News From The Front: v1.2

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
February 11, 2016

News From The Front: v1.2

An intro to a bunch of new features in Kubernetes v1.2.

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

February 11, 2016
Tweet

Transcript

  1. Google Cloud Platform News From The Front: v1.2 Bay Area

    Kubernetes Meetup #5 Feb 11, 2016 Tim Hockin <thockin@google.com> Senior Staff SWE @thockin
  2. Google Cloud Platform Kubernetes Greek for “Helmsman”; also the root

    of the words “governor” and “cybernetic” • Runs and manages containers • Inspired and informed by Google’s experiences and internal systems • Supports multiple cloud and bare-metal environments • Supports multiple container runtimes • 100% Open source, written in Go Manage applications, not machines
  3. Google Cloud Platform 1. Setting up the cluster • Choose

    a cloud: GCE, AWS, Azure, Rackspace, on-premises, ... • Choose a node OS: CoreOS, Atomic, RHEL, Debian, CentOS, Ubuntu, ... • Provision machines: Boot VMs, install and run kube components, ... • Configure networking: IP ranges for Pods, Services, SDN, ... • Start cluster services: DNS, logging, monitoring, ... • Manage nodes: kernel upgrades, OS updates, hardware failures... Not the easy or fun part, but unavoidable This is where things like Google Container Engine (GKE) really help Container clusters: A story in two parts
  4. Google Cloud Platform 2. Using the cluster • Run Pods

    & Containers • Replication controllers • Services • Volumes This is the fun part! A distinct set of problems from cluster setup and management Don’t make developers deal with cluster administration! Accelerate development by focusing on the applications, not the cluster Container clusters: A story in two parts
  5. Google Cloud Platform Services

  6. Google Cloud Platform Services A group of pods that work

    together • grouped by a selector Defines access policy • “load balanced” or “headless” Gets a stable virtual IP and port • sometimes called the service portal • also a DNS name VIP is managed by kube-proxy • watches all services • updates iptables when backends change Hides complexity - ideal for non-native apps Client Virtual IP
  7. Google Cloud Platform iptables kube-proxy iptables kube-proxy apiserver Node X

  8. Google Cloud Platform iptables kube-proxy apiserver Node X watch services

    & endpoints iptables kube-proxy
  9. Google Cloud Platform iptables kube-proxy apiserver Node X kubectl run

    ... watch iptables kube-proxy
  10. Google Cloud Platform iptables kube-proxy apiserver Node X schedule watch

    iptables kube-proxy
  11. Google Cloud Platform iptables kube-proxy apiserver Node X watch kubectl

    expose ... iptables kube-proxy
  12. Google Cloud Platform iptables kube-proxy apiserver Node X new service!

    update iptables kube-proxy
  13. Google Cloud Platform iptables kube-proxy apiserver Node X watch configure

    iptables kube-proxy
  14. Google Cloud Platform iptables kube-proxy apiserver Node X watch VIP

    iptables kube-proxy
  15. Google Cloud Platform iptables kube-proxy apiserver Node X new endpoints!

    update VIP iptables kube-proxy
  16. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    configure iptables kube-proxy
  17. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    iptables kube-proxy
  18. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    Client iptables kube-proxy
  19. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    Client iptables kube-proxy
  20. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    Client iptables kube-proxy
  21. Google Cloud Platform iptables kube-proxy apiserver Node X VIP watch

    Client iptables kube-proxy
  22. Google Cloud Platform External Services Services IPs are only available

    inside the cluster Need to receive traffic from “the outside world” Builtin: Service “type” • NodePort: expose on a port on every node • LoadBalancer: provision a cloud load-balancer DiY load-balancer solutions • socat (for nodePort remapping) • haproxy • nginx
  23. Google Cloud Platform Ingress (L7) Services are assumed L3/L4 Lots

    of apps want HTTP/HTTPS Ingress maps incoming traffic to backend services • by HTTP host headers • by HTTP URL paths HAProxy, NGINX, AWS and GCE implementations in progress Now with SSL! Status: BETA in Kubernetes v1.2 URL Map Client
  24. Google Cloud Platform ConfigMaps

