Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes on AWS

721 views

Published on

An introduction to Kubernetes and a look at how it leverages AWS IaaS features to provide its own virtual clustering, and demonstration of some of the behaviour inside the cluster that makes Kubernetes a popular choice for microservice deployments.

Published in: Software
  • Be the first to comment

Kubernetes on AWS

  1. 1. Pre-reqs: ● Git: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git ● AWS CLI: http://docs.aws.amazon.com/cli/latest/userguide/installing.html ● kubectl: http://cs-k8s-workshop.s3.amazonaws.com/kubectl/darwin/amd64/kubectl http://cs-k8s-workshop.s3.amazonaws.com/kubectl/linux/amd64/kubectl ● Bash ● git clone https://github.com/ContainerSolutions/kubernetes-aws-workshop
  2. 2. www.container-solutions.com | info@container-solutions.com Kubernetes on AWS Grant Ellis grant.ellis@container-solutions.com
  3. 3. www.container-solutions.com | info@container-solutions.com Who’s who ● Presenters ● You! ➔ Developers? Ops? DevOps? ➔ Tools, languages & frameworks? ➔ Familiar or using any orchestration platform? Mesos/Swarm/ECS?
  4. 4. www.container-solutions.com | info@container-solutions.com Purpose of the Workshop ● Get an overview of the components in kubernetes ● See how kubernetes leverages features present in AWS ● Get an idea of how a production setup may take shape
  5. 5. www.container-solutions.com | info@container-solutions.com Scope of the Workshop ● Basic features of Kubernetes ● Brief look at AWS CloudFormation and IaaS components ● Hands on
  6. 6. www.container-solutions.com | info@container-solutions.com Kubernetes
  7. 7. www.container-solutions.com | info@container-solutions.com Kubernetes ● From the Greek meaning “Helmsman” or “Pilot” ● Founded by Joe Beda, Brendan Burns and Craig McLuckie ● First announced by Google in 2014
  8. 8. www.container-solutions.com | info@container-solutions.com
  9. 9. www.container-solutions.com | info@container-solutions.com Basic concepts ● Pods ● Labels / Selectors ● Replication Controllers / Replica Sets ● Deployments ● Services All Resources can be expressed as YAML or JSON files
  10. 10. www.container-solutions.com | info@container-solutions.com Pods ● A pod is one or more containers ● Ensures co-location / shared fate ● Pods are scheduled, then do not move between nodes ● Containers share resources within the pod: ➔ Volumes ➔ Network / IP ➔ Port space ➔ CPU / Memory allocations
  11. 11. www.container-solutions.com | info@container-solutions.com Pod example apiVersion: v1 kind: Pod metadata: labels: name: influxdb name: influxdb spec: containers: - image: docker.io/tutum/influxdb:latest name: influxdb ports: - containerPort: 8083 name: admin protocol: TCP - containerPort: 8086 name: http protocol: TCP
  12. 12. www.container-solutions.com | info@container-solutions.com Labels / Selectors ● Labels are arbitrary metadata ● Attachable to nearly all API objects ➔ e.g.: Pods, ReplicationControllers, Services... ● Simple key=value pairs ● Can be queried with selectors
  13. 13. www.container-solutions.com | info@container-solutions.com Labels example - release=stable, release=canary - environment=dev, environment=qa, environment=prod - tier=frontend, tier=backend, tier=middleware - partition=customerA, partition=customerB - etc…
  14. 14. www.container-solutions.com | info@container-solutions.com Labels example
  15. 15. www.container-solutions.com | info@container-solutions.com Selectors explained Labels are queryable metadata - selectors can do the queries: - Equality based: - environment = production - tier != frontend - combinations: tier != frontend, version = 1.0.0 - Set based: - environment in (production, pre-production) - tier notin (frontend, backend) - partition or !partition
  16. 16. www.container-solutions.com | info@container-solutions.com Selectors example
  17. 17. www.container-solutions.com | info@container-solutions.com Replication Controllers ● Define the number of replicas of a pod ● Will scheduled across all applicable nodes ● Can change replica value to scale up/down ● Which pods are scaled depends on RC selector ● Labels and selectors are used for grouping ● Can do quite complex things with RCs and labels
  18. 18. www.container-solutions.com | info@container-solutions.com Example Replication Controller apiVersion: v1 kind: ReplicationController metadata: name: nginx spec: replicas: 3 selector: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80
  19. 19. www.container-solutions.com | info@container-solutions.com Replica Set Replica Set is the next-generation Replication Controller. The only difference between a Replica Set and a Replication Controller right now is the selector support. Replica Set supports the new set-based selector which allow filtering keys according to a set of values: - In - Notin - exists (only the key identifier) For example: environment in (production, qa) tier notin (frontend, backend) partition !partition
