Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes at the Home Office (PHPUK 16)

Billie Thompson
February 19, 2016
Technology
1
310

Kubernetes at the Home Office (PHPUK 16)

At the Home Office we had a problem. Hundreds of lines of infrastructure, everyone doing their own thing, and reinventing the wheel. During this talk I'll tell you how we are attempting resolve that using Docker, Kubernetes and changing developer culture. This talk consists of 3 parts. In the first I will introduce you to docker and talk about how to use it to create reusable infrastructure components, then I will talk about how to deploy and manage those components with the open source PaaS Kubernetes, and finally I'll talk about changing our culture using tools and techniques to ensure we keep reusing into the future.

Billie Thompson

February 19, 2016
Tweet

More Decks by Billie Thompson

See All by Billie Thompson
PHP London: API Contracts using Open API
purplebooth
0
140
Symfony UK: API Contracts using Open API
purplebooth
0
250
Docker & Kubernetes at the Home Office
purplebooth
2
190
Docker at the Home Office
purplebooth
0
370
AngularJS and MicroServices
purplebooth
2
5.4k
MVVM and Silex
purplebooth
1
1.2k
MVVM and Silex - It's the future
purplebooth
0
760

Other Decks in Technology

See All in Technology
「エンジニアリングで運用を改善する」ためのAmazon CloudWatch活用
mitsuaki96
1
660
Vault Secrets Operator と Dynamic Secrets で安全にシークレットを使おう / Vault Secrets Operator and Dynamic Secrets
nnstt1
2
300
Supporting a Sustainable Fast Flow of Change with Effective Enabling Teams
emgsilva
2
100
Amazon VPC Lattice を使い始める前におさえておきたいポイント n 選 / Introduction to VPC Lattice
hayaok3
1
880
Turbinando Microsserviços com Distributed Cache
jordihofc
1
300
日浅流、 エンジニアリングマネージャーのしごと
takahia1988
0
110
microCMS AI
microcms
0
340
AI完全初心者でも最新の生成AIの仕組がわかった気になれるプレゼン
shimap_sampo
5
1.5k
新リリース:microCMSテンプレート
microcms
1
500
データマイニングと機械学習-K近傍法 & 機械学習のお作法
trycycle
0
180
MySQL and Vitess (and Kubernetes) at HubSpot
jfg956
0
140
「XIAOGYAN」への想い
matsujirushi
0
150

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
1.4k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
130
8.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
29k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
224
50k
Building an army of robots
kneath
300
41k
Building Applications with DynamoDB
mza
86
5.1k
A Philosophy of Restraint
colly
195
15k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
7
990
Robots, Beer and Maslow
schacon
154
7.5k
Writing Fast Ruby
sferik
613
58k
The Brand Is Dead. Long Live the Brand.
mthomps
48
3.9k
Typedesign – Prime Four
hannesfritz
34
1.6k

Transcript

  1. Kubernetes at the
    Home Office
    Billie Thompson
    @PurpleBooth
    https://github.com/PurpleBooth/flappy-endpoint - Examples!

    View Slide

  2. Billie
    Thompson
    @PurpleBooth
    Developer & Reluctant
    DevOps

    View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. Kubernetes

    View Slide

  7. View Slide

  8. –Docker
    “Docker is an open platform for developing,
    shipping, and running applications. Docker
    is designed to deliver your applications
    faster.”

    View Slide

  9. –Docker
    “Docker […] makes use of another
    technology called cgroups or control
    groups. A key to running applications in
    isolation is to have them only use the
    resources you want.”

    View Slide

  10. What is docker?
    Linux Kernel

    View Slide

  11. What is docker?
    Linux Kernel

    View Slide

  12. What is docker?
    Linux Kernel

    View Slide

  13. What is docker?
    Linux Kernel

    View Slide

  14. What is docker?
    Linux Kernel

    View Slide

  15. What is docker?
    Linux Kernel

    View Slide

  16. What is docker?
    Linux Kernel

    View Slide

  17. How do you run a
    container?
    $ docker run \
    --name=“flappy” \
    -p “80:80" \
    quay.io/purplebooth/flappy-endpoint

    View Slide

  18. View Slide

  19. Finding containers
    • registry.hub.docker.com (Sort by Stars)
    • Websites of software you’re using
    • Quay.io

    View Slide

  20. How do you make a
    container

    View Slide

  21. What is docker?
    FROM

    View Slide

  22. What is docker?
    FROM
    COPY

    View Slide

  23. What is docker?
    FROM
    COPY
    COPY

    View Slide

  24. What is docker?
    FROM
    COPY
    COPY
    RUN

    View Slide

  25. What is docker?
    FROM
    COPY
    COPY
    RUN
    quay.io/purplebooth/flappy-endpoint:latest

    View Slide

  26. View Slide

  27. Continuous Integration
    • Your artefact is now a container
    • Online build servers
    • https://hub.docker.com/
    • https://quay.io/repository/

    View Slide

  28. 12 Factor
    • http://12factor.net/
    • Key changes to your app:
    • Log to STDOUT
    • Configure using Environment variables

