Deploying your first Micro-Service Application to Kubernetes

Slide 1

Slide 1 text

@BastianHofmann Deploying your ﬁrst Micro-Service Application to Kubernetes Bastian Hofmann

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Agenda for today

Slide 4

Slide 4 text

Kubernetes Basics

Slide 5

Slide 5 text

Deploying an application

Slide 6

Slide 6 text

Load Balancing

Slide 7

Slide 7 text

Persistent Storage

Slide 8

Slide 8 text

Conﬁguration Management

Slide 9

Slide 9 text

Environment Management

Slide 10

Slide 10 text

Service Discovery

Slide 11

Slide 11 text

Service Meshes

Slide 12

Slide 12 text

Monitoring

Slide 13

Slide 13 text

Debugging

Slide 14

Slide 14 text

Logging

Slide 15

Slide 15 text

(Auto) Scaling

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

Container orchestration platform

Slide 18

Slide 18 text

Deploy, run and scale your services in isolated containers

Slide 19

Slide 19 text

Why containers?

Slide 20

Slide 20 text

Services run in isolation

Slide 21

Slide 21 text

Everything needed to run a service in one image

Slide 22

Slide 22 text

Make things …

Slide 23

Slide 23 text

Easier to deploy

Slide 24

Slide 24 text

Easier to upgrade system dependencies

Slide 25

Slide 25 text

Easier to develop

Slide 26

Slide 26 text

Easier to scale

Slide 27

Slide 27 text

Better resource usage

Slide 28

Slide 28 text

#safeThePlanet

Slide 29

Slide 29 text

No vendor lock in

Slide 30

Slide 30 text

Standardized APIs

Slide 31

Slide 31 text

Runs on

Slide 32

Slide 32 text

Your laptop

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

Bare metal

Slide 35

Slide 35 text

Cloud Providers

Slide 36

Slide 36 text

And if you don't want to install and maintain Kubernetes yourself

Slide 37

Slide 37 text

Managed Kubernetes

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

Beneﬁts of Managed Solutions

Slide 40

Slide 40 text

Easy upgrades

Slide 41

Slide 41 text

Easy scaling

Slide 42

Slide 42 text

Features

Slide 43

Slide 43 text

Load Balancing

Slide 44

Slide 44 text

Distributed Persistent Storage

Slide 45

Slide 45 text

Some do offer

Slide 46

Slide 46 text

Backups

Slide 47

Slide 47 text

Hyperscaling

Slide 48

Slide 48 text

Premium support

Slide 49

Slide 49 text

Carefree Usage & pro-active monitoring

Slide 50

Slide 50 text

You can focus on what's important

Slide 51

Slide 51 text

Let’s deﬁne some core concepts and terminology ﬁrst

Slide 52

Slide 52 text

Kubernetes Cluster

Slide 53

Slide 53 text

• A docker image built from a Dockerfile that contains everything a service needs to run Image

Slide 54

Slide 54 text

• A container runs a docker image. • Only 1 process can run inside of a container Container

Slide 55

Slide 55 text

• A group of 1 or more containers • Same port space • Ports are not accessible from outside of the pod Pod

Slide 56

Slide 56 text

• Defines and manages how many instances of a pod should run Replica Set

Slide 57

Slide 57 text

• Manages updates and rollbacks of replica sets Deployment

Slide 58

Slide 58 text

• Makes a port of a pod accessible to other pods Service

Slide 59

Slide 59 text

• Makes a service accessible to the outside of Kubernetes Ingress

Slide 60

Slide 60 text

• A physical server • Containers get distributed automatically Node

Slide 61

Slide 61 text

• Configuration that can be mounted inside of a container ConﬁgMap

Slide 62

Slide 62 text

• Volumes can be mounted into a container to access a ConfigMap, Secret or a folder on the host Volumes

Slide 63

Slide 63 text

• Dedicated environment to deploy services in Namespaces

Slide 64

Slide 64 text

DaemonSets, CronJobs, StatefulSets, ...

