CoreOS Fest 2017 Recap

,VCFSOFUFT.FFUVQ5PLZP ,B[VLJ4VEBLTVEB![MBCDPKQ!TVQFSCSPUIFST 5PNPZB6TBNJUPVTBNJ![MBCDPKQ!IJZPTJ $PSF04'FTU3FDBQ

8IBUJT$PSF04'FTU Ӝ FUDE $POUBJOFS-JOVY׾Ꟛ涪ׅ׷$PSF04 *ODךؕٝؿ؋ٖٝأ Ӝ ⚺ח$PSF04 *ODָꟚ涪ׅ׷اؿزؐؑ،װꟼ鸬䪮遭ָ䪔׻׸׷ ,VCFSOFUFT FUDE
$POUBJOFS-JOVY 5FDUPOJD FUD $PSF04 *ODה♧筰חؽآطأ׃גְ׷⟰噟ך✲⢽稱➜׮ Ӝ ➙䎃䎃כ ך✳傈꟦؟ٝؿٓٝءأ؝דꟚ⪵ ׍ז׫ח䎃כس؎خكٕٔٝ

https://twitter.com/ibrahim_haouari/status/869959495824404481

https://twitter.com/mies/status/870395605155053569

https://twitter.com/LachlanEvenson/status/870333567653433346

5/30 San Francisco Kubernetes Meetup

'JOFHSBJOFE %FDMBSBUJWF"ENJTTJPO$POUSPMVTJOH8FCIPPLTBOE01" Ӝ "ENJTTJPODPOUSPMMFSח8FCIPPL׾鷄⸇ׅ׷13ך鍑铡הرٌ IUUQTHJUIVCDPNLVCFSOFUFTLVCFSOFUFTQVMM Ӝ 植㖈"ENJTTJPO$POUSPMMFSח⟣䠐ךⳢ椚׾鷄⸇׃׋ֽ׸לծ ,VCFSOFUFT׾ؿؓ٦ؙׅ׷䗳銲ָ֮׷ָծ8FCIPPLז׵㺁僒 ח䭁䓸דֹ׷

https://speakerdeck.com/tksm/kubernetes-falseren-zheng-ren-ke-to-rbac "ENJTTJPO$POUSPMך䗁统

01"0QFO1PMJDZ"HFOU Ӝ ؖغشٝأٗآحؙ׾،فٔ؛٦ءّٝٗآحַؙ׵ⴓꨄ Ӝ هٔء٦׾㹑鎉涸ז鎉铂ד鎸鶢 3FHP Ӝ +40/ת׋כ:".- Ӝ
3&45"1*T Ӝ (P鎉铂ד㹋鄲 ر٦ٌٝծٓ؎ـٓٔծ3&1- Ӝ "QBDIFٓ؎إٝأ Ӝ IUUQXXXPQFOQPMJDZBHFOUPSH

package admission.blacklist reason["must pin image(s) to specific version in
production namespace"] { input.spec.namespace = "production" unpinned_tag } unpinned_tag = true { image_names[name] not re_match(pinned_version_pattern, name) } unpinned_tag = true { image_names[name] endswith(name, ":latest") } image_names[name] { name = input.spec.object.Spec.Template.Spec.Containers[_].Image } image_names[name] { name = input.spec.object.Spec.Containers[_].Image } pinned_version_pattern = ".+:.+"

'JOFHSBJOFE %FDMBSBUJWF"ENJTTJPO$POUSPMVTJOH8FCIPPLTBOE01" Webhook OPA ! 1PMJDZ %BUB +40/

CoreOS Fest 2017 Day1

Ӝ (BCF.POSPZ -FBE1.GPS$POUBJOFSTPO.JDSPTPGU"[VSF Ӝ #VJMEPVUUIFTDBPMEUPTVQQPSUDPOUBJOFSJ[JOHZPVSBQQMJDBUJPO Ӝ %FQMPZBOBQQJOUPZPVSDMVTUFSBOELFFQJUJOTZODXJUIUIFDPEF *OUSPEVDJOH%SBGU $
draft create —-> Python app detected —-> Ready to sail $ draft up —> Building Dockerfile Step 1 : FROM python:onbuild …

