Kubernetes application packaging from first principles

Transcript

1. Kubernetes application packaging from first principles Tamal Saha AppsCode Inc.,

   XGoogler Email: [email protected] Github: @tamalsaha Twitter: @tsaha Kubernetes Slack: @tamal

2. My intro to Helm @tsaha @tamal

3. Rewrite Tiller as a TPR controller (Nov 2016) - https://github.com/appscode/tillerc

   - This project is abandoned because Tiller's authorization requirements can't be implemented using a TPR controller. - https://github.com/kubernetes/helm/issues/1586#issuecomme nt-277666828 @tsaha @tamal

4. Add AuthN/Z to Tiller (Feb 2017) https://github.com/kubernetes/helm/issues/1918 https://github.com/kubernetes/helm/pull/1932 @tsaha @tamal

5. Currently - Swift - Ajax friendly Helm Tiller Proxy -

   Chartify - Generate Helm Charts from Kubernetes objects - Publish charts: https://github.com/appscode/charts - Voyager - KubeDB - Kubed - Searchlight - Stash - Swift - g2 @tsaha @tamal

6. State of the Art: Helm 2

7. Chart Structure

8. Helm CLI Chart Repository Kubernetes Cluster Tiller Server render chart

   kubectl apply -f

9. Where Helm 2 falls short? @tsaha @tamal

10. 2 personas - Package consumer - Package author/publisher (sometimes both

    personas are held by same person) @tsaha @tamal

11. Chart Consumer - Great UX for trying new apps. -

    Needs lot of ceremony for internal apps. - Requires reinventing the developer workflow? - Multiple sources of truth? - `kube blame`: Can you tell who actually deployed that release? @tsaha @tamal

12. Chart Consumer - Ordering deployments - Are you backing up

    your release history? - YAML + GO template (thanks for `helm template`) @tsaha @tamal

13. Chart Publisher - Chart version is not same as your

    app version . - Slow / unpredictable review process for stable charts - Constantly changing style guides (`{{- define "chart.name" -}}` anyone?) @tsaha @tamal

14. Can we do something simpler? @tsaha @tamal

15. - Simple to get started (kubectl apply -f app.yaml) -

    Simple to learn (not another family of toolchains) - Simple to share (git repos) - Simple to branch/fork - Flexible enough to handle complex deployments - No new system of record, no new system to secure @tsaha @tamal

16. This is not simple Ref: https://speakerdeck.com/lachie83/helm-summit-pdx-2018-securing-helm @tsaha @tamal

17. We don’t need to reinvent Git @tsaha @tamal

18. It has been done before - glide, dep - npm

    @tsaha @tamal

19. Package Author @tsaha @tamal

20. Package Consumer @tsaha @tamal

21. @tsaha @tamal

22. Keynote: KubeCon Opening Keynote - Kelsey Hightower, Google https://youtu.be/07jq-5VbBVQ?t=16m25s

23. Custom Application Installer https://github.com/kubepack/pack/blob/master/docs/guides/scenario-11.md

24. Jsonnet https://github.com/kubepack/pack/blob/master/docs/guides/scenario-10.md

25. Kube blame - `pack up` can tag all the objects

    with git commit hash - Collect Kubernetes audit log - Now you know who deployed what change. @tsaha @tamal
26. None
27. None
28. None

29. Disaster recovery - Instead of bottom up recovery, do top

    down recovery @tsaha @tamal

30. https://kubepack.com #kubepack on Kubernetes Slack @tsaha @tamal

31. Additional Reading - Simple Kubernetes Templating - Declarative application management

    in Kubernetes - https://github.com/kubernetes-sigs/application - https://github.com/kubernetes/kubectl/tree/master/cmd/kustom ize - So you want to write a package manager @tsaha @tamal