SlideShare a Scribd company logo

Terraforming the Kubernetes Land

Radek Simko
Radek Simko

Modern infrastructure can sometimes look like a wedding cake with many different layers. It’s no surprise for seasoned users that Terraform was able to provision the most lower layers - compute - for a long while. Skipping a few layers in between, workload scheduler like Kubernetes is typically represented as the top one, exposing high-level APIs for scheduling and scaling pods, managing persistent volumes and restrictions & limits for scheduling. Terraform 0.10 comes with Kubernetes provider which supports all stable (v1) Kubernetes resources from K8S 1.6. In this talk you’ll hear about particular examples of where it’s useful to use Terraform for managing K8S resources, what benefits do you get compared to other solutions and demo gods permitting you’ll also see how to get from zero to an application running on K8S. https://www.hashiconf.com/talks/radek-simko.html Recording: https://www.youtube.com/watch?v=-UtqHkrvFro

Software
1 of 54
Download to read offline
Copyright © 2017 HashiCorp Terraforming the Kubernetes Land @radeksimko
Copyright © 2017 HashiCorp Radek Simko @radeksimko
✋✋ ✋
Base infra Cfg Management > $ _ /api/v1
Copyright © 2017 HashiCorp Every company has different needs and workflows. Read as:
 “There is no silver bullet. Sorry!” 5 Disclaimer
Copyright © 2017 HashiCorp 1.HCL 2.Nature of Workload 3.Synchronicity 4.Full Lifecycle Coverage 5.Responsibility Overlap 6.DEMO !!! Outline 6
s Copyright © 2017 HashiCorp HashiCorp Config Language 7 1. HCL
high-level language language for dataDSL JSON
 {} YAML
 -- :
Copyright © 2017 HashiCorp ▪ github.com/hashicorp/hcl ▪ Used in various HashiCorp projects ▪ Consul ▪ Vault ▪ Nomad ▪ Terraform ▪ JSON compatible ▪ Useful for generated code HCL 9
github.com/alphagov/govuk-dns
s Copyright © 2017 HashiCorp 11 2. Workload Nature
Copyright © 2017 HashiCorp ▪ Config Map ▪ Limit Range ▪ Resource Quota ▪ Secret ▪ Namespace ▪ Service Account Ops-focused resources 13
Copyright © 2017 HashiCorp ▪ Pod ▪ Replication Controller ▪ Horizontal Pod Autoscaler ▪ Service Ops Workload 14
s Copyright © 2017 HashiCorp 15 3. Synchronicity
Copyright © 2017 HashiCorp main.tf 16 in Terraform Pod resource "kubernetes_pod" "example" {
 metadata {
 name = "terraform-example"
 }
 
 spec {
 container {
 image = "nginx:1.7."
 name = "example"
 }
 }
 }
Copyright © 2017 HashiCorp resource "kubernetes_pod" "example" {
 metadata {
 name = "terraform-example"
 }
 
