Intro to the cloud-native world with Kubernetes Lucas Käldström - CNCF Ambassador 31st of October, 2019 - Turku Image credit: @ashleymcnamara

$ whoami Lucas Käldström, freshman Student at Aalto, 20 yo CNCF Ambassador, Certified Kubernetes Administrator and Kubernetes WG/SIG Lead KubeCon Speaker in Berlin, Austin, Copenhagen, Shanghai, Seattle & San Diego KubeCon Keynote Speaker in Barcelona Kubernetes approver and subproject owner (formerly maintainer), active in the community for 4+ years. Got kubeadm to GA. Weave Ignite author, written this summer

An intro to CNCF Cloud Native Computing Foundation helps us all succeed

= OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS

#CloudNativeNordics What is CNCF? A non-profit foundation for Cloud Native: a) open source projects b) companies c) enthusiasts to come together in a neutral place. Founded in Dec 2015, part of Linux Foundation. CNCF curates and promotes a toolkit of trusted projects for modern applications. Helps the hosted projects to succeed. 5

#CloudNativeNordics CNCF Projects

#CloudNativeNordics

#CloudNativeNordics Cloud Native Trail Map Trail Map: l.cncf.io Source

WHAT IS CLOUD NATIVE? 9 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

WHAT IS CLOUD NATIVE? 10 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

WHAT IS CLOUD NATIVE? 11 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

Certified Kubernetes Conformance • CNCF runs a software conformance program for Kubernetes – Implementations run conformance tests and upload results – Mark and more flexible use of Kubernetes trademark for conformant implementations – cncf.io/ck Source

97 Certified Kubernetes Partners 13

© 2019 Cloud Native Computing Foundation 14 ● Over 88,000 people have registered for the free Introduction to Kubernetes course on edX ● Over 9,800 people have registered for the $299 Kubernetes Fundamentals course Training and Certification ● Over 10,600 people have registered for the Certified Kubernetes Administrator (CKA) online test ● Over 4,000 people have registered for the Certified Kubernetes Application Developer (CKAD) online test Training Certification

Kubernetes Certified Service Provider A pre-qualified tier of vetted service providers who have deep experience helping enterprises successfully adopt Kubernetes through support, consulting, professional services and/or training. Benefits • Placement at the top of https://kubernetes.io/partners/ • Monthly private meetings with cloud native project leaders, TOC members, and representatives from the Governing Board • Access to leads from the kubernetes.io for end users looking for support Requirements • Three or more certified engineers • Business model to support enterprise end users • Be a CNCF member https://www.cncf.io/certification/kcsp/

© 2019 Cloud Native Computing Foundation 16 118 Kubernetes Certified Service Providers

© 2019 Cloud Native Computing Foundation 17 KubeCon + CloudNativeCon • North America 2019 – San Diego: November 18-21, 2019 • Europe 2020 – Amsterdam: March 30 - April 2, 2020 • China 2020 – Shanghai: July 28-30, 2020 • North America 2020 – Boston: November 17-20, 2020 kubecon.io

© 2019 Cloud Native Computing Foundation 18 KubeCon + CloudNativeCon Attendance

© 2019 Cloud Native Computing Foundation 19 Prospectus • Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019 • Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020 • 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo & Singapore, Seoul & Sydney • Two-day events with a target audience of 1,500

An intro to Kubernetes Kubernetes lets you efficiently declaratively manage your apps at any scale

21 Most importantly: What does “Kubernetes” mean? Kubernetes = Greek for “pilot” or “helmsman of a ship”

22 What is Kubernetes? = A Production-Grade Container Orchestration System Google-grown, based on Borg and Omega, systems that run inside of Google right now and are proven to work at Google for over 10 years. Google spawns 2 billion containers per week with these systems. Created by three Google employees initially during the summer of 2014; grew exponentially and became the first project to get donated to the CNCF. Hit the first production-grade version v1.0.1 in July 2015. Has continually released a new minor version every three months since v1.2.0 in March 2016. Lately v1.13.0 was released in December 2018.

