Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
KubernetesmeThisBatman
Or I how I quit worrying and learned to love
container clustering
Disclaimer:Idon’twork
forgoogle.Also,stillmad
aboutGoogleReader.RIP
sweetprince.
PresentationSchedule
● Part 0: What Does This Have to Do With Batman?
● Part 1: Kubernetes is very opinionated but I agree...
Part0:WhatDoes
ThisHaveToDoWith
Batman?
IliketothinkthatIamBatman
✓ Does not have superpowers
✓ Relies on his intuition and
mental skills
✓ Has lots of cool gadge...
IliketoDevOpandlove
toplaywithnewtoolsto
fightcrimedowntime
onedayIstartedplayingwithcontainersbecauseeveryoneelsewas
doingitandthatneverwentpoorlysowhynot.(looksinviting)
AndthenIwasgonnalaunchallmycontainersinproductionand
wowallmyfriends(becausemywifedoesn’tgetwowedbycontainers).
Thiswastheresult.Itwasnotgood.No-onewaswowed.
AndthenIheardabout
thisKubernetesthing.And
wantedtolearnhowto
useit.
KuberneteswasliketheRiddlertome
✓ Likes to confuse people
✓ Is clever but not funny
✓ Does a lot of taunting
✓ Made me fee...
AfteraclassatOsconand
somegoodol’learnin,I
wasabletooutsmartthe
RiddlerKubernetes.
Part1:Kubernetesis
veryopinionated
butIagreewith
mostofthem.
Iwastoldmemesweregoodtohaveinapresentation.Hereisoneright
offthebat.
FromChapter4ofGettingRealby37Signals
The best software has a vision.
The best software takes sides.
When someone uses soft...
Runningandscheduling
containersisavery
opinionatedfield.
GooglehasanopinioncalledKubernetes.
● Pronounced /koo-ber-nay'-tace/. It’s actually a Greek
term for “ship master”.
● Deve...
k8s
BTW, Google wants you to stop writing Kubernetes and use
this clever acronym instead. Although it technically should
b...
ThisistheKuberneteslogo.Thelackofsymmetrybugsme.
Therearetwobigideasin
Kubernetes:labelsand
Pods.
Pods
● For the most part …
● Pods can contain one or more containers.
● The containers in a pod are scheduled on the same node....
Podsareflatfiles.No,really.LikeYAMLorJSON(boo*).
apiVersion: v1
kind: Pod
metadata:
name: ""
labels:
name: ""
namespace: "...
Pods.Bothofthesearethesame.
apiVersion: v1
kind: Pod
metadata:
name: redis-django
labels:
app: web
spec:
containers:
- nam...
ThePodLifecycleinaCluster
Let’s say you want to fire up a pod. With kubectl you would:
1. Make a Pod request to the API se...
Mostofthethingsin
Kubernetesarebuilton
topofPods.
Labels
Labelsandselectorsarethefairydustink8s.
● A label is a key-value pair that is assigned to objects
in k8s.
○ Pods, services...
Anexampleofeach.
"labels": {
"environment" : "prod",
"type" : "nginx"
}
environment = prod
type != nginx
"labels": {
"envi...
Whenonethingink8s
needstofindanother
thingink8s,ituses
labels.
TheK8SCluster
Abasiccluster.
K8S Node 1
redis-django pod 1
redis
container
django
container
some-other pod
K8S Node 2
redis-django pod 2...
bonusstuff
● When you launch a
cluster, you get some
built in services.
● Each one of these has
their own endpoints and
/ ...
Namespaces.
AVirtualClusterinYourCluster
● A namespace as an isolated section of a cluster.
● It’s a virtual cluster in your cluster.
...
Part2:Allabout
drawings.
Let’slookataKubernetesclusterdiagram.
Thisdiagramisabitsmall,let’sbreakitdown.
Themaster
● Everything is done via
kubectl, which then
makes calls against the
kube-apiserver.
● The Controller Manager,
S...
TheNode
● The name of the agent
process is called
kubelet. Think “cubed
omelette”.
● The kubelet process
manages the Pods,...
Amasterisamaster
becauseithastheapi
servicesandscheduler.The
stateisallinetcd.
Kubernetesobjects.
Mymentalmodelofk8s
● I find it easiest to think of everything as a variation
of a Pod or another object.
● Google has done...
Whatk8slookslikeinmyhead.
Pod
Spec
Container
Replica Set
Pod
Spec
Container
Replication
Controller
Pod
Spec
Container
Daem...
Orthis.
TheBaseThingsinContainersarecalledSpecs
(NotlikeDust,likeSpecification)
● The only required field is
containers.
○ And it ...
Thenthereisthepod
● Specs don’t do anything by
themselves; for that you need a
pod.
● Pods are just collections of
contain...
Services.
● Services point to a Pod.
● … or to an external source.
● With Pods a virtual endpoint is
created then routed t...
IngressService=AWSAPI
Gateway.
● An Ingress Controller sits at the
boundary of the cluster and routes
requests to Services...
Daemonsets.Scary.
● Daemons is an object that ensures that a copy
of each Pod runs on each node.
● This is commonly used t...
Petsets.Notsoscary.
● New in 1.3, Pet Sets allow you to create
complex microservices across the cluster.
● They have the a...
ReplicationController(deprecated)
● A Replication Controller was the best way to
run Pods.
● You set a number of pods to r...
ReplciaSet.Thenewhotness.
● A Replica Set differs from the Replication
Controller because it can be updated.
● If you upda...
Deployments.Thekingofthehill.
● A Deployment controls the running state of
Pods and Replica Sets.
● In k8s 1.3 it is the p...
There’smorestufftoo.
Otherstuff.
● Secrets:
○ K8s comes with a built-in secret store that is namespaced and uses
labels to control pod read acc...
Part3:DemoTime!
YouOnlyNeedaComputer,BTW
● Minikube
○ https://github.com/kubernetes/minikube
○ Runs a Kubernetes node on top of your favor...
OntoMinikube!
FIN
Contactme!
keybase.io/richardboydii
@richardboydii
richardboydii.com
coutnzer0.com
Kubernetes Me this Batman
Kubernetes Me this Batman
Upcoming SlideShare
Loading in …5
×

