Slide 1

Slide 1 text

KuboͰշద
 Kubernetesӡ༻

Slide 2

Slide 2 text

Kazuto Kusama @jacopen

Slide 3

Slide 3 text

࠷ۙస৬͠·ͨ͠

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

࢖ͬͯ·͔͢ʁ

Slide 6

Slide 6 text

Ͳ͏΍ͬͯӡ༻ͯ͠·͔͢ʁ • GKE͔ͭͬͯΔ • Azure Container Service͔ͭͬͯΔ • ࣗલͰߏஙͯ͠Δ

Slide 7

Slide 7 text

ࣗલͰߏஙɺ݁ߏେม͡Όͳ͍Ͱ͔͢ʁ • ͦ΋ͦ΋Ͳ͏΍ͬͯσϓϩΠ͢Δ͔ • kubeadm • Ansible • ͦͷଞʁ • ؂ࢹ͸ʁ • εέʔϧ͸ʁ • Ξοϓσʔτ͸ʁ

Slide 8

Slide 8 text

ࣗલͰ΍Γͨ͘ͳ͍

Slide 9

Slide 9 text

ͳΜͰͭΒ͍ͷ͔ • ཱࣗ෼ࢄܕͷΞʔΩςΫνϟ • ߏ੒͢Δίϯϙʔωϯτ͕ଟ͍ • σϓϩΠ͸·͍͍ͩ • ͲΕ͔ΒΞοϓσʔτ͢ΔʁͲ͏͍͏खॱͰΞοϓσʔτ͢Δʁ ԿΛόοΫΞοϓ͢Ε͹ྑ͍ʁ Ͳ͜Λ؂ࢹ͢Ε͹ྑ͍ʁ

Slide 10

Slide 10 text

ͳΜͰͭΒ͍ͷ͔ • ཱࣗ෼ࢄܕͷΞʔΩςΫνϟ • ߏ੒͢Δίϯϙʔωϯτ͕ଟ͍ • σϓϩΠ͸·͍͍ͩ • ͲΕ͔ΒΞοϓσʔτ͢ΔʁͲ͏͍͏खॱͰΞοϓσʔτ͢Δʁ ԿΛόοΫΞοϓ͢Ε͹ྑ͍ʁ Ͳ͜Λ؂ࢹ͢Ε͹ྑ͍ʁ k8sʹؔΘΒͣେن໛ͳج൫ͷӡ༻͸ͭΒ͍

Slide 11

Slide 11 text

ղܾࡦ͸ͳ͍ͷ͔

Slide 12

Slide 12 text

͋Γ·͢ʂ

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

BOSH

Slide 15

Slide 15 text

BOSH

Slide 16

Slide 16 text

BOSHͱ͸ • ϦϦʔε؅ཧ/σϓϩΠ/ϥΠϑαΠΫϧϚωδϝϯτ/ϞχλϦ ϯάΛߦ͏ͨΊͷ࢓૊Έ • Cloud Foundry΍ɺपลαʔϏεͷσϓϩΠʹར༻͞Ε͍ͯΔ

Slide 17

Slide 17 text

Α͋͘ΔσϓϩΠπʔϧ VM OS VM OS VM OS IaaS app app app

Slide 18

Slide 18 text

VM OS VM OS VM OS IaaS app app app • σϓϩΠ͢Δઌ͸طʹଘࡏ͢Δલఏ • σϓϩΠͨ͠ΒͦΕͰऴΘΓ

Slide 19

Slide 19 text

VM OS VM OS VM OS IaaS kubelet docker kube-proxy kubelet docker kube-proxy api etcd τϥϒϧͰϓϩηε͕μ΢ϯͨ͠Βʁ

Slide 20

Slide 20 text

VM OS VM OS VM OS IaaS kubelet docker kube-proxy kubelet docker kube-proxy api etcd τϥϒϧͰVM͕μ΢ϯͨ͠Βʁ

Slide 21

Slide 21 text

VM OS VM OS VM OS IaaS kubelet docker kube-proxy kubelet docker kube-proxy api etcd ੬ऑੑ͕൑໌ͨ͠Βʁ

Slide 22

Slide 22 text

VM OS VM OS VM OS IaaS kubelet docker kube-proxy kubelet docker kube-proxy api etcd

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

Throw away the duct
 tape!

