Slide 1

Slide 1 text

control theory + declarative API = Kubernetes Lucas Käldström - CNCF Ambassador March 28, 2023 – Helsinki Image credit: CNCF

Slide 2

Slide 2 text

© 2023 Lucas Käldström 2 $ whoami Lucas Käldström, 1st-year MSc student at Aalto University, Finland CNCF Ambassador, Certified Kubernetes Administrator and Former Kubernetes maintainer KubeCon Speaker in Berlin, Austin, Copenhagen, Shanghai, Seattle, San Diego & Valencia KubeCon Keynote Speaker in Barcelona kubeadm, Weave Ignite & libgitops co-author, Entrepreneur Cloud Native Nordics co-founder & meetup organizer Guild of Automation and Systems Technology Head of Corporate Relations

Slide 3

Slide 3 text

© 2023 Lucas Käldström 3 est. 2014

Slide 4

Slide 4 text

© 2023 Lucas Käldström 4 Based on decades of experience at Google

Slide 5

Slide 5 text

© 2023 Lucas Käldström 5 Fast-forward 7 years, has 75000+ contributors Cloud Native Computing Foundation is a non-profit under Linux Foundation CNCF hosts 153 “cloud native” projects under it’s vendor-neutral umbrella Kubernetes was the first project donated to CNCF by Google in 2015 It is one of the top 10 most actively developed open source projects

Slide 6

Slide 6 text

© 2023 Lucas Käldström 6 Let’s start by defining it

Slide 7

Slide 7 text

© 2023 Lucas Käldström 7 A Container Orchestrator? Yes

Slide 8

Slide 8 text

© 2023 Lucas Käldström 8 A Container Orchestrator? Yes But in fact, even more than that

Slide 9

Slide 9 text

© 2023 Lucas Käldström 9 Kubernetes: A Control Plane for (any) infrastructure

Slide 10

Slide 10 text

© 2023 Lucas Käldström 10 Kubernetes: A Control Plane for (any) infrastructure = A set of automated controllers with operational knowledge of how to control a target system

Slide 11

Slide 11 text

Not: Humans Operating Servers

Slide 12

Slide 12 text

Instead: Humans Operating Automation, that in turn Operate Servers

Slide 13

Slide 13 text

© 2023 Lucas Käldström 13 Credits to Simon Sinek

Slide 14

Slide 14 text

© 2023 Lucas Käldström 14 Run anywhere Self-healing Scalable workload scheduling Service discovery + config mgmt What?

Slide 15

Slide 15 text

© 2023 Lucas Käldström 15 Specify once; Kubernetes makes your dream true JSON container workload specification REST API server HTTP POST JSON object Container Workload Controller read desired state *The process doesn’t look exactly like this, it is a simplified mental model for now pull start re-start monitor

Slide 16

Slide 16 text

© 2023 Lucas Käldström 16 Credits to Simon Sinek

Slide 17

Slide 17 text

© 2023 Lucas Käldström 17 Run anywhere Self-healing Scalable workload scheduling Service discovery + config mgmt How? Closed-loop controllers Uniform, declarative and extensible API

Slide 18

Slide 18 text

© 2023 Lucas Käldström 18 Sysadmin Servers/Applications controls business value (e.g. webservice) business objective narrative Classic system administration (Imperative) e.g. “start 5 virtual machines through GUI”

Slide 19

Slide 19 text

© 2023 Lucas Käldström 19 Sysadmin Servers/Applications controls business value (e.g. webservice) Monitoring dashboard - business objective narrative (desired state in PDF) + human diff actual state Classic system administration (Declarative) e.g. “start 2 static web server processes per VM, send alerts via email if CPU exhausted”

Slide 20

Slide 20 text

© 2023 Lucas Käldström 20 Controller Servers/Applications controls business value (e.g. webservice) Monitoring data - declarative business objective (desired state in JSON) + programmatic diff actual state System Administration by Kubernetes Operators REST API desired state REST API actual state e.g. “I want at least 10 web servers always running, scale up to 20 if load is high. I don’t care where the web servers run as long as they are reachable in this subnet”