Kubernetes Me this Batman

271 views

Published on

Richard Boyd, Civitas Learning

Google Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.

What does that mean? If you’re thinking about moving towards a container-centric world then you should consider using Kubernetes. In this talk I’ll go through the architecture of Kubernetes and give an overview of how it works, capping it off with a tech demo and light Q and A.

Published in: Software
  • Be the first to comment

Kubernetes Me this Batman

  1. 1. KubernetesmeThisBatman Or I how I quit worrying and learned to love container clustering
  2. 2. Disclaimer:Idon’twork forgoogle.Also,stillmad aboutGoogleReader.RIP sweetprince.
  3. 3. PresentationSchedule ● Part 0: What Does This Have to Do With Batman? ● Part 1: Kubernetes is very opinionated but I agree with most of them. ● Part 2: All about drawings. ● Part 3: Demo Time!
  4. 4. Part0:WhatDoes ThisHaveToDoWith Batman?
  5. 5. IliketothinkthatIamBatman ✓ Does not have superpowers ✓ Relies on his intuition and mental skills ✓ Has lots of cool gadgets ✓ Likes to surprise people
  6. 6. IliketoDevOpandlove toplaywithnewtoolsto fightcrimedowntime
  7. 7. onedayIstartedplayingwithcontainersbecauseeveryoneelsewas doingitandthatneverwentpoorlysowhynot.(looksinviting)
  8. 8. AndthenIwasgonnalaunchallmycontainersinproductionand wowallmyfriends(becausemywifedoesn’tgetwowedbycontainers).
  9. 9. Thiswastheresult.Itwasnotgood.No-onewaswowed.
  10. 10. AndthenIheardabout thisKubernetesthing.And wantedtolearnhowto useit.
  11. 11. KuberneteswasliketheRiddlertome ✓ Likes to confuse people ✓ Is clever but not funny ✓ Does a lot of taunting ✓ Made me feel dumb
  12. 12. AfteraclassatOsconand somegoodol’learnin,I wasabletooutsmartthe RiddlerKubernetes.
  13. 13. Part1:Kubernetesis veryopinionated butIagreewith mostofthem.
  14. 14. Iwastoldmemesweregoodtohaveinapresentation.Hereisoneright offthebat.
  15. 15. FromChapter4ofGettingRealby37Signals The best software has a vision. The best software takes sides. When someone uses software, they're not just looking for features, they're looking for an approach. They're looking for a vision. Decide what your vision is and run with it.
  16. 16. Runningandscheduling containersisavery opinionatedfield.
  17. 17. GooglehasanopinioncalledKubernetes. ● Pronounced /koo-ber-nay'-tace/. It’s actually a Greek term for “ship master”. ● Developed at Google. The third iteration of container management. ○ Daddy was Omega. ○ Grandaddy was Borg. ● Kubernetes is not a PaaS, but you can build one with it. ● Google says that Kubernetes is planet scale.
  18. 18. k8s BTW, Google wants you to stop writing Kubernetes and use this clever acronym instead. Although it technically should be pronounced “Kates”.
  19. 19. ThisistheKuberneteslogo.Thelackofsymmetrybugsme.
  20. 20. Therearetwobigideasin Kubernetes:labelsand Pods.
  21. 21. Pods
  22. 22. ● For the most part … ● Pods can contain one or more containers. ● The containers in a pod are scheduled on the same node. ● Everything in Kubernetes is some flavor of of pod or an extension of the pod spec. ● Remember this for now, we’ll get back to it in a second. Apodisacollectionofcontainers.
  23. 23. Podsareflatfiles.No,really.LikeYAMLorJSON(boo*). apiVersion: v1 kind: Pod metadata: name: "" labels: name: "" namespace: "" annotations: [] generateName: "" spec: ? "// See 'The spec schema' for details." : ~ { "kind": "Pod", "apiVersion": "v1", "metadata": { "name": "", "labels": { "name": "" }, "generateName": "", "namespace": "", "annotations": [] }, "spec": { // See 'The spec schema' for details. } } *Fontsize14vsfontsize10,YAMListheclearwinner.EspeciallyinthecontextofShannon’sInformationTheory.Thesamedensityofinformationcanbetransmittedinless lineswithYAML.
