Slide 1

Slide 1 text

Agenda 14:00 The room open 14:30 - 14:40 (10min) Opening by Japan Developer Advocate team 14:40 - 16:00 (80min) Cloud Native: Everything you need to know in 80 minutes! 16:00 - 16:10 Break 16:10 - 17:20 (70min) Knative: The next wave for Cloud Native 17:20 - 17:30 (10min) Q&A , Closing 1

Slide 2

Slide 2 text

Everything You Need To Know About Containers (in 80 minutes) Doug Davis | [email protected] | @duginabox 2

Slide 3

Slide 3 text

Agenda • Containers • Docker & Docker Images • Using Containers • Building Images • Kubernetes • Migration to Containers 3

Slide 4

Slide 4 text

What are containers? • A group of processes run in isolation • Similar to VMs but managed at the process level • All processes MUST be able to run on the shared kernel • Each container has its own set of "namespaces" (isolated view) • PID - process IDs • USER - user and group IDs • UTS - hostname and domain name • NS - mount points • NET - Network devices, stacks, ports • IPC - inter-process communications, message queues • cgroups - controls limits and monitoring of resources • Plus it gets its own root filesystem 4

Slide 5

Slide 5 text

VM vs Containers 5 Container Virtual Machine Hardware Hypervisor Virtual Machine Hardware Base OS/Kernel Container OS-specific files bins / libs App Operating System +procs bins / libs App App VS Virtual Machine Container VM ? Containers share the same base Kernel Each VM has its own OS App, bins/libs/OS must all be runnable on the shared kernel If OS files aren't needed they can be excluded.

Slide 6

Slide 6 text

Why Containers? • Fast startup time - only takes milliseconds to: • Create a new directory • Lay-down the container's filesystem • Setup the networks, mounts, ... • Start the process • Better resource utilization • Can fit far more containers than VMs into a host 6

Slide 7

Slide 7 text

What is Docker? • Tooling to manage containers • Containers are not new • Docker just made them easy to use • Docker creates and manages the lifecycle of containers • Setup filesystem • CRUD container • Setup networks • Setup volumes / mounts • Create: start new process telling OS to run it in isolation 7

Slide 8

Slide 8 text

Our first container $ docker run ubuntu echo Hello World Hello World • What happened? • Docker created a directory with a "ubuntu" filesystem (image) • Docker created a new set of namespaces • Ran a new process: echo Hello World • Using those namespaces to isolate it from other processes • Using that new directory as the "root" of the filesystem (chroot) • That's it! • Notice as a user I never installed "ubuntu" 8

Slide 9

Slide 9 text

ssh-ing into a container - faking it $ docker run -ti ubuntu bash root@62deec4411da:/# pwd / root@62deec4411da:/# exit $ • Now the process is "bash" instead of "echo" • But its still just a process • Look around, mess around, its totally isolated • rm /etc/passwd – no worries! • MAKE SURE YOU'RE IN A CONTAINER! 9

Slide 10

Slide 10 text

A look under the covers $ docker run ubuntu ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 14:33 ? 00:00:00 ps -ef • Things to notice • Each container only sees its own process(es) • Running as "root" • Running as PID 1 10

Slide 11

Slide 11 text

Docker Images • Tar file containing a container's filesystem + metadata • For sharing and redistribution • Global/public registry for sharing: DockerHub • Similar, in concept, to a VM image 11 Docker Host Containers Base OS/Kernel Containers Docker Engine Images Liberty Ubuntu

Slide 12

Slide 12 text

Docker Special Sauce • But first, let's compare VMs and Containers one more time... 12

Slide 13

Slide 13 text

VM vs Container: Notice the layers 13 Container Virtual Machine Hardware Hypervisor Virtual Machine Hardware Base OS/Kernel + procs Container OS-specific files bins / libs App Operating System +procs bins / libs App App VS Virtual Machine Container Containers share the same base Kernel Each VM has its own OS A layer A layer A layer

Slide 14

Slide 14 text

Shared / Layered / Union Filesystem • Docker uses a copy-on-write (union) filesystem • New files(& edits) are only visible to current/above layers • Layers allow for reuse • More containers per host • Faster start-up/download time • Images • Tarball of layers • Think: Transparencies on projector 14 Filesystem Fedora Ubuntu tomcat tomcat liberty CNTR1 CNTR2 CNTR3 CNTR4 app1 app2 app4 app3 Layer Layer Layer

