Kubernetes at the Home Office (PHPUK 16)

Kubernetes at the Home Office Billie Thompson @PurpleBooth https://github.com/PurpleBooth/ﬂappy-endpoint -
Examples!

Billie Thompson @PurpleBooth Developer & Reluctant DevOps

Kubernetes

–Docker “Docker is an open platform for developing, shipping, and
running applications. Docker is designed to deliver your applications faster.”

–Docker “Docker […] makes use of another technology called cgroups
or control groups. A key to running applications in isolation is to have them only use the resources you want.”

What is docker? Linux Kernel

How do you run a container? $ docker run \
--name=“flappy” \ -p “80:80" \ quay.io/purplebooth/flappy-endpoint

Finding containers • registry.hub.docker.com (Sort by Stars) • Websites of
software you’re using • Quay.io

How do you make a container

What is docker? FROM

What is docker? FROM COPY

What is docker? FROM COPY COPY

What is docker? FROM COPY COPY RUN

What is docker? FROM COPY COPY RUN quay.io/purplebooth/flappy-endpoint:latest

Continuous Integration • Your artefact is now a container •
Online build servers • https://hub.docker.com/ • https://quay.io/repository/

12 Factor • http://12factor.net/ • Key changes to your app:
• Log to STDOUT • Conﬁgure using Environment variables

Docker is awesome but how to manage

Docker is awesome but how to manage ?

Solves • Deployment • High Availability • Container State Maintenance
(Is X still running?)

Key Ideas • Pods • Replication Controllers • Secrets •
Services

Pods Linux Kernel

Replication Controller Running?

Service Proxy

Flappy Endpoint PHP Pod PHP Pod Flappy Service SSL Terminator
Pod SSL Terminator Pod SSL Terminator Service Flappy RC SSL RC

---   apiVersion: v1  kind: ReplicationController  metadata:   labels:  
facing: front  service: flappy  type: silex  name: flappy-silex-v1  spec:   replicas: 2  selector:   service: flappy  type: silex  version: v1  template:  metadata:   labels:   service: flappy  type: silex  version: v1  spec:   containers:   -   image: quay.io/purplebooth/flappy-endpoint  imagePullPolicy: Always  livenessProbe:   httpGet:   path: /  port: 80  initialDelaySeconds: 15  timeoutSeconds: 1  name: flappy-silex  ports:   -   containerPort: 80  name: http  protocol: TCP  restartPolicy: Always 

  image: quay.io/purplebooth/flappy-endpoint  imagePullPolicy: Always  livenessProbe:   httpGet:   path:
/  port: 80  initialDelaySeconds: 15  timeoutSeconds: 1  name: flappy-silex  ports:   -   containerPort: 80  name: http  protocol: TCP 

---   apiVersion: v1  kind: ReplicationController  metadata:   labels:  
facing: front  service: flappy  type: silex  name: flappy-silex-v1  spec:   replicas: 2  selector:   service: flappy  type: silex  version: v1  template:  metadata:   labels:   service: flappy  type: silex  version: v1  spec:   containers:   - … restartPolicy: Always 

Can you keep a secret? ---  kind: Secret  apiVersion: v1 
metadata:  name: ssh-key-secret  data:  "id-rsa": "dmFsdWUtMg0KDQo="  "id-rsa.pub": "dmFsdWUtMQ0K"

Can you keep a secret? ---   apiVersion: v1  kind:
ReplicationController  metadata:   labels:   facing: front  service: flappy  type: nginx  name: flappy-nginx-v0  spec:   replicas: 2  selector:   service: flappy  type: nginx  version: v0  template:   metadata:   labels:  service: flappy  type: nginx  version: v0  spec:  containers:   -   env:   -   name: SSL_CRT_PATH  value: /certs/purplebooth-co-uk.crt  -   name: SSL_KEY_PATH  value: /certs/purplebooth-co-uk.key  -   name: UPSTREAM  value: "flappy-silex:80"  image: quay.io/purplebooth/nginx-ssl-terminator  imagePullPolicy: Always  livenessProbe:   httpGet:   path: /  port: 80  initialDelaySeconds: 15  timeoutSeconds: 1  name: flappy-nginx  ports:   -   containerPort: 80  name: http  protocol: TCP  -   containerPort: 443  name: https  protocol: TCP  volumeMounts:   -   mountPath: /certs  name: ssl-certs  restartPolicy: Always  volumes:   -   name: ssl-certs  secret:   secretName: ssl-certs 

Can you keep a secret? env:   -   name:
SSL_CRT_PATH  value: /certs/purplebooth-co-uk.crt  -   name: SSL_KEY_PATH  value: /certs/purplebooth-co-uk.key  … volumeMounts:   -   mountPath: /certs  name: ssl-certs  …  volumes:   -   name: ssl-certs  secret:   secretName: ssl-certs 

Load Balancer ---   apiVersion: v1  kind: Service  metadata:  
labels:   facing: front  service: flappy  type: nginx  name: flappy-nginx  spec:   ports:   -   name: http  port: 80  protocol: TCP  targetPort: http  -   name: https  port: 443  protocol: TCP  targetPort: https  selector:   service: flappy  type: nginx  type: LoadBalancer 

Ship It

Rolling Updates

Solving the Management Puzzle • No Ansible/Puppet/Chef/Hideous bash scripts •
Rolling Updates • Health Checks • Services • Resource Limits

Work like us • What and how we reuse things
• Think like a platform • Work Securely

Things We Reuse • Reuse Code • Reuse Containers •
Reuse Environments

The worlds most successful code reuse project • Work openly
• Open source • Be Good People

Being a good person (inside and out) • Version stuff
(SemVer) • Write Beautiful Documentation • License • Code of Conduct

Thinking like a Platform • Jira • Git • File
Hosting

Thinking like a PaaS • AWS + Kubernetes • CoreOS
on AWS (with Kubernetes) • Google Container Engine (Kubernetes) • Vagrant + Kubernetes • KUBERNETES!

Work Securely • Use WAF Containers • Control your upstream
containers! • Physical separation (sometimes)

Come be cool • Still pretty early days • Management
is easy • Hosting Agnostic • Reuse • You can play with it today

Any Questions! @purplebooth • https://billie.codes/1MXEtRc - Kubernets on Vagrant •
https://github.com/PurpleBooth/ﬂappy-endpoint • https://github.com/ukhomeofﬁce • https://joind.in/talk/d436e

Kubernetes at the Home Office (PHPUK 16)

Kubernetes at the Home Office (PHPUK 16)

More Decks by Billie Thompson

Other Decks in Technology

Featured

Transcript