"Rancherハンズオン with v2.5" ワークショップ 2020/12

Transcript

1. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 1

   © Copyright 2020 Rancher Labs. All Rights Reserved. 1 Rancher Online Workshop Cheng Rancher Labs

2. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 2

   Objectives for the day l Docker͓ΑͼKubernetes͓͞Β͍ l Lab؀ڥ HobbyFarm આ໌ l RKEʹΑΔΫϥελʔߏங l Rancher Serverߏங(v2.5) l RancherʹΑΔΫϥελʔߏங l hello-worldΞϓϦέʔγϣϯΛΫϥελʔʹσϓϩΠ l WordPressΛΫϥελʔʹσϓϩΠ

3. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 3

   Forewarning l ͜ͷWorkShop͸ɺKubernetesͱRancherͷॳ৺ऀ޲͚ʹઃܭ͞Ε͍ͯ·͢ l ͜͜ʹ঺հ͞Ε͍ͯΔ಺༰͸ɺඞͣ͠΋ຊ൪؀ڥͰͷӡ༻ํ๏Ͱ͸͋Γ·ͤ Μ͕ɺຊ൪؀ڥ޲͚ͷجૅ஌ࣝͱߟ͍͖͍͑ͯͨͩͨͰ͢

4. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 4

   4 Container Images

5. © Copyright 2020 Rancher Labs. All Rights Reserved. 5 Container

   Image Application Code Application Dependencies Container Image

6. © Copyright 2020 Rancher Labs. All Rights Reserved. 6 Container

   Image

7. © Copyright 2020 Rancher Labs. All Rights Reserved. 7 Container

   Image

8. © Copyright 2020 Rancher Labs. All Rights Reserved. 8 Container

   Image Container Image Container Container Container

9. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 9

   9 Containers

10. © Copyright 2020 Rancher Labs. All Rights Reserved. 10 Containers

    l ΠϝʔδΛݩʹ࡞੒͞ΕΔԾ૝؀ڥͷ࣮ߦ෦෼ʢinstanceʣ l ϙʔλϏϦςΟr ΠϝʔδΛ̍ճϏϧυ͢Ε͹ɺͲ͜Ͱ΋ಉ࣮͘͡ߦͰ͖Δ l ΞϓϦέʔγϣϯΛɺܰྔͳִ཭͞Εͨ؀ڥʹ࣮ߦͰ͖Δ l ΞϓϦέʔγϣϯͷΠϯελϯεΛਫฏํ޲ʹ؆୯ʹεέʔϦϯάͰ͖Δ

11. © Copyright 2020 Rancher Labs. All Rights Reserved. 11 Containers

    Source : https://www.docker.com/resources/what-container

12. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 12

    12 Registries

13. © Copyright 2020 Rancher Labs. All Rights Reserved. 13 Registries

14. © Copyright 2020 Rancher Labs. All Rights Reserved. 14 Registries

    l ΠϝʔδΛ֨ೲ͢ΔͨΊͷ৔ॴ l Public l Private l ੡඼ྫ l Amazon Elastic Container Registry l Azure Container Registry l Docker Hub l Ұ෦ͷ੡඼͸ػೳ֦ு΋͍ͯ͠Δ l Vulnerability scanning l LDAP / AD Support l Auditing l Replication l etc

15. © Copyright 2020 Rancher Labs. All Rights Reserved. 15 Containers

    are great……..but Managing a couple – no problem

16. © Copyright 2020 Rancher Labs. All Rights Reserved. 16 Containers

    are great……..but How about managing many? How do we address: Networking, Security, Scheduling, Automation, etc?

17. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 17

    17 K8s – Container Orchestration

18. © Copyright 2020 Rancher Labs. All Rights Reserved. 18 Kubernetes

    l Kubernetes͸ɺίϯςφԽ͞ΕͨϫʔΫϩʔυ΍αʔϏεΛ؅ཧ͢ΔͨΊͷɺ ϙʔλϒϧͰ֦ுੑͷ͋ΔΦʔϓϯιʔεϓϥοτϗʔϜͰ͢ l Kubernetes͸ɺYAMLܗࣜ΍JSONܗࣜͰهड़ͨ͠એݴతͳίʔυʢظ଴ͳঢ় ଶʣʹΑͬͯɺσϓϩΠ͢Δίϯςφ΍पลϦιʔεΛ؅ཧ͠·͢

