Migrating Application to Openshift/Kubernetes: Lessons learned from the trenches

Transcript

1. 1 Migrating Application to Openshift/Kubernetes: Lessons learned from the trenches

   Vinicius Branda Martinez [email protected] @vinimartinez

2. @vinimartinez

3. @vinimartinez

4. @vinimartinez

5. @vinimartinez

6. @vinimartinez [email protected] • +15 anos Trabalhando com TI (EDS, Tata)

   • Senior Solution Architect Red Hat (+8) • Middleware Team Lead • Distributed Software Architecture (PUC MG) • Business Administration (FGV) • Data Processing (FATEC-BS) • AppDev, Cloud, Hybrid Cloud, DevOps • Microservices, Kubernetes, CloudNative, • Systems Integration, Middleware, Security

7. @vinimartinez 1. Limits 2. Sizing 3. Capacity 4. Placement 5.

   Quotas 6. QoS 7. Application Health/Probes 8. Imagens 9. Monitoramento 10. Automação Agenda

8. @vinimartinez

9. @vinimartinez Openshift Limits

10. @vinimartinez

11. @vinimartinez Operational System Kubelet Eviction Threshold Resources Alocação de Recursos

    • Node • - OS (system reserved) • - Kubelet (kube reserved) • - Eviction Threshold

12. @vinimartinez Operational System Kubelet Eviction Threshold Resources Alocação de Recursos

    • Node • - OS (system reserved) • - Kubelet (kube reserved) • - Eviction Threshold

13. @vinimartinez

14. @vinimartinez AI & Big Data Serverless Legacy Apps Microservices

15. @vinimartinez AI & Big Data Serverless Legacy Apps Microservices Pod

    Placement

16. @vinimartinez AI & Big Data Serverless Legacy Apps Microservices Pod

    Placement Afinidade/ Anti-Afinidade

17. @vinimartinez AI & Big Data Serverless Legacy Apps Microservices Pod

    Placement Afinidade/ Anti-Afinidade Node Selector

18. @vinimartinez AI & Big Data Serverless Legacy Apps Microservices Pod

    Placement Afinidade/ Anti-Afinidade Node Selector Taint & Tolerations

19. @vinimartinez A multi-project quota, defined by a ClusterResourceQuota object, allows

    quotas to be shared across multiple projects. Resources used in each selected project are aggregated and that aggregate is used to limit resources across all the selected projects. oc create clusterquota for-user \ --project-annotation-selector openshift.io/requester=<user_name> \ --hard pods=10 \ --hard secrets=20

20. @vinimartinez A resource quota, defined by a ResourceQuota object, provides

    constraints that limit aggregate resource consumption per project. It can limit the quantity of objects that can be created in a project by type, as well as the total amount of compute resources and storage that may be consumed by resources in that project. apiVersion: v1 kind: ResourceQuota metadata: name: core-object-counts spec: hard: configmaps: "10" persistentvolumeclaims: "4" replicationcontrollers: "20" secrets: "10" requests.cpu: "1" requests.memory: 1Gi requests.ephemeral-storage: 2Gi limits.cpu: "2" limits.memory: 2Gi limits.ephemeral-storage: 4Gi

21. @vinimartinez A LimitRange is a policy to constrain resource allocations

    (to Pods or Containers) in a namespace. apiVersion: v1 kind: LimitRange metadata: name: ${PROJECT_NAME}-limits creationTimestamp: null spec: limits: - type: Container max: cpu: 4000m memory: 1024Mi min: cpu: 10m memory: 5Mi default: cpu: 4000m memory: 1024Mi defaultRequest: cpu: 100m memory: 512Mi

22. @vinimartinez kubectl create deployment --image=nodejs nodejs-app oc new-app --docker-image=nodejs --name=nodejs-app

    kubectl create deployment --image=tomcat tomcat-app oc new-app --docker-image=tomcat --name=tomcat-app

23. @vinimartinez

24. @vinimartinez

25. @vinimartinez kubectl create deployment --image=nodejs nodejs-app oc new-app --docker-image=nodejs --name=nodejs-app

    kubectl create deployment --image=tomcat tomcat-app oc new-app --docker-image=tomcat --name=tomcat-app QoS Best Effort No Request No Limit