 spec {
 container {
 image = "nginx:1.7."
 name = "example"
 }
 }
 } main.tf 17 in Terraform Pod
Terminal kubectl Failed Pod Creation $ kubectl create -f pod.yaml service "my-pod" created $ kubectl get pod my-pod NAME READY STATUS RESTARTS AGE my-pod 0/1 ImagePullBackOff 0 31s $ kubectl get events | head -3 ... 4m 15m 7 my-pod Pod spec.containers{example} Warning Failed kubelet, minikube Failed to pull image “nginx:1.7.”: rpc error: code = 2 desc = Tag 1.7. not found in repository docker.io/library/nginx
Terminal kubectl Failed Pod Creation $ terraform apply ... * kubernetes_pod.test: timeout while waiting for state to become 'Running' (last state: 'Pending', timeout: 5m0s) * FailedSync: Error syncing pod * Failed: Failed to pull image "nginx:blablah": rpc error: code = 2 desc = Tag blablah not found in repository docker.io/library/nginx
Terminal kubectl Failed Service Creation $ kubectl create -f service.yaml service "my-service" created $ kubectl get service my-service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-service 10.103.242.199 <pending> 80:30310/TCP 31s $ kubectl get events | head -3 ... 30s 3m 6 my-service Service Warning CreatingLoadBalancerFailed service-controller Error creating load balancer (will retry): Failed to create load balancer for service default/my-service: failed to ensure static IP : error creating gce static IP address: googleapi: Error 403: Quota 'STATIC_ADDRESSES' exceeded. Limit: 7.0, quotaExceeded
Terminal kubectl Successful Service Creation $ kubectl get service my-service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-service 10.103.242.199 35.197.115.52 80:30310/TCP 1m
Copyright © 2017 HashiCorp resource "kubernetes_service" "svc" {
 metadata { name = "terraform-example" }
 spec {
 selector {
 app = "${kubernetes_pod.example.metadata.0.labels.app}"
 }
 port {
 port = 8080
 target_port = 80
 }
 type = "LoadBalancer"
 }
 } main.tf 22 in Terraform Service
Copyright © 2017 HashiCorp resource "aws_route53_record" "example" { zone_id = "${data.aws_route53_zone.k8.zone_id}" name = “my-service" type = "CNAME" ttl = "300" records = ["${kubernetes_service.svc.load_balancer_ingress.0.hostname}"] } main.tf 23 in Terraform Route 53
 DNS record
Terminal in Terraform Failed Service Creation $ terraform apply ... * kubernetes_service.test: Waiting for service “default/my-service" to assign IP/hostname for a load balancer * CreatingLoadBalancerFailed: Error creating load balancer (will retry): Failed to create load balancer for service default/my-service: requested ip 10.0.0.1 is neither static nor assigned to LB a049988bc615511e781c642010a8a005(default/my-service)
Terminal in Terraform Successful Service Creation $ terraform apply kubernetes_service.svc: Creating... load_balancer_ingress.#: "" => "<computed>" ... spec.0.type: "" => "LoadBalancer" kubernetes_service.svc: Still creating... (10s elapsed) kubernetes_service.svc: Still creating... (20s elapsed) ... kubernetes_service.svc: Still creating... (1m10s elapsed) kubernetes_service.svc: Creation complete (ID: default/terraform-example) aws_route53_record.example: Creating... ... records.3894320035: "" => "35.188.181.251" ... aws_route53_record.example: Still creating... (10s elapsed) ... aws_route53_record.example: Still creating... (40s elapsed) aws_route53_record.example: Creation complete (ID: Z1H3..95_my-service_A)
s Copyright © 2017 HashiCorp 26 4. Full Lifecycle Coverage
Terminal kubectl Full Lifecycle $ kubectl apply -f my-fancy-app.yaml ... $ kubectl apply -f my-fancy-app.yaml ... $ kubectl delete -f my-fancy-app.yaml
Terminal in Terraform Full Lifecycle $ terraform apply ... $ terraform apply ... $ terraform apply
Create Update Delete
Copyright © 2017 HashiCorp resource "kubernetes_service" "example" { metadata { name = "terraform-test" } spec { selector { app = “MyApp" } cluster_ip = "10.0.0.2" port { port = 8080 target_port = 80 } type = "ClusterIP" } } main.tf 30 in Terraform Service
Terminal in Terraform Updating Mutable Field $ terraform plan ~ kubernetes_service.example spec.0.selector.app: "MyApp" => "Different" Plan: 0 to add, 1 to change, 0 to destroy.
Terminal in Terraform Updating Immutable Field $ terraform plan -/+ kubernetes_service.example (new resource required) ... spec.0.cluster_ip: "10.0.0.2" => "10.0.0.3" (forces new resource) ... Plan: 1 to add, 0 to change, 1 to destroy.
s Copyright © 2017 HashiCorp 33 5. Responsibility Overlap
Copyright © 2017 HashiCorp ▪ Annotations ▪ Container workload ▪ Storage ▪ Services Responsibilities 34
Copyright © 2017 HashiCorp ▪ kubernetes.io/* ▪ Not clear line between user-defined VS K8S- managed ▪ Ignored by Terraform, managed by K8S ▪ Needs revisiting 35 Kubernetes/Terraform Annotations
Copyright © 2017 HashiCorp 36 Kubernetes/Terraform Workload Pod Container Container
Copyright © 2017 HashiCorp 37 Kubernetes/Terraform Workload Replication Controller Pod Container Container
Copyright © 2017 HashiCorp 38 Kubernetes/Terraform Workload Horizontal Pod Autoscaler (min = 3, max = 11) Replication Controller (replicas = 3) Pod Container Container
Copyright © 2017 HashiCorp resource "kubernetes_replication_controller" "example" { metadata { name = "terraform-example" } spec { replicas = 3 ... } lifecycle { ignore_changes = ["spec.0.replicas"] } } main.tf 39 Kubernetes/Terraform Overlapping Responsibility
Copyright © 2017 HashiCorp 40 Kubernetes/Terraform Storage EBS Google Cloud PD
Copyright © 2017 HashiCorp 41 Kubernetes/Terraform Storage Storage Class EBS Google Cloud PD
Copyright © 2017 HashiCorp 42 Kubernetes/Terraform Storage Persistent Volume EBS Google Cloud PD
Copyright © 2017 HashiCorp 43 Kubernetes/Terraform Storage Persistent Volume Claim EBS Google Cloud PD
Copyright © 2017 HashiCorp 44 Kubernetes/Terraform Storage Pod EBS Google Cloud PD
Copyright © 2017 HashiCorp 45 Kubernetes/Terraform Service AWS ELB Google Cloud LB
Copyright © 2017 HashiCorp 46 Kubernetes/Terraform Service Service (type = LoadBalancer) AWS ELB Google Cloud LB
s Copyright © 2017 HashiCorp 47 Demo
Copyright © 2017 HashiCorp ▪ Developer Bob ▪ Operator Alice Personas 48
Copyright © 2017 HashiCorp ▪ minikube ▪ Replication Controller ▪ Service Demo 1: Who’s On Call (Bob) 49
Copyright © 2017 HashiCorp ▪ GKE cluster ▪ Namespace ▪ Limit Range Demo 2: Alice 50
Copyright © 2017 HashiCorp Demo 3: Production! 51
Copyright © 2017 HashiCorp ▪ alpha/beta ▪ Deployment ▪ Ingress ▪ … ▪ API promises make it non-trivial to support Alpha/Beta 52
Copyright © 2017 HashiCorp ▪ DSL ▪ Ops-focused provider ▪ Culture & workflows come first ▪ Be aware of resource ownership Keep in mind 53
Thank you. github.com/terraform-providers/
 terraform-provider-kubernetes @radeksimko

