Kuber-what?! Learn about Kubernetes
Ashley Roach, Principal Engineer Evangelist [email protected] @aroach Agenda
• Objectives • A brief primer on containers • The problems with running containers at scale • Orchestration systems • Kubernetes background • Pods, Deployments, Services, Ingress • Cisco tie-ins
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What are containers?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Virtual Machine vs. Container
App 1 App 2
App 1 App 2 Bins/Libs Bins/Libs
Bins/Libs Bins/Libs Guest OS Guest OS Docker Engine
Hypervisor / Host OS Host OS
Server Server
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public “Container” Technical: Changing how we deploy code into reality.
app1 Manual RPM app2 app1 DEB app2 Puppet app3 app3 app3 app1 app1 app 2 app2 /usr /etc /bin /usr /etc /bin /usr /etc /bin Baked container Container 1 / Container 2 / images. Server One. / Server One.
app1 app1 app 2 app2 /usr /etc /bin /usr /etc /bin
Manual RPM DEB / / Puppet (Treat as servers) VM one VM two
OR Bake Images (AMI / Packer) Hypervisor Server One.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Goes away on restart
FROM ubuntu:15.04 COPY . /app RUN make /app CMD python /app/app.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Why use an orchestrator
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Anatomy Login Service Photo Upload
Web Server
Like Service Comment Service
Application Server
Profile Service Logging Service
Database
Photo Processing Friend Requests
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Pets vs Cattle
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Redesign Image Sharing App
Web front End iOS App Android App
API Service
Team 1 Team 2 Team n
Microservice 1 Microservice 2 … Microservice n
DB1 DB2 … DBn
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Advantages of Microservices
• Autonomous • Microservice can be upgraded independent of other systems • Microservice can iterate as quickly as it needs • Polyglot application stacks (Technology Heterogenity) • Other microservices are black boxes to other services • Service can be used by other projects in the organization
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Using docker CLI is all well and good as a developer.. But you’re probably not going to manage production like this…
Container Container Container Docker Engine Docker Engine Docker Engine Linux Kernel Linux Kernel Linux Kernel Host / VM 1 Host / VM 2 Host / VM 3 $ssh host1 host1# docker run container $ssh host2 host2# docker run container $ssh host3 host3# docker run container
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Container orchestration is a must. Once you’ve built your containers and pushed them. Container Orchestrators manage running containers across a pool of resources for you
Load Balancing
Container Container Container Health Checks Log Aggregation / Access Kubernetes Developer API
$kubectl scale deployment
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What are other orchestrators?
• Docker Swarm / EE • Apache Marathon • Rancher (seem to be moving towards k8s)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What is kubernetes?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Borg
• GIFE • 2015 paper from Google: https://research.google.com/pubs/pub43438.html • Engineers who worked on Borg now work on Kubernetes: http://blog.kubernetes.io/2015/04/borg-predecessor-to- kubernetes.html • Lessons Learned: • Multi-Job services could not be managed as a single entity • One IP address per Machine
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What is Kubernetes?
• Container Orchestration • Keeping your containers up, scaling them, routing traffic to them • Kubernetes != Docker though K8S uses Docker (or CoreOS rkt)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Installation options
• MiniKube (local workstation) • Installers (on-prem, hybrid, custom) • Kops (part of core kubernetes.io github) • Kubespray (Ansible + Terraform) • Etc, etc… • Cloud • Google Container Engine (GKE J) • Azure Container Service • Amazon EKS • Etc…
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Sidebar: K8S the hard way
• Step-by-step tutorial of how to assemble a kubernetes cluster
• https://github.com/kelseyhightower/kubernetes-the-hard-way
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Source: http://x-team.com/2016/07/introduction-kubernetes-architecture/ Deploying Containers
• Kubectl & ~/.kube/config • Minikube CLI • The Real Way™: CI system
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Simple Architecture
Kubernetes Registry
CI/CD
Persistence
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Kubernetes Components
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Kubernetes main Features
Pods Deployments Services Ingress
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Pods
• Group of one or more containers, shared storage, and options for how to run the containers • Share IP address and port space • Atomic unit of management
Source: http://kubernetes.io/docs/user-guide/pods/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Deployments
• Rolling upgrades • Declare intent: How many replicas should be running of a given pod? • Namespace • Labels • Ports that should be exposed
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Services
• Abstraction for the mortality of Pods • Provide single stable name and address for a set of pods inside the cluster (aka service discovery).
Source: http://kubernetes.io/docs/user-guide/services/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Ingress
• Abstraction for services • An Ingress is a set of rules for directing inbound traffic to a service. • An Ingress Controller is a service that listens for the creation of new services and does reverse proxy (nginx, traefik, f5 loadbalancer)
See: http://kubernetes.io/docs/user-guide/ingress/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public K8S templates: deployment
# k8s/dev/api-deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: rest-api-swagger spec: replicas: 2 template: metadata: labels: app: rest-api-swagger spec: containers: - name: rest-api-swagger image: ciscodevnet/rest-api-swagger:latest ports: - containerPort: 10010
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public K8S templates: service
# k8s/services/api-service-lb.yaml kind: Service apiVersion: v1 metadata: name: rest-api-swagger spec: type: LoadBalancer # or NodePort, etc. ports: - name: http port: 8080 targetPort: 10010 protocol: TCP selector: app: rest-api-swagger
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Manual kubectl deployment
$ kubectl apply -f k8s/dev/api-deployment.yaml $ kubectl apply -f k8s/services/api-service-lb.yaml $ kubectl describe deployment $ kubectl describe service rest-api-swagger $ kubectl delete -f k8s/dev/api-deployment.yaml $ kubectl delete -f k8s/services/api-service-lb.yaml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Drone CI kubectl deployment deploy: k8s: image: containers.ex.com/devnet/drone-kubectl apiserver: https://your-gke-api-endpoint #kubectl cluster-info token: $$K8S_TOKEN commands: - 'kubectl apply -f k8s/services/*.yaml’ - 'kubectl apply -f k8s/dev/*.yaml --record’ - 'kubectl describe service ${SERVICE_NAME}’ when: branch: master
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco tie-ins
• Google-Cisco Partnership • Soon to be released Cisco Container Platform allows simple management of multiple kubernetes clusters aimed at enterprise hybrid cloud. • On-premises, Cisco’s hyper-converged platform, Cisco HyperFlex, will provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies. • Developers will be able to create new applications in the cloud or on- premises consistently using the same tools, runtime and production environment. • And more… • Contiv • Container Networking Interface plugin • Ties into ACI for policy-based controls
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Connect with me
Ashley Roach • [email protected] • @aroach • http://github.com/aroach • http://linkedin.com/in/ashleyroach Cisco DEVNET • @CiscoDevNet • http://github.com/CiscoDevNet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public