Google Cloud Platform Kubernetes v1.3 Kubernetes 1st Birthday meetup @ Sharethis 21st July 2016 Vishnu Kannan , @vishh (github, IRC, slack) Eric Tune , @erictune (github, slack) 

Google Cloud Platform v1.3 summary • Github stats relative to v1.2 - 54 contributors - 4700+ commits - 7950 files changed, 1,291,309 +/- • Distributed testing • Scalable build, testing and github automation • Cross-cluster federated services • Stateful applications • Ease of use for local development • Support for rkt and container standards OCI & CNI • Updated Kubernetes dashboard UI 

Google Cloud Platform Minikube 

Google Cloud Platform Minikube Goal: Develop & test k8s apps locally • Provide access to all portable k8s features Develop against a local Kubernetes cluster • Lightweight, single-command installation • Works across Linux & OS X. (Windows support soon) • Includes all dependencies • Local cluster can be managed via kubectl • Built-in Dashboard Status: GA since Kubernetes v1.3 Check out Minikube repo! @dlorenc @luxas @aaron-prindle @jimmidyson 

Google Cloud Platform Init Containers 

Google Cloud Platform Init Container Goal: initialize pods for applications • Setup volumes, configuration, etc., for applications. Initialize and customize application environment • Perform initialization of shared volumes ○ Download binaries, inject configuration or extension capability, initialize a database ● Reduce coupling: ● Between application images ● Inside of images ● Between initialization steps Status: ALPHA in Kubernetes v1.3 Pod Init Containers App Containers @smarterclayton @bprashanth 

Google Cloud Platform PetSets 

Google Cloud Platform PetSets (working name) Goal: enable clustered software on Kubernetes • mysql, redis, zookeeper, ... Clustered apps need “identity” and sequencing guarantees • stable hostname, available in DNS • an ordinal index • stable storage: linked to the ordinal & hostname • discovery of peers for quorum • startup/teardown ordering Mysql, Postgres, Zookeeper, etcd, etc. Status: ALPHA in Kubernetes v1.3 @smarterclayton @bprashanth 

Google Cloud Platform Cross Cluster Federated Services 

Google Cloud Platform Cross-cluster Federated Services Goal: Load Balance across multiple clusters • High availability across regions & cloud providers - Geographically aware DNS gets clients to the "closest" healthy cluster. - DNS + Kubernetes cluster-local service discovery. - Can default to cluster-local with failover to remote clusters. - Is API-compatible with a vanilla Kubernetes service. - Has no clusterIP (as it is cluster-independent) - Has a federation-wide load balancer hostname Give it a try by following this guide. Status: Beta in Kubernetes v1.3 Cross-cluster Load Balancer/DNS End-user Cluster 1 Cluster 2 Cluster 3 @huangyuqi @jianhuiz @quinton-hoole @justinsb @nikhiljindal @madhusudancs @mml 

Google Cloud Platform Node Pools (GKE only) 

Google Cloud Platform Node Pools (GKE Only) Goal: Load balance across zones in a single cluster Supports heterogeneous nodes Pods can be placed on specific node pools Staged rollout of Kubernetes upgrades (A/B testing) Support for multiple zones Combine this with Cluster Autoscaling! Status: Available in GKE Load Balancer End-user us-central1-b us-central1-a us-central1-f @a-robinson 

Google Cloud Platform Google IAM - GKE 

Google Cloud Platform Google IAM (GKE Only) Goal: Manage GKE permissions the same as other Google Cloud Platform Permissions Invite anyone with a Google account to use your cluster. Give Writer or Reader permissions. Status: Available in GKE K8s API Server Kubectl Google Auth'n Gcloud Google Auth'z Token @cjcullen [email protected] [email protected] Can get pods? Yes. Get Pods 

Google Cloud Platform Google IAM (GKE Only) Prereqs: • >=1.3 kubectl • >= 1.3 cluster Cluster Owner Steps: • http://cloud.google.com/console • IAM&Admin → Add User → Project Editor or Viewer Guest Steps: • gcloud projects list → $P • gcloud config set container/use_client_certificate False • gcloud container clusters get-credentials --zone $Z --project $P • kubectl get pods @cjcullen 

Google Cloud Platform Authz - OSS 

Google Cloud Platform Authz - RBAC Goal: Manage Permissions, via the API RBAC: Role-Based Access Control Create any number of different roles. Assign any users or groups to roles. Similarities to AWS, GCP IAM. Applies to all future Kinds easily. Status: Available everywhere but GKE @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) 

Google Cloud Platform Authz - RBAC kind: ClusterRole apiVersion: rbac.authorization.k8s. io/v1alpha1 metadata: name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] nonResourceURLs: [] @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) 

Google Cloud Platform Authz - RBAC kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1alpha1 metadata: name: read-pods subjects: - kind: User name: [email protected] roleRef: kind: ClusterRole name: pod-reader apiVersion: rbac.authorization.k8s.io/v1alpha1 @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) 

Google Cloud Platform Namespace: Other Namespace: Default No Namespace Authz - RBAC @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) ClusterRole pod-reader ClusterRoleBinding eric Role whatever RoleBinding vish Role secret-deleter RoleBinding rohit 1 2 3 4 5 1: eric can read pods in the whole cluster 2: vish can read pods in namespace default 3: rohit can read pods in namespace other 4: rohit can delete secrets in namespace other 5: not allowed 

Google Cloud Platform Scalability 

Google Cloud Platform Scalability Goal: Support large clusters & meet SLO - Guaranteed SLO for <= 2000 nodes - > 2000 nodes possible! - 60,000 pods supported by default - < 1s pod-startup latency More information here. @wojtek-t 

Google Cloud Platform Node Stability 

Google Cloud Platform Node Stability Goal: Kubernetes nodes are robust & always online Work In Progress Protection against memory pressure - Evict pods under memory pressure - Configurable hard & soft limits - In-built support for overcommit - Beta in v1.3 Nodes scalable to 100+ pods @derekwaynecarr @vishh 

Google Cloud Platform Rktnetes 

Google Cloud Platform Rktnetes Goal: Modular & reliable container runtime for k8s No monolithic daemon Pod isolation levels - Chroot jail - Namespaces + cgroups - Virtual Machine Lightweight Known issues exist! Try out Rktnetes! @yifan-gu @euank 

Google Cloud Platform Community Top 0.01% of all Github projects 1200+ external projects based on k8s Companies Contributing Companies Using 800+ unique contributors 

Google Cloud Platform 28 Kubernetes is Open https://kubernetes.io Special Interest Groups Code: github.com/kubernetes/kubernetes Chat: slack.k8s.io Twitter: @kubernetesio open community open design open source open to ideas 

Google Cloud Platform Thank you!