
Kuber-what?! Learn about Kubernetes Ashley Roach, Principal Engineer Evangelist [email protected] @aroach Agenda • Objectives • A brief primer on containers • The problems with running containers at scale • Orchestration systems • Kubernetes background • Pods, Deployments, Services, Ingress • Cisco tie-ins © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What are containers? © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Virtual Machine vs. Container App 1 App 2 App 1 App 2 Bins/Libs Bins/Libs Bins/Libs Bins/Libs Guest OS Guest OS Docker Engine Hypervisor / Host OS Host OS Server Server © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public “Container” Technical: Changing how we deploy code into reality. app1 Manual RPM app2 app1 DEB app2 Puppet app3 app3 app3 app1 app1 app 2 app2 /usr /etc /bin /usr /etc /bin /usr /etc /bin Baked container Container 1 / Container 2 / images. Server One. / Server One. app1 app1 app 2 app2 /usr /etc /bin /usr /etc /bin Manual RPM DEB / / Puppet (Treat as servers) VM one VM two OR Bake Images (AMI / Packer) Hypervisor Server One. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Goes away on restart FROM ubuntu:15.04 COPY . /app RUN make /app CMD python /app/app.py © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Why use an orchestrator © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Anatomy Login Service Photo Upload Web Server Like Service Comment Service Application Server Profile Service Logging Service Database Photo Processing Friend Requests © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Pets vs Cattle © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Redesign Image Sharing App Web front End iOS App Android App API Service Team 1 Team 2 Team n Microservice 1 Microservice 2 … Microservice n DB1 DB2 … DBn © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Advantages of Microservices • Autonomous • Microservice can be upgraded independent of other systems • Microservice can iterate as quickly as it needs • Polyglot application stacks (Technology Heterogenity) • Other microservices are black boxes to other services • Service can be used by other projects in the organization © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Using docker CLI is all well and good as a developer.. But you’re probably not going to manage production like this… Container Container Container Docker Engine Docker Engine Docker Engine Linux Kernel Linux Kernel Linux Kernel Host / VM 1 Host / VM 2 Host / VM 3 $ssh host1 host1# docker run container $ssh host2 host2# docker run container $ssh host3 host3# docker run container © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Container orchestration is a must. Once you’ve built your containers and pushed them. Container Orchestrators manage running containers across a pool of resources for you Load Balancing Container Container Container Health Checks Log Aggregation / Access Kubernetes Developer API $kubectl scale deployment <name> --replicas=3 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What are other orchestrators? • Docker Swarm / EE • Apache Marathon • Rancher (seem to be moving towards k8s) © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What is kubernetes? © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Borg • GIFE • 2015 paper from Google: https://research.google.com/pubs/pub43438.html • Engineers who worked on Borg now work on Kubernetes: http://blog.kubernetes.io/2015/04/borg-predecessor-to- kubernetes.html • Lessons Learned: • Multi-Job services could not be managed as a single entity • One IP address per Machine © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What is Kubernetes? • Container Orchestration • Keeping your containers up, scaling them, routing traffic to them • Kubernetes != Docker though K8S uses Docker (or CoreOS rkt) © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Installation options • MiniKube (local workstation) • Installers (on-prem, hybrid, custom) • Kops (part of core kubernetes.io github) • Kubespray (Ansible + Terraform) • Etc, etc… • Cloud • Google Container Engine (GKE J) • Azure Container Service • Amazon EKS • Etc… © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Sidebar: K8S the hard way • Step-by-step tutorial of how to assemble a kubernetes cluster • https://github.com/kelseyhightower/kubernetes-the-hard-way © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Source: http://x-team.com/2016/07/introduction-kubernetes-architecture/ Deploying Containers • Kubectl & ~/.kube/config • Minikube CLI • The Real Way™: CI system © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Simple Architecture Kubernetes Registry CI/CD Persistence © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Kubernetes Components © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Kubernetes main Features Pods Deployments Services Ingress © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Pods • Group of one or more containers, shared storage, and options for how to run the containers • Share IP address and port space • Atomic unit of management Source: http://kubernetes.io/docs/user-guide/pods/ © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Deployments • Rolling upgrades • Declare intent: How many replicas should be running of a given pod? • Namespace • Labels • Ports that should be exposed © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Services • Abstraction for the mortality of Pods • Provide single stable name and address for a set of pods inside the cluster (aka service discovery). Source: http://kubernetes.io/docs/user-guide/services/ © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Ingress • Abstraction for services • An Ingress is a set of rules for directing inbound traffic to a service. • An Ingress Controller is a service that listens for the creation of new services and does reverse proxy (nginx, traefik, f5 loadbalancer) See: http://kubernetes.io/docs/user-guide/ingress/ © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public K8S templates: deployment # k8s/dev/api-deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: rest-api-swagger spec: replicas: 2 template: metadata: labels: app: rest-api-swagger spec: containers: - name: rest-api-swagger image: ciscodevnet/rest-api-swagger:latest ports: - containerPort: 10010 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public K8S templates: service # k8s/services/api-service-lb.yaml kind: Service apiVersion: v1 metadata: name: rest-api-swagger spec: type: LoadBalancer # or NodePort, etc. ports: - name: http port: 8080 targetPort: 10010 protocol: TCP selector: app: rest-api-swagger © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Manual kubectl deployment $ kubectl apply -f k8s/dev/api-deployment.yaml $ kubectl apply -f k8s/services/api-service-lb.yaml $ kubectl describe deployment $ kubectl describe service rest-api-swagger $ kubectl delete -f k8s/dev/api-deployment.yaml $ kubectl delete -f k8s/services/api-service-lb.yaml © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Drone CI kubectl deployment deploy: k8s: image: containers.ex.com/devnet/drone-kubectl apiserver: https://your-gke-api-endpoint #kubectl cluster-info token: $$K8S_TOKEN commands: - 'kubectl apply -f k8s/services/*.yaml’ - 'kubectl apply -f k8s/dev/*.yaml --record’ - 'kubectl describe service ${SERVICE_NAME}’ when: branch: master © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco tie-ins • Google-Cisco Partnership • Soon to be released Cisco Container Platform allows simple management of multiple kubernetes clusters aimed at enterprise hybrid cloud. • On-premises, Cisco’s hyper-converged platform, Cisco HyperFlex, will provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies. • Developers will be able to create new applications in the cloud or on- premises consistently using the same tools, runtime and production environment. • And more… • Contiv • Container Networking Interface plugin • Ties into ACI for policy-based controls © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Connect with me Ashley Roach • [email protected] • @aroach • http://github.com/aroach • http://linkedin.com/in/ashleyroach Cisco DEVNET • @CiscoDevNet • http://github.com/CiscoDevNet © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public .
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages38 Page
-
File Size-