Slide 65

Slide 65 text

Everything is a resource

Slide 66

Slide 66 text

You interact with Kubernetes by creating, receiving, updating and deleting resources

Slide 67

Slide 67 text

Kubernetes has controllers to listen on these interactions and get the cluster in the desired state

Slide 68

Slide 68 text

kind: Deployment apiVersion: extensions/v1beta1 metadata: name: symfony-demo spec: template: spec: containers: - name: symfony-demo image: symfony-demo:1.1.0 ports: - containerPort: 80

Slide 69

Slide 69 text

$ kubectl apply -f deployment.yaml

Slide 70

Slide 70 text

$ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE symfony-demo 1 1 1 1 21h

Slide 71

Slide 71 text

$ kubectl get deployment symfony-demo -o yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: ... spec: ... template: ... spec: containers: - name: symfony-demo image: symfony-demo:1.1.0

Slide 72

Slide 72 text

$ kubectl delete deployment symfony-demo

Slide 73

Slide 73 text

The Kubernetes API can be extended with additional Resources and Controllers

Slide 74

Slide 74 text

CustomResourceDeﬁnitions

Slide 75

Slide 75 text

Certiﬁcate, Backup, Restore, MySQLCluster, Function, ...

Slide 76

Slide 76 text

To interact with Kubernetes

Slide 77

Slide 77 text

kubectl

Slide 78

Slide 78 text

$ kubectl get pods

Slide 79

Slide 79 text

NAME READY STATUS RESTARTS AGE kubernetes-dashboard-5b5bf59977-t9xb9 1/1 Running 2 9d nginx-ingress-controller-5549f5597c-97kcw 0/1 Running 2 9d nginx-ingress-default-backend-564d9d9477-tmnnr 1/1 Running 4 9d mysql-556c9b5bcb-5jdrt 1/1 Running 1 8d symfony-demo-5b75f5fc6-c7wr9 1/1 Running 0 8d symfony-demo-5b75f5fc6-jg8n4 1/1 Running 23 8d

Slide 80

Slide 80 text

REST API

Slide 81

Slide 81 text

$ kubectl proxy --port=8080 $ curl http://localhost:8080/api/v1/namespaces/default/ pods { "kind": "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "336834" }, "items": [ { "metadata": { "name": "kubernetes-dashboard-5b5bf59977-t9xb9",

Slide 82

Slide 82 text

kubernetes-dashboard

Slide 83

Slide 83 text

No content

Slide 84

Slide 84 text

Helm The package manager for Kubernetes

Slide 85

Slide 85 text

$ helm install stable/wordpress

Slide 86

Slide 86 text

Let's start deploying

Slide 87

Slide 87 text

We will use:

Slide 88

Slide 88 text

SysEleven MetaKube

Slide 89

Slide 89 text

We will all use the same cluster

Slide 90

Slide 90 text

Please create and then do everything in your own Namespace

Slide 91

Slide 91 text

Please create and then do everything in your own Namespace

Slide 92

Slide 92 text

Demo code and instructions: https:/ /github.com/bashofmann/ phpuk19-k8s-workshop

Slide 93

Slide 93 text

# 01 Deploying a simple Web Application

Slide 94

Slide 94 text

What did just happen?

Slide 95

Slide 95 text

No content

Slide 96

Slide 96 text

Deployment created

Slide 97

Slide 97 text

Sees new Deployment And creates new ReplicaSet with 0 replicas

Slide 98

Slide 98 text

Scales new ReplicaSet up

Slide 99

Slide 99 text

Sees new ReplicaSet and Creates Pod for ReplicaSet

Slide 100

Slide 100 text

Sees new unscheduled Pod and Schedules it to Node

Slide 101

Slide 101 text

Sees it is supposed to start a Pod And starts its Containers

Slide 102

Slide 102 text

Service created

Slide 103

Slide 103 text

Sees the new Service And conﬁgures IP Table Rules and DNS entries

Slide 104

Slide 104 text

Sees the new Service has the Type LoadBalancer and creates An External LB at the Cloud Provider

Slide 105

Slide 105 text

How is trafﬁc routed to the Pod

Slide 106

Slide 106 text

The Service loadbalances incoming trafﬁc to all available Pods

Slide 107

Slide 107 text

Every Service has a virtual IP

Slide 108

Slide 108 text

Round Robin with IP Tables rules

Slide 109

Slide 109 text

OpenStack LoadBalancer

Slide 110

Slide 110 text

# 02 Using an Ingress with TLS

Slide 111

Slide 111 text

The ingress controller (nginx) listens on Ingress Resources and conﬁgures itself to route incoming trafﬁc to the correct running pods