19. © Copyright 2020 Rancher Labs. All Rights Reserved. 19 Kubernetes

    Architecture l Controlplane
    Ϋϥε λʔ؅ཧػೳɺ"1*Πϯ λϑΣʔεΛఏڙ l Etcd: ΩʔόϦϡʔετ ΞͰɺKubernetesͷશͯ ͷΫϥελʔ৘ใͷอଘ ৔ॴ l Worker: ίϯςφʢϫʔ Ϋϩʔυʣ͕࣮ࡍʹσϓ ϩΠ͞ΕΔϚγϯ API / CLI

20. © Copyright 2020 Rancher Labs. All Rights Reserved. 20 Kubernetes

    Resources - Pod l ϫʔΫϩʔυͷ࠷খ୯Ґ l αʔόʔԾ૝Խʹ͓͍ͯɺhypervisor্ͷ1ͭͷ VM૬౰ͷײ͡ l 1ͭҎ্ͷίϯςφΛؚΉ l ԼهϦιʔε΋ؚΉ: l Storage (ie shared volumes) l Networking l 1ͭͷϊʔυׂ͕Γ౰ͯΒΕ͍ͯΔ

21. © Copyright 2020 Rancher Labs. All Rights Reserved. 21 Kubernetes

    Resources - Deployment l ෳ਺ͷಉ͡ Pod Λ؅ཧ͢ΔͨΊͷϦιʔε l ෳ਺ͷಉ͡ 1PE
    ΛάϧʔϓͰ؅ཧ l Updating l Scaling l Rollback l ݱࡏͷঢ়ଶΛࢦఆ͞Εͨঢ়ଶ΁มߋ

22. © Copyright 2020 Rancher Labs. All Rights Reserved. 22 Kubernetes

    – Declarative Syntax ✓

23. © Copyright 2020 Rancher Labs. All Rights Reserved. 23 Kubernetes

    Resources - Service l Pod͸ඞͣ͠΋Ӭଓੑ͕ߴ͍΋ͷͰ͸ͳ͍ l Podʹ௚઀ΞΫηε͠ͳ͍Ͱʂ l Podsͷू߹Ͱ࣮ߦ͞Ε͍ͯΔΞϓϦέʔγϣϯΛ ωοτϫʔΫαʔϏεͱͯ͠ެ։͢Δந৅తͳํ๏ l Podͷηοτʹର͢Δ୯ҰͷIP/DNS໊Λఏڙ l Services͸಺෦ΞΫηε޲͚(ClusterIP)ͱ ֎෦ΞΫη ε޲͚(NodePort & Loadbalancer)ͷ2छྨ

24. © Copyright 2020 Rancher Labs. All Rights Reserved. 24 Kubernetes

    Resources - Service 10.42.0.4 10.42.0.5 10.42.0.6 Endpoints: 10.42.0.4 10.42.0.5 10.42.0.6 Type : LoadBalancer 10.42.0.7 Endpoints: 10.42.0.4 10.42.0.5 10.42.0.7

25. © Copyright 2020 Rancher Labs. All Rights Reserved. 25 Kubernetes

    Resources - Ingress l Ϋϥελʔ಺ͷServiceʹର͢Δ֎෦͔ΒͷΞΫηεΛ ؅ཧ l ओʹHTTP l Serviceʹରͯ͠ɺ֎෦͔ΒΞΫηεͳՄೳURLΛఏڙ l ෛՙ෼ࢄ(Load Balance traffic) ͷػೳΛఏڙ l SSLऴ୺(Terminate) ͷػೳΛఏڙ l ໊લϕʔεͷԾ૝ϗεςΟϯάͷػೳΛఏڙ

26. © Copyright 2020 Rancher Labs. All Rights Reserved. 26 Kubernetes

    Resources - Ingress Kubernetes Cluster /bar /foo ServiceA ServiceB foo.bar.com/bar foo.bar.com/foo

27. © Copyright 2020 Rancher Labs. All Rights Reserved. 27 Kubernetes

    KubernetesΤίγεςϜ͕ɺ๲େͳ΋ͷͰ͢ - https://landscape.cncf.io (These are just the Storage projects)

28. © Copyright 2020 Rancher Labs. All Rights Reserved. 28 RancherがKubernetesにもたらすもの