Recommended

Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudRadek Simko
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Radek Simko
 
Ground Control to Nomad Job Dispatch
Ground Control to Nomad Job DispatchGround Control to Nomad Job Dispatch
Ground Control to Nomad Job DispatchMichael Lange
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformRadek Simko
 
Everything as Code with Terraform
Everything as Code with TerraformEverything as Code with Terraform
Everything as Code with TerraformMitchell Pronschinske
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformMario IC
 
Terraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesMartin Schütte
 

Recommended

Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudRadek Simko
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Radek Simko
 
Ground Control to Nomad Job Dispatch
Ground Control to Nomad Job DispatchGround Control to Nomad Job Dispatch
Ground Control to Nomad Job DispatchMichael Lange
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformRadek Simko
 
Everything as Code with Terraform
Everything as Code with TerraformEverything as Code with Terraform
Everything as Code with TerraformMitchell Pronschinske
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformMario IC
 
Terraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesMartin Schütte
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...OpenCredo
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at ScaleCalvin French-Owen
 
Terraform in action
Terraform in actionTerraform in action
Terraform in actionDamien Pacaud
 
Everything as Code with Terraform
Everything as Code with TerraformEverything as Code with Terraform
Everything as Code with TerraformAll Things Open
 
Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Martin Schütte
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraformNell Shamrell-Harrington
 
Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12Mitchell Pronschinske
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Infrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to TerraformInfrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to TerraformAlexander Popov
 
Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017William Tsoi
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Rapid Infrastructure Provisioning
Rapid Infrastructure ProvisioningRapid Infrastructure Provisioning
Rapid Infrastructure ProvisioningUchit Vyas ☁
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to TerraformJosh Michielsen
 
Workshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - SuestraWorkshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - SuestraMario IC
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Stephane Jourdan
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
 
Living the Nomadic life - Nic Jackson
Living the Nomadic life - Nic JacksonLiving the Nomadic life - Nic Jackson
Living the Nomadic life - Nic JacksonParis Container Day
 
Terraform
TerraformTerraform
TerraformPhil Wilkins
 
Terraforming RDS
Terraforming RDSTerraforming RDS
Terraforming RDSMuffy Barkocy
 
An Introduction to the Kubernetes API
An Introduction to the Kubernetes APIAn Introduction to the Kubernetes API
An Introduction to the Kubernetes APIStefan Schimanski
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 

More Related Content

What's hot

Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...OpenCredo
 
Everything as Code with Terraform
Everything as Code with TerraformEverything as Code with Terraform
Everything as Code with TerraformAll Things Open
 
Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Martin Schütte
 
Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12Mitchell Pronschinske
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Infrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to TerraformInfrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to TerraformAlexander Popov
 
Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017William Tsoi
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Rapid Infrastructure Provisioning
Rapid Infrastructure ProvisioningRapid Infrastructure Provisioning
Rapid Infrastructure ProvisioningUchit Vyas ☁
 
Workshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - SuestraWorkshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - SuestraMario IC
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Stephane Jourdan
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
 
Living the Nomadic life - Nic Jackson
Living the Nomadic life - Nic JacksonLiving the Nomadic life - Nic Jackson
Living the Nomadic life - Nic JacksonParis Container Day
 

What's hot (20)

Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
 
Terraform in action
Terraform in actionTerraform in action
Terraform in action
 
Everything as Code with Terraform
Everything as Code with TerraformEverything as Code with Terraform
Everything as Code with Terraform
 
Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
 
Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12Hashiconf EU 2019 - A Tour of Terraform 0.12
Hashiconf EU 2019 - A Tour of Terraform 0.12
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
Infrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to TerraformInfrastructure as Code: Introduction to Terraform
Infrastructure as Code: Introduction to Terraform
 
Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017Scaling terraform environments infracoders sydney 30 nov 2017
Scaling terraform environments infracoders sydney 30 nov 2017
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
 
Rapid Infrastructure Provisioning
Rapid Infrastructure ProvisioningRapid Infrastructure Provisioning
Rapid Infrastructure Provisioning
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
 
Workshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - SuestraWorkshop Infrastructure as Code - Suestra
Workshop Infrastructure as Code - Suestra
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
 
Living the Nomadic life - Nic Jackson
Living the Nomadic life - Nic JacksonLiving the Nomadic life - Nic Jackson
Living the Nomadic life - Nic Jackson
 
Terraform
TerraformTerraform
Terraform
 
Terraforming RDS
Terraforming RDSTerraforming RDS
Terraforming RDS
 

Similar to Terraforming the Kubernetes Land

An Introduction to the Kubernetes API
An Introduction to the Kubernetes APIAn Introduction to the Kubernetes API
An Introduction to the Kubernetes APIStefan Schimanski
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 
TIAD 2016 : Application delivery in a container world
TIAD 2016 : Application delivery in a container worldTIAD 2016 : Application delivery in a container world
TIAD 2016 : Application delivery in a container worldThe Incredible Automation Day
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networksslackpad
 
Kubernetes + Python = ❤ - Cloud Native Prague
Kubernetes + Python = ❤ - Cloud Native PragueKubernetes + Python = ❤ - Cloud Native Prague
Kubernetes + Python = ❤ - Cloud Native PragueHenning Jacobs
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Episode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at ScaleEpisode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at ScaleMesosphere Inc.
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveKubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveStefan Schimanski
 
Kubernetes: one cluster or many
Kubernetes: one cluster or many Kubernetes: one cluster or many
Kubernetes: one cluster or many cornelia davis
 
