Starting Google Kubernetes Engine 2019

いまからはじめる Google Kubernetes Engine 2019 GDG Tokyo New Year Party
2019 2019. 01. 30 @sakajunquality

About me - ID: @sakajunquality - Jun Sakata - Google
Developers Expert, GCP - SWE, Infrastructure at Ubie Inc. - #GKE #CloudBuild #BigQuery - #Camera #Coffee

Agenda - What’s Kubernetes? - Why GKE? - GKE Ecosystems
- GKE Updates - How to Start ??

Topics that are not covered today - Why GCP? -
Why not GAE? - Why container? - What’s Docker? - What’s Service Mesh? - What’s Envoy?

What’s Kubernetes? from Borg to Kubernetes

What’s Kubernetes? - Container Platform based on Google’s Borg -
Borg has supported Google’s service over 12 years - Orchestrates computing, networking, and storage infrastructure - Microservices Platform - OSS written in Go - Borg is written in C++ - “Graduated” CNCF project - Crossed the Chasm

Kubernetes Managed Services - GKE (Google Kubernetes Engine) - EKS
(Amazon Elastic Kubernetes Service) - IKS (IBM Cloud Kubernetes Service) - AKS (Azure Kubernetes Service) - Oracle Container Engine for Kubernetes - DigitalOcean Kubernetes - etc...

Kubernetes Managed Services - GKE (Google Kubernetes Engine) - EKS
(Amazon Elastic Kubernetes Service) - IKS (IBM Cloud Kubernetes Service) - AKS (Azure Kubernetes Service) - Oracle Container Engine for Kubernetes - DigitalOcean Kubernetes - etc... Too Many Kubernetes Services

Why GKE? Fully Managed Kubernetes

Why GKE? Because… - Already Using GCP - Kubernetes is
Hard - GCP Specific Features

Already Using GCP?

Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes
Engine

Engine Not Flexible * * in terms of supported containers

Engine Not Flexible * Not Reliable ** * in terms of supported containers ** in terms of redundancy

Google Kubernetes Engine “Kubernetes” Flexible and Reliable Kubernetes Engine

Kubernetes is hard

Kelsey Hightower says “This guide is not for people looking
for a fully automated command to bring up a Kubernetes cluster. If that's you then check out Google Kubernetes Engine”

Kubernetes is Hard Kubernetes itself is hard to build, maintain,
and manage e.g. - Bootstrapping - High Availability - Version Updates - etc.

GKE is Fully Managed Kubernetes - Both control plane and
worker node are managed - Regional or zonal availability - Auto-Repair / Auto-Update - VPC Native

GCP specific features

GCP specific features (will be covered in the later sections)

GKE Ecosystems GCP’s products

GKE Ecosystems - Networking - CI/CD - Monitoring - Integrations

Networking

GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN

GKE Ecosystems: Networking Cloud Load Balancing - L4/L7 Load Balancer
- High Performance - Low Latency - Single Anycast IP - QUIC supports

GKE Ecosystems: Networking Cloud Armor - L3-L7 custom rule-based defence
- e.g. SQL Injection - IP/Geo-based access control

GKE Ecosystems: Networking Cloud CDN - Global CDN - High
Performance - Low Latency - Single Anycast IP

GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN
All those resources can be created with Kubernetes’ Ingress resource

GKE Ecosystems: CI/CD Cloud Build Container Registry Cloud Source Repositories

GKE Ecosystems: CI/CD Cloud Build - Fully-managed CI - 120
min free tiers per Day - Native Docker Support - Custom Builders - https://github.com/GoogleCloudPlatform /cloud-builders - https://github.com/GoogleCloudPlatform /cloud-builders-community

GKE Ecosystems: CI/CD Container Registry - Docker Registry - Private
/ Public - Vulnerability Scanning

GKE Ecosystems: CI/CD Cloud Source Repositories - Private Git Repository
- Strong Search w/ New UI - Mirror from GitHub

GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines Application
Source Code Container Image Container Runtime

GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines and
GCP Products Application Source Code Container Image Container Runtime Cloud Source Repositories Github Container Registry Kubernetes Engine

GKE Ecosystems: CI/CD More Kubernetes Specific: Simple GitOps from GitOps-style
continuous delivery with Cloud Build https://cloud.google.com/kubernetes-engine/docs/tutorials/gitops-cloud-build?hl=en

Monitoring

GKE Ecosystems: Monitoring Stackdriver Monitoring Logging

GKE Ecosystems: Monitoring Stackdriver Monitoring - Full-Stack Monitoring Suite -
New Features - New Kubernetes Dashboard - Istio Integration - Prometheus Integration

GKE Ecosystems: Monitoring Stackdriver Logging - Full-managed Log platform -
GKE has pre-installed fluentd - Collects Stdout/Stderr of containers - Parse JSON to structured log

Integrations

GKE Ecosystems: Integrations Cloud Pub/Sub Cloud Functions Cloud IAP e.g.
Notifications GSuite-based Access Control

GKE Updates GKE-Related GCP Updates

GKE Updates - Private Cluster + Cloud NAT - NEG
/ Container-native Load Balancing - Node Auto-Provisioning - Binary Authorization - Istio - Stackdriver New Kubernetes Dashboard and more...

