Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Ashley Roach, Principal Engineer [email protected]@aroach
Kuber-what?! Learn about Kubernetes
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Objectives• A brief primer on containers• The problems with running containers at scale• Orchestration systems• Kubernetes background• Pods, Deployments, Services, Ingress• Cisco tie-ins
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What are containers?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Machine vs. Container
Server
Hypervisor / Host OS
Guest OS
Bins/Libs
App 1
Guest OS
Bins/Libs
App 2
Server
Host OS
Docker Engine
Bins/Libs
App 1
Bins/Libs
App 2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Container”
/Server One.
/usr /etc /bin
app1app2app3
app1app3
app2app3
ManualRPM DEB
Puppet
/
Server One.
/usr /etc /bin
app1 app 2 app2
/
/usr /etc /bin
app1
HypervisorVM one VM two
ManualRPM DEB
Puppet(Treat as servers)
OR Bake Images (AMI / Packer)
Container 1 /
Server One.
/usr /etc /bin
app1 app 2 app2
/usr /etc /bin
app1
Baked container images.
Container 2 /
Technical: Changing how we deploy code into reality.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FROM ubuntu:15.04COPY . /appRUN make /appCMD python /app/app.py
Goes away on restart
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why use an orchestrator
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Anatomy
Application Server
Database
Web Server
Login Service Photo Upload
Like Service Comment Service
Profile Service Logging Service
Photo Processing Friend Requests
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Pets vs Cattle
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Redesign Image Sharing App
Microservice 1 Microservice 2 Microservicen
Team 1 Team 2 Team n
…
DB1 …DB2 DBn
Web front End iOS App Android App
API Service
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Autonomous• Microservice can be upgraded independent of other systems• Microservice can iterate as quickly as it needs
• Polyglot application stacks (Technology Heterogenity)• Other microservices are black boxes to other services
• Service can be used by other projects in the organization
Advantages of Microservices
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using docker CLI is all well and good as a developer..But you’re probably not going to manage production like this…
Host / VM 2Linux Kernel
Docker Engine
Container
$ssh host1host1# docker run container$ssh host2host2# docker run container$ssh host3host3# docker run container
Host / VM 3Linux Kernel
Docker Engine
Container
Host / VM 1Linux Kernel
Docker Engine
Container
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Container ContainerContainer
Kubernetes
Load Balancing
Health Checks Log Aggregation / AccessDeveloper API
Container orchestration is a must.
$kubectl scale deployment <name> --replicas=3
Once you’ve built your containers and pushed them. Container Orchestrators manage running containers across a pool of resources for you
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Docker Swarm / EE
• Apache Marathon
• Rancher (seem to be moving towards k8s)
What are other orchestrators?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is kubernetes?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• GIFE• 2015 paper from Google:
https://research.google.com/pubs/pub43438.html• Engineers who worked on Borg now work on Kubernetes:
http://blog.kubernetes.io/2015/04/borg-predecessor-to-kubernetes.html
• Lessons Learned:• Multi-Job services could not be managed as a single entity• One IP address per Machine
Borg
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Container Orchestration• Keeping your containers up, scaling them, routing traffic to them• Kubernetes != Docker though K8S uses Docker (or CoreOS rkt)
What is Kubernetes?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• MiniKube (local workstation)
• Installers (on-prem, hybrid, custom)• Kops (part of core kubernetes.io github)• Kubespray (Ansible + Terraform)• Etc, etc…
• Cloud• Google Container Engine (GKE J)• Azure Container Service• Amazon EKS • Etc…
Installation options
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Step-by-step tutorial of how to assemble a kubernetes cluster
• https://github.com/kelseyhightower/kubernetes-the-hard-way
Sidebar: K8S the hard way
Source: http://x-team.com/2016/07/introduction-kubernetes-architecture/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Kubectl & ~/.kube/config
• Minikube CLI
• The Real Way™: CI system
Deploying Containers
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simple Architecture
Persistence
CI/CD
Kubernetes Registry
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Kubernetes Components
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Kubernetes main Features
Pods Deployments Services Ingress
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Group of one or more containers, shared storage, and options for how to run the containers
• Share IP address and port space
• Atomic unit of management
Pods
Source: http://kubernetes.io/docs/user-guide/pods/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Rolling upgrades• Declare intent: How many replicas should be running of a given
pod?• Namespace• Labels• Ports that should be exposed
Deployments
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Abstraction for the mortality of Pods
• Provide single stable name and address for a set of pods inside the cluster (aka service discovery).
Services
Source: http://kubernetes.io/docs/user-guide/services/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Abstraction for services
• An Ingress is a set of rules for directing inbound traffic to a service.
• An Ingress Controller is a service that listens for the creation of new services and does reverse proxy (nginx, traefik, f5 loadbalancer)
Ingress
See: http://kubernetes.io/docs/user-guide/ingress/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
K8S templates: deployment# k8s/dev/api-deployment.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:
name: rest-api-swaggerspec:
replicas: 2template:
metadata:labels:
app: rest-api-swaggerspec:
containers:- name: rest-api-swagger
image: ciscodevnet/rest-api-swagger:latestports:- containerPort: 10010
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
K8S templates: service# k8s/services/api-service-lb.yamlkind: ServiceapiVersion: v1metadata:
name: rest-api-swaggerspec:
type: LoadBalancer # or NodePort, etc.ports:- name: http
port: 8080targetPort: 10010protocol: TCP
selector:app: rest-api-swagger
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Manual kubectl deployment
$ kubectl apply -f k8s/dev/api-deployment.yaml$ kubectl apply -f k8s/services/api-service-lb.yaml$ kubectl describe deployment$ kubectl describe service rest-api-swagger$ kubectl delete -f k8s/dev/api-deployment.yaml$ kubectl delete -f k8s/services/api-service-lb.yaml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Drone CI kubectl deploymentdeploy:k8s:image: containers.ex.com/devnet/drone-kubectlapiserver: https://your-gke-api-endpoint #kubectl cluster-infotoken: $$K8S_TOKENcommands:- 'kubectl apply -f k8s/services/*.yaml’- 'kubectl apply -f k8s/dev/*.yaml --record’- 'kubectl describe service ${SERVICE_NAME}’
when:branch: master
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Google-Cisco Partnership• Soon to be released Cisco Container Platform allows simple management of
multiple kubernetes clusters aimed at enterprise hybrid cloud.• On-premises, Cisco’s hyper-converged platform, Cisco HyperFlex, will
provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.
• Developers will be able to create new applications in the cloud or on-premises consistently using the same tools, runtime and production environment.
• And more…• Contiv• Container Networking Interface plugin• Ties into ACI for policy-based controls
Cisco tie-ins
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ashley Roach• [email protected]
• @aroach
• http://github.com/aroach
• http://linkedin.com/in/ashleyroach
Cisco DEVNET• @CiscoDevNet
• http://github.com/CiscoDevNet
Connect with me