Kubernetify All The Things

Transcript

1. KUBERNETIFY ALL THE THINGS @STEVESLOKA PghTechFest 2017

2. OVERVIEW ▸ Overview ▸ Background of Kubernetes ▸ k8s concepts

   ▸ Demos ▸ Even More Demo ▸ Lulz throughout

3. SOFTWARE ARCHITECT ABOUT ME GOLANG / OPENSOURCE / KUBERNETES /

   CONTAINERS

4. KUBERNETES ▸ open-source platform for automating deployment, scaling, and operations

   of application containers ▸ Servers 2-N ▸ Open Sourced by Google 2014 ▸ github.com/kubernetes/kubernetes ▸ Written in Go ▸ #GIFEE (Google-like Infrastructure for Everyone Else)

5. GOOGLE EXPERIENCE ‣ Google has been using containers for over

   a decade ‣ 2 BILLON Per Week! (With a “B”) ‣ Everything at Google runs in a container

6. KUBERNETES “HELMSMAN OF A SHIP” ▸ Managing distributed solutions at

   scale, based on years of industry expertise (Google-scale experience) ▸ High availability of the control plane and user workloads (when using pod replication), avoiding most single points of failure ▸ Modular control plane architecture, allowing many peices to be replaced without disrupting workload availability ▸ Persist all of it's internal platform state within an etcd database

7. COMMUNITY KUBERNETES

8. ARCHITECTURE Master: Node(s): ETCD API SERVER CONTROLLER MANAGER KUBELET PROXY

   SCHEDULER CONTAINER ENGINE CADVISOR SOFTWARE DEFINED NETWORK ADDONS

9. PAM WEBO2 DWIGHT DB01 JIM

10. APPLICATION CONTAINERS KUBERNETES CLUSTER OF MACHINES

11. HIGH LEVEL CONCEPTS ▸node ▸pod ▸scheduler ▸labels ▸deployments ▸services

12. ADVANCED ▸run a cluster ▸operators

13. NODE

14. NODE RESPONSIBILITIES 1.Runs containers ‣container engine (docker / rkt) ‣kubelet

    2.Proxies service requests ‣kube-proxy

15. POD

16. PODS REPRESENTS A LOGICAL APPLICATION CONTAINER CONTAINER ‣Shared ‣namespaces ‣volumes

17. POD EXAMPLE: REST API (CONTAINER) LOGGER (CONTAINER) Logs

18. SCHEDULER

19. SCHEDULER ▸assign workloads to nodes ▸best fit chosen based on

    pod requirements ▸allows for over-commit ▸pluggable

20. LABELS

21. LABELS LABELS EXAMPLE: TYPE=FRONTEND
 ENV=PRODUCTION TYPE=FRONTEND
 ENV=STAGING TYPE=BACKEND
 ENV=PRODUCTION ENG=STEVE


    ENV=STAGING

22. LABELS TYPE=FRONTEND TYPE=FRONTEND
 ENV=PRODUCTION TYPE=FRONTEND
 ENV=STAGING TYPE=BACKEND
 ENV=PRODUCTION ENG=STEVE
 ENV=STAGING

23. LABELS ENV=PRODUCTION TYPE=BACKEND
 ENV=PRODUCTION ENG=STEVE
 ENV=STAGING TYPE=FRONTEND
 ENV=PRODUCTION TYPE=FRONTEND
 ENV=STAGING

24. LABELS ENG=STEVE TYPE=FRONTEND
 ENV=PRODUCTION TYPE=FRONTEND
 ENV=STAGING TYPE=BACKEND
 ENV=PRODUCTION ENG=STEVE
 ENV=STAGING

25. DESIRED STATE

26. DESIRED STATE

27. CREATE PODS Desired: Actual: POD POD POD POD POD POD

    ACTION IS TO CREATE 3 PODS ——>

28. DELETE PODS Desired: Actual: POD POD POD POD ACTION IS

    TO DELETE 2 PODS ——>

29. HEALTH CHECK Desired: Actual: POD POD POD POD ACTION IS

    TO CREATE 2 PODS ——> POD POD
30. None

31. DEPLOYMENTS

32. DEPLOYMENTS ▸Pod template ▸Docker image(s) ▸Labels ▸CPU / Memory ▸Replicas

    ▸Volume Mounts ▸Define in JSON || YAML

33. DEPLOYMENT EXAMPLE

34. VOLUMES ▸ emptyDir ▸ hostPath ▸ gcePersistentDisk ▸ awsElasticBlockStore ▸

    nfs ▸ persistentVolumeClaim ▸ flocker ▸ glusterfs ▸ rbd ▸ gitRepo ▸ secret ▸ iscsi

35. SERVICES

36. KUBERNETES SAMPLE NGINX NGINX LOAD BALANCER API API API API

    LOAD BALANCER NGINX DB LOAD BALANCER K8S SERVICE K8S SERVICE K8S SERVICE NGINX.NAMESPACE.SVC.CLUSTER.LOCAL API.NAMESPACE.SVC.CLUSTER.LOCAL DB.NAMESPACE.SVC.CLUSTER.LOCAL

37. KUBERNETES PODS ARE MORTAL. THEY ARE BORN AND THEY DIE,

    AND THEY ARE NOT RESURRECTED.

38. SERVICES SERVICE DISCOVERY FOR PODS ▸proxy runs on each node

    ▸virtual IP per service ▸dns address ▸[serviceName] ▸[serviceName].[namespace] ▸[serviceName].[namespace].svc.cluster.local ▸dynamic “pods” based on label queries ▸pods are auto-injected with environment variables
39. None

40. SERVICES SERVICE TYPES ▸NodePort: Allocated port (range 30000-32767) ▸LoadBalancer: Provision

    loadbalancer on cloud provider ▸External IP’s

41. NAMESPACES

42. NAMESPACES PARTITION RESOURCES ▸A mechanism to partition resources created by

    users into a logically named group ▸Allows for work to be done in isolation ▸Each namespace is given its own: 1.resources (pods, services, replication controllers, etc.) 2.policies (who can or cannot perform actions in their namespace) 3.constraints (this namespace is allowed this much quota, etc.)

43. HEALTH CHECKS

44. HEALTH CHECKS READINESS PROBES ▸Am I ready to take requests?

    ▸Types: ▸Command ▸HTTP ▸TCP

45. HEALTH CHECKS LIVENESS PROBES ▸I was ready, am I still?

    ▸/healthz
46. None

47. RUNNING A CLUSTER

48. RUNNING A CLUSTER MINIKUBE ▸https://github.com/kubernetes/minikube ▸google kubeadm (1st link) ▸Google

    Container Engine (Kubernetes) KUBEADM GKE

49. RUNNING A CLUSTER UPMC ENTERPRISES ▸https://github.com/upmc-enterprises/ kubernetes-on-aws ▸CoreOS ▸NIST Standards

    ▸Bastion Hosts ▸Autoscaling

50. OPERATORS

51. OPERATORS THAT’S ME RIGHT? ▸“An Operator represents human operational knowledge

    in software to reliably manage an application.” 
 ~ CoreOS

52. OPERATORS EXAMPLES ▸etcd 
 (https://github.com/coreos/etcd-operator/) ▸Prometheus 
 (https://github.com/coreos/prometheus-operator) ▸Rook
 (https://github.com/rook/rook)

    ▸Elasticsearch
 (https://github.com/upmc-enterprises/elasticsearch-operator) ▸Kong
 (https://github.com/upmc-enterprises/kong-operator)

53. THANK YOU! @stevesloka github.com/stevesloka github.com/upmc-enterprises enterprises.upmc.com