    28 Network & Storage Registry App Catalog Monitoring Kubernetes Container Runtime CI/CD Service Mesh Logging Security RBAC & PSP Authentication What Rancher takes an SLA on Manage all this? … or this? Rancher Certified Integrations Cloud Datacenter Dev Branch Edge Google GKE Azure AKS Amazon EKS

29. © Copyright 2020 Rancher Labs. All Rights Reserved. 29 29

    What is RKE RKE͸ɺΫϥ΢υɺΦϯϓϨϛεɺٴͼϩʔΧϧ؀ڥʹkubernetesΫϥελ Λ؆୯ʹσϓϩΠͰ͖ΔCLIπʔϧͰ͢ɻ

30. © Copyright 2020 Rancher Labs. All Rights Reserved. 30 30

    What is RKE ಛ௃ • ର৅ϊʔυʹ44)઀ଓͯ͠ϓϩϏδϣχϯάΛ࣮ࢪ • LVCFSOFUFTͷ֤छίϯϙʔωϯτ FUDE΍BQJTFSWFSͳ Ͳ Λίϯςφͱͯ͠ىಈ • )"ͳΫϥελΛߏஙՄೳ

31. © Copyright 2020 Rancher Labs. All Rights Reserved. 31 31

    What is RKE ࢖͍ํ • ࣄલʹΫϥελʔ༻ͷϊʔυΛ༻ҙ • SLFఆٛϑΝΠϧΛ࡞੒ • SLF VQ࣮ߦͰΫϥελʔߏங

32. © Copyright 2020 Rancher Labs. All Rights Reserved. 32 32

    What is RKE

33. © Copyright 2020 Rancher Labs. All Rights Reserved. 33 Lab環境(HobbyFarm)説明

    l https://learn.eu1.hobbyfarm.io/login ΁ΞΫηε l [e-mail] ɺ [Access Code]ɺٴͼ[password] ͰϢʔβʔΛొ࿥ l Access Code:

34. © Copyright 2020 Rancher Labs. All Rights Reserved. 34 Lab環境(HobbyFarm)説明

    l [e-mail] ɺ [password] ͰϩάΠϯ

35. © Copyright 2020 Rancher Labs. All Rights Reserved. 35 Lab環境(HobbyFarm)説明

    l [Start Scenario] Ͱ։࢝

36. © Copyright 2020 Rancher Labs. All Rights Reserved. 36 Lab環境(HobbyFarm)説明

    l [Start Scenario] Ͱ։࢝

37. © Copyright 2020 Rancher Labs. All Rights Reserved. 37 Lab環境(HobbyFarm)説明

    l ؀ڥߏ੒ αʔόʔɿrancher01 αʔόʔɿcluster01

38. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 38

    © Copyright 2020 Rancher Labs. All Rights Reserved. 38 Intermission

39. © Copyright 2020 Rancher Labs. All Rights Reserved. 39 •

    CNCF認証付きのK8sクラスター上に Rancherをインストールできるよう になった • より充実したユーザーインターフェ イスを提供 Installable On Any Cluster

40. © Copyright 2020 Rancher Labs. All Rights Reserved. 40 New

    Dashboard Cluster Manager Cluster Explorer

41. © Copyright 2020 Rancher Labs. All Rights Reserved. 41 •

    Prometheus Operatorをベースとしたモ ニタリングのソリューション • カスタムメトリックの収集、アラーム ルールなどは、CRs(Custom Resources) により簡単に定義できる • 全てのモニタリング定義が、CRsのyaml で定義出来る為、GitOpsベースのワーク フローを簡単に構築できる Rancher Monitoring v2

42. © Copyright 2020 Rancher Labs. All Rights Reserved. 42 Rancher

    Continuous Delivery • Rancher FleetをベースとしたGitOpsのソ リューション • Gitリポジトリから複数のクラスタにアプリ ケーションと構成設定をデプロイ可能 • シングルクラスターだけではなく、マルチク ラスターにも対応 • アプリケーションや構成設定は、Kubernetes YAML,Helm,Kustomizeというフォーマットを 対応