Slide 112

Slide 112 text

Cert-manager listens on Ingresses and if they want TLS, requests a certiﬁcate from LetsEncrypt

Slide 113

Slide 113 text

$ helm install stable/nginx-ingress $ kubectl apply -f https://raw.githubusercontent.com/ jetstack/cert-manager/release-0.6/deploy/manifests/00- crds.yaml $ helm install stable/cert-manager

Slide 114

Slide 114 text

How is trafﬁc routed to the Pod

Slide 115

Slide 115 text

OpenStack LoadBalancer

Slide 116

Slide 116 text

# 03 Application Conﬁguration

Slide 117

Slide 117 text

Conﬁguration should not be part of a Docker Image

Slide 118

Slide 118 text

So that you can use the same Docker Image in multiple environments

Slide 119

Slide 119 text

Kubernetes comes with Key-Value Store Resources

Slide 120

Slide 120 text

ConﬁgMaps

Slide 121

Slide 121 text

Secrets

Slide 122

Slide 122 text

Can be mounted inside of containers

Slide 123

Slide 123 text

Environment Variables

Slide 124

Slide 124 text

Volumes

Slide 125

Slide 125 text

# 04 Helm Package Manager

Slide 126

Slide 126 text

Helm

Slide 127

Slide 127 text

No content

Slide 128

Slide 128 text

Allows to install applications

Slide 129

Slide 129 text

So called "charts"

Slide 130

Slide 130 text

Writing your own charts if fairly easy

Slide 131

Slide 131 text

Charts can depend on other charts

Slide 132

Slide 132 text

Multiple deployments of one chart possible

Slide 133

Slide 133 text

Different namespaces

Slide 134

Slide 134 text

Different release names

Slide 135

Slide 135 text

Conﬁguration over values

Slide 136

Slide 136 text

No content

Slide 137

Slide 137 text

$ helm install stable/wordpress --namespace bastian --name my-wordpress --values dev.yaml --values bastian.yaml

Slide 138

Slide 138 text

# 05 Service Discovery

Slide 139

Slide 139 text

Kubernetes has an internal DNS for service discovery

Slide 140

Slide 140 text

Every Service has a DNS entry

Slide 141

Slide 141 text

service-name[.namespace]

Slide 142

Slide 142 text

# 06 Databases and Persistent Storage

Slide 143

Slide 143 text

You deﬁne a Persistent Volume or Storage Class, e.g. NFS, …

Slide 144

Slide 144 text

Depends on your Kubernetes Setup

Slide 145

Slide 145 text

Each pod can specify a Persistent Volume Claim

Slide 146

Slide 146 text

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgresql-pv-claim labels: name: postgresql spec: storageClassName: generic accessModes: - ReadWriteOnce resources: requests: storage: 10Gi

Slide 147

Slide 147 text

And then mount the Claim into a Volume in a container

Slide 148

Slide 148 text

apiVersion: extensions/v1beta1 kind: Deployment metadata: name: postgresql spec: template: spec: containers: … volumes: - name: postgresql-data persistentVolumeClaim: claimName: postgresql-pv-claim

Slide 149

Slide 149 text

https:/ /kubernetes.io/docs/concepts/ storage/persistent-volumes/

Slide 150

Slide 150 text

# 07 Service Meshes

Slide 151

Slide 151 text

What are Service Meshes?

Slide 152

Slide 152 text

No content

Slide 153

Slide 153 text

They provide

Slide 154

Slide 154 text

Metrics and Traces

Slide 155

Slide 155 text

Transparent End-To-End Encryption

Slide 156

Slide 156 text

Advanced Routing

Slide 157

Slide 157 text

Istio

Slide 158

Slide 158 text

LinkerD

Slide 159

Slide 159 text

$ linkerd install | kubectl apply -f -

Slide 160

Slide 160 text

# 08 Monitoring

Slide 161

Slide 161 text

Prometheus

Slide 162

Slide 162 text

$ helm install stable/prometheus

Slide 163

Slide 163 text

Automatically scrapes all Services/Pods with a Prometheus Scraping Annotation

Slide 164

Slide 164 text

# 09 Logging

Slide 165

Slide 165 text

Applications just log to stdout & stderr

Slide 166

Slide 166 text

Kubernetes writes logs of containers to the Node's Filesystem

Slide 167

Slide 167 text

Fluentd runs as a DaemonSet on every Node

Slide 168

Slide 168 text

Mounts the local Host Path of the Logs

Slide 169

Slide 169 text

Tails on Logs and enriches it with Meta Information

Slide 170

Slide 170 text

Sends it to ElasticSearch

Slide 171

Slide 171 text

Kibana as a nice Dashboard

Slide 172

Slide 172 text

$ helm install stable/elasticsearch $ helm install stable/fluentd-elasticsearch --set elasticsearch.host=elasticsearch- client,elasticsearch.port=9200 $ helm install stable/kibana # with some configuration

