Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

1

Share

Download to read offline

Kubernetes on AWS

Download to read offline

An introduction to Kubernetes and a look at how it leverages AWS IaaS features to provide its own virtual clustering, and demonstration of some of the behaviour inside the cluster that makes Kubernetes a popular choice for microservice deployments.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Kubernetes on AWS

  1. 1. Pre-reqs: ● Git: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git ● AWS CLI: http://docs.aws.amazon.com/cli/latest/userguide/installing.html ● kubectl: http://cs-k8s-workshop.s3.amazonaws.com/kubectl/darwin/amd64/kubectl http://cs-k8s-workshop.s3.amazonaws.com/kubectl/linux/amd64/kubectl ● Bash ● git clone https://github.com/ContainerSolutions/kubernetes-aws-workshop
  2. 2. www.container-solutions.com | info@container-solutions.com Kubernetes on AWS Grant Ellis grant.ellis@container-solutions.com
  3. 3. www.container-solutions.com | info@container-solutions.com Who’s who ● Presenters ● You! ➔ Developers? Ops? DevOps? ➔ Tools, languages & frameworks? ➔ Familiar or using any orchestration platform? Mesos/Swarm/ECS?
  4. 4. www.container-solutions.com | info@container-solutions.com Purpose of the Workshop ● Get an overview of the components in kubernetes ● See how kubernetes leverages features present in AWS ● Get an idea of how a production setup may take shape
  5. 5. www.container-solutions.com | info@container-solutions.com Scope of the Workshop ● Basic features of Kubernetes ● Brief look at AWS CloudFormation and IaaS components ● Hands on
  6. 6. www.container-solutions.com | info@container-solutions.com Kubernetes
  7. 7. www.container-solutions.com | info@container-solutions.com Kubernetes ● From the Greek meaning “Helmsman” or “Pilot” ● Founded by Joe Beda, Brendan Burns and Craig McLuckie ● First announced by Google in 2014
  8. 8. www.container-solutions.com | info@container-solutions.com
  9. 9. www.container-solutions.com | info@container-solutions.com Basic concepts ● Pods ● Labels / Selectors ● Replication Controllers / Replica Sets ● Deployments ● Services All Resources can be expressed as YAML or JSON files
  10. 10. www.container-solutions.com | info@container-solutions.com Pods ● A pod is one or more containers ● Ensures co-location / shared fate ● Pods are scheduled, then do not move between nodes ● Containers share resources within the pod: ➔ Volumes ➔ Network / IP ➔ Port space ➔ CPU / Memory allocations
  11. 11. www.container-solutions.com | info@container-solutions.com Pod example apiVersion: v1 kind: Pod metadata: labels: name: influxdb name: influxdb spec: containers: - image: docker.io/tutum/influxdb:latest name: influxdb ports: - containerPort: 8083 name: admin protocol: TCP - containerPort: 8086 name: http protocol: TCP
  12. 12. www.container-solutions.com | info@container-solutions.com Labels / Selectors ● Labels are arbitrary metadata ● Attachable to nearly all API objects ➔ e.g.: Pods, ReplicationControllers, Services... ● Simple key=value pairs ● Can be queried with selectors
  13. 13. www.container-solutions.com | info@container-solutions.com Labels example - release=stable, release=canary - environment=dev, environment=qa, environment=prod - tier=frontend, tier=backend, tier=middleware - partition=customerA, partition=customerB - etc…
  14. 14. www.container-solutions.com | info@container-solutions.com Labels example
  15. 15. www.container-solutions.com | info@container-solutions.com Selectors explained Labels are queryable metadata - selectors can do the queries: - Equality based: - environment = production - tier != frontend - combinations: tier != frontend, version = 1.0.0 - Set based: - environment in (production, pre-production) - tier notin (frontend, backend) - partition or !partition
  16. 16. www.container-solutions.com | info@container-solutions.com Selectors example
  17. 17. www.container-solutions.com | info@container-solutions.com Replication Controllers ● Define the number of replicas of a pod ● Will scheduled across all applicable nodes ● Can change replica value to scale up/down ● Which pods are scaled depends on RC selector ● Labels and selectors are used for grouping ● Can do quite complex things with RCs and labels
  18. 18. www.container-solutions.com | info@container-solutions.com Example Replication Controller apiVersion: v1 kind: ReplicationController metadata: name: nginx spec: replicas: 3 selector: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80
  19. 19. www.container-solutions.com | info@container-solutions.com Replica Set Replica Set is the next-generation Replication Controller. The only difference between a Replica Set and a Replication Controller right now is the selector support. Replica Set supports the new set-based selector which allow filtering keys according to a set of values: - In - Notin - exists (only the key identifier) For example: environment in (production, qa) tier notin (frontend, backend) partition !partition
