Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes at the Home Office (PHPUK 16)

Kubernetes at the Home Office (PHPUK 16)

At the Home Office we had a problem. Hundreds of lines of infrastructure, everyone doing their own thing, and reinventing the wheel. During this talk I'll tell you how we are attempting resolve that using Docker, Kubernetes and changing developer culture. This talk consists of 3 parts. In the first I will introduce you to docker and talk about how to use it to create reusable infrastructure components, then I will talk about how to deploy and manage those components with the open source PaaS Kubernetes, and finally I'll talk about changing our culture using tools and techniques to ensure we keep reusing into the future.

Billie Thompson

February 19, 2016
Tweet

More Decks by Billie Thompson

Other Decks in Technology

Transcript

  1. Kubernetes at the
    Home Office
    Billie Thompson
    @PurpleBooth
    https://github.com/PurpleBooth/flappy-endpoint - Examples!

    View full-size slide

  2. Billie
    Thompson
    @PurpleBooth
    Developer & Reluctant
    DevOps

    View full-size slide

  3. –Docker
    “Docker is an open platform for developing,
    shipping, and running applications. Docker
    is designed to deliver your applications
    faster.”

    View full-size slide

  4. –Docker
    “Docker […] makes use of another
    technology called cgroups or control
    groups. A key to running applications in
    isolation is to have them only use the
    resources you want.”

    View full-size slide

  5. What is docker?
    Linux Kernel

    View full-size slide

  6. What is docker?
    Linux Kernel

    View full-size slide

  7. What is docker?
    Linux Kernel

    View full-size slide

  8. What is docker?
    Linux Kernel

    View full-size slide

  9. What is docker?
    Linux Kernel

    View full-size slide

  10. What is docker?
    Linux Kernel

    View full-size slide

  11. What is docker?
    Linux Kernel

    View full-size slide

  12. How do you run a
    container?
    $ docker run \
    --name=“flappy” \
    -p “80:80" \
    quay.io/purplebooth/flappy-endpoint

    View full-size slide

  13. Finding containers
    • registry.hub.docker.com (Sort by Stars)
    • Websites of software you’re using
    • Quay.io

    View full-size slide

  14. How do you make a
    container

    View full-size slide

  15. What is docker?
    FROM

    View full-size slide

  16. What is docker?
    FROM
    COPY

    View full-size slide

  17. What is docker?
    FROM
    COPY
    COPY

    View full-size slide

  18. What is docker?
    FROM
    COPY
    COPY
    RUN

    View full-size slide

  19. What is docker?
    FROM
    COPY
    COPY
    RUN
    quay.io/purplebooth/flappy-endpoint:latest

    View full-size slide

  20. Continuous Integration
    • Your artefact is now a container
    • Online build servers
    • https://hub.docker.com/
    • https://quay.io/repository/

    View full-size slide

  21. 12 Factor
    • http://12factor.net/
    • Key changes to your app:
    • Log to STDOUT
    • Configure using Environment variables

    View full-size slide

  22. Docker is awesome but how
    to manage

    View full-size slide

  23. Docker is awesome but how
    to manage
    ?

    View full-size slide

  24. Solves
    • Deployment
    • High Availability
    • Container State Maintenance (Is X still running?)

    View full-size slide

  25. Key Ideas
    • Pods
    • Replication Controllers
    • Secrets
    • Services

    View full-size slide

  26. Pods
    Linux Kernel

    View full-size slide

  27. Replication Controller
    Running?

    View full-size slide

  28. Service
    Proxy

    View full-size slide

  29. Flappy Endpoint
    PHP
    Pod
    PHP
    Pod
    Flappy
    Service
    SSL
    Terminator
    Pod
    SSL
    Terminator
    Pod
    SSL
    Terminator
    Service
    Flappy RC SSL RC

    View full-size slide

  30. --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: silex

    name: flappy-silex-v1

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: silex

    version: v1

    template:

    metadata: 

    labels: 

    service: flappy

    type: silex

    version: v1

    spec: 

    containers: 

    - 

    image: quay.io/purplebooth/flappy-endpoint

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-silex

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP

    restartPolicy: Always


    View full-size slide


  31. image: quay.io/purplebooth/flappy-endpoint

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-silex

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP


    View full-size slide

  32. --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: silex

    name: flappy-silex-v1

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: silex

    version: v1

    template:

    metadata: 

    labels: 

    service: flappy

    type: silex

    version: v1

    spec: 

    containers: 

