Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

514 views

Published on

These are my sheets of the talk given at the Kubernetes Meetup, Feb 28, 2017 in our rooms @Endocode.

Enjoy!

Published in: Software
  • Be the first to comment

  • Be the first to like this

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

  1. 1. Endoctus Academy Next Trainings: INTRODUCTION TO KUBERNETES April 27th May 4th May 18th https://endoctus.com/course/introduction-to-kubernetes
  2. 2. Architecture Patterns for Microservices in Kubernetes Thomas Fricke CTO thomas@endocode.com
  3. 3. Penrose Tilings 1973 Golden Section CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=474348
  4. 4. Giri Tiles, since 1200 Cronholm144, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=2303498
  5. 5. Roof Hafez Tomb
  6. 6. WHAT ARE CONTAINERS Way of isolating and restricting Linux processes ● Isolation ○ namespaces ● Restriction ○ cgroups ○ capabilities ○ seccomp
  7. 7. CGROUPS: CONTROL GROUPS ● cpuset ● cpu ● cpuacct ● memory ● devices ● freezer ● net_cls ● ns ● blkio these are directories with fine grained sub folders
  8. 8. NAMESPACES Namespace Constant Isolates Cgroup CLONE_NEWCGROUP Cgroup root directory IPC CLONE_NEWIPC System V IPC, POSIX message queues Network CLONE_NEWNET Network devices, stacks, ports, etc. Mount CLONE_NEWNS Mount points PID CLONE_NEWPID Process IDs User CLONE_NEWUSER User and group IDs UTS CLONE_NEWUTS Hostname and NIS domain name
  9. 9. CAPABILITIES CAP_AUDIT_CONTROL, CAP_AUDIT_READ, CAP_AUDIT_WRITE, CAP_BLOCK_SUSPEND, CAP_CHOWN,CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_LOCK, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE, CAP_MAC_ADMIN,CAP_MAC_OVERRIDE, CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, CAP_SYS_MODULE, CAP_SYS_NICE, CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_WAKE_ALARM, CAP_INIT_EFF_SET These are a lot! Use profiles to group them together!
  10. 10. Linking Containers: Patterns at least one common Namespace process network … process network … mount
  11. 11. No need for a running process network … pause mount: WAR file
  12. 12. Multiple Containers network … pause mount: WAR file pause pause mount: WAR file
  13. 13. Locomotive Pattern By Nate Beal (originally posted to Flickr as Griffith, IN) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
  14. 14. Scary ideas network … pause
  15. 15. Share the Network namespace files: credentials user mount files user mount network: tun0 iptables NET ADMIN
  16. 16. DEMO TIME
  17. 17. Linking Containers: Wormhole common Namespace with the host Docker Host default namespaces /usr/bin/docker /var/run/docker.sock
  18. 18. apiVersion: v1 kind: Pod metadata: name: busybox-cloudbomb spec: containers: - image: busybox command: - /bin/sh - "-c" - "while true; do docker run -d --name BOOM_$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 6) nginx ; done" name: cloudbomb volumeMounts: - mountPath: /var/run/docker.sock name: docker-socket - mountPath: /bin/docker name: docker-binary volumes: - name: docker-socket hostPath: path: /var/run/docker.sock - name: docker-binary hostPath: path: /bin/docker
  19. 19. DEMO TIME
  20. 20. ORCHESTRATION
  21. 21. Greek for “Helmsman”; also the root of the words “governor” and “cybernetic” ● Runs and manages containers ● Inspired and informed by Google’s experiences and internal systems ● Supports multiple cloud and bare-metal environments ● Supports multiple container runtimes ● 100% Open source, written in Go Manage applications, not machines KUBERNETES
  22. 22. Deployment Replicaset v1.7.9 v1.7.9 v1.7.9 Replicaset v1.10.2 v1.10.2 v1.10.2
  23. 23. Distributed Patterns ● Client - Server ● Layers ● Message Queues ● Cattle - Pets ● Replication
  24. 24. Rob Hirschfeld https://www.openstack.org/summit/boston-2017/vote-for-speakers/#/18163
  25. 25. SUMMARY ● Lot of useful standard patterns ○ sidecar ○ scatter gather ○ locomotive, tractor ● Powerful Linux container patterns ○ separation of control and transport ○ wormhole ○ here be dragons ● Orchestration Patterns ○ Helm charts ○ upcoming: Service Broker
  26. 26. CONCLUSION ● Concepts before Coding ● Reshaping applications ○ Legacy ○ Compromises are necessary ○ Containment for Technical Debt ● Paradigm Shift ● Microservice Mindset
  27. 27. QUESTIONS? https://endocode.com https://endocode.com/blog/ https://endocode.com/trainings-overview/ Visit us on GitHub https://github.com/endocode

×