  20. 20. www.container-solutions.com | info@container-solutions.com Deployments A Deployment is responsible for creating and updating instances of your application ● Create a Deployment to bring up Pods and a replica set. ● Check the status of a Deployment to see if it succeeds or not. ● Later, update that Deployment to recreate the Pods (for example, to use a new image). ● Rollback to an earlier Deployment revision if the current Deployment isn’t stable. ● Pause and resume a Deployment.
  21. 21. www.container-solutions.com | info@container-solutions.com Deployment example apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 minReadySeconds: 5 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.91 ports: - containerPort: 80
  22. 22. www.container-solutions.com | info@container-solutions.com Services “defines a logical set of Pods and a policy by which to access them” ● As Pods are ephemeral, we can't depend on Pod IPs ● Services find pods that match certain selection criteria ● Services can load balance between multiple Pods ● Services can have a single IP that doesn’t change
  23. 23. www.container-solutions.com | info@container-solutions.com Services A group of pods that act as one == Service - group == selector Defines access policy - LoadBalanced, NodePort Gets a stable virtual IP and Port - Called the service portal - Also a DNS name - On prem additional loadbalancer is needed VIP is captured by kube-proxy - Watches the service consistency - Updates when backend changes
  24. 24. www.container-solutions.com | info@container-solutions.com Service example
  25. 25. www.container-solutions.com | info@container-solutions.com Service example apiVersion: v1 kind: Service metadata: name: railsapp spec: type: NodePort selector: app: railsapp ports: - name: http nodePort: 36000 port: 80 protocol: TCP
  26. 26. www.container-solutions.com | info@container-solutions.com Architecture etcd (stores cluster state) API Server Scheduler Controller manager Kubelet (“node agent”) Kube-proxy Container Runtime https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/architecture.md
  27. 27. www.container-solutions.com | info@container-solutions.com Architecture Master Node (“Control Plane”) Api server - Point of interaction with the cluster - Exposes an http endpoint Controller Manager - Responsible for most of the important stuff - Interacts with the api server to retrieve cluster state - Responsible for configuring networking - Allocates node CIDRs - Ensures correct number of pods are running - Reacts to Nodes being added / deleted - Manages Service Accounts and security tokens Scheduler - Schedules newly created pods to a Node
  28. 28. www.container-solutions.com | info@container-solutions.com Architecture Master Node (“Control Plane”) Etcd - Stores the state of the cluster - Doesn’t necessarily have to be co-located with other components - Must be backed up in a production scenario
  29. 29. www.container-solutions.com | info@container-solutions.com kubelet - Agent for running Pods - Mounts volumes for Pods where required - Reports the status of Pods back to rest of system kube-proxy - Enforces network rules on each Node (uses iptables) - Responsible for forwarding packets to correct destination Architecture Worker Node
  30. 30. www.container-solutions.com | info@container-solutions.com Master Node (api-server) - Takes an argument for etcd servers Master Node (controller-manager) - Takes an argument for api server - Creates/defines virtual networks for containers and services - Takes an argument for cluster node CIDR - Takes an argument for service CIDR kubelet - Configures the Docker bridge - Takes an address for the cluster DNS kube-proxy - Takes an argument for the cluster node CIDR Architecture Networking
  31. 31. www.container-solutions.com | info@container-solutions.com Architecture Networking
  32. 32. www.container-solutions.com | info@container-solutions.com AWS
  33. 33. www.container-solutions.com | info@container-solutions.com Various service components: - IaaS: EC2 / VPC - PaaS: Elastic Beanstalk / ECS - (No)SQL database services - Data Storage / Warehousing / Processing - Mobile Services - Serverless Services - CDN AWS Cloud Computing Platform
  34. 34. www.container-solutions.com | info@container-solutions.com We will use CloudFormation to: - Launch EC2 instances into an existing VPC - Create a subnet for each kubernetes cluster - Create a route table for each subnet - Create Security Groups (firewall rules) for each cluster - Create Autoscale Groups for Master and Worker nodes AWS Today: EC2, VPC and CloudFormation Instance Configuration: - Userdata: Instructions to be run by AWS cloud-init system after boot - Chef: Userdata will instruct instances to bootstrap to Chef server CloudFormation: - Method of keeping Infrastructure as Code - JSON based template that defines AWS Resources
  35. 35. www.container-solutions.com | info@container-solutions.com AWS Other ways to build Getting Started guide: http://kubernetes.io/docs/getting-started-guides/aws/ - $ set=something ; wget something | bash - Great for getting a cluster up and running quickly - Inflexible for integration into existing VPCs - Fussy if you put anything else in the VPC it creates Kops: https://github.com/kubernetes/kops - “kubectl for clusters” - Will become the standard way to launch onto AWS - Still in alpha Run with your own: https://github.com/kelseyhightower/kubernetes-the-hard-way - Takes some time - Expect to reverse-engineer - You will know exactly how the cluster is put together