Ӝ +PIO8JMLFT1SJODJQBM4PGUXBSF&OHJOFFS (PPHMF Ӝ #PSH 0NFHB BOE,VCFSOFUFT IUUQTSFTFBSDIHPPHMFDPNQVCTQVCIUNM #PSH 0NFHB
BOE,VCFSOFUFTDMVTUFSNBOBHFNFOUBU(PPHMF

Ӝ %BO8JMTPO 1SJODJQBM"SDIJUFDU $PODVS Ӝ GFEFSBUJPO4VQQPSUDSFBUJOHSFTPVSDFTJOTQFDJDDMVTUFST Ӝ WTVQQPSUFEPCKFDUT $POHNBQ
4FDSFU %BFNPOTFU 4FSWJDFT *OHSFTT   3FQMJDBTFU %FQMPZNFOU ,VCFSOFUFT'FEFSBUFE$MVTUFS4FMFDUPS

,VCFSOFUFT$MVTUFS'FEFSBUJPO DMVTUFS 1PET 47$ *OHSFTT 'FEFSBUJPO"1*4FSWFS kubectl DMVTUFS 1PET
47$ *OHSFTT

GFEFSBUJPOBMQIBLVCFSOFUFTJPDMVTUFSTFMFDUPS apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test annotations:
federation.alpha.kubernetes.io/cluster-selector: [{"key": "cluster", "operator": "==", "values": ["cluster1"]}] spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80

8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS Ӝ "BSPO-FWZ $PSF04 Ӝ 8IZ 傀㶷ך׮ךח㼎ׅ׷堣腉䭁䓸倜׃ְ堣腉װ؝ٝه٦طٝز׾ؙٓأةח鷄⸇
ؙٓأةח㼎ׅ׷"ENJOةأؙך荈⹛⻉

Ӝ $POUSPMMFS1BUUFSO 朐䡾׾ؐؓحث׃ג➙ך朐䡾׾劄׬朐䡾ח鵚בֽגְֻ for { desired := getDesiredState() current
:= getCurrentState() makeChanges(desired, current) } 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS

Ӝ FH/PEF3FCPPU$POUSPMMFS BOOPUBUJPOח朐䡾׾剅ֹ鴥׬ SFCPPUOFFEFEծSFCPPUOPXծSFCPPUJOQSPHSFTTזו 朐䡾ך㢌⻉׾*OGPSNFS׾⢪׏ג湊鋔ծ؎كٝز׾鸐濼 ؎كٝزعٝسٓדBOOPUBUJPOך⦼ח䖞׏גⳢ椚 Ӝ IUUQTHJUIVCDPNBBSPOMFWZLVCFDPOUSPMMFSEFNP 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS
$POUSPMMFS

_, controller := cache.NewInformer( &cache.ListWatch{ // List should return
a list type object ListFunc: func(lo metav1.ListOptions) (runtime.Object, error) { return client.Core().Nodes().List(lo) }, // Watch should return a watch Interface. begin a watch at the specified version. WatchFunc: func(lo metav1.ListOptions) (watch.Interface, error) { return client.Core().Nodes().Watch(lo) }, }, // The types of objects this informer will return &v1.Node{}, // The resync period of this object 10*time.Second, // the object you want notifications sent to cache.ResourceEventHandlerFuncs{ // AddFunc: func(obj interface{}) {} UpdateFunc: func(old, newObj interface{}) { … }, // DeleteFunc: func(obj interface{}) {} }, )

Ӝ )FMQGVMUPPMT -FBEFS&MFDUJPO 8PSL2VFVF 5IJSE1BSUZ3FTPVSDF 4IBSFE*OGPSNFSFT &WFOUT 8SJUJOHB$VTUPN,VCFSOFUFT0QFSBUPS $POUSPMMFS

