CoreOS Fest 2017 Recap - Speaker Deck

CoreOS Fest 2017 Recap

by Kazuki Suda

Slide 1

Slide 1 text

,VCFSOFUFT.FFUVQ5PLZP ,B[VLJ4VEBLTVEB![MBCDPKQ!TVQFSCSPUIFST 5PNPZB6TBNJUPVTBNJ![MBCDPKQ!IJZPTJ $PSF04'FTU3FDBQ

Slide 2

Slide 2 text

8IBUJT$PSF04'FTU Ӝ FUDE $POUBJOFS-JOVY׾Ꟛ涪ׅ׷$PSF04 *ODךؕٝؿ؋ٖٝأ Ӝ ⚺ח$PSF04 *ODָꟚ涪ׅ׷اؿزؐؑ،װꟼ鸬䪮遭ָ䪔׻׸׷ ,VCFSOFUFT FUDE $POUBJOFS-JOVY 5FDUPOJD FUD $PSF04 *ODה♧筰חؽآطأ׃גְ׷⟰噟ך✲⢽稱➜׮ Ӝ ➙䎃䎃כ ך✳傈꟦؟ٝؿٓٝءأ؝דꟚ⪵ ׍ז׫ח䎃כس؎خكٕٔٝ

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

https://twitter.com/ibrahim_haouari/status/869959495824404481

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

https://twitter.com/mies/status/870395605155053569

Slide 7

Slide 7 text

https://twitter.com/LachlanEvenson/status/870333567653433346

Slide 8

Slide 8 text

5/30 San Francisco Kubernetes Meetup

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

'JOFHSBJOFE %FDMBSBUJWF"ENJTTJPO$POUSPMVTJOH8FCIPPLTBOE01" Ӝ "ENJTTJPODPOUSPMMFSח8FCIPPL׾鷄⸇ׅ׷13ך鍑铡הرٌ IUUQTHJUIVCDPNLVCFSOFUFTLVCFSOFUFTQVMM Ӝ 植㖈"ENJTTJPO$POUSPMMFSח⟣䠐ךⳢ椚׾鷄⸇׃׋ֽ׸לծ ,VCFSOFUFT׾ؿؓ٦ؙׅ׷䗳銲ָ֮׷ָծ8FCIPPLז׵㺁僒 ח䭁䓸דֹ׷

Slide 11

Slide 11 text

https://speakerdeck.com/tksm/kubernetes-falseren-zheng-ren-ke-to-rbac "ENJTTJPO$POUSPMך䗁统

Slide 12

Slide 12 text

01"0QFO1PMJDZ"HFOU Ӝ ؖغشٝأٗآحؙ׾،فٔ؛٦ءّٝٗآحַؙ׵ⴓꨄ Ӝ هٔء٦׾㹑鎉涸ז鎉铂ד鎸鶢 3FHP Ӝ +40/ת׋כ:".- Ӝ 3&45"1*T Ӝ (P鎉铂ד㹋鄲 ر٦ٌٝծٓ؎ـٓٔծ3&1- Ӝ "QBDIFٓ؎إٝأ Ӝ IUUQXXXPQFOQPMJDZBHFOUPSH

Slide 13

Slide 13 text

package admission.blacklist reason["must pin image(s) to specific version in production namespace"] { input.spec.namespace = "production" unpinned_tag } unpinned_tag = true { image_names[name] not re_match(pinned_version_pattern, name) } unpinned_tag = true { image_names[name] endswith(name, ":latest") } image_names[name] { name = input.spec.object.Spec.Template.Spec.Containers[_].Image } image_names[name] { name = input.spec.object.Spec.Containers[_].Image } pinned_version_pattern = ".+:.+"

Slide 14

Slide 14 text

'JOFHSBJOFE %FDMBSBUJWF"ENJTTJPO$POUSPMVTJOH8FCIPPLTBOE01" Webhook OPA ! 1PMJDZ %BUB +40/

Slide 15

Slide 15 text

CoreOS Fest 2017 Day1

Slide 16

Slide 16 text

Ӝ (BCF.POSPZ -FBE1.GPS$POUBJOFSTPO.JDSPTPGU"[VSF Ӝ #VJMEPVUUIFTDBPMEUPTVQQPSUDPOUBJOFSJ[JOHZPVSBQQMJDBUJPO Ӝ %FQMPZBOBQQJOUPZPVSDMVTUFSBOELFFQJUJOTZODXJUIUIFDPEF *OUSPEVDJOH%SBGU $ draft create —-> Python app detected —-> Ready to sail $ draft up —> Building Dockerfile Step 1 : FROM python:onbuild …

