Save 37% off PRO during our Black Friday Sale! »

Starting Google Kubernetes Engine 2019

Starting Google Kubernetes Engine 2019

GDG Tokyo New Year Party 2019
2019. 01. 28
@sakajunquality

923237754890d536819892ad42451555?s=128

sakajunquality

January 30, 2019
Tweet

Transcript

  1. いまからはじめる Google Kubernetes Engine 2019 GDG Tokyo New Year Party

    2019 2019. 01. 30 @sakajunquality
  2. About me - ID: @sakajunquality - Jun Sakata - Google

    Developers Expert, GCP - SWE, Infrastructure at Ubie Inc. - #GKE #CloudBuild #BigQuery - #Camera #Coffee
  3. Agenda - What’s Kubernetes? - Why GKE? - GKE Ecosystems

    - GKE Updates - How to Start ??
  4. Topics that are not covered today - Why GCP? -

    Why not GAE? - Why container? - What’s Docker? - What’s Service Mesh? - What’s Envoy?
  5. Topics that are not covered today - Why GCP? -

    Why not GAE? - Why container? - What’s Docker? - What’s Service Mesh? - What’s Envoy?
  6. What’s Kubernetes? from Borg to Kubernetes

  7. What’s Kubernetes? - Container Platform based on Google’s Borg -

    Borg has supported Google’s service over 12 years - Orchestrates computing, networking, and storage infrastructure - Microservices Platform - OSS written in Go - Borg is written in C++ - “Graduated” CNCF project - Crossed the Chasm
  8. Kubernetes Managed Services - GKE (Google Kubernetes Engine) - EKS

    (Amazon Elastic Kubernetes Service) - IKS (IBM Cloud Kubernetes Service) - AKS (Azure Kubernetes Service) - Oracle Container Engine for Kubernetes - DigitalOcean Kubernetes - etc...
  9. Kubernetes Managed Services - GKE (Google Kubernetes Engine) - EKS

    (Amazon Elastic Kubernetes Service) - IKS (IBM Cloud Kubernetes Service) - AKS (Azure Kubernetes Service) - Oracle Container Engine for Kubernetes - DigitalOcean Kubernetes - etc... Too Many Kubernetes Services
  10. Why GKE? Fully Managed Kubernetes

  11. Why GKE? Because… - Already Using GCP - Kubernetes is

    Hard - GCP Specific Features
  12. Already Using GCP?

  13. Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes

    Engine
  14. Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes

    Engine Not Flexible * * in terms of supported containers
  15. Container Runtime Environment in GCP AppEngine (Flexible) Compute Engine Kubernetes

    Engine Not Flexible * Not Reliable ** * in terms of supported containers ** in terms of redundancy
  16. Google Kubernetes Engine “Kubernetes” Flexible and Reliable Kubernetes Engine

  17. Kubernetes is hard

  18. None
  19. Kelsey Hightower says “This guide is not for people looking

    for a fully automated command to bring up a Kubernetes cluster. If that's you then check out Google Kubernetes Engine”
  20. Kubernetes is Hard Kubernetes itself is hard to build, maintain,

    and manage e.g. - Bootstrapping - High Availability - Version Updates - etc.
  21. GKE is Fully Managed Kubernetes - Both control plane and

    worker node are managed - Regional or zonal availability - Auto-Repair / Auto-Update - VPC Native
  22. GCP specific features

  23. GCP specific features (will be covered in the later sections)

  24. GKE Ecosystems GCP’s products

  25. GKE Ecosystems - Networking - CI/CD - Monitoring - Integrations

  26. Networking

  27. GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN

  28. GKE Ecosystems: Networking Cloud Load Balancing - L4/L7 Load Balancer

    - High Performance - Low Latency - Single Anycast IP - QUIC supports
  29. GKE Ecosystems: Networking Cloud Armor - L3-L7 custom rule-based defence

    - e.g. SQL Injection - IP/Geo-based access control
  30. GKE Ecosystems: Networking Cloud CDN - Global CDN - High

    Performance - Low Latency - Single Anycast IP
  31. GKE Ecosystems: Networking Cloud Armor Cloud Load Balancing Cloud CDN

    All those resources can be created with Kubernetes’ Ingress resource
  32. CI/CD

  33. GKE Ecosystems: CI/CD Cloud Build Container Registry Cloud Source Repositories

  34. GKE Ecosystems: CI/CD Cloud Build - Fully-managed CI - 120

    min free tiers per Day - Native Docker Support - Custom Builders - https://github.com/GoogleCloudPlatform /cloud-builders - https://github.com/GoogleCloudPlatform /cloud-builders-community
  35. GKE Ecosystems: CI/CD Container Registry - Docker Registry - Private

    / Public - Vulnerability Scanning
  36. GKE Ecosystems: CI/CD Cloud Source Repositories - Private Git Repository

    - Strong Search w/ New UI - Mirror from GitHub
  37. GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines Application

    Source Code Container Image Container Runtime
  38. GKE Ecosystems: CI/CD General Container Build and Deploy Pipelines and

    GCP Products Application Source Code Container Image Container Runtime Cloud Source Repositories Github Container Registry Kubernetes Engine
  39. GKE Ecosystems: CI/CD More Kubernetes Specific: Simple GitOps from GitOps-style

    continuous delivery with Cloud Build https://cloud.google.com/kubernetes-engine/docs/tutorials/gitops-cloud-build?hl=en
  40. Monitoring

  41. GKE Ecosystems: Monitoring Stackdriver Monitoring Logging

  42. GKE Ecosystems: Monitoring Stackdriver Monitoring - Full-Stack Monitoring Suite -

    New Features - New Kubernetes Dashboard - Istio Integration - Prometheus Integration
  43. GKE Ecosystems: Monitoring Stackdriver Logging - Full-managed Log platform -

