Kubernetes at the Home Office (PHPUK 16)

Kubernetes at the Home Office (PHPUK 16)

At the Home Office we had a problem. Hundreds of lines of infrastructure, everyone doing their own thing, and reinventing the wheel. During this talk I'll tell you how we are attempting resolve that using Docker, Kubernetes and changing developer culture. This talk consists of 3 parts. In the first I will introduce you to docker and talk about how to use it to create reusable infrastructure components, then I will talk about how to deploy and manage those components with the open source PaaS Kubernetes, and finally I'll talk about changing our culture using tools and techniques to ensure we keep reusing into the future.

3a1c6ce62064c58e2420e9e27c125716?s=128

Billie Thompson

February 19, 2016
Tweet

Transcript

  1. Kubernetes at the Home Office Billie Thompson @PurpleBooth https://github.com/PurpleBooth/flappy-endpoint -

    Examples!
  2. Billie Thompson @PurpleBooth Developer & Reluctant DevOps

  3. None
  4. None
  5. None
  6. Kubernetes

  7. None
  8. –Docker “Docker is an open platform for developing, shipping, and

    running applications. Docker is designed to deliver your applications faster.”
  9. –Docker “Docker […] makes use of another technology called cgroups

    or control groups. A key to running applications in isolation is to have them only use the resources you want.”
  10. What is docker? Linux Kernel

  11. What is docker? Linux Kernel

  12. What is docker? Linux Kernel

  13. What is docker? Linux Kernel

  14. What is docker? Linux Kernel

  15. What is docker? Linux Kernel

  16. What is docker? Linux Kernel

  17. How do you run a container? $ docker run \

    --name=“flappy” \ -p “80:80" \ quay.io/purplebooth/flappy-endpoint
  18. None
  19. Finding containers • registry.hub.docker.com (Sort by Stars) • Websites of

    software you’re using • Quay.io
  20. How do you make a container

  21. What is docker? FROM

  22. What is docker? FROM COPY

  23. What is docker? FROM COPY COPY

  24. What is docker? FROM COPY COPY RUN

  25. What is docker? FROM COPY COPY RUN quay.io/purplebooth/flappy-endpoint:latest

  26. None
  27. Continuous Integration • Your artefact is now a container •

    Online build servers • https://hub.docker.com/ • https://quay.io/repository/
  28. 12 Factor • http://12factor.net/ • Key changes to your app:

    • Log to STDOUT • Configure using Environment variables
  29. Docker is awesome but how to manage

  30. Docker is awesome but how to manage ?

  31. None
  32. Solves • Deployment • High Availability • Container State Maintenance

    (Is X still running?)
  33. Key Ideas • Pods • Replication Controllers • Secrets •

    Services
  34. Pods Linux Kernel

  35. Replication Controller Running?

  36. Service Proxy

  37. Flappy Endpoint PHP Pod PHP Pod Flappy Service SSL Terminator

    Pod SSL Terminator Pod SSL Terminator Service Flappy RC SSL RC
  38. --- 
 apiVersion: v1
 kind: ReplicationController
 metadata: 
 labels: 


    facing: front
 service: flappy
 type: silex
 name: flappy-silex-v1
 spec: 
 replicas: 2
 selector: 
 service: flappy
 type: silex
 version: v1
 template:
 metadata: 
 labels: 
 service: flappy
 type: silex
 version: v1
 spec: 
 containers: 
 - 
 image: quay.io/purplebooth/flappy-endpoint
 imagePullPolicy: Always
 livenessProbe: 
 httpGet: 
 path: /
 port: 80
 initialDelaySeconds: 15
 timeoutSeconds: 1
 name: flappy-silex
 ports: 
 - 
 containerPort: 80
 name: http
 protocol: TCP
 restartPolicy: Always

  39. 
 image: quay.io/purplebooth/flappy-endpoint
 imagePullPolicy: Always
 livenessProbe: 
 httpGet: 
 path:

    /
 port: 80
 initialDelaySeconds: 15
 timeoutSeconds: 1
 name: flappy-silex
 ports: 
 - 
 containerPort: 80
 name: http
 protocol: TCP

