Starting Google Kubernetes Engine 2019

by sakajunquality

Slide 1

Slide 1 text

いまからはじめる Google Kubernetes Engine 2019 GDG Tokyo New Year Party 2019 2019. 01. 30 @sakajunquality

Slide 2

Slide 2 text

About me - ID: @sakajunquality - Jun Sakata - Google Developers Expert, GCP - SWE, Infrastructure at Ubie Inc. - #GKE #CloudBuild #BigQuery - #Camera #Coffee

Slide 3

Slide 3 text

Agenda - What’s Kubernetes? - Why GKE? - GKE Ecosystems - GKE Updates - How to Start ??

Slide 4

Slide 4 text

Topics that are not covered today - Why GCP? - Why not GAE? - Why container? - What’s Docker? - What’s Service Mesh? - What’s Envoy?

Slide 5

Slide 5 text

Topics that are not covered today - Why GCP? - Why not GAE? - Why container? - What’s Docker? - What’s Service Mesh? - What’s Envoy?

Slide 6

Slide 6 text

What’s Kubernetes? from Borg to Kubernetes

Slide 7

Slide 7 text

What’s Kubernetes? - Container Platform based on Google’s Borg - Borg has supported Google’s service over 12 years - Orchestrates computing, networking, and storage infrastructure - Microservices Platform - OSS written in Go - Borg is written in C++ - “Graduated” CNCF project - Crossed the Chasm

Slide 8

Slide 8 text

Kubernetes Managed Services - GKE (Google Kubernetes Engine) - EKS (Amazon Elastic Kubernetes Service) - IKS (IBM Cloud Kubernetes Service) - AKS (Azure Kubernetes Service) - Oracle Container Engine for Kubernetes - DigitalOcean Kubernetes - etc...

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Why GKE? Fully Managed Kubernetes

Slide 11

Slide 11 text

Why GKE? Because… - Already Using GCP - Kubernetes is Hard - GCP Specific Features

Slide 12

Slide 12 text

Already Using GCP?

Slide 13

Slide 13 text

Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes Engine

Slide 14

Slide 14 text

Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes Engine Not Flexible * * in terms of supported containers

Slide 15

Slide 15 text

Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes Engine Not Flexible * Not Reliable ** * in terms of supported containers ** in terms of redundancy

Slide 16

Slide 16 text

Google Kubernetes Engine “Kubernetes” Flexible and Reliable Kubernetes Engine

Slide 17

Slide 17 text

Kubernetes is hard

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

Kelsey Hightower says “This guide is not for people looking for a fully automated command to bring up a Kubernetes cluster. If that's you then check out Google Kubernetes Engine”

Slide 20

Slide 20 text

Kubernetes is Hard Kubernetes itself is hard to build, maintain, and manage e.g. - Bootstrapping - High Availability - Version Updates - etc.

Slide 21

Slide 21 text

GKE is Fully Managed Kubernetes - Both control plane and worker node are managed - Regional or zonal availability - Auto-Repair / Auto-Update - VPC Native

Slide 22

Slide 22 text

GCP specific features

Slide 23

Slide 23 text

GCP specific features (will be covered in the later sections)

Slide 24

Slide 24 text

GKE Ecosystems GCP’s products

Slide 25

Slide 25 text

GKE Ecosystems - Networking - CI/CD - Monitoring - Integrations

Slide 26

Slide 26 text

Networking

Slide 27

Slide 27 text

GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN

Slide 28

Slide 28 text

GKE Ecosystems: Networking Cloud Load Balancing - L4/L7 Load Balancer - High Performance - Low Latency - Single Anycast IP - QUIC supports

Slide 29

Slide 29 text

GKE Ecosystems: Networking Cloud Armor - L3-L7 custom rule-based defence - e.g. SQL Injection - IP/Geo-based access control

Slide 30

Slide 30 text

GKE Ecosystems: Networking Cloud CDN - Global CDN - High Performance - Low Latency - Single Anycast IP

Slide 31

Slide 31 text

GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN All those resources can be created with Kubernetes’ Ingress resource

