Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Rancherハンズオン with v2.5" ワークショップ 2020/12

cheng
December 17, 2020
Technology
0
350

"Rancherハンズオン with v2.5" ワークショップ 2020/12

今回は "Rancherハンズオン with v2.5" ワークショップを実施します。コンテナ、KubernetesのメリットからRancher 2.5のご紹介をメインにハンズオンを行います。Rancher 2.5はUIが新しくなり、より便利に利用することが出来ます。

"Rancherハンズオン" ワークショップが実施する主要なトピックには次のものが含まれます。
- DockerおよびKubernetesの概念とアーキテクチャ
- Rancherサーバのインストールと設定
- Kubernetesクラスタのデプロイ
- アプリケーションのデプロイ

cheng

December 17, 2020
Tweet

More Decks by cheng

See All by cheng
Rancher v2.8 & v2.9 Update情報
qiang1981cn
0
84
OSSでセキュリティをCI/CDパイプラインに透過的に取込む方法
qiang1981cn
0
160
Rancher v2.6.5 Update情報
qiang1981cn
0
360
NeuVector(Container Security) online meetup 06/30
qiang1981cn
0
330
Harvester 2022/01, オンラインミートアップ
qiang1981cn
0
200
Japan International Kubernetes Day
qiang1981cn
0
57
2021/01/20(水) はじめてのRancherオンラインミートアップ
qiang1981cn
0
310
Rancher Day 2020 - Rancher Update(racher v2.5))
qiang1981cn
0
63
Rancher Update 2020/10,Rancher v2.5の最新情報
qiang1981cn
0
270

Other Decks in Technology

See All in Technology
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
150
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
500
The Role of Developer Relations in AI Product Success.
giftojabu1
0
130
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
310
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
660

Featured

See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Adopting Sorbet at Scale
ufuk
73
9.1k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
The Pragmatic Product Professional
lauravandoore
31
6.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Fireside Chat
paigeccino
34
3k
Automating Front-end Workflow
addyosmani
1366
200k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k

Transcript

  1. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 1

    © Copyright 2020 Rancher Labs. All Rights Reserved. 1 Rancher Online Workshop Cheng Rancher Labs

  2. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 2

    Objectives for the day l Docker͓ΑͼKubernetes͓͞Β͍ l Lab؀ڥ HobbyFarm આ໌ l RKEʹΑΔΫϥελʔߏங l Rancher Serverߏங(v2.5) l RancherʹΑΔΫϥελʔߏங l hello-worldΞϓϦέʔγϣϯΛΫϥελʔʹσϓϩΠ l WordPressΛΫϥελʔʹσϓϩΠ

  3. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 3

    Forewarning l ͜ͷWorkShop͸ɺKubernetesͱRancherͷॳ৺ऀ޲͚ʹઃܭ͞Ε͍ͯ·͢ l ͜͜ʹ঺հ͞Ε͍ͯΔ಺༰͸ɺඞͣ͠΋ຊ൪؀ڥͰͷӡ༻ํ๏Ͱ͸͋Γ·ͤ Μ͕ɺຊ൪؀ڥ޲͚ͷجૅ஌ࣝͱߟ͍͖͍͑ͯͨͩͨͰ͢

  4. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 4

    4 Container Images

  5. © Copyright 2020 Rancher Labs. All Rights Reserved. 5 Container

    Image Application Code Application Dependencies Container Image

  6. © Copyright 2020 Rancher Labs. All Rights Reserved. 6 Container

    Image

  7. © Copyright 2020 Rancher Labs. All Rights Reserved. 7 Container

    Image

  8. © Copyright 2020 Rancher Labs. All Rights Reserved. 8 Container

    Image Container Image Container Container Container

  9. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 9

    9 Containers

  10. © Copyright 2020 Rancher Labs. All Rights Reserved. 10 Containers

    l ΠϝʔδΛݩʹ࡞੒͞ΕΔԾ૝؀ڥͷ࣮ߦ෦෼ʢinstanceʣ l ϙʔλϏϦςΟr ΠϝʔδΛ̍ճϏϧυ͢Ε͹ɺͲ͜Ͱ΋ಉ࣮͘͡ߦͰ͖Δ l ΞϓϦέʔγϣϯΛɺܰྔͳִ཭͞Εͨ؀ڥʹ࣮ߦͰ͖Δ l ΞϓϦέʔγϣϯͷΠϯελϯεΛਫฏํ޲ʹ؆୯ʹεέʔϦϯάͰ͖Δ

