Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Docker Meetup - Melbourne 2015 - Kubernetes Deep Dive

1,632 views

Published on

Presentation given at the October 2015 Docker Meetup in Melbourne. A deep dive in to Kubernetes networking and storage and how this is being utilised in OpenShift 3.

Published in: Software

Docker Meetup - Melbourne 2015 - Kubernetes Deep Dive

  1. 1. Networking & Storage Deep Dive Ken Thompson Senior Cloud Solution Architect Melbourne Docker Meetup - October 2015 KUBERNETES: THE HELMSMEN
  2. 2. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive2 Agenda Kubernetes Deep Dive ● Kubernetes Networking ● Kubernetes Persistent Volumes ● Live Demos: – Persistent Storage – Something Fun!...
  3. 3. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive3 Container orchestration at scale KUBERNETES ● Scale workloads across a cluster of container hosts ● Declarative state of environment that gets managed ● Intelligent policy-based scheduling ● Multi-host networking support (with OpenShift-SDN/OvSwitch etc.) ● Multi-host shared storage for containers ● Image update mechanisms (with OpenShift Deployment Configs - rolling update, a-b, etc.)
  4. 4. Melbourne Docker Meetup Oct 2015 - K ubernetes Networking & Storage Deep Dive 4 KUBERNETES DEEP DIVE: NETWORKING
  5. 5. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive5 DOCKER IN-HOST NETWORKING Suitable for single-host, not for multi-host ● Docker assigns an IP to each container ● Its local and private only by default ● Complex for multi-host ● Plugins starting to become available ● Now we have a container..hold on! – What happens If we want to have containers sharing filesystem – Or IPC communications – Or localhost communications (mysql & phpmyadmin for eg.) eth0 Linux bridge: docker0: 172.17.42.1/16 vethXXX 172.17.x.x/16 container eth0 vethXXX 172.17.x.y/16 container eth0
  6. 6. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive6 KUBERNETES IN-HOST NETWORKING Kubernetes Pods ● Pods (aka gears in OSE v2) – Pod typically runs only one container for independent scaling, with exceptions such as “sidecars”. Ie. MySQL & phpMyAdmin – Same IP / network namespace – Same IPC – Ability to share disk – Scheduled on same machine – Atomic unit – Can listen (to other containers)on 127.0.0.1 or 0.0.0.0
  7. 7. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive7 INTER-HOST NETWORKING Solutions Available PROGRAMMABLE INFRA ● GCE – each host gets a subnet of 256 Ips ● AWS 40-100 Ips per host ● Custom enterprise networking OVERLAY NETWORKS ● Flannel (ie. Atomic Host) – subnet with simple overlay. ● Others solutions available like Weave, etc. Open vSwitch ● OpenStack ● Very large deployments ● Programmable ● OpenShift-SDN uses this
  8. 8. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive8 ● Kubernetes assigns 10.1.x.0/24 subnet to pods in each node ● Gateway IP 10.1.x.1 is assigned to lbr0 ● Out of the box with OpenShift, Open vSwitch VXLAN overlay is used to connect nodes/pods ● Flat network, allow subdivision via flows OPENSHIFT-SDN NETWORKING OVS: br0 vxlan0 eth0 vovsbr Linux bridge: lbr0: 10.1.0.1/24 vlinuxbr veth pair vethXXX Pod 10.1.0.2 eth0 vethXXX Pod 10.1.0.3 eth0VXLAN VXLAN overlay OVS: br0 vxlan0 eth0 vovsbr Linux bridge: lbr0: 10.1.1.1/24 vlinuxbr veth pair vethXXX Pod 10.1.1.2 eth0 vethXXX Pod 10.1.1.3 eth0 10.1.1.0/24 VXLAN
  9. 9. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive9 ● OpenShift-SDN or similar overlays allow communications within a cluster, but how do access from outside; ie. WWW? ● Router Pod – Runs HAproxy, proxies incoming traffic through SDN – HTTP/S Only OPENSHIFT-SDN ROUTING
  10. 10. Melbourne Docker Meetup Oct 2015 - K ubernetes Networking & Storage Deep Dive 10 KUBERNETES DEEP DIVE: STORAGE