23 So what does Kubernetes actually do? It abstracts away the underlying hardware, abstracts away the concept Node. Principle: Manage your applications like Cattle (generic, bulk operations) instead of like Pets (every operation is customized with care and love for the individual) Kubernetes is the Linux for distributed systems. In the same manner Linux (an OS) abstracts away the hardware differences (with different CPU types, etc.), Kubernetes abstracts away the fact that you have 5 000 nodes in the node pool and provides consistent UX and operation methods for apps You (the admin) declares the desired state, Kubernetes' main task is to make the desired state the actual state.

24 Nodes Control Plane Kubernetes’ high-level component architecture Node 3 OS Container Runtime Kubelet Networking Node 2 OS Container Runtime Kubelet Networking Node 1 OS Container Runtime Kubelet Networking API Server (REST API) Controller Manager (Controller Loops) Scheduler (Bind Pod to Node) etcd (key-value DB, SSOT) User Legend: CNI CRI OCI Protobuf gRPC JSON

25 kubeadm = A tool that sets up a minimum viable, best-practice Kubernetes cluster Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure Layer 2 The scope of kubeadm Layer 3 Layer 1

26 kubeadm vs kops or kubespray Two different projects, two different scopes Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure kops

27 Create a cluster with kubeadm 1. Provision a Linux machine with Ubuntu, Debian, RHEL, CentOS or Fedora 2. Install kubeadm: 3. Make kubeadm set up a master node for you: 4. Install a Pod Network solution from a third-party provider: 5. Repeat step 1 & 2 on an other node and join the cluster: curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo “deb http://apt.kubernetes.io/ kubernetes-xenial main” > /etc/apt/sources.list.d/kubernetes.list apt-get update && apt-get install -y kubeadm docker.io kubeadm init kubectl apply -f https://git.io/weave-kube-1.6 kubeadm join --token :6443

28 Fresh docs on how to extend Kubernetes Brand new docs on how to extend Kubernetes Kubernetes has many extension mechanisms: ● API Aggregation (GA) ● kubectl plugins (beta) ● CustomResourceDefinitions, Example intro (beta) ● Container Network Interface plugins (stable) ● Scheduler webhook & multiple (beta) ● Device plugins (GA) ● Admission webhooks (beta) ● External Cloud Provider Integrations (beta) ● API Server authn / authz webhooks (stable) ● Container Runtime Interface plugins (alpha) ● Container Storage Interface plugins (GA)

29 Kubernetes in Search Trends WeChat Kubernetes OpenStack Google Trends Kubernetes OpenStack Mesos Docker Swarm Cloud Foundry July-18 Aug-18 Sept-18 Oct-18 Source

30 Everything is done in Special Interest Groups Special Interest Groups (SIGs) manage Kubernetes’ various components and features. All code in the Kubernetes Github organization should be owned by one or more SIGs; with directory-level granularity. SIGs have regular (often weekly) video meetings where the attendees discuss design decisions, new features, bugs, testing, onboarding or whatever else that is relevant to the group. Attending these meetings is the best way to get to know the project Image source

31 Kubernetes’ incredible velocity (last 365 days!) 32 000+ human commits 15 000+ contributors 51 000+ opened Pull Requests 73 000+ opened issues 88 000+ Kubernetes professionals 35 000+ Kubernetes jobs 55 000+ users on Slack 50 000+ edX course enrolls Source 5 Source 4 Last updated: 09.01.2019 Source 2 318 000+ Github comments Source 1 Source 3

Kubernetes’ Essential Concepts Dive into how to use Kubernetes for real

33 The core primitive: A Pod The basic, atomically deployable unit in Kubernetes. A Pod consists of one or many co-located containers. A Pod represents a single instance of an application. The containers in a Pod share the loopback interface (localhost) and can share mounted directories. Each Pod has it’s own, uniquely assigned and internal IP. Pods are mortal, which means that if the node the Pod runs on becomes unavailable, the workload also goes unavailable. apiVersion: v1 kind: Pod metadata: name: nginx namespace: default labels: app: nginx spec: containers: - image: nginx:1.13.9 name: nginx ports: - name: http containerPort: 80

