Slide 1

Slide 1 text

1 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 12 factors Kubernetes Meetup CNCF Bordeaux #2 Etienne Coutaud 11 Décembre 2018

Slide 2

Slide 2 text

2 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Consultant CaaS @Pyxida Certified Kubernetes Administrator (CKA) https://github.com/etiennecoutaud @etiennecoutaud 2 $ whoami

Slide 3

Slide 3 text

3 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 01 1 Pod = 1 or n containers

Slide 4

Slide 4 text

4 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Pods multi containers Designs Patterns cache shard n Sidecar Ambassador Adapter Extend pod function Represent (proxy) Expose and normalize App Log Streaming App Cache Proxy App Monitoring adapter Logs Log aggregator cache shard 1 Monitoring service cache shard 1

Slide 5

Slide 5 text

5 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 02 Labels everywhere

Slide 6

Slide 6 text

6 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Labeling for technical and management reasons LabelSelector Label LabelSelector Label Label app=php app=java app=php env=prod type=db app=node env=dev version=1.1

Slide 7

Slide 7 text

7 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 03 Infrastructure as code Code versionning

Slide 8

Slide 8 text

8 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Infrastructure as code is code docker pipeline kubernetes pipeline App code (Dockerfile) infrastructure code (*.yml) Image docker Ressource k8s Ressource k8s Ressource k8s Registry cluster k8s build push push apply

Slide 9

Slide 9 text

9 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 04 Use Service to expose

Slide 10

Slide 10 text

10 Pyxida © 2018 - Reproduction interdite sans autorisation préalable One service for each use case 10 ClusterIP NodePort LoadBalancer Headless (ClusterIP=None) External

Slide 11

Slide 11 text

11 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 05 Use Configmaps and Secrets to manage configuration

Slide 12

Slide 12 text

12 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Configuration as a service Namespace Kubernetes cluster wide configuration configmap.yml secret.yml App configuration configmap.yml secret.yml Devs Admins

Slide 13

Slide 13 text

13 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 06 Limits and request for resources management

Slide 14

Slide 14 text

14 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Improve scheduling and protect against fork bomb 250Mo 1 RAM CPU Limits 1GO 2 Request 1 RAM CPU 1,5GO 2

Slide 15

Slide 15 text

15 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 07 Pods lifecycle

Slide 16

Slide 16 text

16 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Use deployment to manage pods deployment.yml replicaSet description Pods description $ kubectl apply -f deployment.yml Manage rolling update Manage replicas deployment description

Slide 17

Slide 17 text

17 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 08 Probes to monitor your pods

Slide 18

Slide 18 text

18 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Become resilient LivenessProbe ReadinessProbe OK OK KO KO KO OK Set up probes Pod is destroy and restart Pods go out of load balancing pool

Slide 19

Slide 19 text

19 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 09 Latest is not a version

Slide 20

Slide 20 text

20 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Build once run everywhere Feature Branch DEV RE7 PPROD PROD myapp myapp myapp myapp myapp 34u67gfx6 dev re7 pprod latest merge/promote promote promote tag/promote v1.0

Slide 21

Slide 21 text

21 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 10 Pods are stateless (if they dont’ need to be statefull)

Slide 22

Slide 22 text

22 Pyxida © 2018 - Reproduction interdite sans autorisation préalable What happens if my pod is stateful ? State horizontal scaling State State State round robin

Slide 23

Slide 23 text

23 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 11 Volumes are mount on a distributed storage system

Slide 24

Slide 24 text

24 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Kubernetes stateful way architecture 500Mo Distributed storage 1Go 1Go 5Go 10Go 10Go 50Go 3Go 20Go

Slide 25

Slide 25 text

25 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io 12 Mind your code 12 factors app compliant

Slide 26

Slide 26 text

26 Pyxida © 2018 - Reproduction interdite sans autorisation préalable 12 good practices by Heroku Main factors : ● Use version control system to manage your code ● Expose an healthcheck URL in your app ● Thinks your app stateless ● Use variables environment to configure your app ● Log on stdout/stderr ● Manage graceful shutdown/start

Slide 27

Slide 27 text

27 Pyxida © 2018 - Reproduction interdite sans autorisation préalable Bordeaux 33000 > France > www.pyxida.io Take Away ! ● Embrace Kubernetes paradigm ● Don’t bring infrastructure complexity into your code ● Think your application “cloud ready” for better management ● Don’t install Kubernetes, Prefer Managed Services if you can ● “Think Big, Start Small” ● Use Kubernetes community

Slide 28

Slide 28 text

28 Pyxida © 2018 - Reproduction interdite sans autorisation préalable www.pyxida.io Bordeaux 33000 > France > www.pyxida.io