    GKE has pre-installed fluentd - Collects Stdout/Stderr of containers - Parse JSON to structured log
  44. Integrations

  45. GKE Ecosystems: Integrations Cloud Pub/Sub Cloud Functions Cloud IAP e.g.

    Notifications GSuite-based Access Control
  46. GKE Updates GKE-Related GCP Updates

  47. GKE Updates - Private Cluster + Cloud NAT - NEG

    / Container-native Load Balancing - Node Auto-Provisioning - Binary Authorization - Istio - Stackdriver New Kubernetes Dashboard and more...
  48. GKE Updates: Private Cluster + Cloud Nat GKE Private Cluster:

    Nodes with private IP addresses only Cloud Nat: Managed Nat-Gateway => Securing Node Instances => Limiting GKE’s source IP
  49. GKE Updates: NEG / Container-Native Load Balancing Using Network Endpoint

    Group, traffic goes LB to pods w/o iptables => Enhancement in performance Image from https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing?hl=en
  50. Cluster autoscaler can create and delete new node pools =>

    More flexible and cost-effective workloads e.g. GPU Nodes for temporary jobs GKE Updates: Node Auto-Provisioning Submit Heavy Jobs Provision Node-Pool w/ GPU Destroy Node-Pool w/ GPU
  51. GKE Updates: Binary Authorization - Ensures that only trusted images

    are deployed to GKE - Manage policy for “what to trust” => Enhance security GKE Cluster Create/Edit Form
  52. Binary Authorization Policy Example

  53. GKE Updates: Istio - add-on for GKE for Istio service

    mesh - one click deploy - Can be enabled for existing clusters => Easier(?) management of Istio (Prometheus has the Stackdriver sidecar) Logo from: https://istio.io/about/media-resources/ GKE Cluster Create/Edit Form
  54. Stackdriver New Kubernetes Dashboard - New Integrated Kubernetes Dashboard -

    Some issues though… - https://issuetracker.google.com/issues/118553726
  55. Stackdriver New Kubernetes Dashboard GKE Cluster Create/Edit Form

  56. Updates in Kubernetes

  57. CHANGELOG https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md 1.14 is coming... Kubernetes Updates

  58. Official Release Notes (in English) https://cloud.google.com/kubernetes-engine/release-notes - Check new features

    - Check bug fixes GKE Updates
  59. Official Issue Tracker https://issuetracker.google.com/savedsearches/559746 - Check Bugs - Check Feature

    Requests Other Products: https://cloud.google.com/support/docs/issue-trackers?hl=en GKE Issues
  60. Promising update in the future https://github.com/aws/containers-roadmap/issues/23 EKS IAM Roles for

    Pods => maybe available in GKE too in the future (hopefully) => no more service account json management?
  61. How to start ?? Let’s start!

  62. $ gcloud container clusters create my-cluster

  63. $ gcloud container clusters create my-cluster Too easy to understand

    ?
  64. None
  65. Too difficult to understand !

  66. How to start ?? - Books - Hands-on - Online

    materials
  67. Books https://www.amazon.co.jp/dp/B07GP1Q3VT/ https://www.amazon.co.jp/dp/B0721JNVGT/

  68. Books https://www.amazon.co.jp/dp/B07HFS7TDT/

  69. Hands-on - Quick Start - https://cloud.google.com/kubernetes-engine/docs/quickstart?hl=en - Qwiklabs - https://www.qwiklabs.com/quests/29?locale=en

    - Coursera - https://www.coursera.org/learn/google-kubernetes-engine - sakajunquality’s hands-on - https://github.com/sakajunquality/gke-getting-started
  70. https://developers-jp.googleblog.com/2019/01/cloud-study-jams-2.html

  71. Online Materials - GKE Document - https://cloud.google.com/kubernetes-engine/docs/?hl=en - Kubernetes Documentation

    - https://kubernetes.io/docs/home/ - YouTube - Search “KubeCon”
  72. Takeaways

  73. Takeaways - Kubernetes is a container platform based on Google’s

    experience. - GKE is the best way to run containers in GCP. - GCP’s services work well with GKE. - More and more features are coming. - You can start today!
  74. One more thing... Maybe more updates in April https://cloud.withgoogle.com/next18/sf

  75. Thank you @sakajunquality

  76. Appendix - Large-scale cluster management at Google with Borg -

    https://ai.google/research/pubs/pub43438 - What is Kubernetes? - Kubernetes - https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/ - CNCF Projects - https://www.cncf.io/projects/ - Using container-native load balancing - https://cloud.google.com/kubernetes-engine/docs/how-to/container-nati ve-load-balancing?hl=en - Using node auto-provisioning - https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-prov isioning?hl=en
  77. Appendix (2) - Example GKE Setup - Cloud Nat -

    https://cloud.google.com/nat/docs/gke-example - Setting up a private cluster - https://cloud.google.com/kubernetes-engine/docs/how-to/private-cluste rs - Binary Authorization - https://cloud.google.com/binary-authorization/docs/ - Istio on GKE - https://cloud.google.com/istio/docs/istio-on-gke/overview - Istio - https://istio.io/
  78. Appendix (3) - Kubernetes Logos - https://github.com/kubernetes/kubernetes/tree/master/logo - GCP Icons

    - https://cloud.google.com/icons/?hl=en - CNCF Artworks - https://github.com/cncf/artwork - Kubernetes The Hard Way - https://github.com/kelseyhightower/kubernetes-the-hard-way