    View Slide

  29. Docker is awesome but how
    to manage

    View Slide

  30. Docker is awesome but how
    to manage
    ?

    View Slide

  31. View Slide

  32. Solves
    • Deployment
    • High Availability
    • Container State Maintenance (Is X still running?)

    View Slide

  33. Key Ideas
    • Pods
    • Replication Controllers
    • Secrets
    • Services

    View Slide

  34. Pods
    Linux Kernel

    View Slide

  35. Replication Controller
    Running?

    View Slide

  36. Service
    Proxy

    View Slide

  37. Flappy Endpoint
    PHP
    Pod
    PHP
    Pod
    Flappy
    Service
    SSL
    Terminator
    Pod
    SSL
    Terminator
    Pod
    SSL
    Terminator
    Service
    Flappy RC SSL RC

    View Slide

  38. --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: silex

    name: flappy-silex-v1

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: silex

    version: v1

    template:

    metadata: 

    labels: 

    service: flappy

    type: silex

    version: v1

    spec: 

    containers: 

    - 

    image: quay.io/purplebooth/flappy-endpoint

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-silex

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP

    restartPolicy: Always


    View Slide


  39. image: quay.io/purplebooth/flappy-endpoint

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-silex

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP


    View Slide

  40. --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: silex

    name: flappy-silex-v1

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: silex

    version: v1

    template:

    metadata: 

    labels: 

    service: flappy

    type: silex

    version: v1

    spec: 

    containers: 

    - …
    restartPolicy: Always


    View Slide

  41. Can you keep a secret?
    ---

    kind: Secret

    apiVersion: v1

    metadata:

    name: ssh-key-secret

    data:

    "id-rsa": "dmFsdWUtMg0KDQo="

    "id-rsa.pub": "dmFsdWUtMQ0K"

    View Slide

  42. Can you keep a secret?
    --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: nginx

    name: flappy-nginx-v0

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: nginx

    version: v0

    template: 

    metadata: 

    labels:

    service: flappy

    type: nginx

    version: v0

    spec:

    containers: 

    - 

    env: 

    - 

    name: SSL_CRT_PATH

    value: /certs/purplebooth-co-uk.crt

    - 

    name: SSL_KEY_PATH

    value: /certs/purplebooth-co-uk.key

    - 

    name: UPSTREAM

    value: "flappy-silex:80"

    image: quay.io/purplebooth/nginx-ssl-terminator

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-nginx

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP

    - 

    containerPort: 443

    name: https

    protocol: TCP

    volumeMounts: 

    - 

    mountPath: /certs

    name: ssl-certs

    restartPolicy: Always

    volumes: 

    - 

    name: ssl-certs

    secret: 

    secretName: ssl-certs


    View Slide

  43. Can you keep a secret?
    env: 

    - 

    name: SSL_CRT_PATH

    value: /certs/purplebooth-co-uk.crt

    - 

    name: SSL_KEY_PATH

    value: /certs/purplebooth-co-uk.key


    volumeMounts: 

    - 

    mountPath: /certs

    name: ssl-certs

    …

    volumes: 

    - 

    name: ssl-certs

    secret: 

    secretName: ssl-certs


    View Slide

  44. Load Balancer
    --- 

    apiVersion: v1

    kind: Service

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: nginx

    name: flappy-nginx

    spec: 

    ports: 

    - 

    name: http

    port: 80

    protocol: TCP

    targetPort: http

    - 

    name: https

    port: 443

    protocol: TCP

    targetPort: https

    selector: 

    service: flappy

    type: nginx

    type: LoadBalancer


    View Slide

  45. View Slide

  46. Ship It

    View Slide

  47. View Slide

  48. Rolling Updates

    View Slide

  49. View Slide

  50. Solving the Management
    Puzzle
    • No Ansible/Puppet/Chef/Hideous bash scripts
    • Rolling Updates
    • Health Checks
    • Services
    • Resource Limits

    View Slide

  51. View Slide

  52. Work like us
    • What and how we reuse things
    • Think like a platform
    • Work Securely

    View Slide

  53. Things We Reuse
    • Reuse Code
    • Reuse Containers
    • Reuse Environments

    View Slide

  54. The worlds most successful
    code reuse project
    • Work openly
    • Open source
    • Be Good People

    View Slide

  55. Being a good person
    (inside and out)
    • Version stuff (SemVer)
    • Write Beautiful Documentation
    • License
    • Code of Conduct

    View Slide

  56. Thinking like a Platform
    • Jira
    • Git
    • File Hosting

    View Slide

  57. Thinking like a PaaS
    • AWS + Kubernetes
    • CoreOS on AWS (with Kubernetes)
    • Google Container Engine (Kubernetes)
    • Vagrant + Kubernetes
    • KUBERNETES!

    View Slide

  58. Work Securely
    • Use WAF Containers
    • Control your upstream containers!
    • Physical separation (sometimes)

    View Slide

  59. Come be cool
    • Still pretty early days
    • Management is easy
    • Hosting Agnostic
    • Reuse
    • You can play with it today

    View Slide

  60. Any Questions!
    @purplebooth
    • https://billie.codes/1MXEtRc - Kubernets on
    Vagrant
    • https://github.com/PurpleBooth/flappy-endpoint
    • https://github.com/ukhomeoffice
    • https://joind.in/talk/d436e

    View Slide