Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Rancherハンズオン with v2.5" ワークショップ 2020/12

cheng
December 17, 2020
Technology
0
270

"Rancherハンズオン with v2.5" ワークショップ 2020/12

今回は "Rancherハンズオン with v2.5" ワークショップを実施します。コンテナ、KubernetesのメリットからRancher 2.5のご紹介をメインにハンズオンを行います。Rancher 2.5はUIが新しくなり、より便利に利用することが出来ます。

"Rancherハンズオン" ワークショップが実施する主要なトピックには次のものが含まれます。
- DockerおよびKubernetesの概念とアーキテクチャ
- Rancherサーバのインストールと設定
- Kubernetesクラスタのデプロイ
- アプリケーションのデプロイ

cheng

December 17, 2020
Tweet

More Decks by cheng

See All by cheng
OSSでセキュリティをCI/CDパイプラインに透過的に取込む方法
qiang1981cn
0
64
Rancher v2.6.5 Update情報
qiang1981cn
0
210
NeuVector(Container Security) online meetup 06/30
qiang1981cn
0
140
Harvester 2022/01, オンラインミートアップ
qiang1981cn
0
99
Japan International Kubernetes Day
qiang1981cn
0
43
2021/01/20(水) はじめてのRancherオンラインミートアップ
qiang1981cn
0
200
Rancher Day 2020 - Rancher Update(racher v2.5))
qiang1981cn
0
35
Rancher Update 2020/10,Rancher v2.5の最新情報
qiang1981cn
0
230
軽量Kubernetesディストリビューションである"K3s"を支える拡張機能
qiang1981cn
0
600

Other Decks in Technology

See All in Technology
Introduction to mcl-wasm
herumi
1
300
Jetpack Glanceではじめる Material 3のColor
mochico
1
610
DroidKaigi 2023
keiji
0
360
Better PHP - Keep your code up to date
wernerkrauss
1
120
サーバーレスアーキテクチャを使って、小さく作って大きくする取り組み
daikimori
0
530
知らなくていい、知っても役に立たないDNSの豆知識
th0x0472
0
400
War for talent 時代の、古くて新しい仲間集めの形_~weak ties と strong tiesの力~
sadonosake
0
270
自作WASMランタイムをKernelに改造する試み.pdf
riru
2
470
PhpStorm最新情報
AIとnew UI、便利プラグイン #phpcon_okinawa
yusuke
0
160
変化する組織の中で運用するフロントエンドエコシステム / Frontend Ecosystem in Organizational Changes
i524
1
510
ヒューリスティックコンテストで機械学習しよう
nagiss
4
1k
Individualizing treatment effects: transportability and model selection
gaelvaroquaux
0
260

Featured

See All Featured
The Language of Interfaces
destraynor
149
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
20k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
112
17k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
215
12k
Scaling GitHub
holman
455
140k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k
Imperfection Machines: The Place of Print at Facebook
scottboms
257
12k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.6k
Statistics for Hackers
jakevdp
787
210k
Art, The Web, and Tiny UX
lynnandtonic
285
18k

Transcript

  1. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 1
    © Copyright 2020 Rancher Labs. All Rights Reserved. 1
    Rancher
    Online Workshop
    Cheng
    Rancher Labs

    View Slide

  2. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 2
    Objectives for the day
    l
    Docker͓ΑͼKubernetes͓͞Β͍
    l
    Lab؀ڥ HobbyFarm
    આ໌
    l
    RKEʹΑΔΫϥελʔߏங
    l
    Rancher Serverߏங(v2.5)
    l
    RancherʹΑΔΫϥελʔߏங
    l
    hello-worldΞϓϦέʔγϣϯΛΫϥελʔʹσϓϩΠ
    l
    WordPressΛΫϥελʔʹσϓϩΠ

    View Slide

  3. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 3
    Forewarning
    l
    ͜ͷWorkShop͸ɺKubernetesͱRancherͷॳ৺ऀ޲͚ʹઃܭ͞Ε͍ͯ·͢
    l
    ͜͜ʹ঺հ͞Ε͍ͯΔ಺༰͸ɺඞͣ͠΋ຊ൪؀ڥͰͷӡ༻ํ๏Ͱ͸͋Γ·ͤ
    Μ͕ɺຊ൪؀ڥ޲͚ͷجૅ஌ࣝͱߟ͍͖͍͑ͯͨͩͨͰ͢

    View Slide

  4. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 4 4
    Container Images

    View Slide

  5. © Copyright 2020 Rancher Labs. All Rights Reserved. 5
    Container Image
    Application Code Application Dependencies
    Container Image