  11. 11. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive11 DOCKER STORAGE CONSTRAINTS KUBERNETES GOALS CONTAINER STORAGE 1) Containers are ephemeral (stateless), once they disappear, so does the data 2) You can mount the host filesystem, but 1) What about loss of host? 2) How do you scale across 1000s of hosts? 3) How is this data shared? 1) Allow administrators to describe available storage 2) Allow application developers to discover and request persistent storage 3) Persistent storage should be available without being closely bound to a particular disk, server, network or storage device 4) Support iSCSI, NFS, EBS, Gluster, Ceph… and many more! Problem Statement
  12. 12. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive12 PERSISTENT VOLUME CLAIMS ● Admins add PVs to cluster [1] ● Like Pods, PVClaims live in a namespace ● Pods [3] and Pvclaims [2] are requests for resources by users ● Users request resources with limits, like cpu usage by a container or storage capacity of a volume [2] ● OpenShift binds requests to available resources ● Multiple access modes (RWO,ROM,RWM) Requests for storage kind: PersistentVolumeClaim apiVersion: v1 metadata: name: myclaim spec: accessModes: - ReadWriteOnce resources: requests: storage: 8Gi kind: Pod apiVersion: v1 metadata: name: mypod spec: containers: - name: myfrontend image: dockerfile/nginx volumeMounts: - mountPath: "/var/www/html" name: mypd volumes: - name: mypd persistentVolumeClaim: claimName: myclaim POST: kind: PersistentVolume apiVersion: v1 metadata: name: pv0001 spec: capacity: storage: 10 nfs: Server: srv.com path: /data/path 1 2 3
  13. 13. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive13 DB Host 1 Host 2 Storage Pool Kubernetes Persistent Volumes CONTAINER STORAGE mysql-claim pv0001 Network Storage NFSiSCSI EBS RBD 2. Dev “Claims” PV 1. Admin creates PV
  14. 14. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive14 DB Host 1 Host 2 DB What happens to a container & its storage when a node is lost? CONTAINER STORAGE Storage Pool mysql-claim pv0001 Network Storage NFSiSCSI EBS RBD
  15. 15. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive15 What happens to a container & its storage when a node is lost? CONTAINER STORAGE DB Host 1 Host 2 DB Storage Pool mysql-claim pv0001 Network Storage NFSiSCSI EBS RBD
  16. 16. Melbourne Docker Meetup Oct 2015 - K ubernetes Networking & Storage Deep Dive 16 Storage Demo (https://github.com/openshift/origin/tree/master/examples/wordpress) & HexBoard Demo (https://www.youtube.com/watch?v=wWNVpFibayA&feature=youtu.be&t=24m25s)
  17. 17. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive17 Free Kubernetes eBook OpenShift Enterprise Test-Drive (Free 8 hour Environment on AWS) Questions? http://red.ht/1NbW2wi http://red.ht/1MQVgqb Plus some great ways to get started with Kubernetes...
  18. 18. Melbourne Docker Meetup Oct 2015 - K ubernetes Networking & Storage Deep Dive 18 APPENDIX
  19. 19. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive19 WHAT ARE LINUX CONTAINERS? Software packaging concept that typically includes an application and all of its runtime dependencies ● Easy to deploy and portable across host systems ● Isolates applications on a host operating system ● In RHEL, this is done through: ● Control Groups (cgroups) ● Kernel namespaces ● SELinux, sVirt, iptables ● Docker HOST OS SERVER CONTAINER LIBS APP
  20. 20. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive20 TRADITIONAL OS VS. CONTAINERS Traditional OS Containers HARDWARE HOST OS HARDWARE HOST OS CONTAINER LIBS APP A LIBS A LIBS B LIBS LIBS APP A APP B CONTAINER LIBS APP B Packaged dependencies = faster boot times + greater portability
  21. 21. Melbourne Docker Meetup Oct 2015 - Kubernetes Networking & Storage Deep Dive21 Developers can access OpenShift via Web, CLI or IDE OPENSHIFT 3 Turn-key solution for Developer Productivity + Container Orchestration

×