  40. --- 
 apiVersion: v1
 kind: ReplicationController
 metadata: 
 labels: 


    facing: front
 service: flappy
 type: silex
 name: flappy-silex-v1
 spec: 
 replicas: 2
 selector: 
 service: flappy
 type: silex
 version: v1
 template:
 metadata: 
 labels: 
 service: flappy
 type: silex
 version: v1
 spec: 
 containers: 
 - … restartPolicy: Always

  41. Can you keep a secret? ---
 kind: Secret
 apiVersion: v1


    metadata:
 name: ssh-key-secret
 data:
 "id-rsa": "dmFsdWUtMg0KDQo="
 "id-rsa.pub": "dmFsdWUtMQ0K"
  42. Can you keep a secret? --- 
 apiVersion: v1
 kind:

    ReplicationController
 metadata: 
 labels: 
 facing: front
 service: flappy
 type: nginx
 name: flappy-nginx-v0
 spec: 
 replicas: 2
 selector: 
 service: flappy
 type: nginx
 version: v0
 template: 
 metadata: 
 labels:
 service: flappy
 type: nginx
 version: v0
 spec:
 containers: 
 - 
 env: 
 - 
 name: SSL_CRT_PATH
 value: /certs/purplebooth-co-uk.crt
 - 
 name: SSL_KEY_PATH
 value: /certs/purplebooth-co-uk.key
 - 
 name: UPSTREAM
 value: "flappy-silex:80"
 image: quay.io/purplebooth/nginx-ssl-terminator
 imagePullPolicy: Always
 livenessProbe: 
 httpGet: 
 path: /
 port: 80
 initialDelaySeconds: 15
 timeoutSeconds: 1
 name: flappy-nginx
 ports: 
 - 
 containerPort: 80
 name: http
 protocol: TCP
 - 
 containerPort: 443
 name: https
 protocol: TCP
 volumeMounts: 
 - 
 mountPath: /certs
 name: ssl-certs
 restartPolicy: Always
 volumes: 
 - 
 name: ssl-certs
 secret: 
 secretName: ssl-certs

  43. Can you keep a secret? env: 
 - 
 name:

    SSL_CRT_PATH
 value: /certs/purplebooth-co-uk.crt
 - 
 name: SSL_KEY_PATH
 value: /certs/purplebooth-co-uk.key
 … volumeMounts: 
 - 
 mountPath: /certs
 name: ssl-certs
 …
 volumes: 
 - 
 name: ssl-certs
 secret: 
 secretName: ssl-certs

  44. Load Balancer --- 
 apiVersion: v1
 kind: Service
 metadata: 


    labels: 
 facing: front
 service: flappy
 type: nginx
 name: flappy-nginx
 spec: 
 ports: 
 - 
 name: http
 port: 80
 protocol: TCP
 targetPort: http
 - 
 name: https
 port: 443
 protocol: TCP
 targetPort: https
 selector: 
 service: flappy
 type: nginx
 type: LoadBalancer

  45. None
  46. Ship It

  47. None
  48. Rolling Updates

  49. None
  50. Solving the Management Puzzle • No Ansible/Puppet/Chef/Hideous bash scripts •

    Rolling Updates • Health Checks • Services • Resource Limits
  51. None
  52. Work like us • What and how we reuse things

    • Think like a platform • Work Securely
  53. Things We Reuse • Reuse Code • Reuse Containers •

    Reuse Environments
  54. The worlds most successful code reuse project • Work openly

    • Open source • Be Good People
  55. Being a good person (inside and out) • Version stuff

    (SemVer) • Write Beautiful Documentation • License • Code of Conduct
  56. Thinking like a Platform • Jira • Git • File

    Hosting
  57. Thinking like a PaaS • AWS + Kubernetes • CoreOS

    on AWS (with Kubernetes) • Google Container Engine (Kubernetes) • Vagrant + Kubernetes • KUBERNETES!
  58. Work Securely • Use WAF Containers • Control your upstream

    containers! • Physical separation (sometimes)
  59. Come be cool • Still pretty early days • Management

    is easy • Hosting Agnostic • Reuse • You can play with it today
  60. Any Questions! @purplebooth • https://billie.codes/1MXEtRc - Kubernets on Vagrant •

    https://github.com/PurpleBooth/flappy-endpoint • https://github.com/ukhomeoffice • https://joind.in/talk/d436e