Slide 15

Slide 15 text

Docker Registry • Creating and reusing images is only part of the story • Sharing them is the other • DockerHub - • Public registry of Docker Images • Hosted by Docker Inc. • Free for public images, pay for private ones (one free private) • By default docker engines will look in DockerHub for images • Browser interface for searching, descriptions of images 15 Docker Host Containers Base OS/Kernel Containers Docker Engine Registry Images Liberty Ubuntu mysql nginx Liberty Ubuntu

Slide 16

Slide 16 text

Docker Component Overview 16 • Docker Engine • Manages containers on a host • Accepts requests from clients • REST API • Maps container ports to host ports • E.g. 80 à 3582 • Images • Docker Client • Drives engine • Drives "builder" of Images • Docker Registry • Image DB Docker Host Containers Base OS/Kernel Containers Docker Engine $ docker run ... $ docker build ... Registry Exposed/Mapped Ports Images Liberty Ubuntu mysql nginx Liberty Ubuntu Client

Slide 17

Slide 17 text

Docker Summary • Docker is just a tool to manage containers • Key concepts: Containers, Docker Engine, Images, Registries • Docker value-add: • An excellent User Experience • Image Layers • Easily shared images via DockerHub • Why? When compared to VMs: • Better resource utilization - CPU, Memory, Disk • Faster start-up times • Easier tooling/scripting via Docker CLI 17 Applies to containers in general!

Slide 18

Slide 18 text

Using Containers • Containers are ephemeral & stateless • State is kept outside of the container • Volume mount into the container • External storage - e.g. cloud object storage, DB • Monitoring • Tools to monitor resource usage of container • Can limit resources allocated to each container to prevent excessive usage • Logging & Monitoring • Typically stdout/stderr of container is the log • Can leverage tooling and external services for capturing logs or metrics 18

Slide 19

Slide 19 text

What are they good for? • Just about everything • Servers, services - e.g. webapps, front-ends for back-end system • Pre-built environments - e.g. testing • Anything you don't want to install locally - e.g. compilers, runtimes • If you don't need to modify the kernel, start with containers 19

Slide 20

Slide 20 text

Demo $ docker-demo 20

Slide 21

Slide 21 text

Building Images • Reminder: Images are just snapshots of a filesystem + metadata • No runtime state is kept in the Image • Many tools available - e.g. "docker build" + Dockerfiles $ cat Dockerfile FROM golang COPY myapp.go / RUN go build -o /myapp /myapp.go FROM ubuntu COPY --from=0 /maypp /myapp ENTRYPOINT [ "/myapp" ] $ docker build -t myapp . $ docker run myapp 21

Slide 22

Slide 22 text

Container Orchestration • Single container management is relatively easy • Managing clusters of containers is a challenge • Networking • Between containers and external • Load-balancing • Security & Isolation • Scaling - e.g. based on load • Lifecycle management - e.g. restart if crashed • Placement to ensure high availability 22

Slide 23

Slide 23 text

Kubernetes • Container Orchestrator • Provision, manage, scale applications • Manage infrastructure resources needed by applications • Volumes • Networks • Secrets • And many many many more... • Declarative model • Provide the "desired state" and Kubernetes will make it happen • What's in a name? • Kubernetes (K8s/Kube): "Helmsman" in ancient Greek 23

Slide 24

Slide 24 text

Kubernetes Architecture • At its core, Kubernetes is a database (etcd). With "controllers" that react to changes in the DB. The controllers are what make it Kubernetes. This pluggability and extensibility is part of its "secret sauce". • DB represents the user's desired state • Controllers attempt to make reality match the desired state "API Server" is the HTTP/REST front-end to the DB More on controllers later... 24 DB API Server Client/User Controller Node Networks Volumes Secrets ... Request Monitor

Slide 25

Slide 25 text

Kubernetes Resource Model • Config Maps • Daemon Sets • Deployments • Events • Endpoints • Ingress • Jobs • Nodes • Namespaces • Pods • Persistent Volumes • Replica Sets • Secrets • Service Accounts • Services • Stateful Sets, and more... • Kubernetes aims to have the building blocks on which you build a cloud native platform. • Therefore, the internal resource model is the same as the end user resource model. Key Resources • Pod: set of co-located containers • Smallest unit of deployment • Several types of resources to help manage them • Replica Sets, Deployments, Stateful Sets, ... • Services • Define how to expose your app as a DNS entry • Query based selector to choose which pods apply 25 • A resource for every purpose

