Kyle Bai ⽩白凱仁 容器環境與應⽤用案例例

@k2r2bai • Overview of Kubernetes • An application for Kubernetes • Scale and rolling upgrade application • Monitoring application • Logging application Agenda Today I would like to talk about

Overview of Kubernetes

@k2r2bai kernel libs app app app app • No isolation. • No namespace. • Share common library. • High coupling for the application or OS. Bare Metal

@k2r2bai • Fully isolated and hence more secure. • Manage multiple VMs are not inefficient. • High coupling for the application or OS. • Limited performance • Startup time in minutes. Virtual Machines app libs kernel libs app app kernel app libs libs kernel kernel OS Virtualization

@k2r2bai • Process-level isolation, possibly less secure. • High coupling for the kernel. • Native performance. • Startup time in milliseconds. • Lightweight Containers(OS-Level Virtualization) Application Virtualization libs app kernel libs app libs app libs app

@k2r2bai Kubernetes • Container orchestration • Self-healing • Horizontal scaling • Service discovery and Load balancing • Automated rollouts and rollbacks • Secrets and configuration management • Storage orchestration “Kubernetes is becoming the Linux of the cloud” Jim Zemlin, Linux Foundation

@k2r2bai Kubernetes Architecture UI CLI API Users Master Nodes etcd scheduler controllers apiserver kubelet kube-proxy add-ons container runtime

@k2r2bai Kubernetes System Layers Nucleus: API and Execution Application Layer: Deployment and Routing Governance Layer: Automation and Policy Enforcement Interface Layer: Client Libraries and Tools Ecosystem Container Runtime Network Plugin Volume Plugin Image Registry Cloud Provider Identity Provider Device Plugin

@k2r2bai Governance Layer: Automation and Policy Enforcement (APIs optional and pluggable) Application Layer: Deployment and Routing (APIs required and pluggable) Nucleus: API and Execution (APIs required and not pluggable) CronJob batch/ v2alpha1 Job batch/v1 Deployment apps/v1 DaemonSet apps/v1 Pod core/v1 ReplicaSet apps/v1 StatefulSet apps/v1 ReplicationController core/v1 Endpoints core/v1 Ingress extensions/v1beta1 Service core/v1 ConfigMap core/v1 Secret core/v1 PersistentVolumeClaim core/v1 StorageClass storage/v1 ControllerRevision apps/v1 Event core/v1 LimitRange core/v1 ValidatingWebHookConfiguration admissionregistration/v1alpha1 HorizontalPodAutoscaler autoscaling/v1 APIService apiregistration/v1beta1 PodDisruptionBudget policy/v1beta1 PodPreset settings/v1alpha1 PodSecurityPolicy extensions/v1beta1 CertificateSigningRequest certificates/v1beta1 ClusterRole rbac/v1beta1 ClusterRoleBinding rbac/v1beta1 LocalSubjectAccessReview authorization/v1 Namespace core/v1 Node core/v1 PersistentVolume core/v1 ResourceQuota core/v1 Role rbac/v1beta1 RoleBinding rbac/v1beta1 SelfSubjectAccessReview authorization/v1 ServiceAccount core/v1 SubjectAccessReview authorization/v1 NetworkPolicy networking/v1 ComponentStatus core/v1 PriorityClass scheduling/v1alpha1 ClusterServiceBroker servicecatalog/v1beta1 ClusterServiceClass servicecatalog/v1beta1 ClusterServicePlan servicecatalog/v1beta1 ServiceInstance servicecatalog/v1beta1 ServiceBinding servicecatalog/v1beta1 MutatingWebHookConfiguration admissionregistration/v1alpha1 SelfSubjectRulesReview authorization/v1 TokenReview authentication/v1 CustomResourceDefinition apiextensions/v1beta1

@k2r2bai

@k2r2bai Interacting with Kubernetes • We will interact with our Kubernetes cluster through the Kubernetes API. • The Kubernetes API is (mostly) RESTful. • It allows us to create, read, update, delete resources. • We also can interact with Kubernetes through CLI tool or the client libraries.

An application for Kubernetes

@k2r2bai What's this application? • It’s a voting application. • A simple distributed application running across multiple Kubernetes containers. • Each application is written by different programming language. Java

@k2r2bai Voting App in the microservices era Voting App is made of 5 services: • Voting: A front-end web app written in Python which lets you vote between two options • Redis: To queue which collects new votes. • Worker: A Java worker which consumes votes and stores them in. • Database: A Postgres database backed by a container volume. • Result: A Node.js webapp which shows the results of the voting in real time. These 5 services are visible in the application's Kubernetes YAML file.

@k2r2bai How to containerize an application? • Use Docker to build an image from a Dockerfile. • Deploy an image to Kubernetes as a container.

@k2r2bai How to deploy an application in Kubernetes? • Using YAML for Kubernetes definitions. • Define you expect for deploying your application. • Kubernetes provides many kinds of resource for implementing container deployment, service exposing, ..., etc.

Scale and rolling upgrade application

@k2r2bai L4 Load balancing your application • A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them - sometimes called a micro-service. • Use IPTable(Random) or IPVS(Algorithms) for implementing load balancer. Service Client Proxy

@k2r2bai L7 Load balancing your application • An API object that manages external access to the services in a cluster, typically HTTP. • Ingress can provide load balancing, SSL termination and name-based virtual hosting. • Use NGINX as a backend for implementing load balancer.

@k2r2bai Scale your application • Kubernetes can use API to scale you application. • Support for RC/RS/Deployment. Scale API

@k2r2bai Autoscale your application by HPA • The Horizontal Pod Autoscaler automatically scales the number of applications in a replication controller, deployment or replica set based on observed CPU utilization. • Support for using CLI to create HPA. • kubectl autoscale deployment php-apache --cpu- percent=50 --min=1 --max=10

@k2r2bai Rolling Updates Deployment - replicas: 3 - selector: - app: my-app - version: v1 Service - app: my-app Live-update an application $ kubectl set image deployment \ my-app my-app= :v2 —record

@k2r2bai Deployment - replicas: 3 - selector: - app: my-app - version: v1 Deployment - replicas: 0 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 3 - selector: - app: my-app - version: v1 Deployment - replicas: 1 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 2 - selector: - app: my-app - version: v1 Deployment - replicas: 1 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 2 - selector: - app: my-app - version: v1 Deployment - replicas: 2 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 1 - selector: - app: my-app - version: v1 Deployment - replicas: 2 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 1 - selector: - app: my-app - version: v1 Deployment - replicas: 3 - selector: - app: my-app - version: v2 Service - app: my-app

@k2r2bai Deployment - replicas: 0 - selector: - app: my-app - version: v1 Deployment - replicas: 3 - selector: - app: my-app - version: v2 Service - app: my-app

Monitoring Kubernetes

@k2r2bai Monitoring: Prometheus + Grafana

@k2r2bai

Logging Kubernetes

@k2r2bai Logging: Elasticsearch + Fluentd + Kibana

@k2r2bai

@k2r2bai KAIREN OUT!! THANK YOU!!!