43. © Copyright 2020 Rancher Labs. All Rights Reserved. 43 •

    Banzai Logging Operatorをベースとした ロギングパイプラインのソリューション • 軽量のFluentBitがログ収集で、Fluentdが ログフィルタリングで、CRs(Custom Resources)によりロギングパイプライン を簡単に定義できる • 全てのロギングパイプライン定義が、 CRsのyamlで定義出来る為、GitOpsベー スのワークフローを簡単に構築可能 Rancher Logging v2

44. © Copyright 2020 Rancher Labs. All Rights Reserved. 44 Rancher

    Logging v2 引⽤︓https://github.com/banzaicloud/logging-operator

45. © Copyright 2020 Rancher Labs. All Rights Reserved. 45 •

    AWS-nativeのEKS管理より、もっとよ いユーザーエクスペリエンスを提供 • Import, provision, upgrade, configure, observe, secureなどの操作をRancher 単独で実行可能 EKSクラスターのフルマネジメント Lifecycle Management EKS with Rancher 2.5 EKS Only Configure & Provision Rancher GUI/API経由でクラスター 構築とインポート AWS Console; 3rd party tools Manage インフラレイアの設定機能を増強 AWS Console K8sの全てのリソースをCluster Exploerから参照 Kubectl; 3rd party tools Monitoring v2 [Prometheus]機能 Logging v2 [Fluentbit / Fluentd] 機能 手動で導入 Istio 1.7 手動で導入 Secure RBAC Policyをロールで一元管理 ユーザー認証の一元管理 CIS Scan OPA Gatekeeper Kubernetes native Upgrades Rancher GUI/API経由でクラスター アップグレード AWS Console; 3rd party tools Apps Rancher Certified packages Custom Rancher Catalogs Helm Kubectl Helm; Kubectl

46. © Copyright 2020 Rancher Labs. All Rights Reserved. 46 その他

    • CentOS/RHEL 8, SLES 15 SP2 （v2.5.2+） • CIS Scan機能増強 • Istio 1.17 • K8s 1.19 • RKE Government（RKE2） • Rancherd – 新しいRancherインストール方式 …etc

47. © Copyright 2020 Rancher Labs. All Rights Reserved. 47 •

    RKE2 –ηΩϡϦςΟཁ͕݅ݫ͍͠੓෎ͳͲ ͷެڞػؔ޲͚ͷK8sσΟετϦϏϡʔγϣ ϯ • FIPS-enabled • SELinux Support • CIS Benchmark Certification • Container-dΛσϑΥϧτͷϥϯλΠϜͱ͠ ͯ࢖༻ • ΦϑϥΠϯ(AirGap)ͷΠϯετʔϧΛα ϙʔτ RKE Government（RKE2） 2

48. © Copyright 2020 Rancher Labs. All Rights Reserved. 48 ---

    Dockerfile (master) +++ Dockerfile (boringcrypto) # Start with an official image -FROM golang:1.13.4 +FROM goboring/golang:1.13.4b4 RKE2 FIPS-enabled • ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴʢNISTʣ͸ɺถࠃ࿈๜੓෎ػؔ޲͚ͷ҉߸Ϟδϡʔϧͷཁ ݅Λنఆ͢ΔηΩϡϦςΟඪ४ͱͯ͠ɺ࿈๜৘ใॲཧඪ४ʢFIPSʣύϒϦέʔγϣϯ 140-2 Λ࡞੒ • ੓෎ػؔ΍ۚ༥ػؔ͸ɺ͜ΕΒͷن֨Λج४ʹ͢Δ͜ͱͰɺ໌ه͞ΕͨηΩϡϦςΟʔཁ ݅ʹ੡඼͕४ڌ͍ͯ͠Δ͜ͱΛ֬ೝ͍ͯ͠·͢ɻ • RKE2͸ɺ FIPS140-2ͷج४Λຬͨ͢Α͏ʹɺK8sͷίϯϙʔωϯτΛGoboring libraryͰɺ ίϯύΠϧͨ͠σΟετϦϏϡʔγϣϯ

49. © Copyright 2020 Rancher Labs. All Rights Reserved. 49 今後のロードマップ

50. © Copyright 2020 Rancher Labs. All Rights Reserved. 50 ロードマップ

    • Cluster Explorerの機能増強：クラスタープロビジョニング、認証設定など • AKSとGKEΫϥελʔͷϑϧϚωδϝϯτ • GitOpsベースのワークフローで、Rancher自体の設定変更 …etc