Slide 173

Slide 173 text

# 10 Debugging

Slide 174

Slide 174 text

Not all services have an ingress

Slide 175

Slide 175 text

Accessing Kubernetes from the outside

Slide 176

Slide 176 text

web quote-svc hello-svc

Slide 177

Slide 177 text

Getting a shell in a running container

Slide 178

Slide 178 text

$ kubectl exec $POD_NAME -i -t -- /bin/bash

Slide 179

Slide 179 text

Port forwarding through kubectl

Slide 180

Slide 180 text

$ kubectl port-forward pod/$POD_NAME 8080:80

Slide 181

Slide 181 text

$ kubectl port-forward service/$SERVICE_NAME 8080:80

Slide 182

Slide 182 text

Still, if you make a code change you have to commit, push, build, deploy

Slide 183

Slide 183 text

Takes some time

Slide 184

Slide 184 text

What about step debugging?

Slide 185

Slide 185 text

Of course you can run everything locally

Slide 186

Slide 186 text

But you develop only on one service

Slide 187

Slide 187 text

There may be lots of services

Slide 188

Slide 188 text

You don't want to expose all services publicly

Slide 189

Slide 189 text

Port-forwarding all services is also work

Slide 190

Slide 190 text

Telepresence

Slide 191

Slide 191 text

No content

Slide 192

Slide 192 text

Creates a two-way proxy between the Kubernetes cluster and you

Slide 193

Slide 193 text

$ telepresence T: Starting proxy with method 'vpn-tcp'... @fhgbvx65xg|bash-3.2$ curl http://quote-svc/quote | jq '.' [ { "ID": 503, "title": "stefan sagmeister", "content": "

...

\n", "link": "https://quotesondesign.com/stefan- sagmeister-2/" } ]

Slide 194

Slide 194 text

Swap a running deployment in the cluster with a local process

Slide 195

Slide 195 text

... or a locally running docker container

Slide 196

Slide 196 text

$ telepresence --swap-deployment quote-svc --namespace dev-flow-demo --expose 3000 --run npm run debug T: Starting proxy with method 'vpn-tcp',... T: Forwarding remote port 3000 to local port 3000.... > quote-svc@1.0.0 debug /Users/bhofmann/forge_test/quote- svc > nodemon --inspect quote-svc.js [nodemon] watching: *.* [nodemon] starting `node --inspect quote-svc.js` Debugger listening on ws://127.0.0.1:9229/83aa27ac- d879-4b50-a228-440354cca791 quote svc listening on port 3000!

Slide 197

Slide 197 text

# 11 (Auto) Scaling

Slide 198

Slide 198 text

Manual Scaling

Slide 199

Slide 199 text

kubectl scale --replicas=3 deployment/my-app

Slide 200

Slide 200 text

AutoScaling

Slide 201

Slide 201 text

Pods

Slide 202

Slide 202 text

Nodes

Slide 203

Slide 203 text

Summary

Slide 204

Slide 204 text

Powerful

Slide 205

Slide 205 text

Helpful

Slide 206

Slide 206 text

Better resource usage

Slide 207

Slide 207 text

Great tools because of standardized APIs

Slide 208

Slide 208 text

Fast paced development

Slide 209

Slide 209 text

Keep up to date

Slide 210

Slide 210 text

Documentation

Slide 211

Slide 211 text

https:/ /kubernetes.io/docs/

Slide 212

Slide 212 text

KubeCons

Slide 213

Slide 213 text

https:/ /www.youtube.com/channel/ UCvqbFHwN-nwalWPjPUKpvTA

Slide 214

Slide 214 text

http:/ /speakerdeck.com/ u/bastianhofmann

Slide 215

Slide 215 text

Please provide feedback

Slide 216

Slide 216 text

mail@bastianhofmann.de https:/ /twitter.com/BastianHofmann