  25. Google Cloud Platform ConfigMaps Problem: how to manage app configuration

    • ...without making overly-brittle container images 12-factor says config comes from the environment • Kubernetes is the environment Manage config via the Kubernetes API Inject config as a virtual volume into your Pods • late-binding, live-updated (atomic) • also available as env vars Status: GA in Kubernetes v1.2 node API Pod Config Map
  26. Google Cloud Platform Secrets

  27. Google Cloud Platform Secrets Problem: how to grant a pod

    access to a secured something? • don’t put secrets in the container image! 12-factor says config comes from the environment • Kubernetes is the environment Manage secrets via the Kubernetes API Inject secrets as virtual volumes into your Pods • late-binding, tmpfs - never touches disk • also available as env vars node API Pod Secret
  28. Google Cloud Platform Deployments

  29. Google Cloud Platform Deployments Rolling update is too imperative Deployment

    manages RC changes for you • stable object name • updates are done server-side rather than client • kubectl edit or kubectl apply is all you need Aggregates stats Can have multiple updates in flight Status: BETA in Kubernetes v1.2 ...
  30. Google Cloud Platform Jobs

  31. Google Cloud Platform Jobs Run-to-completion, as opposed to run-forever •

    Express parallelism vs. required completions • Workflow: restart on failure • Build/test: don’t restart on failure Aggregates success/failure counts Built for batch and big-data work Status: GA in Kubernetes v1.2 ...
  32. Google Cloud Platform HorizontalPodAutoscalers

  33. Google Cloud Platform HorizontalPodAutoScalers Automatically scale ReplicationControllers to a target

    utilization • CPU utilization for now • Probably more later Operates within user-defined min/max bounds Set it and forget it Status: GA in Kubernetes v1.2 ... Stats
  34. Google Cloud Platform DaemonSets

  35. Google Cloud Platform DaemonSets Problem: how to run a Pod

    on every node • or a subset of nodes Similar to ReplicationController • principle: do one thing, don’t overload “Which nodes?” is a selector Use familiar tools and patterns Status: BETA in Kubernetes v1.2 Pod
  36. Google Cloud Platform PersistentVolumes

  37. Google Cloud Platform PersistentVolumes A higher-level abstraction • insulation from

    any one cloud environment Admin provisions them, users claim them NEW: auto-provisioning (alpha in v1.2) Independent lifetime and fate Can be handed-off between pods and lives until user is done with it Dynamically “scheduled” and managed, like nodes and pods Claim
  38. Google Cloud Platform Network Plugins

  39. Google Cloud Platform Network Plugins Introduced in Kubernetes v1.0 •

    VERY experimental Uses CNI (CoreOS) in v1.1 • Simple exec interface • Not using Docker libnetwork • but can defer to Docker for networking Cluster admins can customize their installs • DHCP, MACVLAN, Flannel, custom net Plugin Plugin Plugin
  40. Google Cloud Platform New and coming soon • Cron (scheduled

    jobs) • Custom metrics • “Apply” a config (even more declarative) • Interactive containers • Bandwidth shaping • Third-party API objects • Scalability: 1000 nodes, 100+ pods/node • Performance • Machine-generated Go clients (less deps!) • Volume usage stats • Multi-zone (AZ) support • Multi-scheduler support • Node affinity and anti-affinity • Multi-cluster federation • API federation • More volume types • Private Docker registry • External DNS integration • Volume classes and auto-provisioning • Node fencing • DiY Cloud Provider plugins • More container runtimes (e.g. Hyper) • Better auth{n,z} • Network policy (microsegmentation) • Big data integrations • Device scheduling (e.g. GPUs)
  41. Google Cloud Platform Kubernetes status & plans Open sourced in

    June, 2014 • v1.0 in July, 2015 • v1.1 in November, 2015 • v1.2 ... soon! Google Container Engine (GKE) • hosted Kubernetes - don’t think about cluster setup PaaSes: • RedHat OpenShift, Deis, Stratos Distros: • CoreOS Tectonic, Mirantis Murano (OpenStack),RedHat Atomic, Mesos Hitting a ~3 month release cadence
  42. Google Cloud Platform The Goal: Shake things up Containers are

    a new way of working Requires new concepts and new tools Google has a lot of experience... ...but we are listening to users Workload portability is important!
  43. Google Cloud Platform Kubernetes is Open - open community -

    open design - open source - open to ideas http://kubernetes.io https://github.com/kubernetes/kubernetes slack: kubernetes twitter: @kubernetesio