Slide 32

Slide 32 text

CI/CD

Slide 33

Slide 33 text

GKE Ecosystems: CI/CD Cloud Build Container Registry Cloud Source Repositories

Slide 34

Slide 34 text

GKE Ecosystems: CI/CD Cloud Build - Fully-managed CI - 120 min free tiers per Day - Native Docker Support - Custom Builders - https://github.com/GoogleCloudPlatform /cloud-builders - https://github.com/GoogleCloudPlatform /cloud-builders-community

Slide 35

Slide 35 text

GKE Ecosystems: CI/CD Container Registry - Docker Registry - Private / Public - Vulnerability Scanning

Slide 36

Slide 36 text

GKE Ecosystems: CI/CD Cloud Source Repositories - Private Git Repository - Strong Search w/ New UI - Mirror from GitHub

Slide 37

Slide 37 text

GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines Application Source Code Container Image Container Runtime

Slide 38

Slide 38 text

GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines and GCP Products Application Source Code Container Image Container Runtime Cloud Source Repositories Github Container Registry Kubernetes Engine

Slide 39

Slide 39 text

GKE Ecosystems: CI/CD More Kubernetes Specific: Simple GitOps from GitOps-style continuous delivery with Cloud Build https://cloud.google.com/kubernetes-engine/docs/tutorials/gitops-cloud-build?hl=en

Slide 40

Slide 40 text

Monitoring

Slide 41

Slide 41 text

GKE Ecosystems: Monitoring Stackdriver Monitoring Logging

Slide 42

Slide 42 text

GKE Ecosystems: Monitoring Stackdriver Monitoring - Full-Stack Monitoring Suite - New Features - New Kubernetes Dashboard - Istio Integration - Prometheus Integration

Slide 43

Slide 43 text

GKE Ecosystems: Monitoring Stackdriver Logging - Full-managed Log platform - GKE has pre-installed fluentd - Collects Stdout/Stderr of containers - Parse JSON to structured log

Slide 44

Slide 44 text

Integrations

Slide 45

Slide 45 text

GKE Ecosystems: Integrations Cloud Pub/Sub Cloud Functions Cloud IAP e.g. Notifications GSuite-based Access Control

Slide 46

Slide 46 text

GKE Updates GKE-Related GCP Updates

Slide 47

Slide 47 text

GKE Updates - Private Cluster + Cloud NAT - NEG / Container-native Load Balancing - Node Auto-Provisioning - Binary Authorization - Istio - Stackdriver New Kubernetes Dashboard and more...

Slide 48

Slide 48 text

GKE Updates: Private Cluster + Cloud Nat GKE Private Cluster: Nodes with private IP addresses only Cloud Nat: Managed Nat-Gateway => Securing Node Instances => Limiting GKE’s source IP

Slide 49

Slide 49 text

GKE Updates: NEG / Container-Native Load Balancing Using Network Endpoint Group, traffic goes LB to pods w/o iptables => Enhancement in performance Image from https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing?hl=en

Slide 50

Slide 50 text

Cluster autoscaler can create and delete new node pools => More flexible and cost-effective workloads e.g. GPU Nodes for temporary jobs GKE Updates: Node Auto-Provisioning Submit Heavy Jobs Provision Node-Pool w/ GPU Destroy Node-Pool w/ GPU

Slide 51

Slide 51 text

GKE Updates: Binary Authorization - Ensures that only trusted images are deployed to GKE - Manage policy for “what to trust” => Enhance security GKE Cluster Create/Edit Form

Slide 52

Slide 52 text

Binary Authorization Policy Example

Slide 53

Slide 53 text

GKE Updates: Istio - add-on for GKE for Istio service mesh - one click deploy - Can be enabled for existing clusters => Easier(?) management of Istio (Prometheus has the Stackdriver sidecar) Logo from: https://istio.io/about/media-resources/ GKE Cluster Create/Edit Form

Slide 54

Slide 54 text

Stackdriver New Kubernetes Dashboard - New Integrated Kubernetes Dashboard - Some issues though… - https://issuetracker.google.com/issues/118553726

