Using Kubernetes to build a PaaSTanmai Gopal

Tanmai GopalHead Engineering, Hasura

@tanmaigo

● Building applications for 8 years

● Machine Learning/Computer Vision

● Software engineering, functional

programming, distributed systems

http://hasura.io

@HasuraHQ

HASURAPaaS + BaaS built on:

nginx + redis + postgres

CoreOS + Docker + Kubernetes

Components primarily written in

Haskell.

The Kubernetes way1. Pods

2. Replicasets

3. Deployments

4. Services

5. PersistentVolumes

6. Configmaps

The Kubernetes way

You don’t actually ever manage a resource.

You manage the definition of the resource.

Kubernetes makes the resource arrive at

that definition, eventually.

Examples to understand the Kubernetes way● Run a process

● Processes communicating with each other

● Configure a process

● Restart a process with configuration changes

● Set up an API gateway to upstream services

● Run a one-off script

● Stop/delete a process

Examples to understand the Kubernetes way

Pod

Service

Pod

Service

Deployment

Setting context - HasuraA demo to show Hasura features

1. Collection of microservices to give you BaaS APIs

2. Easy to deploy custom code or packaged code (PaaS)

Desired application architecture*.myapp.com

data.myapp.com auth.myapp.com

Let’s build some PaaS tooling1. Deploy a docker image backed service

a. Run the process

b. Configure a API gateway rule to reach the process

2. Add a new domain for the API gateway

3. TCP access via SSH tunneling

4. Single point of configuration for my application

5. Initialise and manage state (Postgres)

Deploy docker image1. Demo

Client (console/kubectl)

kubernetes

Deployment

Service

Pod

Service

“Expose” via API gateway1. Demo

Pod

API Gateway

Service

“Expose” via API gateway1. Create a new

configmap

Client (console/kubectl)

Pod

API Gateway

Service

nginx.conf (configmap)

“Expose” via API gateway1. Listen to the service

2. Update the configmap

API Gateway

Service

configmap

operator

“Expose” via API gateway1. Update the configmap

a. Wait for it to sync to the deployment?

2. Configmap hash

3. Update gateway deployment with a

new configmap hash

4. Rollbacks!

API Gateway

Service

configmap

operator

1

2

3

“Expose” via API gateway1. But which service should the

operator expose?

Service(annotation)

operatorOperator (configmap)

Deploy docker image, finally!

Client (console/kubectl)

kubernetesDeployment

Service

Pod

Service

Operator Configmap

API Gateway

New domains for API gateway

Client (console/kubectl)

kubernetes

Configmap

API Gateway

Authorized keys for an SSH container

Client (console/kubectl)

kubernetes

Configmap

AuthorizedKeys(configmap)

SSH deployment

Single point of configurationClient

(console/kubectl)

kubernetesConfigmap operator

API gateway SSHD

Configmap

Questions