    View Slide

  6. © Copyright 2020 Rancher Labs. All Rights Reserved. 6
    Container Image

    View Slide

  7. © Copyright 2020 Rancher Labs. All Rights Reserved. 7
    Container Image

    View Slide

  8. © Copyright 2020 Rancher Labs. All Rights Reserved. 8
    Container Image
    Container Image
    Container
    Container
    Container

    View Slide

  9. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 9 9
    Containers

    View Slide

  10. © Copyright 2020 Rancher Labs. All Rights Reserved. 10
    Containers
    l
    ΠϝʔδΛݩʹ࡞੒͞ΕΔԾ૝؀ڥͷ࣮ߦ෦෼ʢinstanceʣ
    l
    ϙʔλϏϦςΟr ΠϝʔδΛ̍ճϏϧυ͢Ε͹ɺͲ͜Ͱ΋ಉ࣮͘͡ߦͰ͖Δ
    l
    ΞϓϦέʔγϣϯΛɺܰྔͳִ཭͞Εͨ؀ڥʹ࣮ߦͰ͖Δ
    l
    ΞϓϦέʔγϣϯͷΠϯελϯεΛਫฏํ޲ʹ؆୯ʹεέʔϦϯάͰ͖Δ

    View Slide

  11. © Copyright 2020 Rancher Labs. All Rights Reserved. 11
    Containers
    Source : https://www.docker.com/resources/what-container

    View Slide

  12. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 12 12
    Registries

    View Slide

  13. © Copyright 2020 Rancher Labs. All Rights Reserved. 13
    Registries

    View Slide

  14. © Copyright 2020 Rancher Labs. All Rights Reserved. 14
    Registries
    l
    ΠϝʔδΛ֨ೲ͢ΔͨΊͷ৔ॴ
    l
    Public
    l
    Private
    l
    ੡඼ྫ
    l
    Amazon Elastic Container Registry
    l
    Azure Container Registry
    l
    Docker Hub
    l
    Ұ෦ͷ੡඼͸ػೳ֦ு΋͍ͯ͠Δ
    l
    Vulnerability scanning
    l
    LDAP / AD Support
    l
    Auditing
    l
    Replication
    l
    etc

    View Slide

  15. © Copyright 2020 Rancher Labs. All Rights Reserved. 15
    Containers are great……..but
    Managing a couple – no problem

    View Slide

  16. © Copyright 2020 Rancher Labs. All Rights Reserved. 16
    Containers are great……..but
    How about managing many? How do we address:
    Networking, Security, Scheduling, Automation, etc?

    View Slide

  17. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 17 17
    K8s – Container Orchestration

    View Slide

  18. © Copyright 2020 Rancher Labs. All Rights Reserved. 18
    Kubernetes
    l
    Kubernetes͸ɺίϯςφԽ͞ΕͨϫʔΫϩʔυ΍αʔϏεΛ؅ཧ͢ΔͨΊͷɺ
    ϙʔλϒϧͰ֦ுੑͷ͋ΔΦʔϓϯιʔεϓϥοτϗʔϜͰ͢
    l
    Kubernetes͸ɺYAMLܗࣜ΍JSONܗࣜͰهड़ͨ͠એݴతͳίʔυʢظ଴ͳঢ়
    ଶʣʹΑͬͯɺσϓϩΠ͢Δίϯςφ΍पลϦιʔεΛ؅ཧ͠·͢

    View Slide

  19. © Copyright 2020 Rancher Labs. All Rights Reserved. 19
    Kubernetes Architecture
    l
    ControlplaneΫϥε
    λʔ؅ཧػೳɺ"1*Πϯ
    λϑΣʔεΛఏڙ
    l
    Etcd: ΩʔόϦϡʔετ
    ΞͰɺKubernetesͷશͯ
    ͷΫϥελʔ৘ใͷอଘ
    ৔ॴ
    l
    Worker: ίϯςφʢϫʔ
    Ϋϩʔυʣ͕࣮ࡍʹσϓ
    ϩΠ͞ΕΔϚγϯ
    API / CLI

    View Slide

  20. © Copyright 2020 Rancher Labs. All Rights Reserved. 20
    Kubernetes Resources - Pod
    l
    ϫʔΫϩʔυͷ࠷খ୯Ґ
    l
    αʔόʔԾ૝Խʹ͓͍ͯɺhypervisor্ͷ1ͭͷ
    VM૬౰ͷײ͡
    l
    1ͭҎ্ͷίϯςφΛؚΉ
    l
    ԼهϦιʔε΋ؚΉ:
    l
    Storage (ie shared volumes)
    l
    Networking
    l
    1ͭͷϊʔυׂ͕Γ౰ͯΒΕ͍ͯΔ

