

Slide 48 text

Better resource usage

Slide 49

Slide 49 text

#safeThePlanet

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

FROM php:7.2-apache WORKDIR /var/www/html RUN apt-get update -y && \ apt-get install -y --no-install-recommends curl \ rm -rf /var/lib/apt/lists/* ENV TMP_DIR /tmp COPY . /var/www/html/ EXPOSE 80 ENTRYPOINT [“apache2”, “-DFOREGROUND”]

Slide 52

Slide 52 text

docker build -t gitlab.syseleven.de/syseleven/symfony- demo:2.0.0 .

Slide 53

Slide 53 text

docker run -p 8080:80 syseleven/symfony-demo:2.0.0 docker push syseleven/symfony-demo:2.0.0

Slide 54

Slide 54 text

Kubernetes helps you to run and deploy containers

Slide 55

Slide 55 text

Let’s define some core concepts and terminology first

Slide 56

Slide 56 text

Kubernetes Cluster

Slide 57

Slide 57 text

• A docker image built from a Dockerfile that contains everything a service needs to run Image

Slide 58

Slide 58 text

• A container runs a docker image. • Only 1 process can run inside of a container Container

Slide 59

Slide 59 text

• A group of 1 or more containers • Same port space • Within a Pod: communication over localhost • Every Pod has it's own IP • All Pods can talk with each other • IPs change all the time Pod

Slide 60

Slide 60 text

• Defines and manages how many instances of a pod should run • ReplicaSet is tied to a specific definition of a Pod which is tied to specific image versions of the container • Image versions in ReplicaSets can't be updated Replica Set

Slide 61

Slide 61 text

• Manages updates and rollbacks of replica sets Deployment

Slide 62

Slide 62 text

• Internal LoadBalancer • Makes all pods matching a set of labels accessible through a stable, internal IP address • You can attach external IP address through an cloud LoadBalancer Service

Slide 63

Slide 63 text

• Makes a service accessible to the outside of Kubernetes through an ingress controller (e.g. nginx) • Traffic is routed by routing rules, usually Host header Ingress

Slide 64

Slide 64 text

• A physical server • Containers get distributed automatically Node

Slide 65

Slide 65 text

• Key/Value storage for configuration ConfigMap

Slide 66

Slide 66 text

• Key/Value storage for configuration, usually passwords. Secret

Slide 67

Slide 67 text

• Volumes can be mounted into a container to access a ConfigMap, Secret, persistent volumes with network storage or a folder on the node Volumes

Slide 68

Slide 68 text

• Dedicated environment to deploy services in Namespaces

Slide 69

Slide 69 text

• Includes a Pod that is started in a regular interval • Process in the container should finish at some point CronJob

Slide 70

Slide 70 text

• Defines Pod that should run once on every Node • Useful for monitoring or logging daemons DaemonSet

Slide 71

Slide 71 text

• Ensures that Pods are started and run in a specific order • Each Pod of a StatefulSet can have its own persistent volume • Pod names stay the same StatefulSet 1 2

Slide 72

Slide 72 text

...

Slide 73

Slide 73 text

Everything is a resource

Slide 74

Slide 74 text

You interact with Kubernetes by creating, receiving, updating and deleting resources

Slide 75

Slide 75 text

Kubernetes has controllers to listen on these interactions and get the cluster in the desired state

Slide 76

Slide 76 text

The Kubernetes API can be extended with additional Resources and Controllers

Slide 77

Slide 77 text

CustomResourceDefinitions

Slide 78

Slide 78 text

Certificate, Backup, Restore, MySQLCluster, Function, ...

Slide 79

Slide 79 text

Operators

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec: containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

Slide 82

Slide 82 text

$ kubectl apply -f deployment.yaml

Slide 83

Slide 83 text

$ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE symfony-demo 1 1 1 1 21h

Slide 84

Slide 84 text

$ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0

Slide 85

Slide 85 text

$ kubectl delete deployment symfony-demo

Slide 86

Slide 86 text

Tooling

Slide 87

Slide 87 text

kubectl

Slide 88

Slide 88 text

$ kubectl get pods

Slide 89

Slide 89 text

NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

Slide 90

Slide 90 text

REST API

Slide 91

Slide 91 text

$ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind": "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

Slide 92

Slide 92 text

kubernetes-dashboard

Slide 93

Slide 93 text

No content

Slide 94

Slide 94 text

Helm The package manager for Kubernetes

Slide 95

Slide 95 text

$ helm install stable/wordpress

Slide 96

Slide 96 text

Demo

Slide 97

Slide 97 text

Demo code and instructions: https:/ /github.com/syseleven/ golem-workshop

Slide 98

Slide 98 text

# 01 Deploying a simple Web Application

Slide 99

Slide 99 text

What did just happen?

Slide 100

Slide 100 text

No content

Slide 101

Slide 101 text

Deployment created

Slide 102

Slide 102 text

Sees new Deployment And creates new ReplicaSet with 1 desired replica

Slide 103

Slide 103 text

Sees new ReplicaSet and Creates Pod for ReplicaSet

Slide 104

Slide 104 text

Sees new unscheduled Pod and Schedules it to Node

Slide 105

Slide 105 text

Sees it is supposed to start a Pod And starts its Containers

Slide 106

Slide 106 text

Service created

Slide 107

Slide 107 text

Sees the new Service And configures IP Table Rules and DNS entries

Slide 108

Slide 108 text

Sees the new Service has the Type LoadBalancer and creates An External LB at the Cloud Provider

Slide 109

Slide 109 text

How is traffic routed to the Pod

Slide 110

Slide 110 text

The Service loadbalances incoming traffic to all available Pods

Slide 111

Slide 111 text

Every Service has a virtual IP

Slide 112

Slide 112 text

Round Robin with IP Tables rules

Slide 113

Slide 113 text

OpenStack LoadBalancer

Slide 114

Slide 114 text

# 10 Using an Ingress with TLS

Slide 115

Slide 115 text

The ingress controller (nginx) listens on Ingress Resources and configures itself to route incoming traffic based on the host header to the correct running pods

Slide 116

Slide 116 text

Cert-manager listens on Ingresses and if they want TLS, requests a certificate from LetsEncrypt

Slide 117

Slide 117 text

External-DNS listens on Ingresses and creates DNS entries at DigitalOcean

Slide 118

Slide 118 text

How is traffic routed to the Pod

Slide 119

Slide 119 text

OpenStack LoadBalancer

Slide 120

Slide 120 text

# 15 Service Meshes

Slide 121

Slide 121 text

What are Service Meshes?

Slide 122

Slide 122 text

No content

Slide 123

Slide 123 text

They provide

Slide 124

Slide 124 text

Metrics and Traces

Slide 125

Slide 125 text

Transparent End-To-End Encryption

Slide 126

Slide 126 text

Advanced Routing

Slide 127

Slide 127 text

Istio

Slide 128

Slide 128 text

LinkerD

Slide 129

Slide 129 text

$ linkerd install | kubectl apply -f -