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

Ӝ +PIO8JMLFT1SJODJQBM4PGUXBSF&OHJOFFS (PPHMF Ӝ #PSH 0NFHB BOE,VCFSOFUFT IUUQTSFTFBSDIHPPHMFDPNQVCTQVCIUNM #PSH 0NFHB BOE,VCFSOFUFTDMVTUFSNBOBHFNFOUBU(PPHMF

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Ӝ %BO8JMTPO 1SJODJQBM"SDIJUFDU $PODVS Ӝ GFEFSBUJPO4VQQPSUDSFBUJOHSFTPVSDFTJOTQFDJDDMVTUFST Ӝ WTVQQPSUFEPCKFDUT $POHNBQ 4FDSFU %BFNPOTFU 4FSWJDFT *OHSFTT   3FQMJDBTFU %FQMPZNFOU ,VCFSOFUFT'FEFSBUFE$MVTUFS4FMFDUPS

Slide 22

Slide 22 text

,VCFSOFUFT$MVTUFS'FEFSBUJPO DMVTUFS 1PET 47$ *OHSFTT 'FEFSBUJPO"1*4FSWFS kubectl DMVTUFS 1PET 47$ *OHSFTT

Slide 23

Slide 23 text

GFEFSBUJPOBMQIBLVCFSOFUFTJPDMVTUFSTFMFDUPS apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test annotations: federation.alpha.kubernetes.io/cluster-selector: [{"key": "cluster", "operator": "==", "values": ["cluster1"]}] spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80

Slide 24

Slide 24 text

8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS Ӝ "BSPO-FWZ $PSF04 Ӝ 8IZ 傀㶷ך׮ךח㼎ׅ׷堣腉䭁䓸倜׃ְ堣腉װ؝ٝه٦طٝز׾ؙٓأةח鷄⸇ ؙٓأةח㼎ׅ׷"ENJOةأؙך荈⹛⻉

Slide 25

Slide 25 text

Ӝ $POUSPMMFS1BUUFSO 朐䡾׾ؐؓحث׃ג➙ך朐䡾׾劄׬朐䡾ח鵚בֽגְֻ for { desired := getDesiredState() current := getCurrentState() makeChanges(desired, current) } 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS

Slide 26

Slide 26 text

Ӝ FH/PEF3FCPPU$POUSPMMFS BOOPUBUJPOח朐䡾׾剅ֹ鴥׬ SFCPPUOFFEFEծSFCPPUOPXծSFCPPUJOQSPHSFTTזו 朐䡾ך㢌⻉׾*OGPSNFS׾⢪׏ג湊鋔ծ؎كٝز׾鸐濼 ؎كٝزعٝسٓדBOOPUBUJPOך⦼ח䖞׏גⳢ椚 Ӝ IUUQTHJUIVCDPNBBSPOMFWZLVCFDPOUSPMMFSEFNP 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS

Slide 27

Slide 27 text

_, controller := cache.NewInformer( &cache.ListWatch{ // List should return a list type object ListFunc: func(lo metav1.ListOptions) (runtime.Object, error) { return client.Core().Nodes().List(lo) }, // Watch should return a watch Interface. begin a watch at the specified version. WatchFunc: func(lo metav1.ListOptions) (watch.Interface, error) { return client.Core().Nodes().Watch(lo) }, }, // The types of objects this informer will return &v1.Node{}, // The resync period of this object 10*time.Second, // the object you want notifications sent to cache.ResourceEventHandlerFuncs{ // AddFunc: func(obj interface{}) {} UpdateFunc: func(old, newObj interface{}) { … }, // DeleteFunc: func(obj interface{}) {} }, )

Slide 28

Slide 28 text

Ӝ )FMQGVMUPPMT -FBEFS&MFDUJPO 8PSL2VFVF 5IJSE1BSUZ3FTPVSDF 4IBSFE*OGPSNFSFT &WFOUT 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS

Slide 29

Slide 29 text

$PSF04'FTU)BQQZ)PVS  TQPOTPSFECZ5JHFSB %JBNBOUJ8BWFGSPOU

Slide 30

Slide 30 text

CoreOS Fest 2017 Day2

Slide 31

Slide 31 text

,FZOPUF Ӝ #SBOEPO1IJMJQT $50PG$PSF04 Ӝ $PSF"1*T.PWF5P4UBCMF Ӝ .PSF.POJUPSJOH%SJWFO"1*T  XJUI.FUSJDT"1*

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

0SBDMF$PSF04

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

&OEUPFOENPOJUPSJOHXJUIUIF1SPNFUIFVT0QFSBUPS Ӝ 'SFEFSJD#SBOD[ZL $PSF04 Ӝ 1SPNFUIFVT*OUSP Ӝ ,VCFSOFUFTDPNQPOFOUTFYQPTF1SPNFUIFVTNFUSJDT Ӝ 4FMGIPTUFE,VCFSOFUFT IUUQTDPSFPTDPNCMPHTFMGIPTUFELVCFSOFUFTIUNM Ӝ 1SPNFUIFVT0QFSBUPS IUUQTHJUIVCDPNDPSFPTQSPNFUIFVTPQFSBUPS