Monitoring infrastructure with prometheus
Monitoring infrastructure with prometheusMonitoring infrastructure with prometheus
Monitoring infrastructure with prometheusShahnawaz Saifi
 
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてLINE Corporation
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developerPaul Czarkowski
 
The State of containerd
The State of containerdThe State of containerd
The State of containerdMoby Project
 
Episode 3: Kubernetes and Big Data Services
Episode 3: Kubernetes and Big Data ServicesEpisode 3: Kubernetes and Big Data Services
Episode 3: Kubernetes and Big Data ServicesMesosphere Inc.
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...Amazon Web Services Korea
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 

Similar to Terraforming the Kubernetes Land (20)

An Introduction to the Kubernetes API
An Introduction to the Kubernetes APIAn Introduction to the Kubernetes API
An Introduction to the Kubernetes API
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linux
 
TIAD 2016 : Application delivery in a container world
TIAD 2016 : Application delivery in a container worldTIAD 2016 : Application delivery in a container world
TIAD 2016 : Application delivery in a container world
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networks
 
Kubernetes + Python = ❤ - Cloud Native Prague
Kubernetes + Python = ❤ - Cloud Native PragueKubernetes + Python = ❤ - Cloud Native Prague
Kubernetes + Python = ❤ - Cloud Native Prague
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Episode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at ScaleEpisode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at Scale
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveKubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep Dive
 
Kubernetes: one cluster or many
Kubernetes: one cluster or many Kubernetes: one cluster or many
Kubernetes: one cluster or many
 
Monitoring infrastructure with prometheus
Monitoring infrastructure with prometheusMonitoring infrastructure with prometheus
Monitoring infrastructure with prometheus
 
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
 
Episode 3: Kubernetes and Big Data Services
Episode 3: Kubernetes and Big Data ServicesEpisode 3: Kubernetes and Big Data Services
Episode 3: Kubernetes and Big Data Services
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Guillotina
GuillotinaGuillotina
Guillotina
 

Recently uploaded

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 

Recently uploaded (20)

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 

Terraforming the Kubernetes Land

  • 1. Copyright © 2017 HashiCorp Terraforming the Kubernetes Land @radeksimko
  • 2. Copyright © 2017 HashiCorp Radek Simko @radeksimko
  • 5. Copyright © 2017 HashiCorp Every company has different needs and workflows. Read as:
 “There is no silver bullet. Sorry!” 5 Disclaimer
  • 6. Copyright © 2017 HashiCorp 1.HCL 2.Nature of Workload 3.Synchronicity 4.Full Lifecycle Coverage 5.Responsibility Overlap 6.DEMO !!! Outline 6
  • 7. s Copyright © 2017 HashiCorp HashiCorp Config Language 7 1. HCL
  • 9. Copyright © 2017 HashiCorp ▪ github.com/hashicorp/hcl ▪ Used in various HashiCorp projects ▪ Consul ▪ Vault ▪ Nomad ▪ Terraform ▪ JSON compatible ▪ Useful for generated code HCL 9
  • 11. s Copyright © 2017 HashiCorp 11 2. Workload Nature
  • 12.
  • 13. Copyright © 2017 HashiCorp ▪ Config Map ▪ Limit Range ▪ Resource Quota ▪ Secret ▪ Namespace ▪ Service Account Ops-focused resources 13
  • 14. Copyright © 2017 HashiCorp ▪ Pod ▪ Replication Controller ▪ Horizontal Pod Autoscaler ▪ Service Ops Workload 14
  • 15. s Copyright © 2017 HashiCorp 15 3. Synchronicity
  • 16. Copyright © 2017 HashiCorp main.tf 16 in Terraform Pod resource "kubernetes_pod" "example" {
 metadata {
 name = "terraform-example"
 }
 
 spec {
 container {
 image = "nginx:1.7."
 name = "example"
 }
 }
 }
  • 17. Copyright © 2017 HashiCorp resource "kubernetes_pod" "example" {
 metadata {
 name = "terraform-example"
 }
 