  11. © Copyright 2020 Rancher Labs. All Rights Reserved. 11 Containers

    Source : https://www.docker.com/resources/what-container

  12. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 12

    12 Registries

  13. © Copyright 2020 Rancher Labs. All Rights Reserved. 13 Registries

  14. © Copyright 2020 Rancher Labs. All Rights Reserved. 14 Registries

    l ΠϝʔδΛ֨ೲ͢ΔͨΊͷ৔ॴ l Public l Private l ੡඼ྫ l Amazon Elastic Container Registry l Azure Container Registry l Docker Hub l Ұ෦ͷ੡඼͸ػೳ֦ு΋͍ͯ͠Δ l Vulnerability scanning l LDAP / AD Support l Auditing l Replication l etc

  15. © Copyright 2020 Rancher Labs. All Rights Reserved. 15 Containers

    are great……..but Managing a couple – no problem

  16. © Copyright 2020 Rancher Labs. All Rights Reserved. 16 Containers

    are great……..but How about managing many? How do we address: Networking, Security, Scheduling, Automation, etc?

  17. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 17

    17 K8s – Container Orchestration

  18. © Copyright 2020 Rancher Labs. All Rights Reserved. 18 Kubernetes

    l Kubernetes͸ɺίϯςφԽ͞ΕͨϫʔΫϩʔυ΍αʔϏεΛ؅ཧ͢ΔͨΊͷɺ ϙʔλϒϧͰ֦ுੑͷ͋ΔΦʔϓϯιʔεϓϥοτϗʔϜͰ͢ l Kubernetes͸ɺYAMLܗࣜ΍JSONܗࣜͰهड़ͨ͠એݴతͳίʔυʢظ଴ͳঢ় ଶʣʹΑͬͯɺσϓϩΠ͢Δίϯςφ΍पลϦιʔεΛ؅ཧ͠·͢

  19. © Copyright 2020 Rancher Labs. All Rights Reserved. 19 Kubernetes

    Architecture l ControlplaneΫϥε λʔ؅ཧػೳɺ"1*Πϯ λϑΣʔεΛఏڙ l Etcd: ΩʔόϦϡʔετ ΞͰɺKubernetesͷશͯ ͷΫϥελʔ৘ใͷอଘ ৔ॴ l Worker: ίϯςφʢϫʔ Ϋϩʔυʣ͕࣮ࡍʹσϓ ϩΠ͞ΕΔϚγϯ API / CLI

  20. © Copyright 2020 Rancher Labs. All Rights Reserved. 20 Kubernetes

    Resources - Pod l ϫʔΫϩʔυͷ࠷খ୯Ґ l αʔόʔԾ૝Խʹ͓͍ͯɺhypervisor্ͷ1ͭͷ VM૬౰ͷײ͡ l 1ͭҎ্ͷίϯςφΛؚΉ l ԼهϦιʔε΋ؚΉ: l Storage (ie shared volumes) l Networking l 1ͭͷϊʔυׂ͕Γ౰ͯΒΕ͍ͯΔ

  21. © Copyright 2020 Rancher Labs. All Rights Reserved. 21 Kubernetes

    Resources - Deployment l ෳ਺ͷಉ͡ Pod Λ؅ཧ͢ΔͨΊͷϦιʔε l ෳ਺ͷಉ͡ 1PEΛάϧʔϓͰ؅ཧ l Updating l Scaling l Rollback l ݱࡏͷঢ়ଶΛࢦఆ͞Εͨঢ়ଶ΁มߋ

  22. © Copyright 2020 Rancher Labs. All Rights Reserved. 22 Kubernetes

    – Declarative Syntax ✓

  23. © Copyright 2020 Rancher Labs. All Rights Reserved. 23 Kubernetes

    Resources - Service l Pod͸ඞͣ͠΋Ӭଓੑ͕ߴ͍΋ͷͰ͸ͳ͍ l Podʹ௚઀ΞΫηε͠ͳ͍Ͱʂ l Podsͷू߹Ͱ࣮ߦ͞Ε͍ͯΔΞϓϦέʔγϣϯΛ ωοτϫʔΫαʔϏεͱͯ͠ެ։͢Δந৅తͳํ๏ l Podͷηοτʹର͢Δ୯ҰͷIP/DNS໊Λఏڙ l Services͸಺෦ΞΫηε޲͚(ClusterIP)ͱ ֎෦ΞΫη ε޲͚(NodePort & Loadbalancer)ͷ2छྨ

  24. © Copyright 2020 Rancher Labs. All Rights Reserved. 24 Kubernetes

    Resources - Service 10.42.0.4 10.42.0.5 10.42.0.6 Endpoints: 10.42.0.4 10.42.0.5 10.42.0.6 Type : LoadBalancer 10.42.0.7 Endpoints: 10.42.0.4 10.42.0.5 10.42.0.7

