Embed Size (px)
Citation preview
KubernetesKubernetesSailing a Sea of ContainersSailing a Sea of Containers
Kel Cecil - @praisechaos
What is Kubernetes?What is Kubernetes?Container Orchestration Toolset
Originated at Google (Borg)
Now a Cloud Native Computing Foundation project
Used in commercial and open source projects
Tectonic (CoreOS)Meteor Galaxy (MeteorJS)OpenShift 3 (Red Hat)Kubernetes Scheduler for Deis (Engine Yard)
Why Kubernetes?Why Kubernetes?Deploying one single container app is easy
Deploying a complex app is more difficult
One or more containersReplicas of containersData volumes for persistent storage
Deploying lots of complex apps can be a challenge
FeaturesFeatures
Services for load balancing
Resource-based scheduling
Robust API
Great CLI tooling via kubectl
Container-spec agnostic
What does a simple Kubernetes cluster look like?
Master
Node Node Node
NodeNodePhysical or virtual machine on which containers can be
scheduled
What unit runs on the nodes?What unit runs on the nodes?
PodPodA colocated set of application containers and shared data
volumes.
Smallest unit that can be scheduled.
Pod
container 1 container n
AWS EBS Volume GCE Volume
NFS Share Git Commit
Containers
Data Volumes
And more...
How can we organize podsHow can we organize pods(or any other Kubernetes resource)?
LabelsLabelsKey-value pairs used to organize resources.
important-microservicedocker.io/kelcecil/app:latest
env=productionserver=nginx
important-microservicedocker.io/kelcecil/app:feature
env=qaserver=nginx
Pods Nodes
172.17.8.102
hostname=172.17.8.102rack=tatooine
172.17.8.103
hostname=172.17.8.103rack=tatooine
172.17.8.104
hostname=172.17.8.104rack=alderaan
Let's have replicas of pods...Let's have replicas of pods...(There's a Kubernetes resource for that.)
Replication ControllerReplication ControllerManages the lifecycle of pods by ensuring a desired
number of pods exist.
Replication Controllerreplicas=2
selector: app=user-service
Podlabels: app=user-service
Podlabels: app=user-service
Podlabels: app=user-service
How can we direct traffic to pods?How can we direct traffic to pods?
ServiceServiceProvides a single, stable endpoint for a set of pods.
Very much like a round-robin load balancer
user-microservice
app=user-service
user-microservice
app=user-service
Client
Servicename: user-microservice
port: 31335selector: app=user-service
Pods
What components make up Kubernetes?
Master
Node
kube-apiserverkube-schedulerkube-controller-manager
kubeletkube-proxy
Master
kube-apiserver
Validates and sets data for resources
Services REST operations
Provides the interface from whichcomponents interact
Master
kube-scheduler
Performs scheduling of pods
Considers many factors when decidingwhere to schedule
Resource requirementsData localityProcess affinity and anti-affinity
Master
kube-controller-manager
Watches the state of the cluster through the API
Makes changes to make actual state of podsmatch the desired state of pods
Node
kubelet
Ensures that pod specifications are met on anode
Performs garbage collection on containers
Ensures that containers are healthy
Node
kube-proxy
Network proxy that forwards traffic to propercontainer
Configured using Kubernetes service
Can forward TCP and UDP steams or round-robin TCP and UDP forwarding
important-microservice
app=user-service
important-microservice
app=user-service
Client
Servicename: user-microservice
port: 31335selector: app=user-service
Pods
kube-proxy
DemonstrationDemonstrationLet's deploy something!Let's deploy something!
If you see this and following slides during thetalk, then my demo was a bust. These slidesare plan B. Sorry about that.
If you're browsing my slides after the talk,then this is what I demonstrated live.
https://github.com/pires/kubernetes-vagrant-coreos-clusterFollow along with this simple Kubernetes vagrant setup.
apiVersion: v1kind: ReplicationController# Metadata about the controllermetadata: name: blog-controller labels: name: blog-controllerspec: replicas: 2 # The labels of pods to be monitored selector: name: blog-pod # Template newly created pods follow template: metadata: # Match the controller selector at minimum labels: name: blog-pod spec: containers: - name: blog-container image: quay.io/kelcecil/kelcecil-com:latest # containerPort is port in use inside container ports: - containerPort: 80
Create a new replication controllerblog.yaml
Create a new replication controller (2/2)
# Set your KUBERNETES_MASTER to your API Server# Alternatively, use the -s flag with kubectlexport KUBERNETES_MASTER="http://127.0.0.1:8080"kubectl create -f blog.yaml
In your terminal...
Get a list of replication controllers and pods
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get rcCONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICASblog-controller blog-container quay.io/kelcecil/kelcecil-com:latest name=blog-pod 2
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get podsNAME READY STATUS RESTARTS AGEblog-controller-0g7ng 1/1 Running 0 1mblog-controller-a6729 1/1 Running 0 1m
# You can use kubectl get with any Kubernetes resource# kubectl get <resource># kubectl get nodes# kubectl get services
kelcecil@Kels-MBP ~/c/kube-talk> kubectl describe pod blog-controller-0g7ngName: blog-controller-0g7ngNamespace: defaultImage(s): quay.io/kelcecil/kelcecil-com:latestNode: 172.17.8.102/172.17.8.102Labels: name=blog-podStatus: RunningReason:Message:IP: 10.244.35.4Replication Controllers: blog-controller (2/2 replicas created)Containers: blog-container: Image: quay.io/kelcecil/kelcecil-com:latest State: Running Started: Tue, 29 Sep 2015 20:44:37 -0400 Ready: True Restart Count: 0..................
