Slide 1

Slide 1 text

Google Kubernetes Engine 概要 & アップデート

Slide 2

Slide 2 text

Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer Advocate - Google Cloud Platform Tokyo, Japan @IanMLewis

Slide 3

Slide 3 text

Copyright 2015 Google Inc Google has been running all our services in Containers for 10 years. We start over 2 billion containers every week. Images by Connie Zhou

Slide 4

Slide 4 text

http://research.google.com/pubs/pub43438.html

Slide 5

Slide 5 text

Image by Connie Zhou

Slide 6

Slide 6 text

job hello_world = { runtime = { cell = 'ic' } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port = '%port%' } // Command line parameters requirements = { // Resource requirements ram = 100M disk = 100M cpu = 0.1 } replicas = 5 // Number of tasks } 10000 Developer View

Slide 7

Slide 7 text

web browsers BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) Binary Developer View What just happened?

Slide 8

Slide 8 text

Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Image by Connie Zhou Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world!

Slide 9

Slide 9 text

Container Image Dependencies Application Code Containers encapsulate application code and all dependencies. Applications can be depend less on the infrastructure where it runs. • In traditional IT environments, applications needed specific infrastructure. Dependencies needed to be installed beforehand. • Containers incorporate applications and their dependencies so deployment to development, test, and production can be made easier. • Don’t need to be dependent on on-premise, private or public cloud environments. What are Containers?

Slide 10

Slide 10 text

はやい 数ミリセクで起動できる ポータビリティ サーバのOS環境に 依存しない 効率 オーバーヘッド少なめで 使える なぜコンテナ?

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

Copyright 2015 Google Inc Container Management Node Node Cluster Node ??? ● How to deploy to multiple nodes? ● How to deal with node failures? ● How to deal with container failures? ● How do you update your applications?

Slide 13

Slide 13 text

Kubernetes κυβερνήτης: Greek for “pilot” or “helmsman of a ship” the open source cluster manager from Google

Slide 14

Slide 14 text

Google Cloud Platform Cloud Native Computing Foundation

Slide 15

Slide 15 text

web browsers BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) Binary Borg What just happened?

Slide 16

Slide 16 text

web browsers BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard BorgMaster link shard UI shard Scheduler borgcfg web browsers scheduler Borglet Borglet Borglet Borg Kubernetes Borglet Config file BorgMaster link shard UI shard persistent store (Paxos) manifest.yaml Master Kubelet etcd Kubelet Kubelet Binary Docker Image Docker Hub/Private Repo Kubelet kubernetes-dashboard

Slide 17

Slide 17 text

Google Cloud Platform Small group of containers & volumes Tightly coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod Pods

Slide 18

Slide 18 text

Google Cloud Platform IPs are cluster-scoped • vs docker default private IP Pods can reach each other directly • even across nodes No brokering of port numbers • too complex, why bother? This is a fundamental requirement • can be L3 routed • can be underlayed (cloud) • can be overlayed (SDN) Kubernetes networking

Slide 19

Slide 19 text

Google Cloud Platform 10.1.1.0/24 10.1.1.1 10.1.1.2 10.1.2.0/24 10.1.2.1 10.1.3.0/24 10.1.3.1 Kubernetes networking

Slide 20

Slide 20 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...

Slide 21

Slide 21 text

Google Cloud Platform Deployments ReplicaSet - replicas: 4 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 22

Slide 22 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 23

Slide 23 text

Google Cloud Platform Deployments ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp

Slide 24

Slide 24 text

Google Cloud Platform Rolling Updates ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Deployment - name: MyApp kubectl apply ...

Slide 25

Slide 25 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 Rolling Updates ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v2 Deployment - name: MyApp

Slide 26

Slide 26 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 27

Slide 27 text

Google Cloud Platform ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v2 Deployment - app: MyApp Rolling Updates

Slide 28

Slide 28 text

Google Cloud Platform ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 29

Slide 29 text

Google Cloud Platform ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 2 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 30

Slide 30 text

Google Cloud Platform ReplicaSet - replicas: 1 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 31

Slide 31 text

Google Cloud Platform ReplicaSet - replicas: 0 - selector: - app: MyApp - version: v1 ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 32

Slide 32 text

Google Cloud Platform ReplicaSet - replicas: 3 - selector: - app: MyApp - version: v2 Rolling Updates Deployment - name: MyApp

Slide 33

Slide 33 text

Google confidential │ Do not distribute Services A group of pods that work together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Virtual IP Client

Slide 34

Slide 34 text

Google Cloud Platform Arbitrary metadata Attached to any API object Generally represent identity Queryable by selectors • think SQL ‘select ... where ...’ The only grouping mechanism • pods under a ReplicationController • pods in a Service • capabilities of a node (constraints) Labels

Slide 35

Slide 35 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE Selectors

Slide 36

Slide 36 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp Selectors

Slide 37

Slide 37 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = FE Selectors

Slide 38

Slide 38 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Role = BE Selectors

Slide 39

Slide 39 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = prod Selectors

Slide 40

Slide 40 text

Google Cloud Platform App: MyApp Phase: prod Role: FE App: MyApp Phase: test Role: FE App: MyApp Phase: prod Role: BE App: MyApp Phase: test Role: BE App = MyApp, Phase = test Selectors

Slide 41

Slide 41 text

Google Cloud Platform Run-to-completion, as opposed to run-forever • Express parallelism vs. required completions • Workflow: restart on failure • Build/test: don’t restart on failure Aggregates success/failure counts Built for batch and big-data work Status: GA in Kubernetes v1.2 ... Jobs

Slide 42

Slide 42 text

Google Cloud Platform Problem: I have too much stuff! • name collisions in the API • poor isolation between users • don’t want to expose things like Secrets Solution: Slice up the cluster • create new Namespaces as needed • per-user, per-app, per-department, etc. • part of the API - NOT private machines • most API objects are namespaced • part of the REST URL path • Namespaces are just another API object • One-step cleanup - delete the Namespace • Obvious hook for policy enforcement (e.g. quota) Namespaces

Slide 43

Slide 43 text

Google Cloud Platform • Managed Service - Master is fully managed, nodes partially managed • Auto Scaling - Scale the cluster up or down based on need • Heterogeneous Clusters - Clusters with different node types • Auto Repair - Auto repair unhealthy nodes • Load Balancing - Integration with Service & Ingress • GCP Features - Sustained Use Discounts, Preemptible instances, VPC, etc. GKE

Slide 44

Slide 44 text

Google Cloud Platform • Binary Authorization (beta) • Container Native Load Balancing (beta) • Private Clusters (GA) • Stackdriver Kubernetes Monitoring (beta) • GPU (GA) • Cloud TPU (beta) GKE

Slide 45

Slide 45 text

slack.kubernetes.io

Slide 46

Slide 46 text

Thank You