 spec {
 container {
 image = "nginx:1.7."
 name = "example"
 }
 }
 } main.tf 17 in Terraform Pod
  • 18. Terminal kubectl Failed Pod Creation $ kubectl create -f pod.yaml service "my-pod" created $ kubectl get pod my-pod NAME READY STATUS RESTARTS AGE my-pod 0/1 ImagePullBackOff 0 31s $ kubectl get events | head -3 ... 4m 15m 7 my-pod Pod spec.containers{example} Warning Failed kubelet, minikube Failed to pull image “nginx:1.7.”: rpc error: code = 2 desc = Tag 1.7. not found in repository docker.io/library/nginx
  • 19. Terminal kubectl Failed Pod Creation $ terraform apply ... * kubernetes_pod.test: timeout while waiting for state to become 'Running' (last state: 'Pending', timeout: 5m0s) * FailedSync: Error syncing pod * Failed: Failed to pull image "nginx:blablah": rpc error: code = 2 desc = Tag blablah not found in repository docker.io/library/nginx
  • 20. Terminal kubectl Failed Service Creation $ kubectl create -f service.yaml service "my-service" created $ kubectl get service my-service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-service 10.103.242.199 <pending> 80:30310/TCP 31s $ kubectl get events | head -3 ... 30s 3m 6 my-service Service Warning CreatingLoadBalancerFailed service-controller Error creating load balancer (will retry): Failed to create load balancer for service default/my-service: failed to ensure static IP : error creating gce static IP address: googleapi: Error 403: Quota 'STATIC_ADDRESSES' exceeded. Limit: 7.0, quotaExceeded
  • 21. Terminal kubectl Successful Service Creation $ kubectl get service my-service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-service 10.103.242.199 35.197.115.52 80:30310/TCP 1m
  • 22. Copyright © 2017 HashiCorp resource "kubernetes_service" "svc" {
 metadata { name = "terraform-example" }
 spec {
 selector {
 app = "${kubernetes_pod.example.metadata.0.labels.app}"
 }
 port {
 port = 8080
 target_port = 80
 }
 type = "LoadBalancer"
 }
 } main.tf 22 in Terraform Service
  • 23. Copyright © 2017 HashiCorp resource "aws_route53_record" "example" { zone_id = "${data.aws_route53_zone.k8.zone_id}" name = “my-service" type = "CNAME" ttl = "300" records = ["${kubernetes_service.svc.load_balancer_ingress.0.hostname}"] } main.tf 23 in Terraform Route 53
 DNS record
  • 24. Terminal in Terraform Failed Service Creation $ terraform apply ... * kubernetes_service.test: Waiting for service “default/my-service" to assign IP/hostname for a load balancer * CreatingLoadBalancerFailed: Error creating load balancer (will retry): Failed to create load balancer for service default/my-service: requested ip 10.0.0.1 is neither static nor assigned to LB a049988bc615511e781c642010a8a005(default/my-service)
  • 25. Terminal in Terraform Successful Service Creation $ terraform apply kubernetes_service.svc: Creating... load_balancer_ingress.#: "" => "<computed>" ... spec.0.type: "" => "LoadBalancer" kubernetes_service.svc: Still creating... (10s elapsed) kubernetes_service.svc: Still creating... (20s elapsed) ... kubernetes_service.svc: Still creating... (1m10s elapsed) kubernetes_service.svc: Creation complete (ID: default/terraform-example) aws_route53_record.example: Creating... ... records.3894320035: "" => "35.188.181.251" ... aws_route53_record.example: Still creating... (10s elapsed) ... aws_route53_record.example: Still creating... (40s elapsed) aws_route53_record.example: Creation complete (ID: Z1H3..95_my-service_A)