GKE Updates: Private Cluster + Cloud Nat GKE Private Cluster:
Nodes with private IP addresses only Cloud Nat: Managed Nat-Gateway => Securing Node Instances => Limiting GKE’s source IP

GKE Updates: NEG / Container-Native Load Balancing Using Network Endpoint
Group, traffic goes LB to pods w/o iptables => Enhancement in performance Image from https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing?hl=en

Cluster autoscaler can create and delete new node pools =>
More flexible and cost-effective workloads e.g. GPU Nodes for temporary jobs GKE Updates: Node Auto-Provisioning Submit Heavy Jobs Provision Node-Pool w/ GPU Destroy Node-Pool w/ GPU

GKE Updates: Binary Authorization - Ensures that only trusted images
are deployed to GKE - Manage policy for “what to trust” => Enhance security GKE Cluster Create/Edit Form

Binary Authorization Policy Example

GKE Updates: Istio - add-on for GKE for Istio service
mesh - one click deploy - Can be enabled for existing clusters => Easier(?) management of Istio (Prometheus has the Stackdriver sidecar) Logo from: https://istio.io/about/media-resources/ GKE Cluster Create/Edit Form

Stackdriver New Kubernetes Dashboard - New Integrated Kubernetes Dashboard -
Some issues though… - https://issuetracker.google.com/issues/118553726

Stackdriver New Kubernetes Dashboard GKE Cluster Create/Edit Form

Updates in Kubernetes

CHANGELOG https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md 1.14 is coming... Kubernetes Updates

Official Release Notes (in English) https://cloud.google.com/kubernetes-engine/release-notes - Check new features
- Check bug fixes GKE Updates

Official Issue Tracker https://issuetracker.google.com/savedsearches/559746 - Check Bugs - Check Feature
Requests Other Products: https://cloud.google.com/support/docs/issue-trackers?hl=en GKE Issues

Promising update in the future https://github.com/aws/containers-roadmap/issues/23 EKS IAM Roles for
Pods => maybe available in GKE too in the future (hopefully) => no more service account json management?

How to start ?? Let’s start!

$ gcloud container clusters create my-cluster

$ gcloud container clusters create my-cluster Too easy to understand
?

Too difficult to understand !

How to start ?? - Books - Hands-on - Online
materials

Books https://www.amazon.co.jp/dp/B07GP1Q3VT/ https://www.amazon.co.jp/dp/B0721JNVGT/

Books https://www.amazon.co.jp/dp/B07HFS7TDT/

Hands-on - Quick Start - https://cloud.google.com/kubernetes-engine/docs/quickstart?hl=en - Qwiklabs - https://www.qwiklabs.com/quests/29?locale=en
- Coursera - https://www.coursera.org/learn/google-kubernetes-engine - sakajunquality’s hands-on - https://github.com/sakajunquality/gke-getting-started

https://developers-jp.googleblog.com/2019/01/cloud-study-jams-2.html

Online Materials - GKE Document - https://cloud.google.com/kubernetes-engine/docs/?hl=en - Kubernetes Documentation
- https://kubernetes.io/docs/home/ - YouTube - Search “KubeCon”

Takeaways

Takeaways - Kubernetes is a container platform based on Google’s
experience. - GKE is the best way to run containers in GCP. - GCP’s services work well with GKE. - More and more features are coming. - You can start today!

One more thing... Maybe more updates in April https://cloud.withgoogle.com/next18/sf

Thank you @sakajunquality

Appendix - Large-scale cluster management at Google with Borg -
https://ai.google/research/pubs/pub43438 - What is Kubernetes? - Kubernetes - https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/ - CNCF Projects - https://www.cncf.io/projects/ - Using container-native load balancing - https://cloud.google.com/kubernetes-engine/docs/how-to/container-nati ve-load-balancing?hl=en - Using node auto-provisioning - https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-prov isioning?hl=en

Appendix (2) - Example GKE Setup - Cloud Nat -
https://cloud.google.com/nat/docs/gke-example - Setting up a private cluster - https://cloud.google.com/kubernetes-engine/docs/how-to/private-cluste rs - Binary Authorization - https://cloud.google.com/binary-authorization/docs/ - Istio on GKE - https://cloud.google.com/istio/docs/istio-on-gke/overview - Istio - https://istio.io/

Appendix (3) - Kubernetes Logos - https://github.com/kubernetes/kubernetes/tree/master/logo - GCP Icons
- https://cloud.google.com/icons/?hl=en - CNCF Artworks - https://github.com/cncf/artwork - Kubernetes The Hard Way - https://github.com/kelseyhightower/kubernetes-the-hard-way

Starting Google Kubernetes Engine 2019

Starting Google Kubernetes Engine 2019

More Decks by sakajunquality

Other Decks in Technology

Featured

Transcript