34 A replicated, upgradeable set of Pods: A Deployment With a Deployment, you can manage Pods in a declarative and upgradable manner. Note the replicas field. Kubernetes will make sure that amount of Pods created from the template always are available. When the Deployment is updated, Kubernetes will perform an rolling update of the Pods running in the cluster. Kubernetes will create one new Pod, and remove an old until all Pods are new. apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx:1.13.9-alpine name: nginx ports: - name: http containerPort: 80 The Pod Template

35 Various possible Deployment upgrade strategies The built-in Deployment behavior The other strategies can be implemented fairly easily by talking to the API. Picture source: Kubernetes effect by Bilgin Ibryam

36 Access your replicated Pods via a Service A Service exposes one or many Pods via a stable, immortal, internal IP address. It’s also accessible via cluster-internal DNS: {service}.{namespace}.svc.cluster.local, e.g. nginx.default.svc.cluster.local The Service selects Pods based on the label key-value selectors (here app=nginx) A Service may expose multiple ports. This ClusterIP can be declaratively specified, or dynamically allocated. apiVersion: v1 kind: Service metadata: name: nginx namespace: default labels: app: nginx spec: type: ClusterIP ports: - name: http port: 80 targetPort: 80 selector: app: nginx The Pod Selector

37 Expose your Service to the world with an Ingress A Service is only accessible inside of the cluster. In order to expose the Service to the internet, you must deploy an Ingress controller, like Traefik, and create an Ingress Rule The Ingress rule is the Kubernetes-way of mapping hostnames and paths from internet requests to cluster-internal Services. The Ingress controller is a loadbalancer that’s creating forwarding rules based on the Ingress Rules in the Kubernetes API. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx namespace: default labels: app: nginx spec: rules: - host: nginx.demo.kubernetesfinland.com http: paths: - path: / backend: serviceName: nginx servicePort: 80 The Service reference

38 Isolate your stuff in a Namespace Internet nginx.demo.kubernetesfinland.com Traefik as Ingress Controller Namespace: default nginx Ingress Rule nginx Service nginx Pod 1 nginx Pod 2 nginx Pod 3 nginx Deployment A Namespace is a logical isolation method, most resources are namespace-scoped. You can group logically similar workloads in one namespace and enforce different policies. You can e.g. have one namespace per team, and let them play in their own virtual environment. Role Based Access Control (RBAC) can be used to control what Kubernetes users can do, and what resources in what namespaces an user can access is one of the parameters to play with there.

Thank you! @luxas on Github @luxas on Kubernetes’ Slack @kubernetesonarm on Twitter [email protected]

40 Reference Slides below: 40

41 Where is the community doing work? 1. On Slack: https://kubernetes.slack.com & http://slack.k8s.io 2. On Github: https://github.com/kubernetes (in ~150 repositories) 3. In weekly Special Interest Group (SIG), Working Group (WG) and Subproject meetings Check out the community repo: https://github.com/kubernetes/community Youtube archive of ALL meetings available in the Kubernetes Youtube channel 4. In the Kubernetes Community Meeting every Thursday 6pm - 7pm UTC https://github.com/kubernetes/community/blob/master/events/community-meeting.md 5. On the Discuss Kubernetes site: https://discuss.kubernetes.io/ 6. In Google Groups in #kubernetes-*, e.g. https://groups.google.com/forum/#!forum/kubernetes-dev 7. At meetups worldwide (~170 meetups / ~40 countries): https://www.meetup.com/pro/cncf/ 8. In the community Office Hours and Meet Our Contributors - Ask Us Anything series

42 How to start contributing? 1. Read as much of https://github.com/kubernetes/community as you can!! 2. Read the CONTRIBUTORS GUIDE 3. Find a SIG you’re interested to contribute to (e.g. SIG Cluster Lifecycle) 4. Create a Github account if you haven’t done so and sign up to the Kubernetes Slack: slack.k8s.io 5. Join the #sig-foo channels in Slack you’re interested in and #kubernetes-dev 6. Sign up to the #kubernetes-dev, #kubernetes-announce and #kubernetes-sig-foo mailing lists 7. Watch the New Contributor Series on Youtube from a New Contributor Summit 8. Check out the Codebase Tour in the “Meet Our Contributors” Youtube series 9. Learn how to use Kubernetes in more detail in this Free Kubernetes Course on edx.org 10. Join a weekly SIG meeting using Zoom and let them know you’d like to contribute :)