Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes -- A Novel Architectural Perspective - Bangalore Kubernetes Meetup


Published on

Kubernetes -- A Novel Architectural Perspective - as presented by Vasu Chandrasekhara, Chief Architect, Office of the CTO, at Kubernetes Meetup 2018 in Bangalore

Published in: Technology
  • Be the first to comment

Kubernetes -- A Novel Architectural Perspective - Bangalore Kubernetes Meetup

  1. 1. BENGALURU 2018 meetup
  2. 2. Kubernetes, a novel architectural perspective Vasu Chandrasekhara Chief Architect, Office of the CTO SAP SE
  3. 3. Fundamentals:Container
  4. 4. Software materializes in Operating System Processes Process CPU config secret storage volume memory Everything in our domain is software. And its basic building block is the process. executable libraries environment (fs, hostname, pid, network, …) Kernel API (Operating System) root environment (fs, hostname, pid, network, …) Container • Control Groups • Namespaces • „Security Profiles“ Drivers GPU
  5. 5. Namespaces (7) Controls the environment of a process • MNT: Mount Table • UTS: Host and Domain name • IPC: Shared Memory • USR: Mapping of User/Group IDs • PID: Process Table • NET: Network Resources • CGRP: Cgroup Table Container is just a process bound by Linux primitives Cgroups Controls the boundary of a process • Memory • CPU • Cpuacct • Cpuset • Blkio • Devices • Net_prio • Freezer Capabilities • Permissions for non-privileged (pid!=0) process Security • SELinux (Secury Enhanced Linux) • AppArmor/Seccomp Process container 101 Self Learning
  6. 6. Containers: Ideal Runtime and Packaging Vehicle for Processes (Immutability with Config & State externalized) exec libraries environment Container Registry Kernel API (Operating System) storage volume CPU memory Host/VM exec libraries environment config secret Process Download Advantages: ✓ Minimized OS: Container OS ✓ No need to preinstall on the host ✓ No DLL-Hell, every process with own environment ✓ Packaging of own OS environment ✓ Minimal Packaging → Security ✓ Process isolation, sandboxed ✓ Reproducible ✓ Speed: as fast as spawning a process
  7. 7. Fundamentals:Container Principles
  8. 8. Runtime Confinement Container base runtime application CPU Memory other Control Groups
  9. 9. Lifecycle & Observability Container Health Metrics readiness liveness logs scrape Container Handle Hooks SIGTERM SIGKILL PreStop PostStart
  10. 10. Image Immutability Container base runtime application Dev Test Staging Production
  11. 11. Self-Containment & Disposability Container base runtime application State Configs Secrets (externalized)build time run time Container base runtime application State start/stop Configs Secrets (externalized) v1 → v1.1 → v2
  12. 12. Seperation of Concerns → Design Pattern Container 1 (single concern) Container 2 (single concern) Composite deployment unit (Pod)
  13. 13. Think outside the Container: Pod Design Pattern Sidecar Pattern Main Container Sidecar Container Adapter Pattern Main Container Adapterlocalhost Ambassador Pattern Main Container Proxy Service Distributed Shards localhost ...
  14. 14. Fundamentals:Architecture Shift
  15. 15. Container + Kubernetes = Machine-centric to Application-centric SelfManageDeliveredasaService Consumption: Imperative Infrastructure as a Service on Pool of Hardware Abstracting Hardware Network Storage Servers Hypervisor O/S Middleware Runtime Data Application FundamentalArchitectural Shift Orchestrator + Scheduler R Scale-out Operating System on Pool of Hardware Abstracting ApplicationDocker R Frontend ApplicationApplication Service State Messaging Consumption: Declarative DatabaseDatabase
  16. 16. In Kubernetes, all objects managed in or via the API Server are observed and controlled using (own) controllers. And the API Server can be extended to user designed objects. From Imperative to Declarative Logic Control Loops … to establish a desired state for { desired := getDesiredState() current := getCurrentState() makeChanges(desired, current) } Controller System Sensor + - System Input System Output Measured Output Measured ErrorReference
  17. 17. Practical Example
  18. 18. / - index page /healthz - alive? /healthzr - ready for service? /metrics - scraped via monitoring tool prometheus /environ - print the environment of the container /guestbook - for demo with a stateful service /mandelbrot - for generating some load with Mandelbrot graphics /cookie - for setting cookie /dynconfig - for showing dynamic configuration change /election - show leadership election state /operator - operator demo with a useless machine Example Project: Introspect storage volume exec libaries environment config secret Process ExternalMonitoring stdout stderr
  19. 19. Introspect Setup and Exposure exec libaries environment config secret introspect storage volume exec libaries environment config secret MongoDB apiVersion: v1 kind: Service metadata: name: introspect labels: app: introspect spec: ports: - name: web port: 80 targetPort: 8080 selector: app: introspect apiVersion: extensions/v1beta1 kind: Ingress metadata: name: introspect labels: uses: introspect spec: tls: - hosts: - introspect.fqdn secretName: introspect-tls rules: - host: introspect.fqdn http: paths: - path: / backend: serviceName: introspect servicePort: 80
  20. 20. Scaling & Rolling Updates with the Deployment Controller Edit the Deployment by changing image: vasu1124/introspect:v1.0 to image: vasu1124/introspect:v2.0 # k scale --replicas=3 deployment/introspect --record # k edit deployment introspect --record # k rollout history deployment introspect # k rollout undo deployment introspect # k rollout history deployment introspect
  21. 21. Why Kubernetes is more …
  22. 22. Blurring of IaaS, PaaS, SaaS Demarcations Hardware IaaS PaaS SaaS Kubernetes Cloud Foundry
  23. 23. DistributedComputing Hardware IaaS PaaS SaaS Cloud Foundry Blurring of IaaS, PaaS, SaaS Demarcations Kubernetes FaaS Backing Services GPU NetworksStorage Web IDE Kubernetes exemplifies a unique architecture design of extensibility across all layers. Compute
  24. 24. Emergence „The whole is greater than the sum of its parts.“ (attributed toAristoteles, 384 - 322 BC) An emergent property is a property which a complex system has, but the individual members do not. An emergent property can appear when a number of simple entities operate in a (collaborative) environment, forming a higher order of behaviors as a collective. Single component property: - 2 Sides - 3 Edges - Has Orientation Functional emergent property: - One Side - One Edge - No Orientation Möbius Strip
  25. 25. Declarative, Recursive, Desired States, … Uniform API signature #Declarative Desired State self-reflective: api spec: - my-objective: big - my-version: 1.0 - other-state: refer-to Kubernetes api-server Own Controller #Declarative Sub spec: - FaaS: f() #Declarative Sub spec: - PaaS: CF #Declarative Sub spec: - hw: gpu subject
  26. 26. Demo: Useless Machine