Kubernetes & Container Engine Sandeep Parikh Solutions Architect @crcsmnky

2 Google Cloud Platform Container Challenges “If we run our containers on VMs, I don’t want to manage anything” “How do I get my containers to talk to one another?” “Where should I run my containers? “How do we ensure our containers are running smoothly?”

No content

Google launches over 2 billion containers each week

Kubernetes is based on years of experience running containers at scale

6 Google Cloud Platform ● Run and manage a cluster of containers as a single system ● Orchestrate containers by scheduling on to cluster nodes ● Ensure state and group into units for management and discovery ● Open source and developed in the open ● Driven by the community http://cncf.io ● Deployable everywhere Kubernetes

7 CNCF

Confidential & Proprietary Google Cloud Platform 8 Building Blocks

9 Google Cloud Platform cluster

10 Google Cloud Platform cluster virtual machines that Kubernetes manages

11 Google Cloud Platform cluster node master node node

12 Google Cloud Platform cluster node master node node node node node node node node node node node node node node node node node node node node cluster

13 Google Cloud Platform pod

14 Google Cloud Platform pod group of containers sharing storage and network pod

15 Google Cloud Platform pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80 pod.yaml

16 Google Cloud Platform pod.yaml node master node node pod.yaml

17 Google Cloud Platform pod.yaml node master node node pod.yaml

18 Google Cloud Platform pod.yaml node master node node pod.yaml

19 Google Cloud Platform replication controller

20 Google Cloud Platform replication controller ensure N pods are running replication controller

21 Google Cloud Platform rc.yaml kind: ReplicationController apiVersion: v1 metadata: name: frontend spec: replicas: 4 selector: role: www template: metadata: name: www labels: role: www spec: containers: - name: nginx image: nginx ports: - containerPort: 80 rc.yaml

22 Google Cloud Platform rc.yaml kind: ReplicationController apiVersion: v1 metadata: name: frontend spec: replicas: 4 selector: role: www template: metadata: name: www labels: role: www spec: containers: - name: nginx image: nginx ports: - containerPort: 80 rc.yaml

23 Google Cloud Platform rc.yaml kind: ReplicationController apiVersion: v1 metadata: name: frontend spec: replicas: 4 selector: role: www template: metadata: name: www labels: role: www spec: containers: - name: nginx image: nginx ports: - containerPort: 80 rc.yaml

24 Google Cloud Platform rc.yaml kind: ReplicationController apiVersion: v1 metadata: name: frontend spec: replicas: 4 selector: role: www template: metadata: name: www labels: role: www spec: containers: - name: nginx image: nginx ports: - containerPort: 80 rc.yaml

25 Google Cloud Platform rc.yaml node master node node rc.yaml

26 Google Cloud Platform rc.yaml node master node node rc.yaml

27 Google Cloud Platform node master node node rc.yaml rc.yaml

Confidential & Proprietary Google Cloud Platform 28 How do we connect to the pods?

29 Google Cloud Platform service service

30 Google Cloud Platform service abstraction to communicate with pods service

31 Google Cloud Platform service master service service

32 Google Cloud Platform service master service service

33 Google Cloud Platform service master service service service

34 Google Cloud Platform service master service public load balancer service service

35 Google Cloud Platform svc.yaml kind: Service apiVersion: v1 metadata: name: www-frontend spec: ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: role: www type: LoadBalancer svc.yaml

36 Google Cloud Platform svc.yaml kind: Service apiVersion: v1 metadata: name: www-frontend spec: ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: role: www type: LoadBalancer svc.yaml

37 Google Cloud Platform svc.yaml kind: Service apiVersion: v1 metadata: name: www-frontend spec: ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: role: www type: LoadBalancer svc.yaml

Confidential & Proprietary Google Cloud Platform 38 Container Engine

39 Google Cloud Platform Google Container Engine Hosted Kubernetes with managed resources Run clusters on a bundle of Google Compute Engine resources: Instances, Disks, Networking, Load Balancer Built-in support for centralized logging and container health checking Private container registry at gcr.io