Slide 37

Slide 37 text

1SPNFUIFVTח״׷,VCFSOFUFTٌصةؚٔٝך㛇燉 https://speakerdeck.com/tksm/kubernetes-monitoring-with-prometheus

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

1SPNFUIFVT0QFSBUPS Operator workﬂow and relationships

Slide 41

Slide 41 text

1SPNFUIFVT0QFSBUPS apiVersion: monitoring.coreos.com/v1alpha1 kind: Prometheus metadata: name: k8s labels: prometheus: k8s spec: replicas: 2 version: v1.7.0 serviceAccountName: prometheus-k8s serviceMonitorSelector: matchExpressions: - {Key: k8s-app, operator: Exists} $ kubectl create -f prometheus-k8s.yaml prometheus "prometheus-k8s" created service "prometheus-k8s" created

Slide 42

Slide 42 text

4UBUFPG4UBUFJO$POUBJOFST Ӝ 3PTT,VLVMJOTLJ-VJT1BCPO $PSF04 Ӝ 寋,VCFSOFUFT♳דEBUBCBTF׾⹛ַׅזַ׸ USVF

Slide 43

Slide 43 text

4UBUFPG4UBUFJO$POUBJOFST Ӝ $MPVE/BUJWF%#3FRVJSFNFOUT 1SPDFTT.BOBHFNFOU $POTJTU/BNJOH 1FSTJTUFOU4UPSBHF 1FFSEJTDPWFSZ

Slide 44

Slide 44 text

4UBUFPG4UBUFJO$POUBJOFST Ӝ 4UBUFGVM4FU 4UBCMF VOJRVF OFUXPSLJEFOUJFST 4UBCMF QFSTJTUFOUTUPSBHF 0SEFSFEEFQMPZNFOUBOETDBMJOH 0SEFSFEEFMFUJPO

Slide 45

Slide 45 text

4UBUFPG4UBUFJO$POUBJOFST Ӝ 4UBUFGVM4FU 1SPDFTT.BOBHFNFOU $POTJTU/BNJOH TUBUFGVMTFUOBNF PSEJOBM 1FSTJTUFOU4UPSBHF WPMVNF$MBJN5FNQMBUFBOE%ZOBNJD1SPWJTJPOJOH 1FFSEJTDPWFSZ )FBEMFTT4FSWJDF

Slide 46

Slide 46 text

$POUBJOFSJ[FE4UPSBHF4ZTUFNT

Slide 47

Slide 47 text

Slide 48

Slide 48 text

0QFSBUJOH%BUBCBTFJT)BSE

Slide 49

Slide 49 text

HJUIVCDPNDPSFPTRVBSUFSNBTUFS

Slide 50

Slide 50 text

XJMMCFZFBSPGTUBUF  PO,VCFSOFUFT

Slide 51

Slide 51 text

Helm Chart Hack Night Brought to By Microsoft

Slide 52

Slide 52 text

No content

Slide 53

Slide 53 text

No content

Slide 54

Slide 54 text

Wrap up

Slide 55

Slide 55 text

8SBQVQ Ӝ $PSF04'FTUJO4BO'SBODJTDPPO.BZTUBOE+VOFTU Ӝ $PSF04'FTU:PV5VCF Ӝ 4',VCFSOFUFT.FFUVQ,VCFSOFUFT$PSF04'FTU*HOJUJPO $POHTBOE5JNF4FSJFT4UPSBHFJO,VCFSOFUFT Ӝ $PSF04'FTU)FMN$IBSU)BDL/JHIU

Slide 56

Slide 56 text

5IBOLT Ӝ 4MJEF CJUMZDPSFPTGFTUSFDBQ Ӝ 2VFTUJPOT ,B[VLJ4VEBLTVEB![MBCDPKQ!TVQFSCSPUIFST 5PNPZB6TBNJUPVTBNJ![MBCDPKQ!IJZPTJ 8FˏSFIJSJOHCJUMZ[MBCDBSFFST