  25. © Copyright 2020 Rancher Labs. All Rights Reserved. 25 Kubernetes

    Resources - Ingress l Ϋϥελʔ಺ͷServiceʹର͢Δ֎෦͔ΒͷΞΫηεΛ ؅ཧ l ओʹHTTP l Serviceʹରͯ͠ɺ֎෦͔ΒΞΫηεͳՄೳURLΛఏڙ l ෛՙ෼ࢄ(Load Balance traffic) ͷػೳΛఏڙ l SSLऴ୺(Terminate) ͷػೳΛఏڙ l ໊લϕʔεͷԾ૝ϗεςΟϯάͷػೳΛఏڙ

  26. © Copyright 2020 Rancher Labs. All Rights Reserved. 26 Kubernetes

    Resources - Ingress Kubernetes Cluster /bar /foo ServiceA ServiceB foo.bar.com/bar foo.bar.com/foo

  27. © Copyright 2020 Rancher Labs. All Rights Reserved. 27 Kubernetes

    KubernetesΤίγεςϜ͕ɺ๲େͳ΋ͷͰ͢ - https://landscape.cncf.io (These are just the Storage projects)

  28. © Copyright 2020 Rancher Labs. All Rights Reserved. 28 RancherがKubernetesにもたらすもの

    28 Network & Storage Registry App Catalog Monitoring Kubernetes Container Runtime CI/CD Service Mesh Logging Security RBAC & PSP Authentication What Rancher takes an SLA on Manage all this? … or this? Rancher Certified Integrations Cloud Datacenter Dev Branch Edge Google GKE Azure AKS Amazon EKS

  29. © Copyright 2020 Rancher Labs. All Rights Reserved. 29 29

    What is RKE RKE͸ɺΫϥ΢υɺΦϯϓϨϛεɺٴͼϩʔΧϧ؀ڥʹkubernetesΫϥελ Λ؆୯ʹσϓϩΠͰ͖ΔCLIπʔϧͰ͢ɻ

  30. © Copyright 2020 Rancher Labs. All Rights Reserved. 30 30

    What is RKE ಛ௃ • ର৅ϊʔυʹ44)઀ଓͯ͠ϓϩϏδϣχϯάΛ࣮ࢪ • LVCFSOFUFTͷ֤छίϯϙʔωϯτ FUDE΍BQJTFSWFSͳ Ͳ Λίϯςφͱͯ͠ىಈ • )"ͳΫϥελΛߏஙՄೳ

  31. © Copyright 2020 Rancher Labs. All Rights Reserved. 31 31

    What is RKE ࢖͍ํ • ࣄલʹΫϥελʔ༻ͷϊʔυΛ༻ҙ • SLFఆٛϑΝΠϧΛ࡞੒ • SLF VQ࣮ߦͰΫϥελʔߏங

  32. © Copyright 2020 Rancher Labs. All Rights Reserved. 32 32

    What is RKE

  33. © Copyright 2020 Rancher Labs. All Rights Reserved. 33 Lab環境(HobbyFarm)説明

    l https://learn.eu1.hobbyfarm.io/login ΁ΞΫηε l [e-mail] ɺ [Access Code]ɺٴͼ[password] ͰϢʔβʔΛొ࿥ l Access Code:

  34. © Copyright 2020 Rancher Labs. All Rights Reserved. 34 Lab環境(HobbyFarm)説明

    l [e-mail] ɺ [password] ͰϩάΠϯ

  35. © Copyright 2020 Rancher Labs. All Rights Reserved. 35 Lab環境(HobbyFarm)説明

    l [Start Scenario] Ͱ։࢝

  36. © Copyright 2020 Rancher Labs. All Rights Reserved. 36 Lab環境(HobbyFarm)説明

    l [Start Scenario] Ͱ։࢝

  37. © Copyright 2020 Rancher Labs. All Rights Reserved. 37 Lab環境(HobbyFarm)説明

    l ؀ڥߏ੒ αʔόʔɿrancher01 αʔόʔɿcluster01

  38. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 38

    © Copyright 2020 Rancher Labs. All Rights Reserved. 38 Intermission

  39. © Copyright 2020 Rancher Labs. All Rights Reserved. 39 •

    CNCF認証付きのK8sクラスター上に Rancherをインストールできるよう になった • より充実したユーザーインターフェ イスを提供 Installable On Any Cluster

  40. © Copyright 2020 Rancher Labs. All Rights Reserved. 40 New

    Dashboard Cluster Manager Cluster Explorer

  41. © Copyright 2020 Rancher Labs. All Rights Reserved. 41 •

    Prometheus Operatorをベースとしたモ ニタリングのソリューション • カスタムメトリックの収集、アラーム ルールなどは、CRs(Custom Resources) により簡単に定義できる • 全てのモニタリング定義が、CRsのyaml で定義出来る為、GitOpsベースのワーク フローを簡単に構築できる Rancher Monitoring v2