    View Slide

  21. © Copyright 2020 Rancher Labs. All Rights Reserved. 21
    Kubernetes Resources - Deployment
    l
    ෳ਺ͷಉ͡ Pod Λ؅ཧ͢ΔͨΊͷϦιʔε
    l
    ෳ਺ͷಉ͡ 1PEΛάϧʔϓͰ؅ཧ
    l
    Updating
    l
    Scaling
    l
    Rollback
    l
    ݱࡏͷঢ়ଶΛࢦఆ͞Εͨঢ়ଶ΁มߋ

    View Slide

  22. © Copyright 2020 Rancher Labs. All Rights Reserved. 22
    Kubernetes – Declarative Syntax

    View Slide

  23. © Copyright 2020 Rancher Labs. All Rights Reserved. 23
    Kubernetes Resources - Service
    l
    Pod͸ඞͣ͠΋Ӭଓੑ͕ߴ͍΋ͷͰ͸ͳ͍
    l
    Podʹ௚઀ΞΫηε͠ͳ͍Ͱʂ
    l
    Podsͷू߹Ͱ࣮ߦ͞Ε͍ͯΔΞϓϦέʔγϣϯΛ
    ωοτϫʔΫαʔϏεͱͯ͠ެ։͢Δந৅తͳํ๏
    l
    Podͷηοτʹର͢Δ୯ҰͷIP/DNS໊Λఏڙ
    l
    Services͸಺෦ΞΫηε޲͚(ClusterIP)ͱ ֎෦ΞΫη
    ε޲͚(NodePort & Loadbalancer)ͷ2छྨ

    View Slide

  24. © Copyright 2020 Rancher Labs. All Rights Reserved. 24
    Kubernetes Resources - Service
    10.42.0.4 10.42.0.5 10.42.0.6
    Endpoints:
    10.42.0.4
    10.42.0.5
    10.42.0.6
    Type : LoadBalancer
    10.42.0.7
    Endpoints:
    10.42.0.4
    10.42.0.5
    10.42.0.7

    View Slide

  25. © Copyright 2020 Rancher Labs. All Rights Reserved. 25
    Kubernetes Resources - Ingress
    l
    Ϋϥελʔ಺ͷServiceʹର͢Δ֎෦͔ΒͷΞΫηεΛ
    ؅ཧ
    l
    ओʹHTTP
    l
    Serviceʹରͯ͠ɺ֎෦͔ΒΞΫηεͳՄೳURLΛఏڙ
    l
    ෛՙ෼ࢄ(Load Balance traffic) ͷػೳΛఏڙ
    l
    SSLऴ୺(Terminate) ͷػೳΛఏڙ
    l
    ໊લϕʔεͷԾ૝ϗεςΟϯάͷػೳΛఏڙ

    View Slide

  26. © Copyright 2020 Rancher Labs. All Rights Reserved. 26
    Kubernetes Resources - Ingress
    Kubernetes Cluster
    /bar
    /foo
    ServiceA ServiceB
    foo.bar.com/bar
    foo.bar.com/foo

    View Slide

  27. © Copyright 2020 Rancher Labs. All Rights Reserved. 27
    Kubernetes
    KubernetesΤίγεςϜ͕ɺ๲େͳ΋ͷͰ͢ - https://landscape.cncf.io
    (These are just the
    Storage projects)

    View Slide

  28. © Copyright 2020 Rancher Labs. All Rights Reserved. 28
    RancherがKubernetesにもたらすもの
    28
    Network & Storage
    Registry
    App Catalog
    Monitoring
    Kubernetes
    Container Runtime
    CI/CD
    Service Mesh
    Logging
    Security RBAC & PSP
    Authentication
    What Rancher takes an SLA on
    Manage all this? … or this?
    Rancher Certified Integrations
    Cloud
    Datacenter
    Dev Branch Edge
    Google
    GKE
    Azure
    AKS
    Amazon
    EKS

    View Slide

  29. © Copyright 2020 Rancher Labs. All Rights Reserved. 29
    29
    What is RKE
    RKE͸ɺΫϥ΢υɺΦϯϓϨϛεɺٴͼϩʔΧϧ؀ڥʹkubernetesΫϥελ
    Λ؆୯ʹσϓϩΠͰ͖ΔCLIπʔϧͰ͢ɻ