  20. 20. www.container-solutions.com | info@container-solutions.com Deployments A Deployment is responsible for creating and updating instances of your application ● Create a Deployment to bring up Pods and a replica set. ● Check the status of a Deployment to see if it succeeds or not. ● Later, update that Deployment to recreate the Pods (for example, to use a new image). ● Rollback to an earlier Deployment revision if the current Deployment isn’t stable. ● Pause and resume a Deployment.
  21. 21. www.container-solutions.com | info@container-solutions.com Deployment example apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 minReadySeconds: 5 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.91 ports: - containerPort: 80
  22. 22. www.container-solutions.com | info@container-solutions.com Services “defines a logical set of Pods and a policy by which to access them” ● As Pods are ephemeral, we can't depend on Pod IPs ● Services find pods that match certain selection criteria ● Services can load balance between multiple Pods ● Services can have a single IP that doesn’t change
  23. 23. www.container-solutions.com | info@container-solutions.com Services A group of pods that act as one == Service - group == selector Defines access policy - LoadBalanced, NodePort Gets a stable virtual IP and Port - Called the service portal - Also a DNS name - On prem additional loadbalancer is needed VIP is captured by kube-proxy - Watches the service consistency - Updates when backend changes
  24. 24. www.container-solutions.com | info@container-solutions.com Service example
  25. 25. www.container-solutions.com | info@container-solutions.com Service example apiVersion: v1 kind: Service metadata: name: railsapp spec: type: NodePort selector: app: railsapp ports: - name: http nodePort: 36000 port: 80 protocol: TCP
  26. 26. www.container-solutions.com | info@container-solutions.com Architecture etcd (stores cluster state) API Server Scheduler Controller manager Kubelet (“node agent”) Kube-proxy Container Runtime https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/architecture.md
  27. 27. www.container-solutions.com | info@container-solutions.com Architecture Master Node (“Control Plane”) Api server - Point of interaction with the cluster - Exposes an http endpoint Controller Manager - Responsible for most of the important stuff - Interacts with the api server to retrieve cluster state - Responsible for configuring networking - Allocates node CIDRs - Ensures correct number of pods are running - Reacts to Nodes being added / deleted - Manages Service Accounts and security tokens Scheduler - Schedules newly created pods to a Node
  28. 28. www.container-solutions.com | info@container-solutions.com Architecture Master Node (“Control Plane”) Etcd - Stores the state of the cluster - Doesn’t necessarily have to be co-located with other components - Must be backed up in a production scenario
  29. 29. www.container-solutions.com | info@container-solutions.com kubelet - Agent for running Pods - Mounts volumes for Pods where required - Reports the status of Pods back to rest of system kube-proxy - Enforces network rules on each Node (uses iptables) - Responsible for forwarding packets to correct destination Architecture Worker Node
  30. 30. www.container-solutions.com | info@container-solutions.com Master Node (api-server) - Takes an argument for etcd servers Master Node (controller-manager) - Takes an argument for api server - Creates/defines virtual networks for containers and services - Takes an argument for cluster node CIDR - Takes an argument for service CIDR kubelet - Configures the Docker bridge - Takes an address for the cluster DNS kube-proxy - Takes an argument for the cluster node CIDR Architecture Networking
  31. 31. www.container-solutions.com | info@container-solutions.com Architecture Networking
  32. 32. www.container-solutions.com | info@container-solutions.com AWS
  33. 33. www.container-solutions.com | info@container-solutions.com Various service components: - IaaS: EC2 / VPC - PaaS: Elastic Beanstalk / ECS - (No)SQL database services - Data Storage / Warehousing / Processing - Mobile Services - Serverless Services - CDN AWS Cloud Computing Platform
  34. 34. www.container-solutions.com | info@container-solutions.com We will use CloudFormation to: - Launch EC2 instances into an existing VPC - Create a subnet for each kubernetes cluster - Create a route table for each subnet - Create Security Groups (firewall rules) for each cluster - Create Autoscale Groups for Master and Worker nodes AWS Today: EC2, VPC and CloudFormation Instance Configuration: - Userdata: Instructions to be run by AWS cloud-init system after boot - Chef: Userdata will instruct instances to bootstrap to Chef server CloudFormation: - Method of keeping Infrastructure as Code - JSON based template that defines AWS Resources