26. @vinimartinez kubectl create deployment --image=nodejs nodejs-app oc new-app --docker-image=nodejs --name=nodejs-app

    kubectl create deployment --image=tomcat tomcat-app oc new-app --docker-image=tomcat --name=tomcat-app QoS Best Effort No Request No Limit Burstable Request < Limit

27. @vinimartinez Guaranteed Request = Limit kubectl create deployment --image=nodejs nodejs-app

    oc new-app --docker-image=nodejs --name=nodejs-app kubectl create deployment --image=tomcat tomcat-app oc new-app --docker-image=tomcat --name=tomcat-app QoS Best Effort No Request No Limit Burstable Request < Limit

28. @vinimartinez Application Health apiVersion: v1 kind: Pod metadata: labels: test:

    readiness name: readiness-http spec: containers: - args: image: k8s.gcr.io/readiness readinessProbe: httpGet: # host: my-host # scheme: HTTPS path: /healthz port: 8080 initialDelaySeconds: 15 timeoutSeconds: 1

29. @vinimartinez Application Health apiVersion: v1 kind: Pod metadata: labels: test:

    liveness name: liveness-http spec: containers: - name: liveness-http image: k8s.gcr.io/liveness args: - /server livenessProbe: httpGet: # host: my-host # scheme: HTTPS path: /healthz port: 8080 httpHeaders: - name: X-Custom-Header value: Awesome

30. @vinimartinez Application Health apiVersion: v1 kind: Pod metadata: labels: test:

    liveness name: liveness-http spec: containers: - name: liveness-http image: k8s.gcr.io/liveness args: - /server livenessProbe: httpGet: # host: my-host # scheme: HTTPS path: /healthz port: 8080 httpHeaders: - name: X-Custom-Header value: Awesome

31. @vinimartinez Docker Hub Red Hat UBI

32. @vinimartinez Docker Hub Red Hat UBI

33. @vinimartinez Kubernetes Native

34. @vinimartinez Tracing Logging Metrics Structured Logging USE RED SMART Open

    Tracing

35. @vinimartinez Declarative Management of Kubernetes Objects Using Configuration Files Kubernetes

    objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using kubectl apply to recursively create and update those objects as needed. This method retains writes made to live objects without merging the changes back into the object configuration files. kubectl diff also gives you a preview of what changes apply will make What is GitOps? GitOps in short is a set of practices to use Git pull requests to manage infrastructure and application configurations. Git repository in GitOps is considered the only source of truth and contains the entire state of the system so that the trail of changes to the system state are visible and auditable. What is a pipeline? A pipeline in software development is an automated process that drives software through a path of building, testing, and deploying code. By automating the process, the objective is to minimize human error and maintain a consistent process for how software is deployed. Tools that are included in the pipeline could include compiling code, unit tests, code analysis, security, and installer creation. For containerized environments, this pipeline would also include packaging the code into a container to be deployed across the hybrid cloud. A pipeline is critical in supporting continuous integration and continuous deployment (CI/CD) processes.

36. @vinimartinez Declarative Management of Kubernetes Objects Using Configuration Files Kubernetes

    objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using kubectl apply to recursively create and update those objects as needed. This method retains writes made to live objects without merging the changes back into the object configuration files. kubectl diff also gives you a preview of what changes apply will make What is GitOps? GitOps in short is a set of practices to use Git pull requests to manage infrastructure and application configurations. Git repository in GitOps is considered the only source of truth and contains the entire state of the system so that the trail of changes to the system state are visible and auditable. What is a pipeline? A pipeline in software development is an automated process that drives software through a path of building, testing, and deploying code. By automating the process, the objective is to minimize human error and maintain a consistent process for how software is deployed. Tools that are included in the pipeline could include compiling code, unit tests, code analysis, security, and installer creation. For containerized environments, this pipeline would also include packaging the code into a container to be deployed across the hybrid cloud. A pipeline is critical in supporting continuous integration and continuous deployment (CI/CD) processes. AUTOMATIZE TUDO!!

37. 3 Obrigado!! Vinicius Branda Martinez [email protected] @vinimartinez