Managing Kubernetes with Puppet Puppet Labs Gareth Rushgrove Declarative code for Pods, Services and ReplicationControllers 

Gareth Rushgrove @garethr 

Gareth Rushgrove 

Human vs computer interfaces Concepts and demos Alternatives and interoperability Gareth Rushgrove - - - 

But isn’t YAML declarative? And other user interface tales 

Yes Gareth Rushgrove 

But code has advantages over just data Gareth Rushgrove 

Avoid repetition Combine external inputs Correctness Abstractions Gareth Rushgrove - - - - 

And context matters to the user interface Gareth Rushgrove 

Team size Regulation/compliance Multi-tenancy Infrastructure size Skills and experience Gareth Rushgrove - - - - - 

Also changes with kubectle patch diverge from the model $ kubectl patch --help Update field(s) of a resource using strategic merge patch JSON and YAML formats are accepted. Usage: kubectl patch (-f FILENAME | TYPE NAME) -p PATCH [flags] Examples: # Partially update a node using strategic merge patch kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}' Gareth Rushgrove 

$ kubectl apply --help Apply a configuration to a resource by filename or stdin. JSON and YAML formats are accepted. Usage: kubectl apply -f FILENAME [flags] Examples: # Apply the configuration in pod.json to a pod. $ kubectl apply -f ./pod.json And kubectl apply requires the full object serialisation Gareth Rushgrove 

Puppet A programming language for infrastructure 

Declarative code with an idempotent runtime model Gareth Rushgrove 

Describe what you want Gareth Rushgrove 

Converge from any state Gareth Rushgrove 

A familiar Kubernetes Pod definition in YAML Gareth Rushgrove 

What happens if you run the same YAML file twice? Gareth Rushgrove 

How many times do you have to repeat the same label? Gareth Rushgrove 

kubectl is actually pretty low-level Gareth Rushgrove 

kubectl get pod mypod -o yaml \ | sed 's/\(image: myimage\):.*$/\1:v4/' \ | kubectl replace -f - This is from the official kubectl help. It pipes to sed. Gareth Rushgrove 

The same Kubernetes Pod described in Puppet Gareth Rushgrove 

$ puppet apply examples/init.pp --test Info: Loading facts Notice: Compiled catalog for gareths in environment production in 1.24 seconds Info: Applying configuration version '1453298602' Info: Checking if sample-pod exists Info: Creating kubernetes_pod sample-pod Notice: /Stage[main]/Main/Kubernetes_pod[sample-pod]/ensure: created Notice: Applied catalog in 0.23 seconds Running without that Pod already existing will create it Gareth Rushgrove 

Running a second time, nothing changes because the Pod already exists Gareth Rushgrove $ puppet apply examples/init.pp --test Info: Loading facts Notice: Compiled catalog for garethr in environment production in 1.33 seconds Info: Applying configuration version '1453298688' Info: Checking if sample-pod exists Notice: Applied catalog in 0.15 seconds 

$ puppet resource kubernetes_pod sample-pod kubernetes_pod { 'sample-pod': ensure => 'present', metadata => { 'creationTimestamp' => '2016-01-20T14:03:23Z', 'name' => 'sample-pod', 'namespace' => 'default', 'resourceVersion' => '4579', 'selfLink' => '/api/v1/namespaces/default/pods/sample-pod’, 'uid' => '91c8a550-bf7e-11e5-816e-42010af001b1' }, spec => { 'containers' => [{ ‘image' => 'nginx', 'imagePullPolicy' => 'IfNotPresent', 'name' => ‘container-name', 'resources' => {'requests' => {'cpu' => '100m'}}, 'terminationMessagePat [{'mountPath' => '/var/run/secrets/kubernetes.io/serviceaccount', 'name' 'dnsPolicy' => 'ClusterFirst', 'nodeName' => 'gke-guestbook-dc15a31a-nod puppet resource allows for interrogating an existing Kubernetes installation Gareth Rushgrove 

$ kubectl describe pod sample-pod Name: sample-pod Namespace: default Image(s): nginx Node: gke-guestbook-dc15a31a-node-fyb6/10.240. Start Time: Wed, 20 Jan 2016 14:03:23 +0000 Labels: Status: Running Reason: Message: IP: 10.24.1.7 Replication Controllers: Containers: container-name: Container ID: docker://542389c5b2a98616ba3a8001029bc4a3f00d7c0 Image: nginx Image ID: docker://407195ab8b07 The same information is still accessible via other tooling Gareth Rushgrove 

kubernetes_pod kubernetes_service kubernetes_replication_controller kubernetes_node kubernetes_event kubernetes_endpoint kubernetes_namespace Gareth Rushgrove - - - - - - - kubernetes_secret kubernetes_resource_quota kubernetes_limit_range kubernetes_peristent_volume kubernetes_persistent_volume_claim kubernetes_component_status kubernetes_service_account - - - - - - - - Support for most of the Kubernetes primitives Gareth Rushgrove 

DEMO 

Reporting Change control Static analysis/unit testing tools Access control Gareth Rushgrove - - - - Not mentioning other features that come in handy 

Alternatives and interoperability Why options are a good thing 

Deis, OpenShift, Fabric8, Kubectl, Helm, Deployment Manager, Dashboard… Gareth Rushgrove 

Interoperable because of a stable set of primitives Gareth Rushgrove 

Allow for different use-cases and different life-cycles on the same infrastructure Gareth Rushgrove 

The Puppet interface targets operations use-cases where managing a model over time is useful Gareth Rushgrove 

Gareth Rushgrove The Puppet Kubernetes module is available on GitHub and on the Puppet Forge Gareth Rushgrove 

Gareth Rushgrove More details on the official Kubernetes blog Gareth Rushgrove 

Questions? And thanks for listening