Slide 55

Slide 55 text

Stackdriver New Kubernetes Dashboard GKE Cluster Create/Edit Form

Slide 56

Slide 56 text

Updates in Kubernetes

Slide 57

Slide 57 text

CHANGELOG https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md 1.14 is coming... Kubernetes Updates

Slide 58

Slide 58 text

Official Release Notes (in English) https://cloud.google.com/kubernetes-engine/release-notes - Check new features - Check bug fixes GKE Updates

Slide 59

Slide 59 text

Official Issue Tracker https://issuetracker.google.com/savedsearches/559746 - Check Bugs - Check Feature Requests Other Products: https://cloud.google.com/support/docs/issue-trackers?hl=en GKE Issues

Slide 60

Slide 60 text

Promising update in the future https://github.com/aws/containers-roadmap/issues/23 EKS IAM Roles for Pods => maybe available in GKE too in the future (hopefully) => no more service account json management?

Slide 61

Slide 61 text

How to start ?? Let’s start!

Slide 62

Slide 62 text

$ gcloud container clusters create my-cluster

Slide 63

Slide 63 text

$ gcloud container clusters create my-cluster Too easy to understand ?

Slide 64

Slide 64 text

No content

Slide 65

Slide 65 text

Too difficult to understand !

Slide 66

Slide 66 text

How to start ?? - Books - Hands-on - Online materials

Slide 67

Slide 67 text

Books https://www.amazon.co.jp/dp/B07GP1Q3VT/ https://www.amazon.co.jp/dp/B0721JNVGT/

Slide 68

Slide 68 text

Books https://www.amazon.co.jp/dp/B07HFS7TDT/

Slide 69

Slide 69 text

Hands-on - Quick Start - https://cloud.google.com/kubernetes-engine/docs/quickstart?hl=en - Qwiklabs - https://www.qwiklabs.com/quests/29?locale=en - Coursera - https://www.coursera.org/learn/google-kubernetes-engine - sakajunquality’s hands-on - https://github.com/sakajunquality/gke-getting-started

Slide 70

Slide 70 text

https://developers-jp.googleblog.com/2019/01/cloud-study-jams-2.html

Slide 71

Slide 71 text

Online Materials - GKE Document - https://cloud.google.com/kubernetes-engine/docs/?hl=en - Kubernetes Documentation - https://kubernetes.io/docs/home/ - YouTube - Search “KubeCon”

Slide 72

Slide 72 text

Takeaways

Slide 73

Slide 73 text

Takeaways - Kubernetes is a container platform based on Google’s experience. - GKE is the best way to run containers in GCP. - GCP’s services work well with GKE. - More and more features are coming. - You can start today!

Slide 74

Slide 74 text

One more thing... Maybe more updates in April https://cloud.withgoogle.com/next18/sf

Slide 75

Slide 75 text

Thank you @sakajunquality

Slide 76

Slide 76 text

Appendix - Large-scale cluster management at Google with Borg - https://ai.google/research/pubs/pub43438 - What is Kubernetes? - Kubernetes - https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/ - CNCF Projects - https://www.cncf.io/projects/ - Using container-native load balancing - https://cloud.google.com/kubernetes-engine/docs/how-to/container-nati ve-load-balancing?hl=en - Using node auto-provisioning - https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-prov isioning?hl=en

Slide 77

Slide 77 text

Appendix (2) - Example GKE Setup - Cloud Nat - https://cloud.google.com/nat/docs/gke-example - Setting up a private cluster - https://cloud.google.com/kubernetes-engine/docs/how-to/private-cluste rs - Binary Authorization - https://cloud.google.com/binary-authorization/docs/ - Istio on GKE - https://cloud.google.com/istio/docs/istio-on-gke/overview - Istio - https://istio.io/

Slide 78

Slide 78 text

Appendix (3) - Kubernetes Logos - https://github.com/kubernetes/kubernetes/tree/master/logo - GCP Icons - https://cloud.google.com/icons/?hl=en - CNCF Artworks - https://github.com/cncf/artwork - Kubernetes The Hard Way - https://github.com/kelseyhightower/kubernetes-the-hard-way