  35. 35. www.container-solutions.com | info@container-solutions.com AWS Other ways to build Getting Started guide: http://kubernetes.io/docs/getting-started-guides/aws/ - $ set=something ; wget something | bash - Great for getting a cluster up and running quickly - Inflexible for integration into existing VPCs - Fussy if you put anything else in the VPC it creates Kops: https://github.com/kubernetes/kops - “kubectl for clusters” - Will become the standard way to launch onto AWS - Still in alpha Run with your own: https://github.com/kelseyhightower/kubernetes-the-hard-way - Takes some time - Expect to reverse-engineer - You will know exactly how the cluster is put together
  36. 36. www.container-solutions.com | info@container-solutions.com Using the --cloud-provider=aws flag, the kubernetes components can be instructed to leverage AWS IaaS features. Master instances (running controller-manager) must have an appropriate IAM role assigned. Kubernetes can then - Create and destroy Elastic Load Balancers (ELBs) - Add and delete routes from cluster Route Table - Add and delete firewall rules on cluster Security Group AWS and Kubernetes Kubernetes is able to configure AWS Relevant resources must be appropriately tagged: - Name: KubernetesCluster - Value: ClusterId
  37. 37. www.container-solutions.com | info@container-solutions.com AWS and Kubernetes Our Workshop Architecture: Network
  38. 38. www.container-solutions.com | info@container-solutions.com AWS and Kubernetes Our Workshop Architecture: Servers
  39. 39. www.container-solutions.com | info@container-solutions.com Hands-On
  40. 40. www.container-solutions.com | info@container-solutions.com Build a cluster ● Choose yourself an ID for the cluster $ git clone https://github.com/ContainerSolutions/kubernetes-aws-workshop.git $ cd kubernetes-aws-workshop/ $ ./build [user-id]
  41. 41. www.container-solutions.com | info@container-solutions.com Configure kubectl $ eval `ssh-agent` $ ssh-add /path/to/private.key $ ./find-master [user-id] x.x.x.x $ ./set-cluster x.x.x.x $ kubectl config view
  42. 42. www.container-solutions.com | info@container-solutions.com Check the cluster status $ kubectl cluster-info $ kubectl get cs (componentstatus) $ kubectl get nodes $ kubectl get events $ kubectl describe nodes
  43. 43. www.container-solutions.com | info@container-solutions.com Deploy a container $ kubectl create -f kube-files/nginx-pod.yml $ kubectl get pods $ kubectl describe pod nginx # note the pod ip address
  44. 44. www.container-solutions.com | info@container-solutions.com Create a service $ kubectl create -f kube-files/nginx-service.yml $ kubectl get svc $ kubectl describe service nginx-service # note the Endpoints # note the IP # note the NodePort
  45. 45. www.container-solutions.com | info@container-solutions.com Investigate the service $ kubectl describe service nginx-service Name: nginx-service Namespace: default Labels: <none> Selector: app=nginx Type: NodePort IP: 10.20.32.218 Port: http 80/TCP NodePort: http 31975/TCP Endpoints: 10.100.0.2:80 Session Affinity: None $ ./run-nodes [user-id] curl -s [IP] $ ./run-nodes [user-id] curl -s [Endpoints] $ ./run-nodes [user-id] curl -s 127.0.0.1:[NodePort]
  46. 46. www.container-solutions.com | info@container-solutions.com What’s happening? $ ./find-nodes [cluster-id] x.x.x.x x.x.x.x $ ssh ubuntu@x.x.x.x $ ip route list $ route -n $ sudo iptables -L -t nat # view route table in AWS, note that the pod CIDRs are routed directly to an EC2 NIC
  47. 47. www.container-solutions.com | info@container-solutions.com Cluster Add-Ons $ kubectl cluster-info $ kubectl create -f kube-files/kubernetes-dashboard.yml $ kubectl proxy Starting to serve on 127.0.0.1:8001 # Go to 127.0.0.1:8001/ui
  48. 48. www.container-solutions.com | info@container-solutions.com Cluster Add-Ons $ kubectl create -f kube-files/kube-dns.yml $ kubectl config use-context system $ kubectl get pods # Note the pods you’ve not seen yet. These are running cluster services $ kubectl config use-context workshop $ kubectl cluster-info
  49. 49. www.container-solutions.com | info@container-solutions.com Observing DNS $ kubectl create -f kube-files/busybox.yml $ kubectl exec -ti busybox sh # nslookup google.com # nslookup nginx-service # nslookup kubernetes-dashboard.kube-system # cat /etc/resolv.conf # exit
  50. 50. www.container-solutions.com | info@container-solutions.com Deploying a service $ kubectl delete pod nginx $ kubectl delete svc nginx-service $ kubectl create -f kube-files/nginx-deployment $ kubectl get pods $ kubectl get rs (replicaset) $ kubectl delete pod [nginx-pod] $ kubectl get pods
  51. 51. www.container-solutions.com | info@container-solutions.com Deploying a service $ kubectl expose deployment nginx --type=LoadBalancer $ kubectl get svc -o wide # ...wait
  52. 52. www.container-solutions.com | info@container-solutions.com Deploying a microservice application $ kubectl create -f kube-files/microservices-demo.yml $ kubectl get svc -o wide # ...wait
  53. 53. www.container-solutions.com | info@container-solutions.com Tidy up... $ kubectl delete service nginx $ kubectl delete deployment nginx $ kubectl delete -f kube-files/microservices-demo.yml $ ./delete [user-id] $ ssh-agent -k
  54. 54. www.container-solutions.com | info@container-solutions.com Questions? grant.ellis@container-solutions.com

×