Slide 21

Slide 21 text

© 2023 Lucas Käldström 21 declarative business objective (desired state in JSON) Notice that desired and actual state are separated REST API desired state REST API actual state REST API is uniform, i.e. all resources has the same structure: kind, apiVersion, metadata, spec, Status REST API is extensible, you can add your own objects freely kind: Pod # What kind of object is this? apiVersion: v1 # What schema version is used? metadata: # Metadata about this object name: my-pod labels: app: web spec: # Desired state, set by user containers: - image: nginx:1.23 ports: - containerPort: 80 status: # Actual, observed state, set by controller conditions: - type: Ready status: "True" lastTransitionTime: 2018-01-01T00:00:00Z

Slide 22

Slide 22 text

© 2023 Lucas Käldström 22 controllers + extensible API = abstraction layer

Slide 23

Slide 23 text

© 2023 Lucas Käldström 23 Kubernetes is a “platform for platforms” Platform A Platform B Platform C Platform D

Slide 24

Slide 24 text

© 2023 Lucas Käldström 24 Kubernetes is a “platform for platforms” Platform A Platform B Platform C Platform D

Slide 25

Slide 25 text

© 2023 Lucas Käldström 25 Let’s say I create a “Workload” controller with the following API: kind: Workload # What kind of object is this? apiVersion: luxas.dev/v1 # What schema version is used? metadata: # Metadata about this object name: my-workload spec: # Desired state, set by user type: VM osImage: https://luxas.dev/ubuntu-2204 status: # Actual, observed state, set by controller phase: Running bootTime: 2023-03-28T00:00:00Z

Slide 26

Slide 26 text

© 2023 Lucas Käldström 26 Workload Controller Target Servers controls business value, running workloads Inspect server state - + programmatic diff actual state Controller implemented as: Workload spec Workload status

Slide 27

Slide 27 text

© 2023 Lucas Käldström 27 I need to make two new controllers: 1) a replicated Workload, which creates multiple workloads based on a template 2) a “Job” workload, which runs until completion

Slide 28

Slide 28 text

© 2023 Lucas Käldström 28 But I don’t want to duplicate the implementation of the Workload controller!

Slide 29

Slide 29 text

© 2023 Lucas Käldström 29 Workload Controller Target Servers running workloads Inspect server state - + Workload API object spec+status ReplicatedWorkload Controller Observe status - + ReplicatedWorkload spec ReplicatedWorkload status JobWorkload Controller Observe status - + JobWorkload spec JobWorkload status create “child” Workload object create “child” Workload object

Slide 30

Slide 30 text

© 2023 Lucas Käldström 30 Now the declarative implementation of controlling the Workload can be re-used and built upon!

Slide 31

Slide 31 text

© 2023 Lucas Käldström 31 This forms a loosely coupled microservice architecture! REST API server JobWorkload Workload ReplicatedWorkload JobWorkload controller ReplicatedWorkload controller Workload controller declare intent declare intent

Slide 32

Slide 32 text

© 2023 Lucas Käldström 32 Run anywhere Self-healing Scalable workload scheduling Service discovery + config mgmt How? Closed-loop controllers Uniform, declarative and extensible API

Slide 33

Slide 33 text

© 2023 Lucas Käldström 33 Kubernetes: A Control Plane for (any) infrastructure

Slide 34

Slide 34 text

Not: Humans Operating Servers

Slide 35

Slide 35 text

Instead: Humans Operating Automation, that in turn Operate Servers

Slide 36

Slide 36 text

Summary Baim Hanif on Unsplash Thank you! @luxas on Github @luxas on LinkedIn @luxas on SpeakerDeck @kubernetesonarm on Twitter [email protected]