    - …
    restartPolicy: Always


    View full-size slide

  33. Can you keep a secret?
    ---

    kind: Secret

    apiVersion: v1

    metadata:

    name: ssh-key-secret

    data:

    "id-rsa": "dmFsdWUtMg0KDQo="

    "id-rsa.pub": "dmFsdWUtMQ0K"

    View full-size slide

  34. Can you keep a secret?
    --- 

    apiVersion: v1

    kind: ReplicationController

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: nginx

    name: flappy-nginx-v0

    spec: 

    replicas: 2

    selector: 

    service: flappy

    type: nginx

    version: v0

    template: 

    metadata: 

    labels:

    service: flappy

    type: nginx

    version: v0

    spec:

    containers: 

    - 

    env: 

    - 

    name: SSL_CRT_PATH

    value: /certs/purplebooth-co-uk.crt

    - 

    name: SSL_KEY_PATH

    value: /certs/purplebooth-co-uk.key

    - 

    name: UPSTREAM

    value: "flappy-silex:80"

    image: quay.io/purplebooth/nginx-ssl-terminator

    imagePullPolicy: Always

    livenessProbe: 

    httpGet: 

    path: /

    port: 80

    initialDelaySeconds: 15

    timeoutSeconds: 1

    name: flappy-nginx

    ports: 

    - 

    containerPort: 80

    name: http

    protocol: TCP

    - 

    containerPort: 443

    name: https

    protocol: TCP

    volumeMounts: 

    - 

    mountPath: /certs

    name: ssl-certs

    restartPolicy: Always

    volumes: 

    - 

    name: ssl-certs

    secret: 

    secretName: ssl-certs


    View full-size slide

  35. Can you keep a secret?
    env: 

    - 

    name: SSL_CRT_PATH

    value: /certs/purplebooth-co-uk.crt

    - 

    name: SSL_KEY_PATH

    value: /certs/purplebooth-co-uk.key


    volumeMounts: 

    - 

    mountPath: /certs

    name: ssl-certs

    …

    volumes: 

    - 

    name: ssl-certs

    secret: 

    secretName: ssl-certs


    View full-size slide

  36. Load Balancer
    --- 

    apiVersion: v1

    kind: Service

    metadata: 

    labels: 

    facing: front

    service: flappy

    type: nginx

    name: flappy-nginx

    spec: 

    ports: 

    - 

    name: http

    port: 80

    protocol: TCP

    targetPort: http

    - 

    name: https

    port: 443

    protocol: TCP

    targetPort: https

    selector: 

    service: flappy

    type: nginx

    type: LoadBalancer


    View full-size slide

  37. Rolling Updates

    View full-size slide

  38. Solving the Management
    Puzzle
    • No Ansible/Puppet/Chef/Hideous bash scripts
    • Rolling Updates
    • Health Checks
    • Services
    • Resource Limits

    View full-size slide

  39. Work like us
    • What and how we reuse things
    • Think like a platform
    • Work Securely

    View full-size slide

  40. Things We Reuse
    • Reuse Code
    • Reuse Containers
    • Reuse Environments

    View full-size slide

  41. The worlds most successful
    code reuse project
    • Work openly
    • Open source
    • Be Good People

    View full-size slide

  42. Being a good person
    (inside and out)
    • Version stuff (SemVer)
    • Write Beautiful Documentation
    • License
    • Code of Conduct

    View full-size slide

  43. Thinking like a Platform
    • Jira
    • Git
    • File Hosting

    View full-size slide

  44. Thinking like a PaaS
    • AWS + Kubernetes
    • CoreOS on AWS (with Kubernetes)
    • Google Container Engine (Kubernetes)
    • Vagrant + Kubernetes
    • KUBERNETES!

    View full-size slide

  45. Work Securely
    • Use WAF Containers
    • Control your upstream containers!
    • Physical separation (sometimes)

    View full-size slide

  46. Come be cool
    • Still pretty early days
    • Management is easy
    • Hosting Agnostic
    • Reuse
    • You can play with it today

    View full-size slide

  47. Any Questions!
    @purplebooth
    • https://billie.codes/1MXEtRc - Kubernets on
    Vagrant
    • https://github.com/PurpleBooth/flappy-endpoint
    • https://github.com/ukhomeoffice
    • https://joind.in/talk/d436e

    View full-size slide