Upload
doit-international
View
1.502
Download
0
Embed Size (px)
Citation preview
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Kubernetes - State of the Union (Q1-2016)Vadim Solovey - CTO, DoIT InternationalGoogle Cloud Developer Expert | Authorized [email protected]
Google confidential │ Do not distribute
Agenda
Introduction to Containers & Kubernetes
What’s new and coming soon
Q&A
1
2
3
• Usage of micro-services
• Declarative management
• Highly flexible and scalable
• Automation-friendly
• Good for complex
architectures
• Development for “Google
scale”
KubernetesPackaging containersApps in ContainersContainers
‘Physical’ Node
Portable, isolated, static app environments
Hello Container!
Hypervisor
node kernel
app code
libraries
app code
libraries
app code
libraries
container 1 container 2 container 3
Copyright 2016 Google Inc
How Can We Scale Out Container Workloads?
Node Node
Cluster
Node
???
• Placement?• Scale?• Node failure?• Container failure?• Application upgrades?
How to handle...Containers
Managed Base OS
Node Container Manager
Scheduled Containers
Cluster Scheduler Schedule containers across machines
Replication and resizing
Service naming and discovery
Cluster schedulingKubernetesContainers
A datacenter is not a group of computers,
a datacenter is a computer.
The promise
Copyright 2015 Google Inc
Replication controllers create new pod "replicas" from a template and ensures that a configurable number of those pods are running.
A Service offers low overhead way to route requests to a logical set of pod backends in the cluster based on a label selector.
Replication Controllers ServicesLabels
Labels are metadata that are attached to objects, such as pods.
They enable organization and selection of subsets of objects with a cluster.
Pods
Pods are ephemeral units that are used to manage one or more tightly coupled containers.
They enable data sharing and communication among their constituent components.
Moving partsKubernetes
Copyright 2015 Google Inc
Namespaces AnnotationsSecretsVolumes
More moving partsKubernetes
Persistent VolumesSelectors Load
Balancers
Copyright 2015 Google Inc
Autoscalers
Ingress
JobsDaemon Sets
New kids in the townKubernetes
Deployments
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Daemon Sets
Daemon SetsA Daemon Set ensures that all (or some) nodes run a copy of a pod.
Node 1 Node 2 Node 3pod pod pod
Popular use-cases:
● running a cluster storage daemon, such as glusterd or ceph● running a logs collection daemon on every node, such as fluentd or logstash● running a node monitoring daemon on every node collectd, new relic, ganglia
Alternatives:
● init script of your religion, - init, upstartd, systemd● bare pods
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Deployments
DeploymentsA Deployment provides declarative update for Pods and ReplicationControllers.
apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: nginx-deploymentspec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80
A typical use case is:● Create a deployment to bring up a replication controller and pods.● Later, update that deployment to recreate the pods (for ex: to use a
new image).
$ kubectl create -f app.yaml deployment "app" created..
$ kubectl get deployments NAME UPDATEDREPLICAS AGE app 3/3 1m
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Horizontal Pod Autoscaling
Pod AutoscalingHorizontal pod autoscaling allows the number of pods in a replication controller or deployment to scale automatically based on observed CPU utilization
Pod 1
Details:
● Control loop (targetNumOfPods = ceil(sum(currentPodsCPUUtilization) / target)● --horizontal-pod-autoscaler-sync-period● Autoscaling during rolling update
Pod 2 Pod .. Pod N
RC / Deployment Autoscaler
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Ingress
Copyright 2016 Google Inc
The Ingress
Services
Internet
Services
Internet
Ingress
is collection of rules that allow inbound connections to reach the cluster services
Copyright 2016 Google Inc
The Ingress Resource
Services
Internet
Ingress
Few potential use-cases include:
● Externally reachable urls for services
● Traffic Load Balancing
● Terminate SSL
● Name based virtual hosting
● More more as it evolves..
Available Controllers:
● GCE L7 LB
● nginx
● Write your own
Copyright 2016 Google Inc
The Ingress Resource
Services
Internet
Ingress
Minimal Ingress Resource may look like this:
01. apiVersion: extensions/v1beta102. kind: Ingress03. metadata:04. name: test-ingress05. spec:06. rules:07. - http:08. paths:09. - path: /testpath10. backend:11. serviceName: test12. servicePort: 80
Copyright 2016 Google Inc
Creating Ingress Resource
Services
Internet
Ingress
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: test-ingressspec: backend: serviceName: testsvc servicePort: 80
$ kubectl get ingNAME RULE BACKEND ADDRESStest-ingress - testsvc:80 107.178.254.228
Copyright 2016 Google Inc
Creating Ingress Controller
Services
Internet
Ingress
apiVersion: v1kind: ReplicationControllermetadata: name: nginx-ingress labels: app: nginx-ingressspec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: gcr.io/google_containers/nginx-ingress:0.1 imagePullPolicy: Always name: nginx ports: - containerPort: 80 hostPort: 80
Copyright 2016 Google Inc
Simple Fan OutSimple edge accepting ingress traffic and proxying it to the right endpoints
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: testspec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
$ kubectl get ingNAME RULE BACKEND ADDRESStest - foo.bar.com /foo s1:80 /bar s2:80
foo.bar.com
178.91.123.132
/foos1:80
/bars2:80
Copyright 2016 Google Inc
Name based virtual hostingName-based virtual hosts use multiple host names for the same IP address
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: testspec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80
foo.bar.com
178.91.123.132
foo.bar.coms1:80
bar.foo.com
s2:80
bar.foo.com
Copyright 2016 Google Inc
AlternativesYou can expose a Service in multiple ways that don't directly involve the Ingress resource:
● Use Service.Type=LoadBalancer
● Use Service.Type=NodePort (30K-32K ports)
● Use a Port Proxy
● Deploy the Service Loadbalancer. This allows you to share a single IP among multiple
services and achieve more advanced load balancing through service annotations.
Copyright 2016 Google Inc
Gotchas● The Ingress resource is not available in Kubernetes < 1.1
● You need an Ingress Controller to satisfy an Ingress.
○ Simply creating the resource will have no effect.
● On GCE/GKE there is a L7 LB controller, on other platforms you either need to write
your own or deploy an existing controller as a pod.
● The resource currently does not support HTTPS, but will do so before it leaves beta
(March/April 2016)
Copyright 2016 Google Inc
Future Work● Various modes of HTTPS/TLS support (edge termination, sni etc)
● Requesting an IP or Hostname via claims
● Combining L4 and L7 Ingress
● More Ingress controllers (haproxy, vulcan, zuul, etc)
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Jobs
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Going forward
JobsA job creates one or more pods and ensures that a specified number of them successfully terminate.
Details:
● .restartPolicy, .parallelism & .completions● replication controller vs jobs● cron
apiVersion: extensions/v1beta1kind: Jobmetadata: name: pispec: selector: matchLabels: app: pi template: metadata: name: pi labels: app: pi spec: containers: - name: pi image: perl command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] restartPolicy: Never
$ kubectl create -f ./job.yaml jobs/pi
$ kubectl logs pi-aiw0a3.14159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823371
Copyright 2016 Google Inc
Going forward in 2016● version 1.2 would also enable multi-zone
● version 1.4 will allow multi-clustering (Ubernetes)
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.
Q & AVadim Solovey - CTO, DoIT InternationalGoogle Cloud Developer Expert | Authorized [email protected]
Section Slide Template Option 2
Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.meetup.com/googlecloud