Confidential & Proprietary Google Cloud Platform 40 What’s New

41 Google Cloud Platform New in Kubernetes 1.1 ● Ingress (L7) ● iptables kube-proxy ● ConfigMaps ● Deployments ● Jobs ● DaemonSets ● Graceful Termination ● Horizontal Pod Autoscaling ● Cluster Node Scaling

42 Google Cloud Platform Ingress Services are assumed L3/L4 Lots of apps want HTTP/HTTPS Ingress maps incoming traffic to backend services • by HTTP host headers • by HTTP URL paths HAProxy, NGINX, AWS and GCE implementations in progress Now with SSL! Status: BETA in Kubernetes v1.2 URL Map Client

43 Google Cloud Platform iptables kube-proxy

44 Google Cloud Platform ConfigMaps Problem: how to manage app configuration • ...without making overly-brittle container images 12-factor says config comes from the environment • Kubernetes is the environment Manage config via the Kubernetes API Inject config as a virtual volume into your Pods • late-binding, live-updated (atomic) • also available as env vars Status: GA in Kubernetes v1.2 node API Pod Config Map

45 Google Cloud Platform Deployments Rolling update is too imperative Deployment manages RC changes for you • stable object name • updates are done server-side rather than client • kubectl edit or kubectl apply is all you need Aggregates stats Can have multiple updates in flight Status: BETA in Kubernetes v1.2 ...

46 Google Cloud Platform Jobs Run-to-completion, as opposed to run-forever • Express parallelism vs. required completions • Workflow: restart on failure • Build/test: don’t restart on failure Aggregates success/failure counts Built for batch and big-data work Status: GA in Kubernetes v1.2 ...

47 Google Cloud Platform Daemon Sets Problem: how to run a Pod on every node • or a subset of nodes Similar to ReplicationController • principle: do one thing, don’t overload “Which nodes?” is a selector Use familiar tools and patterns Status: BETA in Kubernetes v1.2 Pod

48 Google Cloud Platform Graceful Termination Give pods time to clean up • finish in-flight operations • log state • flush to disk • 30 seconds by default Catch SIGTERM, cleanup, exit ASAP Pod status “Terminating” Declarative: ‘DELETE’ manifests as an object field in the API

49 Google Cloud Platform HorizontalPodAutoScalers Automatically scale ReplicationControllers to a target utilization • CPU utilization for now • Probably more later Operates within user-defined min/max bounds Set it and forget it Status: GA in Kubernetes v1.2 ... Stats

50 Google Cloud Platform Cluster Scaling Add nodes when needed • e.g. CPU usage too high • nodes self-register with API server Remove nodes when not needed • e.g. CPU usage too low Status: Works on GCE, need other implementations ...

Confidential & Proprietary Google Cloud Platform 51 Coming Soon

52 Google Cloud Platform Coming Soon • Cron (scheduled jobs) • Custom metrics • “Apply” a config (even more declarative) • Interactive containers • Bandwidth shaping • Third-party API objects • Scalability: 1000 nodes, 100+ pods/node • Performance • Machine-generated Go clients (less deps!) • Volume usage stats • Multi-zone (AZ) support • Multi-scheduler support • Node affinity and anti-affinity • Multi-cluster federation • API federation • More volume types • Private Docker registry • External DNS integration • Volume classes and auto-provisioning • Node fencing • DiY Cloud Provider plugins • More container runtimes (e.g. Hyper) • Better auth{n,z} • Network policy (micro-segmentation) • Big data integrations • Device scheduling (e.g. GPUs)

53 Google Cloud Platform Kubernetes Status and Plans Open sourced in June, 2014 • v1.0 in July, 2015 • v1.1 in November, 2015 • v1.2 ... soon! Google Container Engine (GKE) • hosted Kubernetes - don’t think about cluster setup PaaSes: • RedHat OpenShift, Deis, Stratos Distros: • CoreOS Tectonic, Mirantis Murano (OpenStack),RedHat Atomic, Mesos Hitting a ~3 month release cadence

Thanks!