  24. 24. Pods.Bothofthesearethesame. apiVersion: v1 kind: Pod metadata: name: redis-django labels: app: web spec: containers: - name: key-value-store image: redis ports: - containerPort: 6379 - name: frontend image: django ports: - containerPort: 8000 K8S Node 1 redis-django pod 1 redis container django container some-other pod K8S Node 2 redis-django pod 2 redis container django container redis-django pod 3 redis container django container
  25. 25. ThePodLifecycleinaCluster Let’s say you want to fire up a pod. With kubectl you would: 1. Make a Pod request to the API server using a local pod definition file. 2. The API server saves the info for the pod in ETCD. 3. The scheduler finds the unscheduled pod and schedules it to a node. 4. Kubelet sees the pod scheduled and fires up docker. 5. Docker runs the container. The entire lifecycle state of the pod is stored in ETCD.
  26. 26. Mostofthethingsin Kubernetesarebuilton topofPods.
  27. 27. Labels
  28. 28. Labelsandselectorsarethefairydustink8s. ● A label is a key-value pair that is assigned to objects in k8s. ○ Pods, services, lots of things can have labels. ● A selector is a way to filter for labels that match a certain criteria or logic. ○ There are two types of selectors: ■ Equality based ■ Set based
  29. 29. Anexampleofeach. "labels": { "environment" : "prod", "type" : "nginx" } environment = prod type != nginx "labels": { "environment" : "prod", "type" : "redis" } environment = prod type != nginx No Yes "labels": { "environment" : "prod", "type" : "redis" } environment in (prod, qa) type notin (nginx, mysql) !partitionYes
  30. 30. Whenonethingink8s needstofindanother thingink8s,ituses labels.
  31. 31. TheK8SCluster
  32. 32. Abasiccluster. K8S Node 1 redis-django pod 1 redis container django container some-other pod K8S Node 2 redis-django pod 2 redis container django container redis-django pod 3 redis container django container K8S Master SkyDns pod ETCD pod Kibana pod Grafana pod Elasticsearch pod Heapster pod basic-cluster-01
  33. 33. bonusstuff ● When you launch a cluster, you get some built in services. ● Each one of these has their own endpoints and / or UIs. ● They run on the master directly though you could schedule them across the cluster or other masters. ● To find the endpoints type: kubectl cluster-info Heapster
  34. 34. Namespaces.
  35. 35. AVirtualClusterinYourCluster ● A namespace as an isolated section of a cluster. ● It’s a virtual cluster in your cluster. ● Each cluster can have multiple namespaces. ● The root services have their own. ● Namespaces are in network isolation from each other and can are (normally) used to house different environments on the same cluster.
  36. 36. Part2:Allabout drawings.
  37. 37. Let’slookataKubernetesclusterdiagram.
  38. 38. Thisdiagramisabitsmall,let’sbreakitdown.
  39. 39. Themaster ● Everything is done via kubectl, which then makes calls against the kube-apiserver. ● The Controller Manager, Scheduler Service, and ETCD can be spread across nodes based on cluster size. ● All state about everything is stored in ETCD. ● Also, kubelet is running here too (more on that next slide).
  40. 40. TheNode ● The name of the agent process is called kubelet. Think “cubed omelette”. ● The kubelet process manages the Pods, including containers & volumes. ● The kube-proxy service handles network routing and service exposure.
  41. 41. Amasterisamaster becauseithastheapi servicesandscheduler.The stateisallinetcd.
  42. 42. Kubernetesobjects.
  43. 43. Mymentalmodelofk8s ● I find it easiest to think of everything as a variation of a Pod or another object. ● Google has done a very good job at extending base objects to add flexibility or support new features. ● This also means that the Pod spec is relatively stable given the massive list of features that is dropped every release.
  44. 44. Whatk8slookslikeinmyhead. Pod Spec Container Replica Set Pod Spec Container Replication Controller Pod Spec Container Daemon Set Pod Spec Container Pet Set Pod Spec Container Deployment Replica Set Pod Spec Container Service Pod Service Pod Ingress Service Spec Container Job Pod Spec Container
  45. 45. Orthis.