    View Slide

  30. © Copyright 2020 Rancher Labs. All Rights Reserved. 30
    30
    What is RKE
    ಛ௃
    • ର৅ϊʔυʹ44)઀ଓͯ͠ϓϩϏδϣχϯάΛ࣮ࢪ
    • LVCFSOFUFTͷ֤छίϯϙʔωϯτ FUDE΍BQJTFSWFSͳ
    Ͳ
    Λίϯςφͱͯ͠ىಈ
    • )"ͳΫϥελΛߏஙՄೳ

    View Slide

  31. © Copyright 2020 Rancher Labs. All Rights Reserved. 31
    31
    What is RKE
    ࢖͍ํ
    • ࣄલʹΫϥελʔ༻ͷϊʔυΛ༻ҙ
    • SLFఆٛϑΝΠϧΛ࡞੒
    • SLF VQ࣮ߦͰΫϥελʔߏங

    View Slide

  32. © Copyright 2020 Rancher Labs. All Rights Reserved. 32
    32
    What is RKE

    View Slide

  33. © Copyright 2020 Rancher Labs. All Rights Reserved. 33
    Lab環境(HobbyFarm)説明
    l
    https://learn.eu1.hobbyfarm.io/login ΁ΞΫηε
    l
    [e-mail] ɺ [Access Code]ɺٴͼ[password] ͰϢʔβʔΛొ࿥
    l
    Access Code:

    View Slide

  34. © Copyright 2020 Rancher Labs. All Rights Reserved. 34
    Lab環境(HobbyFarm)説明
    l
    [e-mail] ɺ [password] ͰϩάΠϯ

    View Slide

  35. © Copyright 2020 Rancher Labs. All Rights Reserved. 35
    Lab環境(HobbyFarm)説明
    l
    [Start Scenario] Ͱ։࢝

    View Slide

  36. © Copyright 2020 Rancher Labs. All Rights Reserved. 36
    Lab環境(HobbyFarm)説明
    l
    [Start Scenario] Ͱ։࢝

    View Slide

  37. © Copyright 2020 Rancher Labs. All Rights Reserved. 37
    Lab環境(HobbyFarm)説明
    l
    ؀ڥߏ੒
    αʔόʔɿrancher01 αʔόʔɿcluster01

    View Slide

  38. © Copyright 2019 Rancher Labs. All Rights Reserved. Confidential 38
    © Copyright 2020 Rancher Labs. All Rights Reserved. 38
    Intermission

    View Slide

  39. © Copyright 2020 Rancher Labs. All Rights Reserved. 39
    • CNCF認証付きのK8sクラスター上に
    Rancherをインストールできるよう
    になった
    • より充実したユーザーインターフェ
    イスを提供
    Installable On Any Cluster

    View Slide

  40. © Copyright 2020 Rancher Labs. All Rights Reserved. 40
    New Dashboard
    Cluster Manager Cluster Explorer

    View Slide

  41. © Copyright 2020 Rancher Labs. All Rights Reserved. 41
    • Prometheus Operatorをベースとしたモ
    ニタリングのソリューション
    • カスタムメトリックの収集、アラーム
    ルールなどは、CRs(Custom Resources)
    により簡単に定義できる
    • 全てのモニタリング定義が、CRsのyaml
    で定義出来る為、GitOpsベースのワーク
    フローを簡単に構築できる
    Rancher Monitoring v2

    View Slide

  42. © Copyright 2020 Rancher Labs. All Rights Reserved. 42
    Rancher Continuous Delivery
    • Rancher FleetをベースとしたGitOpsのソ
    リューション
    • Gitリポジトリから複数のクラスタにアプリ
    ケーションと構成設定をデプロイ可能
    • シングルクラスターだけではなく、マルチク
    ラスターにも対応
    • アプリケーションや構成設定は、Kubernetes
    YAML,Helm,Kustomizeというフォーマットを
    対応

    View Slide

  43. © Copyright 2020 Rancher Labs. All Rights Reserved. 43
    • Banzai Logging Operatorをベースとした
    ロギングパイプラインのソリューション
    • 軽量のFluentBitがログ収集で、Fluentdが
    ログフィルタリングで、CRs(Custom
    Resources)によりロギングパイプライン
    を簡単に定義できる
    • 全てのロギングパイプライン定義が、
    CRsのyamlで定義出来る為、GitOpsベー
    スのワークフローを簡単に構築可能
    Rancher Logging v2