Slide 25

Slide 25 text

BOSH

Slide 26

Slide 26 text

BOSH

Slide 27

Slide 27 text

BOSH Stemcell Stemcell - VMͷΠϝʔδϑΝΠϧ

Slide 28

Slide 28 text

VM OS VM OS VM OS Stemcell

Slide 29

Slide 29 text

VM OS VM OS VM OS release deployment release - ΞϓϦέʔγϣϯͷόΠφϦ΍ίϯϑΟάҰࣜ deployment - release΍stemcellΛͲ͜ʹͲΕ͚ͩσϓϩΠ ͢Δ͔ͷࢦࣔॻ

Slide 30

Slide 30 text

VM OS VM OS VM OS release deployment kubelet docker kube-proxy kubelet docker kube-proxy api etcd

Slide 31

Slide 31 text

VM OS VM OS VM OS kubelet docker kube-proxy kubelet docker kube-proxy api etcd σϓϩΠޙ͸ɺbosh͕ϓϩηεɺVMͷ؂ࢹ͓Αͼ ϩάऩू

Slide 32

Slide 32 text

VM OS VM OS VM OS kubelet docker kube-proxy kubelet docker kube-proxy api etcd ΋͠VM͕ಥવࢮͯ͠΋ Σ

Slide 33

Slide 33 text

VM OS VM OS VM OS kubelet docker kube-proxy kubelet docker kube-proxy api etcd BOSH͕௚͢

Slide 34

Slide 34 text

VM OS VM OS VM OS release deployment VM VM ΋͠εέʔϧΞ΢τͨ͘͠ͳͬͯ΋

Slide 35

Slide 35 text

VM OS VM OS VM OS release deployment VM VM deploymentʹ૿΍͍ͨ͠෼͚ͩॻ͍ͯɺ BOSHʹ৯ΘͤΕ͹εέʔϧ׬ྃ

Slide 36

Slide 36 text

Day1 • ࠷ॳͷσϓϩΠ • AnsibleͰ΋ChefͰ΋PuppetͰ΋্ख͘΍ΕΔ ӡ༻ͷ2ϑΣʔζ Day2 • ϞχλϦϯά • Ξοϓσʔτ • ϥΠϑαΠΫϧϚωδϝϯτ • όοΫΞοϓ

Slide 37

Slide 37 text

Day1 • ࠷ॳͷσϓϩΠ • AnsibleͰ΋ChefͰ΋PuppetͰ΋্ख͘΍ΕΔ ӡ༻ͷ2ϑΣʔζ Day2 • ϞχλϦϯά • Ξοϓσʔτ • ϥΠϑαΠΫϧϚωδϝϯτ • όοΫΞοϓ ӡ༻͸Day2໋͕ͦ͜ɻ ͚ͩͲɺͳ͔ͥ͜͜ΛμΫτςʔϓʹ ͍ͯ͠Δέʔε͕ଟ͍

Slide 38

Slide 38 text

Day2Λҙࣝ͠ͳ͍ͱɾɾɾ • ӡ༻ίετ͕O(n)Ͱ૿େɹ( Լख͢Ε͹O(n^2)ͷέʔε΋ŋŋŋ ) • AnsibleͰ͍͍έʔε • খن໛ͳΞϓϦ • 1ճσϓϩΠͨ͠ΒҎ߱͋·ΓΞοϓσʔτ͠ͳ͍ΞϓϦ • Day2ͷҙ͕ࣝඞਢͳέʔε • େن໛ɺ෼ࢄܕ • ͭ·Γ͸Cloud Foundryͱ͔BOSHͱ͔

