The Kubernetes API & Next Generation Automation Tools @ Open Source Summit Japan

Slide 1

Slide 1 text

Ian Lewis Developer Advocate, Google Cloud Platform The Kubernetes API & Next Generation Automation Tools Open Source Summit Japan 2017

Slide 2

Slide 2 text

Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer Advocate - Google Cloud Platform Tokyo, Japan +Ian Lewis @IanMLewis

Slide 3

Slide 3 text

Kubernetes κυβερνήτης: Greek for “pilot” or “helmsman of a ship” the open source cluster manager from Google

Slide 4

Slide 4 text

Google Cloud Platform Cloud Native Computing Foundation

Slide 5

Slide 5 text

Google Cloud Platform Goal: Avoid vendor lock-in Runs in many environments, including “bare metal” and “your laptop” The API and the implementation are 100% open The whole system is modular and replaceable Workload portability

Slide 6

Slide 6 text

Google Cloud Platform Goal: Write once, run anywhere* Don’t force apps to know about concepts that are cloud-provider-specific Examples of this: ● Network model ● Ingress ● Service load-balancers ● PersistentVolumes * approximately Workload portability

Slide 7

Slide 7 text

Google Cloud Platform Goal: Avoid coupling Don’t force apps to know about concepts that are Kubernetes-specific Examples of this: ● Namespaces ● Services / DNS ● Downward API ● Secrets / ConfigMaps Workload portability

Slide 8

Slide 8 text

Google Cloud Platform Result: Portability Build your apps on-prem, lift-and-shift into cloud when you are ready Don’t get stuck with a platform that doesn’t work for you Put your app on wheels and move it whenever and wherever you need Workload portability

Slide 9

Slide 9 text

Kubernetes is a platform for building distributed systems

Slide 10

Slide 10 text

Your App

Slide 11

Slide 11 text

Your Platform

Slide 12

Slide 12 text

Google Cloud Platform users SSH SSH SSH The Clusters of Old server server server

Slide 13

Slide 13 text

Google Cloud Platform users API Container Clusters Container Cluster

Slide 14

Slide 14 text

Google Cloud Platform UI CLI API users master nodes etcd scheduler controllers master The 10000 Foot View kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet kubelet

Slide 15

Slide 15 text

Google Cloud Platform Small group of containers & volumes Tightly coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod Pods

Slide 16

Slide 16 text

Google Cloud Platform Docker Containers IPC Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx

Slide 17

Slide 17 text

Google Cloud Platform IPC Network Pods docker … --net=container:id --ipc=container:id Hostname cgroup Web Server Pod cgroup File Puller localhost

Slide 18

Slide 18 text

Google confidential │ Do not distribute Services A group of pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Virtual IP Client

Slide 19

Slide 19 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...

Slide 20

Slide 20 text

Google Cloud Platform Deployments ReplicaSet - replicas: 4 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 21

Slide 21 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 22

Slide 22 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 23

Slide 23 text

Google Cloud Platform Rolling Updates ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...

Slide 24

Slide 24 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Rolling Updates ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v2 Deployment - name: MyApp

Slide 25

Slide 25 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 26

Slide 26 text

Google Cloud Platform ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Deployment - app: MyApp Rolling Updates

Slide 27

Slide 27 text

Google Cloud Platform ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 28

Slide 28 text

Google Cloud Platform ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 29

Slide 29 text

Google Cloud Platform ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 30

Slide 30 text

Google Cloud Platform ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 31

Slide 31 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 32

Slide 32 text

Google Cloud Platform observe diff act Controllers

Slide 33

Slide 33 text

Google Cloud Platform Pods Watch observe diff act Container Run/Stop Kubelet

Slide 34

Slide 34 text

Google Cloud Platform Services Watch observe diff act iptables Create/Update Kube-Proxy

Slide 35

Slide 35 text

Google Cloud Platform Service Watch observe diff act Load Balancer Create/Update Service/LB Controller

Slide 36

Slide 36 text

Google Cloud Platform ReplicaSet Watch observe diff act Pod Create/Delete ReplicaSet Controller

Slide 37

Slide 37 text

Google Cloud Platform The 10000 Foot View etcd scheduler controller-manager apiserver kubelet docker kube-proxy iptables 1. User creates & pushes image 2. User creates Deployment 3. API server saves info to etcd 4. CM finds Deployment and creates ReplicaSet, which creates Pods (unscheduled) 5. Scheduler schedules pods. 6. Kubelet sees pod scheduled to it and tells docker to run the container. 7. Docker pulls and runs the container. Docker Hub / GCR

Slide 38

Slide 38 text

Google Cloud Platform controller-manager Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 39

Slide 39 text

Google Cloud Platform controller-manager Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 40

Slide 40 text

Google Cloud Platform controller-manager ReplicaSet metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 41

Slide 41 text

Google Cloud Platform controller-manager ReplicaSet metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 42

Slide 42 text

Google Cloud Platform controller-manager Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: ReplicaSet metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 43

Slide 43 text

Slide 44

Slide 44 text

Google Cloud Platform controller-manager Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 ReplicaSet metadata.name: nginx-xxxx Deployment metadata.name: nginx Deployment Controller ReplicaSet Controller Scheduler

Slide 45

Slide 45 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: Pending node1 kubelet docker

Slide 46

Slide 46 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: ContainerCreating node1 kubelet docker

Slide 47

Slide 47 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: ContainerCreating node1 kubelet docker

Slide 48

Slide 48 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: ContainerCreating node1 kubelet docker Docker Hub / GCR

Slide 49

Slide 49 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: ContainerCreating node1 kubelet docker nginx-xxxx-x xxx

Slide 50

Slide 50 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: ContainerCreating node1 kubelet docker nginx-xxxx-x xxx

Slide 51

Slide 51 text

Google Cloud Platform Pod metadata.name: nginx-xxxx-xxxx spec.nodeName: node1 status: Running node1 kubelet docker nginx-xxxx-x xxx

Slide 52

Slide 52 text

for { resp := http.Get(secretsEndpoint) list := json.Unmarshal(resp.Body) for _, secret := range list.Items { data := base64Decode(secret[“data”]) if len(data[“password”]) < 10 { log.Printf(“Insecure secret: %s”, secret.Metadata.Name) http.Delete(secretsEndpoint + secret.Metadata.Name) } } }

Slide 53

Slide 53 text

for { resp := http.Get(crontabEndpoint) list := json.Unmarshal(resp.Body) for _, crontab := range list.Items { addIfNew(crontab) updateIfChanged(crontab) deleteIfOld(crontab) } }

Slide 54

Slide 54 text

Thank You