Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes & GKE v1.3 Overview

Kubernetes & GKE v1.3 Overview

Overview of the latest features in Kubernetes v1.3 and GKE.

Vish Kannan

July 21, 2016
Tweet

More Decks by Vish Kannan

Other Decks in Technology

Transcript

  1. Google Cloud Platform Kubernetes v1.3 Kubernetes 1st Birthday meetup @

    Sharethis 21st July 2016 Vishnu Kannan <[email protected]>, @vishh (github, IRC, slack) Eric Tune <[email protected]>, @erictune (github, slack)
  2. Google Cloud Platform v1.3 summary • Github stats relative to

    v1.2 - 54 contributors - 4700+ commits - 7950 files changed, 1,291,309 +/- • Distributed testing • Scalable build, testing and github automation • Cross-cluster federated services • Stateful applications • Ease of use for local development • Support for rkt and container standards OCI & CNI • Updated Kubernetes dashboard UI
  3. Google Cloud Platform Minikube Goal: Develop & test k8s apps

    locally • Provide access to all portable k8s features Develop against a local Kubernetes cluster • Lightweight, single-command installation • Works across Linux & OS X. (Windows support soon) • Includes all dependencies • Local cluster can be managed via kubectl • Built-in Dashboard Status: GA since Kubernetes v1.3 Check out Minikube repo! @dlorenc @luxas @aaron-prindle @jimmidyson
  4. Google Cloud Platform Init Container Goal: initialize pods for applications

    • Setup volumes, configuration, etc., for applications. Initialize and customize application environment • Perform initialization of shared volumes ◦ Download binaries, inject configuration or extension capability, initialize a database • Reduce coupling: • Between application images • Inside of images • Between initialization steps Status: ALPHA in Kubernetes v1.3 Pod Init Containers App Containers @smarterclayton @bprashanth
  5. Google Cloud Platform PetSets (working name) Goal: enable clustered software

    on Kubernetes • mysql, redis, zookeeper, ... Clustered apps need “identity” and sequencing guarantees • stable hostname, available in DNS • an ordinal index • stable storage: linked to the ordinal & hostname • discovery of peers for quorum • startup/teardown ordering Mysql, Postgres, Zookeeper, etcd, etc. Status: ALPHA in Kubernetes v1.3 @smarterclayton @bprashanth
  6. Google Cloud Platform Cross-cluster Federated Services Goal: Load Balance across

    multiple clusters • High availability across regions & cloud providers - Geographically aware DNS gets clients to the "closest" healthy cluster. - DNS + Kubernetes cluster-local service discovery. - Can default to cluster-local with failover to remote clusters. - Is API-compatible with a vanilla Kubernetes service. - Has no clusterIP (as it is cluster-independent) - Has a federation-wide load balancer hostname Give it a try by following this guide. Status: Beta in Kubernetes v1.3 Cross-cluster Load Balancer/DNS End-user Cluster 1 Cluster 2 Cluster 3 @huangyuqi @jianhuiz @quinton-hoole @justinsb @nikhiljindal @madhusudancs @mml
  7. Google Cloud Platform Node Pools (GKE Only) Goal: Load balance

    across zones in a single cluster Supports heterogeneous nodes Pods can be placed on specific node pools Staged rollout of Kubernetes upgrades (A/B testing) Support for multiple zones Combine this with Cluster Autoscaling! Status: Available in GKE Load Balancer End-user us-central1-b us-central1-a us-central1-f @a-robinson
  8. Google Cloud Platform Google IAM (GKE Only) Goal: Manage GKE

    permissions the same as other Google Cloud Platform Permissions Invite anyone with a Google account to use your cluster. Give Writer or Reader permissions. Status: Available in GKE K8s API Server Kubectl Google Auth'n Gcloud Google Auth'z Token @cjcullen [email protected] [email protected] Can get pods? Yes. Get Pods
  9. Google Cloud Platform Google IAM (GKE Only) Prereqs: • >=1.3

    kubectl • >= 1.3 cluster Cluster Owner Steps: • http://cloud.google.com/console • IAM&Admin → Add User → Project Editor or Viewer Guest Steps: • gcloud projects list → $P • gcloud config set container/use_client_certificate False • gcloud container clusters get-credentials --zone $Z --project $P • kubectl get pods @cjcullen
  10. Google Cloud Platform Authz - RBAC Goal: Manage Permissions, via

    the API RBAC: Role-Based Access Control Create any number of different roles. Assign any users or groups to roles. Similarities to AWS, GCP IAM. Applies to all future Kinds easily. Status: Available everywhere but GKE @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)
  11. Google Cloud Platform Authz - RBAC kind: ClusterRole apiVersion: rbac.authorization.k8s.

    io/v1alpha1 metadata: name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] nonResourceURLs: [] @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)
  12. Google Cloud Platform Authz - RBAC kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1alpha1

    metadata: name: read-pods subjects: - kind: User name: [email protected] roleRef: kind: ClusterRole name: pod-reader apiVersion: rbac.authorization.k8s.io/v1alpha1 @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)
  13. Google Cloud Platform Namespace: Other Namespace: Default No Namespace Authz

    - RBAC @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) ClusterRole pod-reader ClusterRoleBinding eric Role whatever RoleBinding vish Role secret-deleter RoleBinding rohit 1 2 3 4 5 1: eric can read pods in the whole cluster 2: vish can read pods in namespace default 3: rohit can read pods in namespace other 4: rohit can delete secrets in namespace other 5: not allowed
  14. Google Cloud Platform Scalability Goal: Support large clusters & meet

    SLO - Guaranteed SLO for <= 2000 nodes - > 2000 nodes possible! - 60,000 pods supported by default - < 1s pod-startup latency More information here. @wojtek-t
  15. Google Cloud Platform Node Stability Goal: Kubernetes nodes are robust

    & always online Work In Progress Protection against memory pressure - Evict pods under memory pressure - Configurable hard & soft limits - In-built support for overcommit - Beta in v1.3 Nodes scalable to 100+ pods @derekwaynecarr @vishh
  16. Google Cloud Platform Rktnetes Goal: Modular & reliable container runtime

    for k8s No monolithic daemon Pod isolation levels - Chroot jail - Namespaces + cgroups - Virtual Machine Lightweight Known issues exist! Try out Rktnetes! @yifan-gu @euank
  17. Google Cloud Platform Community Top 0.01% of all Github projects

    1200+ external projects based on k8s Companies Contributing Companies Using 800+ unique contributors
  18. Google Cloud Platform 28 Kubernetes is Open https://kubernetes.io Special Interest

    Groups Code: github.com/kubernetes/kubernetes Chat: slack.k8s.io Twitter: @kubernetesio open community open design open source open to ideas