Slide 39

Slide 39 text

Day2ӡ༻͠·͠ΐ͏

Slide 40

Slide 40 text

͔ͭͯCF΍ͬͯͨਓ Ͱ΋ɺBOSH΋େ֓ͭΒ͘ͳ͍ʁ ֶशίετ΍͹͍

Slide 41

Slide 41 text

͔ͭͯͷBOSH

Slide 42

Slide 42 text

- name: doppler azs: - z1 instances: 1 vm_type: small stemcell: default networks: - name: default jobs: - name: consul_agent release: consul consumes: consul: {from: consul_link} consul_common: nil consul_server: nil consul_client: nil properties: consul: agent: services: doppler: name: doppler - name: doppler release: loggregator properties: doppler: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" loggregator: tls: ca_cert: "((loggregator_tls_doppler.ca))" doppler: cert: "((loggregator_tls_doppler.certificate))" key: "((loggregator_tls_doppler.private_key))" etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal doppler_endpoint: shared_secret: "((dropsonde_shared_secret))" - name: syslog_drain_binder release: loggregator properties: loggregator: tls: key: "((loggregator_tls_syslogdrainbinder.private_key))" [437/1737] etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal syslog_drain_binder: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" system_domain: "((system_domain))" cc: mutual_tls: ca_cert: "((loggregator_tls_syslogdrainbinder.ca))" srv_api_uri: https://api.((system_domain)) ssl: *ssl - name: metron_agent release: loggregator properties: *metron_agent_properties - name: log-api azs: - z1 instances: 1 vm_type: small stemcell: default update: max_in_flight: 1 serial: true networks: ntroller: ͔ͭͯͷBOSH YAML - name: default jobs: - name: consul_agent release: consul consumes: consul: {from: consul_link} consul_common: nil consul_server: nil consul_client: nil properties: consul: agent: services: loggregator_trafficcontroller: {} - name: loggregator_trafficcontroller release: loggregator properties: traffic_co properties: traffic_controller: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" uaa: url: https://uaa.((system_domain)) loggregator: tls: ca_cert: "((loggregator_tls_tc.ca))" trafficcontroller: cert: "((loggregator_tls_tc.certificate))" key: "((loggregator_tls_tc.private_key))" etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal uaa: client_secret: "((uaa_clients_doppler_secret))" system_domain: "((system_domain))" ssl: *ssl cc: srv_api_uri: "http://cloud-controller-ng.service.cf.internal:9022" - name: route_registrar release: routing properties: route_registrar: routes: - name: loggregator port: 8080 registration_interval: 20s uris: - loggregator.((system_domain)) - name: doppler port: 8081 registration_interval: 20s uris: - doppler.((system_domain)) - "*.doppler.((system_domain))" - name: metron_agent release: loggregator properties: *metron_agent_properties variables: - name: blobstore_admin_users_password type: password - name: blobstore_secure_link_secret - name: doppler azs: - z1 instances: 1 vm_type: small stemcell: default networks: - name: default jobs: - name: consul_agent release: consul consumes: consul: {from: consul_link} consul_common: nil consul_server: nil consul_client: nil properties: consul: agent: services: doppler: name: doppler - name: doppler release: loggregator properties: doppler: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" loggregator: tls: ca_cert: "((loggregator_tls_doppler.ca))" doppler: cert: "((loggregator_tls_doppler.certificate))" key: "((loggregator_tls_doppler.private_key))" etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal doppler_endpoint: shared_secret: "((dropsonde_shared_secret))" - name: syslog_drain_binder release: loggregator properties: loggregator: tls: key: "((loggregator_tls_syslogdrainbinder.private_key))" [437/1737] etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal syslog_drain_binder: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" system_domain: "((system_domain))" cc: mutual_tls: ca_cert: "((loggregator_tls_syslogdrainbinder.ca))" srv_api_uri: https://api.((system_domain)) ssl: *ssl - name: metron_agent release: loggregator properties: *metron_agent_properties - name: log-api azs: - z1 instances: 1 vm_type: small stemcell: default update: max_in_flight: 1 serial: true networks: ntroller: - name: default jobs: - name: consul_agent release: consul consumes: consul: {from: consul_link} consul_common: nil consul_server: nil consul_client: nil properties: consul: agent: services: loggregator_trafficcontroller: {} - name: loggregator_trafficcontroller release: loggregator properties: traffic_co properties: traffic_controller: etcd: client_cert: "((etcd_client.certificate))" client_key: "((etcd_client.private_key))" uaa: url: https://uaa.((system_domain)) loggregator: tls: ca_cert: "((loggregator_tls_tc.ca))" trafficcontroller: cert: "((loggregator_tls_tc.certificate))" key: "((loggregator_tls_tc.private_key))" etcd: require_ssl: true ca_cert: "((etcd_server.ca))" machines: - cf-etcd.service.cf.internal uaa: client_secret: "((uaa_clients_doppler_secret))" system_domain: "((system_domain))" ssl: *ssl cc: srv_api_uri: "http://cloud-controller-ng.service.cf.internal:9022" - name: route_registrar release: routing properties: route_registrar: routes: - name: loggregator port: 8080 registration_interval: 20s uris: - loggregator.((system_domain)) - name: doppler port: 8081 registration_interval: 20s uris: - doppler.((system_domain)) - "*.doppler.((system_domain))" - name: metron_agent release: loggregator properties: *metron_agent_properties variables: - name: blobstore_admin_users_password type: password - name: blobstore_secure_link_secret