$PSF04'FTU)BQQZ)PVS  TQPOTPSFECZ5JHFSB %JBNBOUJ8BWFGSPOU

CoreOS Fest 2017 Day2

,FZOPUF Ӝ #SBOEPO1IJMJQT $50PG$PSF04 Ӝ $PSF"1*T.PWF5P4UBCMF Ӝ .PSF.POJUPSJOH%SJWFO"1*T  XJUI.FUSJDT"1*

0SBDMF$PSF04

&OEUPFOENPOJUPSJOHXJUIUIF1SPNFUIFVT0QFSBUPS Ӝ 'SFEFSJD#SBOD[ZL $PSF04 Ӝ 1SPNFUIFVT*OUSP Ӝ ,VCFSOFUFTDPNQPOFOUTFYQPTF1SPNFUIFVTNFUSJDT Ӝ 4FMGIPTUFE,VCFSOFUFT
IUUQTDPSFPTDPNCMPHTFMGIPTUFELVCFSOFUFTIUNM Ӝ 1SPNFUIFVT0QFSBUPS IUUQTHJUIVCDPNDPSFPTQSPNFUIFVTPQFSBUPS

1SPNFUIFVTח״׷,VCFSOFUFTٌصةؚٔٝך㛇燉 https://speakerdeck.com/tksm/kubernetes-monitoring-with-prometheus

1SPNFUIFVT0QFSBUPS Operator workﬂow and relationships

1SPNFUIFVT0QFSBUPS apiVersion: monitoring.coreos.com/v1alpha1 kind: Prometheus metadata: name: k8s labels: prometheus:
k8s spec: replicas: 2 version: v1.7.0 serviceAccountName: prometheus-k8s serviceMonitorSelector: matchExpressions: - {Key: k8s-app, operator: Exists} $ kubectl create -f prometheus-k8s.yaml prometheus "prometheus-k8s" created service "prometheus-k8s" created

4UBUFPG4UBUFJO$POUBJOFST Ӝ 3PTT,VLVMJOTLJ-VJT1BCPO $PSF04 Ӝ 寋,VCFSOFUFT♳דEBUBCBTF׾⹛ַׅזַ׸ USVF

4UBUFPG4UBUFJO$POUBJOFST Ӝ $MPVE/BUJWF%#3FRVJSFNFOUT 1SPDFTT.BOBHFNFOU $POTJTU/BNJOH 1FSTJTUFOU4UPSBHF 1FFSEJTDPWFSZ

4UBUFPG4UBUFJO$POUBJOFST Ӝ 4UBUFGVM4FU 4UBCMF VOJRVF OFUXPSLJEFOUJFST 4UBCMF QFSTJTUFOUTUPSBHF 0SEFSFEEFQMPZNFOUBOETDBMJOH 0SEFSFEEFMFUJPO

4UBUFPG4UBUFJO$POUBJOFST Ӝ 4UBUFGVM4FU 1SPDFTT.BOBHFNFOU $POTJTU/BNJOH TUBUFGVMTFUOBNF PSEJOBM
1FSTJTUFOU4UPSBHF WPMVNF$MBJN5FNQMBUFBOE%ZOBNJD1SPWJTJPOJOH 1FFSEJTDPWFSZ )FBEMFTT4FSWJDF

$POUBJOFSJ[FE4UPSBHF4ZTUFNT

0QFSBUJOH%BUBCBTFJT)BSE

HJUIVCDPNDPSFPTRVBSUFSNBTUFS

XJMMCFZFBSPGTUBUF  PO,VCFSOFUFT

Helm Chart Hack Night Brought to By Microsoft

Wrap up

8SBQVQ Ӝ $PSF04'FTUJO4BO'SBODJTDPPO.BZTUBOE+VOFTU Ӝ $PSF04'FTU:PV5VCF Ӝ 4',VCFSOFUFT.FFUVQ,VCFSOFUFT$PSF04'FTU*HOJUJPO $POHTBOE5JNF4FSJFT4UPSBHFJO,VCFSOFUFT Ӝ
$PSF04'FTU)FMN$IBSU)BDL/JHIU

5IBOLT Ӝ 4MJEF CJUMZDPSFPTGFTUSFDBQ Ӝ 2VFTUJPOT ,B[VLJ4VEBLTVEB![MBCDPKQ!TVQFSCSPUIFST 5PNPZB6TBNJUPVTBNJ![MBCDPKQ!IJZPTJ 8FˏSFIJSJOHCJUMZ[MBCDBSFFST

CoreOS Fest 2017 Recap

CoreOS Fest 2017 Recap

More Decks by Kazuki Suda

Other Decks in Technology

Featured

Transcript