  36. 36. www.container-solutions.com | info@container-solutions.com Using the --cloud-provider=aws flag, the kubernetes components can be instructed to leverage AWS IaaS features. Master instances (running controller-manager) must have an appropriate IAM role assigned. Kubernetes can then - Create and destroy Elastic Load Balancers (ELBs) - Add and delete routes from cluster Route Table - Add and delete firewall rules on cluster Security Group AWS and Kubernetes Kubernetes is able to configure AWS Relevant resources must be appropriately tagged: - Name: KubernetesCluster - Value: ClusterId
  37. 37. www.container-solutions.com | info@container-solutions.com AWS and Kubernetes Our Workshop Architecture: Network
  38. 38. www.container-solutions.com | info@container-solutions.com AWS and Kubernetes Our Workshop Architecture: Servers
  39. 39. www.container-solutions.com | info@container-solutions.com Hands-On
  40. 40. www.container-solutions.com | info@container-solutions.com Build a cluster ● Choose yourself an ID for the cluster $ git clone https://github.com/ContainerSolutions/kubernetes-aws-workshop.git $ cd kubernetes-aws-workshop/ $ ./build [user-id]
  41. 41. www.container-solutions.com | info@container-solutions.com Configure kubectl $ eval `ssh-agent` $ ssh-add /path/to/private.key $ ./find-master [user-id] x.x.x.x $ ./set-cluster x.x.x.x $ kubectl config view
  42. 42. www.container-solutions.com | info@container-solutions.com Check the cluster status $ kubectl cluster-info $ kubectl get cs (componentstatus) $ kubectl get nodes $ kubectl get events $ kubectl describe nodes
  43. 43. www.container-solutions.com | info@container-solutions.com Deploy a container $ kubectl create -f kube-files/nginx-pod.yml $ kubectl get pods $ kubectl describe pod nginx # note the pod ip address
  44. 44. www.container-solutions.com | info@container-solutions.com Create a service $ kubectl create -f kube-files/nginx-service.yml $ kubectl get svc $ kubectl describe service nginx-service # note the Endpoints # note the IP # note the NodePort
  45. 45. www.container-solutions.com | info@container-solutions.com Investigate the service $ kubectl describe service nginx-service Name: nginx-service Namespace: default Labels: <none> Selector: app=nginx Type: NodePort IP: 10.20.32.218 Port: http 80/TCP NodePort: http 31975/TCP Endpoints: 10.100.0.2:80 Session Affinity: None $ ./run-nodes [user-id] curl -s [IP] $ ./run-nodes [user-id] curl -s [Endpoints] $ ./run-nodes [user-id] curl -s 127.0.0.1:[NodePort]
  46. 46. www.container-solutions.com | info@container-solutions.com What’s happening? $ ./find-nodes [cluster-id] x.x.x.x x.x.x.x $ ssh ubuntu@x.x.x.x $ ip route list $ route -n $ sudo iptables -L -t nat # view route table in AWS, note that the pod CIDRs are routed directly to an EC2 NIC
  47. 47. www.container-solutions.com | info@container-solutions.com Cluster Add-Ons $ kubectl cluster-info $ kubectl create -f kube-files/kubernetes-dashboard.yml $ kubectl proxy Starting to serve on 127.0.0.1:8001 # Go to 127.0.0.1:8001/ui
  48. 48. www.container-solutions.com | info@container-solutions.com Cluster Add-Ons $ kubectl create -f kube-files/kube-dns.yml $ kubectl config use-context system $ kubectl get pods # Note the pods you’ve not seen yet. These are running cluster services $ kubectl config use-context workshop $ kubectl cluster-info
  49. 49. www.container-solutions.com | info@container-solutions.com Observing DNS $ kubectl create -f kube-files/busybox.yml $ kubectl exec -ti busybox sh # nslookup google.com # nslookup nginx-service # nslookup kubernetes-dashboard.kube-system # cat /etc/resolv.conf # exit
  50. 50. www.container-solutions.com | info@container-solutions.com Deploying a service $ kubectl delete pod nginx $ kubectl delete svc nginx-service $ kubectl create -f kube-files/nginx-deployment $ kubectl get pods $ kubectl get rs (replicaset) $ kubectl delete pod [nginx-pod] $ kubectl get pods
  51. 51. www.container-solutions.com | info@container-solutions.com Deploying a service $ kubectl expose deployment nginx --type=LoadBalancer $ kubectl get svc -o wide # ...wait
  52. 52. www.container-solutions.com | info@container-solutions.com Deploying a microservice application $ kubectl create -f kube-files/microservices-demo.yml $ kubectl get svc -o wide # ...wait
  53. 53. www.container-solutions.com | info@container-solutions.com Tidy up... $ kubectl delete service nginx $ kubectl delete deployment nginx $ kubectl delete -f kube-files/microservices-demo.yml $ ./delete [user-id] $ ssh-agent -k
  54. 54. www.container-solutions.com | info@container-solutions.com Questions? grant.ellis@container-solutions.com
  • deknoymuangnan

    Mar. 12, 2018

An introduction to Kubernetes and a look at how it leverages AWS IaaS features to provide its own virtual clustering, and demonstration of some of the behaviour inside the cluster that makes Kubernetes a popular choice for microservice deployments.

Views

Total views

964

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

47

Shares

0

Comments

0

Likes

1

×