Slide 26

Slide 26 text

Sample Resource YAML 26 $ kubectl apply -f pod.yaml Less user-friendly than Docker's CLI apiVersion: apps/v1 kind: Deployment metadata: name: httpd-rs spec: replicas: 2 selector: matchLabels: app: httpd-app template: metadata: labels: app: httpd-app spec: containers: - name: httpd image: ibmdojo/httpd Pod YAML: apiVersion: v1 kind: Pod metadata: name: httpd-pod spec: containers: - name: httpd image: ibmdojo/httpd

Slide 27

Slide 27 text

Kubernetes In Action 27 1. User via "kubectl" deploys a new application 2. API server receives the request and stores it in the DB (etcd) 3. Controllers detect the resource changes and act upon it 4. Deployment controller detects the new app and creates new pods in the DB to matchthe desired # of instances 5. Scheduler assigns new pods to a kubelet 6. Kubelet detects pods and deploys them via the container runtime (e.g. Docker) 7. Kubeproxy manages network traffic for the pods – including service discovery and load-balancing Node Node Pod Base OS/Kernel Docker Engine Images Liberty Ubuntu Kublet Kube- Proxy Pod/Service C C C Master API Server Controllers Replication Endpoints ... Kub Client ( kubectl ) deployment.yml Storage (etcd) 7 1 2 3 4 6 Scheduler 5

Slide 28

Slide 28 text

Demo $ kube-demo 28

Slide 29

Slide 29 text

Kubernetes - Summary • Container Orchestration • Most popular in the community • Most major Cloud Native players are there • Lots of tooling to help with deploying/managing K8s and your apps • • • IBM Kubernetes Service: 29

Slide 30

Slide 30 text

Migrating to Containers / Modernizing your application • Build new cloud native apps • Breakdown monolith into microservices • Extend existing monolith using containers • Lift and Shift - to containers or VMs • Replace existing features with SaaS offerings • Leverage DevOps - CI/CD best practices 30

Slide 31

Slide 31 text

More & IBM IKS • Education : • Hands-on tutorials : • Docker 101 • Kubernetes 101 • Local Kubernetes Development • Helm 101 • Kubernetes Networking 101 • Istio 101 • Service Catalog • Knative 101 • IBM Kubernetes Service (IKS) : • Can get a free cluster to play with 31

Slide 32

Slide 32 text

Break 32

Slide 33

Slide 33 text

Knative- A New Way To Kube Doug Davis STSM - OM Knative [email protected] @duginabox

Slide 34

Slide 34 text

Agenda A bit of history... then some Knative... a demo!

Slide 35

Slide 35 text

In the beginning there was Docker, and it was good... $ docker run ubuntu echo Hello World Hello World o Containers o Build / Images o DockerHub

Slide 36

Slide 36 text

Then we started to mature, doing real work... o Networks o Volumes o Services o Swarm / SwarmKit

Slide 37

Slide 37 text

Adulting Kubernetes! Enterprise grade environment for deploying containerized applications. Enhancing developer productivity, resource efficiency, automated operations, and open source flexibility to accelerate your time to market. C-Suite Definition

Slide 38

Slide 38 text

The Claim: Kubernetes is for Developers Deploy and manage your containerized applications

Slide 39

Slide 39 text

Reality: What really is Kubernetes? A RESTful DB with a set of watchers that react to changes in the DB Blue/green deployments Containers Pods Replica Sets Deployments Services Endpoints Secrets Networks Volumes/PV/PVC Ingress / LBs yaml Spec vs Status helm kubectl Istio ...

Slide 40

Slide 40 text

Back to first principles What was Kubernetes supposed to be? - A platform to build platforms Reality: It is the platform - Force developers to manage infrastructure - With flexibility came complexity I just want to run my app!

Slide 41

Slide 41 text

Enter stage left... Serverless Increasing focus on business logic Decreasing concern (and control) over infrastructure implementation Virtual machines Functions Containers Bare Metal • Faster start-up times • Better resource utilization • Finer-grained management • Splitting up the monolith

Slide 42

Slide 42 text

Properties of Serverless • Stateless • Event Driven • Auto-scaled / Scale-to-zero • Short Lived • Reduced Cost • Faster Time to Market

Slide 43

Slide 43 text

Introducing Knative "Knative extends Kubernetes to provide a set of middleware components that are essential to build modern, source-centric, and container- based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center." - Kn docs Huh ?