    View Slide

  44. © Copyright 2020 Rancher Labs. All Rights Reserved. 44
    Rancher Logging v2
    引⽤︓https://github.com/banzaicloud/logging-operator

    View Slide

  45. © Copyright 2020 Rancher Labs. All Rights Reserved. 45
    • AWS-nativeのEKS管理より、もっとよ
    いユーザーエクスペリエンスを提供
    • Import, provision, upgrade, configure,
    observe, secureなどの操作をRancher
    単独で実行可能
    EKSクラスターのフルマネジメント
    Lifecycle Management EKS with Rancher 2.5 EKS Only
    Configure & Provision
    Rancher GUI/API経由でクラスター
    構築とインポート
    AWS Console; 3rd party
    tools
    Manage
    インフラレイアの設定機能を増強 AWS Console
    K8sの全てのリソースをCluster
    Exploerから参照
    Kubectl; 3rd party tools
    Monitoring v2 [Prometheus]機能
    Logging v2 [Fluentbit / Fluentd] 機能
    手動で導入
    Istio 1.7 手動で導入
    Secure
    RBAC Policyをロールで一元管理
    ユーザー認証の一元管理
    CIS Scan
    OPA Gatekeeper
    Kubernetes native
    Upgrades
    Rancher GUI/API経由でクラスター
    アップグレード
    AWS Console; 3rd party
    tools
    Apps
    Rancher Certified packages
    Custom Rancher Catalogs
    Helm
    Kubectl
    Helm; Kubectl

    View Slide

  46. © Copyright 2020 Rancher Labs. All Rights Reserved. 46
    その他
    • CentOS/RHEL 8, SLES 15 SP2 (v2.5.2+)
    • CIS Scan機能増強
    • Istio 1.17
    • K8s 1.19
    • RKE Government(RKE2)
    • Rancherd – 新しいRancherインストール方式
    …etc

    View Slide

  47. © Copyright 2020 Rancher Labs. All Rights Reserved. 47
    • RKE2 –ηΩϡϦςΟཁ͕݅ݫ͍͠੓෎ͳͲ
    ͷެڞػؔ޲͚ͷK8sσΟετϦϏϡʔγϣ
    ϯ
    • FIPS-enabled
    • SELinux Support
    • CIS Benchmark Certification
    • Container-dΛσϑΥϧτͷϥϯλΠϜͱ͠
    ͯ࢖༻
    • ΦϑϥΠϯ(AirGap)ͷΠϯετʔϧΛα
    ϙʔτ
    RKE Government(RKE2)
    2

    View Slide

  48. © Copyright 2020 Rancher Labs. All Rights Reserved. 48
    --- Dockerfile (master)
    +++ Dockerfile (boringcrypto)
    # Start with an official image
    -FROM golang:1.13.4
    +FROM goboring/golang:1.13.4b4
    RKE2 FIPS-enabled
    • ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴʢNISTʣ͸ɺถࠃ࿈๜੓෎ػؔ޲͚ͷ҉߸Ϟδϡʔϧͷཁ
    ݅Λنఆ͢ΔηΩϡϦςΟඪ४ͱͯ͠ɺ࿈๜৘ใॲཧඪ४ʢFIPSʣύϒϦέʔγϣϯ
    140-2 Λ࡞੒
    • ੓෎ػؔ΍ۚ༥ػؔ͸ɺ͜ΕΒͷن֨Λج४ʹ͢Δ͜ͱͰɺ໌ه͞ΕͨηΩϡϦςΟʔཁ
    ݅ʹ੡඼͕४ڌ͍ͯ͠Δ͜ͱΛ֬ೝ͍ͯ͠·͢ɻ
    • RKE2͸ɺ FIPS140-2ͷج४Λຬͨ͢Α͏ʹɺK8sͷίϯϙʔωϯτΛGoboring libraryͰɺ
    ίϯύΠϧͨ͠σΟετϦϏϡʔγϣϯ

    View Slide

  49. © Copyright 2020 Rancher Labs. All Rights Reserved. 49
    今後のロードマップ

    View Slide

  50. © Copyright 2020 Rancher Labs. All Rights Reserved. 50
    ロードマップ
    • Cluster Explorerの機能増強:クラスタープロビジョニング、認証設定など
    • AKSとGKEΫϥελʔͷϑϧϚωδϝϯτ
    • GitOpsベースのワークフローで、Rancher自体の設定変更
    …etc

    View Slide