Slide 43

Slide 43 text

ࠓͷBOSH YAML YAML YAML

Slide 44

Slide 44 text

ࠓͷBOSH • Manifest v2ʹͳ͍ͬͯͩͿݟ௨͕͠ྑ͘ͳͬͨ • BOSH CLI v2 (Go) ͕ࠓ݄GAʹ • ൿ఻ͷλϨʹͳΓ͕ͪͩͬͨdeployment manifest͕ͦͦ͜͜ ݟ௨͠Α͘ɻ

Slide 45

Slide 45 text

BOSH

Slide 46

Slide 46 text

Kubo

Slide 47

Slide 47 text

Kubo Kubernetes + BOSH

Slide 48

Slide 48 text

https://pivotal.io/kubo

Slide 49

Slide 49 text

CFFʹ΋Proposal͕ग़͍ͯ·͢ https://docs.google.com/document/d/1ZOFD5nBQC_vh9CmKHOGT7ugtNaJQ1t03jkLVsyDOH6k/edit?usp=sharing

Slide 50

Slide 50 text

Function Systems Event-driven microservices. Developers use a variety of abstractions today. App-centric Systems Full-featured applications. Container Systems Deep control over app packaging and runtime behavior. Data Services On Demand Services via interfaces. Infrastructure On-premise and/or public clouds. BOSH Cloud NativeͳΞϓϦέʔγϣϯͷ ։ൃɾӡ༻͸CF͕ϕετ

Slide 51

Slide 51 text

Function Systems Event-driven microservices. Developers use a variety of abstractions today. App-centric Systems Full-featured applications. Container Systems Deep control over app packaging and runtime behavior. Data Services On Demand Services via interfaces. Infrastructure On-premise and/or public clouds. BOSH CFͰ͸ରԠ͖͠Εͳ͍ϨΨγʔΞϓϦ΍ StatefulͳΞϓϦέʔγϣϯ͸k8sͰ

Slide 52

Slide 52 text

Function Systems Event-driven microservices. Developers use a variety of abstractions today. App-centric Systems Full-featured applications. Container Systems Deep control over app packaging and runtime behavior. Data Services On Demand Services via interfaces. Infrastructure On-premise and/or public clouds. BOSH ͦΕΒΛBOSHͰ؅ཧ

Slide 53

Slide 53 text

k8s API͸CFͷTCP Routerܦ༝

Slide 54

Slide 54 text

api-route-registrar͕ϧʔτΛ޿ࠂ

Slide 55

Slide 55 text

k8s Pod΁ͷHTTPΞΫηε͸Gorouterܦ༝

Slide 56

Slide 56 text

route-sync͕NATSܦ༝ͰϧʔτΛ޿ࠂ

Slide 57

Slide 57 text

CFͷRouting͸ࠓ·Ͱ௨Γ

Slide 58

Slide 58 text

CFͷRouting Layerͱ k8s΁ͷRouting͕౷߹͞Ε͍ͯΔ

Slide 59

Slide 59 text

k8s StandaloneͰͷߏங΋ͦͷ͏ͪग़དྷΔΑ͏ʹͳΔͱ͔

Slide 60

Slide 60 text

DEMO

Slide 61

Slide 61 text

ݱࡏͷεςʔλε ·ͩ·ͩΞϧϑΝ

Slide 62

Slide 62 text

Product Roadmap 2017 • K8 Parity: cloud packages for LB & Volumes, LB deployment type • Networking: app routes externally accessible, replace powerDNS • Persistence: stateful workloads for COTS data services • High Availability: Single-AZ & Multi-AZ / failover • Core: Migration to Etcd v3 • Rolling upgrades: Cluster upgrades w/Zero-downtime • Multi-IAAS: extend support for all BOSH-supported IAAS
 https://docs.google.com/presentation/d/1z-qGCcHLlPpz5LtS0TOcvBZIK4hUQ4GhB-jjQyHEF3c/edit?usp=sharing

Slide 63

Slide 63 text

·ͱΊ • େن໛෼ࢄγεςϜΛAnsible΍Chef+IaaSͰ؅ཧ͢Δͷ͸
 ແཧήʔ • Day2Λҙࣝͨ͠ӡ༻Λߟ͑Α͏ɻBOSHͰָ͠·͠ΐ͏ɻ • CF+KuboͰCloud NativeͳΞϓϦέʔγϣϯΛޮ཰Α͘ӡ༻

Slide 64

Slide 64 text

Resources • https://github.com/pivotal-cf-experimental/kubo-deployment • https://github.com/pivotal-cf-experimental/kubo-release • http://bosh.io/docs