Slide 44

Slide 44 text

What it really means... • An opinionated and simplified view of application management • Heavily influenced by Serverless • Allowing developers to focus on coding • New Kubernetes extension resources (CRDs)

Slide 45

Slide 45 text

Technical Details 3 Main Components • Serving is the runtime component • Eventing for loosely coupled services • Client for simplified UX to Kubernetes

Slide 46

Slide 46 text

Knative Serving Manages the hosting aspects of your app • Service - manages the lifecycle of app • Configuration - manage history of app • Revision - A snapshot of your app • Config and image • Route - Endpoint and network traffic management Route Configuration Revision 1 Revision 2 Revision 3 90% 10% Service

Slide 47

Slide 47 text

Knative Serving - What it really means... o Manages the core K8s resources for you o Provide a nicer UX for K8s o Enables easy traffic splitting - e.g. for A/B upgrades o Better resource utilization o Scale to zero capabilities o Auto-scaling on demand o Runtime building blocks on which Cloud Providers can build a Serverless platform

Slide 48

Slide 48 text

Knative Eventing Eventing Primitives o Event Source - connect to event producer o Can create the subscription for you o Brokers - a receiver of events o E.g. a queue o Trigger - ask for events from a Broker o Can specify a filter Manage to coordination/delivery of events to sinks Service Trigger ?? Broker Source Replies Sink Svc/Chan

Slide 49

Slide 49 text

Knative Eventing - Newer Things o Sequence o Ordered set of "Sinks" o Final "Reply" o Event Registry o Collection of EventTypes (Kn Broker, CloudEvent type/source/schema) o Auto registration by some EventSources (when sink is a broker)

Slide 50

Slide 50 text

Knative Client - kn kn [ noun ] [ verb ] [ args ] Services : Create, Delete, Describe, List, Update Revisions : Describe, Delete, List Routes : List WIP Plug-ins to extend list of commands Service Traffic splitting Integration with KnEventing

Slide 51

Slide 51 text

Knative Build Build container images from source • Built from your source control system • Customizable BuildTemplates define the build steps/process • Results are stored in a container registry

Slide 52

Slide 52 text

Tekton Not a Knative project but derived from Knative Build Task : set of "steps" : execution of a container TaskRun : resource representing the execution of a Task Pipeline : ordered set of "tasks" PipelineRun : resource representing the execution of a Pipeline Exercise for the user to connect Tekton to KnServing

Slide 53

Slide 53 text

Tekton - Example apiVersion: kind: TaskRun metadata: generateName: build-hello spec: serviceAccount: build-bot taskSpec: inputs: resources: - name: source type: git steps: - name: build-and-push workingdir: /workspace/source image: env: - name: DOCKER_CONFIG value: /builder/home/.docker command: - /kaniko/executor - --dockerfile=./Dockerfile - --context=/workspace/source/ - inputs: resources: - name: source resourceSpec: type: git params: - name: url value:

Slide 54

Slide 54 text

Demo time

Slide 55

Slide 55 text

Kubernetes Cluster Knative Demo Github Source Kn Service Revision v2 Revision v1 Route Kn API App Developer Config Tekton Build Image Repo Rebuild Svc Build Trigger App – v1 Istio Gateway App User App – v2 Builder Pod Github Repo Event Push Update Trigger

Slide 56

Slide 56 text

Demo Summary What we did: Serving: o Deployed several revision of an app o Each deployment did a rolling upgrade o Traffic split between revisions Eventing o Integrated Github webhook - subscribed o "push" events on our repo sent to a rebuild KnService Tekton o Invoked via rebuild KnService o Built new image, pushed to DockerHub o Triggered new revision of our app What we didn't do: o Create Deployment / ReplicaSet o Create a K8s Service o Create an Endpoint / Ingress o Set up a dynamic Load-Balancer o Set up an auto-scaler o Talk to Github directly to create web hook o ...

Slide 57

Slide 57 text

Knative: A Rose By Any Other Name... What is Knative? • Serverless Framework? • PaaS? • New "Deployment" w/ magic pixie dust? • A new Kubernetes user experience? Does it matter? Does it meet your needs? Letting developers be developers again

Slide 58

Slide 58 text

Knative - Technical Notes o Not full Pod support (yet) o Can use Istio for networking/traffic splitting o But it is optional o "kn" CLI is the preferred UX when not using yaml o Service vs Configs/Revisions/Routes o Consider Tekton for your CI/CD needs

Slide 59

Slide 59 text

Managed Knative on IKS - Experimental o Managed Knative add-on for IBM Cloud Kubernetes Service (IKS) - "experimental" o One click install of Knative into your cluster o Includes Istio o Updates to Knative are managed o $ ic ks cluster-addon-enable knative -y CLUSTER

Slide 60

Slide 60 text

IBM Developer / © 2019 IBM Corporation 60 • Knative: • IKS: • Demo: Thank You!