  42. © Copyright 2020 Rancher Labs. All Rights Reserved. 42 Rancher

    Continuous Delivery • Rancher FleetをベースとしたGitOpsのソ リューション • Gitリポジトリから複数のクラスタにアプリ ケーションと構成設定をデプロイ可能 • シングルクラスターだけではなく、マルチク ラスターにも対応 • アプリケーションや構成設定は、Kubernetes YAML,Helm,Kustomizeというフォーマットを 対応

  43. © Copyright 2020 Rancher Labs. All Rights Reserved. 43 •

    Banzai Logging Operatorをベースとした ロギングパイプラインのソリューション • 軽量のFluentBitがログ収集で、Fluentdが ログフィルタリングで、CRs(Custom Resources)によりロギングパイプライン を簡単に定義できる • 全てのロギングパイプライン定義が、 CRsのyamlで定義出来る為、GitOpsベー スのワークフローを簡単に構築可能 Rancher Logging v2

  44. © Copyright 2020 Rancher Labs. All Rights Reserved. 44 Rancher

    Logging v2 引⽤︓https://github.com/banzaicloud/logging-operator

  45. © Copyright 2020 Rancher Labs. All Rights Reserved. 45 •

    AWS-nativeのEKS管理より、もっとよ いユーザーエクスペリエンスを提供 • Import, provision, upgrade, configure, observe, secureなどの操作をRancher 単独で実行可能 EKSクラスターのフルマネジメント Lifecycle Management EKS with Rancher 2.5 EKS Only Configure & Provision Rancher GUI/API経由でクラスター 構築とインポート AWS Console; 3rd party tools Manage インフラレイアの設定機能を増強 AWS Console K8sの全てのリソースをCluster Exploerから参照 Kubectl; 3rd party tools Monitoring v2 [Prometheus]機能 Logging v2 [Fluentbit / Fluentd] 機能 手動で導入 Istio 1.7 手動で導入 Secure RBAC Policyをロールで一元管理 ユーザー認証の一元管理 CIS Scan OPA Gatekeeper Kubernetes native Upgrades Rancher GUI/API経由でクラスター アップグレード AWS Console; 3rd party tools Apps Rancher Certified packages Custom Rancher Catalogs Helm Kubectl Helm; Kubectl

  46. © Copyright 2020 Rancher Labs. All Rights Reserved. 46 その他

    • CentOS/RHEL 8, SLES 15 SP2 (v2.5.2+) • CIS Scan機能増強 • Istio 1.17 • K8s 1.19 • RKE Government(RKE2) • Rancherd – 新しいRancherインストール方式 …etc

  47. © Copyright 2020 Rancher Labs. All Rights Reserved. 47 •

    RKE2 –ηΩϡϦςΟཁ͕݅ݫ͍͠੓෎ͳͲ ͷެڞػؔ޲͚ͷK8sσΟετϦϏϡʔγϣ ϯ • FIPS-enabled • SELinux Support • CIS Benchmark Certification • Container-dΛσϑΥϧτͷϥϯλΠϜͱ͠ ͯ࢖༻ • ΦϑϥΠϯ(AirGap)ͷΠϯετʔϧΛα ϙʔτ RKE Government(RKE2) 2

  48. © Copyright 2020 Rancher Labs. All Rights Reserved. 48 ---

    Dockerfile (master) +++ Dockerfile (boringcrypto) # Start with an official image -FROM golang:1.13.4 +FROM goboring/golang:1.13.4b4 RKE2 FIPS-enabled • ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴʢNISTʣ͸ɺถࠃ࿈๜੓෎ػؔ޲͚ͷ҉߸Ϟδϡʔϧͷཁ ݅Λنఆ͢ΔηΩϡϦςΟඪ४ͱͯ͠ɺ࿈๜৘ใॲཧඪ४ʢFIPSʣύϒϦέʔγϣϯ 140-2 Λ࡞੒ • ੓෎ػؔ΍ۚ༥ػؔ͸ɺ͜ΕΒͷن֨Λج४ʹ͢Δ͜ͱͰɺ໌ه͞ΕͨηΩϡϦςΟʔཁ ݅ʹ੡඼͕४ڌ͍ͯ͠Δ͜ͱΛ֬ೝ͍ͯ͠·͢ɻ • RKE2͸ɺ FIPS140-2ͷج४Λຬͨ͢Α͏ʹɺK8sͷίϯϙʔωϯτΛGoboring libraryͰɺ ίϯύΠϧͨ͠σΟετϦϏϡʔγϣϯ

  49. © Copyright 2020 Rancher Labs. All Rights Reserved. 49 今後のロードマップ

  50. © Copyright 2020 Rancher Labs. All Rights Reserved. 50 ロードマップ

    • Cluster Explorerの機能増強:クラスタープロビジョニング、認証設定など • AKSとGKEΫϥελʔͷϑϧϚωδϝϯτ • GitOpsベースのワークフローで、Rancher自体の設定変更 …etc