  • 26. s Copyright © 2017 HashiCorp 26 4. Full Lifecycle Coverage
  • 27. Terminal kubectl Full Lifecycle $ kubectl apply -f my-fancy-app.yaml ... $ kubectl apply -f my-fancy-app.yaml ... $ kubectl delete -f my-fancy-app.yaml
  • 28. Terminal in Terraform Full Lifecycle $ terraform apply ... $ terraform apply ... $ terraform apply
  • 30. Copyright © 2017 HashiCorp resource "kubernetes_service" "example" { metadata { name = "terraform-test" } spec { selector { app = “MyApp" } cluster_ip = "10.0.0.2" port { port = 8080 target_port = 80 } type = "ClusterIP" } } main.tf 30 in Terraform Service
  • 31. Terminal in Terraform Updating Mutable Field $ terraform plan ~ kubernetes_service.example spec.0.selector.app: "MyApp" => "Different" Plan: 0 to add, 1 to change, 0 to destroy.
  • 32. Terminal in Terraform Updating Immutable Field $ terraform plan -/+ kubernetes_service.example (new resource required) ... spec.0.cluster_ip: "10.0.0.2" => "10.0.0.3" (forces new resource) ... Plan: 1 to add, 0 to change, 1 to destroy.
  • 33. s Copyright © 2017 HashiCorp 33 5. Responsibility Overlap
  • 34. Copyright © 2017 HashiCorp ▪ Annotations ▪ Container workload ▪ Storage ▪ Services Responsibilities 34
  • 35. Copyright © 2017 HashiCorp ▪ kubernetes.io/* ▪ Not clear line between user-defined VS K8S- managed ▪ Ignored by Terraform, managed by K8S ▪ Needs revisiting 35 Kubernetes/Terraform Annotations
  • 36. Copyright © 2017 HashiCorp 36 Kubernetes/Terraform Workload Pod Container Container
  • 37. Copyright © 2017 HashiCorp 37 Kubernetes/Terraform Workload Replication Controller Pod Container Container
  • 38. Copyright © 2017 HashiCorp 38 Kubernetes/Terraform Workload Horizontal Pod Autoscaler (min = 3, max = 11) Replication Controller (replicas = 3) Pod Container Container
  • 39. Copyright © 2017 HashiCorp resource "kubernetes_replication_controller" "example" { metadata { name = "terraform-example" } spec { replicas = 3 ... } lifecycle { ignore_changes = ["spec.0.replicas"] } } main.tf 39 Kubernetes/Terraform Overlapping Responsibility
  • 40. Copyright © 2017 HashiCorp 40 Kubernetes/Terraform Storage EBS Google Cloud PD
  • 41. Copyright © 2017 HashiCorp 41 Kubernetes/Terraform Storage Storage Class EBS Google Cloud PD
  • 42. Copyright © 2017 HashiCorp 42 Kubernetes/Terraform Storage Persistent Volume EBS Google Cloud PD
  • 43. Copyright © 2017 HashiCorp 43 Kubernetes/Terraform Storage Persistent Volume Claim EBS Google Cloud PD
  • 44. Copyright © 2017 HashiCorp 44 Kubernetes/Terraform Storage Pod EBS Google Cloud PD
  • 45. Copyright © 2017 HashiCorp 45 Kubernetes/Terraform Service AWS ELB Google Cloud LB
  • 46. Copyright © 2017 HashiCorp 46 Kubernetes/Terraform Service Service (type = LoadBalancer) AWS ELB Google Cloud LB
  • 47. s Copyright © 2017 HashiCorp 47 Demo
  • 48. Copyright © 2017 HashiCorp ▪ Developer Bob ▪ Operator Alice Personas 48
  • 49. Copyright © 2017 HashiCorp ▪ minikube ▪ Replication Controller ▪ Service Demo 1: Who’s On Call (Bob) 49
  • 50. Copyright © 2017 HashiCorp ▪ GKE cluster ▪ Namespace ▪ Limit Range Demo 2: Alice 50
  • 51. Copyright © 2017 HashiCorp Demo 3: Production! 51
  • 52. Copyright © 2017 HashiCorp ▪ alpha/beta ▪ Deployment ▪ Ingress ▪ … ▪ API promises make it non-trivial to support Alpha/Beta 52
  • 53. Copyright © 2017 HashiCorp ▪ DSL ▪ Ops-focused provider ▪ Culture & workflows come first ▪ Be aware of resource ownership Keep in mind 53