Get information about a particular pod
kubectl describe also works for any Kubernetes resource
kelcecil@Kels-MBP ~/c/kube-talk> kubectl describe node 172.17.8.102Name: 172.17.8.102Labels: kubernetes.io/hostname=172.17.8.102CreationTimestamp: Sun, 13 Sep 2015 15:53:52 -0400Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message Ready True Sun, 13 Sep 2015 16:55:16 -0400 Sun, 13 Sep 2015 15:53:52 -0400 kubelet is posting ready statusAddresses: 172.17.8.102Capacity: memory: 2053532Ki pods: 40 cpu: 1Version: Kernel Version: 4.1.6-coreos-r2 OS Image: CoreOS 801.0.0 Container Runtime Version: docker://1.8.1 Kubelet Version: v1.0.3 Kube-Proxy Version: v1.0.3ExternalID: 172.17.8.102Pods: (1 in total) Namespace Name default blog-lmj3cNo events.
Get system information about a node
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get nodesNAME LABELS STATUS172.17.8.102 kubernetes.io/hostname=172.17.8.102 Ready172.17.8.103 kubernetes.io/hostname=172.17.8.103 Ready
Create a labelkelcecil@Kels-MBP ~/c/kube-talk> kubectl label node 172.17.8.102 region=us-east-1NAME LABELS STATUS172.17.8.102 kubernetes.io/hostname=172.17.8.102,region=us-east-1 Ready
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get nodesNAME LABELS STATUS172.17.8.102 kubernetes.io/hostname=172.17.8.102,region=us-east-1 Ready172.17.8.103 kubernetes.io/hostname=172.17.8.103 Ready
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get -l region=us-east-1 nodesNAME LABELS STATUS172.17.8.102 kubernetes.io/hostname=172.17.8.102,region=us-east-1 Ready
Filter resources by label
Remove a labelkelcecil@Kels-MBP ~/c/kube-talk> kubectl label node 172.17.8.102 region-NAME LABELS STATUS172.17.8.102 kubernetes.io/hostname=172.17.8.102 Ready
Scale a Replication Controller to 3 Replicaskelcecil@Kels-MBP ~/c/kube-talk> kubectl get podsNAME READY STATUS RESTARTS AGEblog-controller-0g7ng 1/1 Running 0 3mblog-controller-a6729 1/1 Running 0 3m
kelcecil@Kels-MBP ~/c/kube-talk> kubectl scale --replicas=3 rc blog-controllerscaled
kelcecil@Kels-MBP ~/c/kube-talk> kubectl get podsNAME READY STATUS RESTARTS AGEblog-controller-0g7ng 1/1 Running 0 3mblog-controller-a6729 1/1 Running 0 3mblog-controller-sems7 1/1 Running 0 18s
Get logs from a pod
> kubectl logs blog-controller-0g7ng2015/09/14 03:07:32 [notice] 12#0: using the "epoll" event method2015/09/14 03:07:32 [notice] 12#0: nginx/1.8.02015/09/14 03:07:32 [notice] 12#0: OS: Linux 4.1.6-coreos-r22015/09/14 03:07:32 [notice] 12#0: getrlimit(RLIMIT_NOFILE): 1048576:10485762015/09/14 03:07:32 [notice] 12#0: start worker processes2015/09/14 03:07:32 [notice] 12#0: start worker process 13
Executing a command inside a pod/container> kubectl exec blog-controller-0g7ng "ps"PID USER TIME COMMAND 1 root 0:00 /bin/sh -c nginx 12 root 0:00 nginx: master process nginx 13 nginx 0:00 nginx: worker process 82 root 0:00 ps
Interact with a shell inside a container> kubectl exec -it blog-controller-0g7ng "sh"/ # ps axPID USER TIME COMMAND 1 root 0:00 /bin/sh -c nginx 12 root 0:00 nginx: master process nginx 13 nginx 0:00 nginx: worker process 98 root 0:00 sh 103 root 0:00 ps ax/ # exit
apiVersion: v1kind: Service# Metadata about the servicemetadata: name: blog-service labels: name: blog-servicespec: # Open a port on nodes using kube-proxy type: NodePort ports: # the port the container serves on - port: 80 # Match the labels for pods to be served selector: name: blog-pod
Create a new serviceblog-service.yaml
# Set your KUBERNETES_MASTER to your API Serverexport KUBERNETES_MASTER="http://127.0.0.1:8080"kubectl create -f blog-service.yaml
In your terminal...
Perform a rolling update on a container
> kubectl rolling-update --image=quay.io/kelcecil/kelcecil-com:talks blog-controllerCreating blog-controller-676be42f24a573bf0ee7733377bd5ea8At beginning of loop: blog-controller replicas: 1, blog-controller-676be42f24a573bf0ee7733377bd5ea8 Updating blog-controller replicas: 1, blog-controller-676be42f24a573bf0ee7733377bd5ea8 replicas: 1At end of loop: blog-controller replicas: 1, blog-controller-676be42f24a573bf0ee7733377bd5ea8 replicas: At beginning of loop: blog-controller replicas: 0, blog-controller-676be42f24a573bf0ee7733377bd5ea8 Updating blog-controller replicas: 0, blog-controller-676be42f24a573bf0ee7733377bd5ea8 replicas: 2At end of loop: blog-controller replicas: 0, blog-controller-676be42f24a573bf0ee7733377bd5ea8 replicas: Update succeeded. Deleting old controller: blog-controllerRenaming blog-controller-676be42f24a573bf0ee7733377bd5ea8 to blog-controllerblog-controller