  46. 46. TheBaseThingsinContainersarecalledSpecs (NotlikeDust,likeSpecification) ● The only required field is containers. ○ And it requires two entries ■ name ■ image ● restartPolicy is for all containers in a pod. ● volumes are volumes (duh) that any container in a pod can mount. ● The spec is very extensible by design. Spec Container
  47. 47. Thenthereisthepod ● Specs don’t do anything by themselves; for that you need a pod. ● Pods are just collections of containers that share a few things: ○ Access to volumes. ○ Networking. ○ Are co-located. ● Pods can be run by themselves but have no guarantee to restart or stay running or scale or do anything useful really. Pod Spec Container
  48. 48. Services. ● Services point to a Pod. ● … or to an external source. ● With Pods a virtual endpoint is created then routed to using the kube-proxy. ● For non-pod services a virtual IP in the cluster is used to route externally. Service Pod
  49. 49. IngressService=AWSAPI Gateway. ● An Ingress Controller sits at the boundary of the cluster and routes requests to Services. ● One Ingress Controller can handle multiple domains. ● Each route can point to a different Service. ● Relies on the creation of an Ingress Controller in the cluster (another service that is not enabled by default). Service Pod Ingress Service
  50. 50. Daemonsets.Scary. ● Daemons is an object that ensures that a copy of each Pod runs on each node. ● This is commonly used to make sure side-car containers are running across the cluster. ● If new nodes come up they’ll get a copy of the daemon set and will come up. ● Daemon sets don’t have scaling rules. Daemon Set Pod Spec Container
  51. 51. Petsets.Notsoscary. ● New in 1.3, Pet Sets allow you to create complex microservices across the cluster. ● They have the ability to set dependency on other containers. ● They require: ○ A stable hostname, available in DNS ○ An ordinal index ○ Stable storage: linked to the ordinal & hostname ● It’s for launching a cluster in your cluster. Pet Set Pod Spec Container
  52. 52. ReplicationController(deprecated) ● A Replication Controller was the best way to run Pods. ● You set a number of pods to run and the Replication Controller made sure that the number was running across the cluster. ● Rolling updates could be performed by starting a new Replication Controller and scaling up. Replication Controller Pod Spec Container
  53. 53. ReplciaSet.Thenewhotness. ● A Replica Set differs from the Replication Controller because it can be updated. ● If you update the Replica Set template you can fire and update and automatically roll changes. ● Roll backs are also built in. ● These are not designed to use directly. For that you need ... Pod Spec Container Replica Set
  54. 54. Deployments.Thekingofthehill. ● A Deployment controls the running state of Pods and Replica Sets. ● In k8s 1.3 it is the primary object you should be manipulating. ● Deployments have: ○ History. ○ Rolling updates. ○ Pausing updates. ○ Roll-backs. Deployment Replica Set Pod Spec Container
  55. 55. There’smorestufftoo.
  56. 56. Otherstuff. ● Secrets: ○ K8s comes with a built-in secret store that is namespaced and uses labels to control pod read access. ● Network Policies: ○ You can use labels to define whitelist rules between pods. ● Persistent Volumes: ○ These live outside of normal pod volumes and can be used for shared storage for things like databases. Yes, databases in containers. ● Ubernetes: ○ A way to cluster your clusters.
  57. 57. Part3:DemoTime!
  58. 58. YouOnlyNeedaComputer,BTW ● Minikube ○ https://github.com/kubernetes/minikube ○ Runs a Kubernetes node on top of your favorite (probably Virtualbox) VM. ○ Lots of involvement from the K8s community. ● Kube-solo ○ https://github.com/TheNewNormal/kube-solo-osx ○ Uses the Corectl app to run a Kube VM. ○ Also has a multi-node version.
  59. 59. OntoMinikube!
  60. 60. FIN
  61. 61. Contactme! keybase.io/richardboydii @richardboydii richardboydii.com coutnzer0.com

×