This document introduces Google Container Engine and Kubernetes for container orchestration. It discusses how containers provide isolation and portability compared to traditional virtual machines. Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. It allows grouping containers into pods and uses labels to identify pods. Services provide discovery and load balancing for pods. Replication controllers help maintain the desired number of pods. Kubernetes handles scheduling pods across a cluster and replacing pods when needed through this type of declarative management.

1. Getting Started With Google
Container Engine
Khoi Lai
iOS Developer
Khoi.lai@niteco.se

2. Getting Started With Google
Container Engine
Khoi Lai / khoi.lai@niteco.se
iOS Developer / Cloud Enthusiast

3. Old Way: Shared Machines
• No isolation
• No namespacing
• Common libs
• Highly coupled apps and OS

4. Old Way: Virtual Machines
• Some isolation
• Expensive and inefficient
• Still highly coupled to the guest OS
• Very hard to manage

5. New Way: Containers

6. But what ARE they?
Lightweight VMs
• no guest OS, lower overhead than VMs, but no virtualization hardware
Better packages
• no DLL hell
Hermetically sealed static binaries - portable!
• no external dependencies
Provide Isolation (from each other and from the host)
• Resources (CPU, RAM, Disk, etc.)
• Users
• Filesystem
• Network

7. Everything at Google runs in
containers:
• Gmail, Web Search, Maps, ...
• MapReduce, batch, ...
• GFS, Colossus, ...
• Even GCE itself: VMs in containers

8. Everything at Google runs in
containers:
• Gmail, Web Search, Maps, ...
• MapReduce, batch, ...
• GFS, Colossus, ...
• Even GCE itself: VMs in containers
Google launch over 2
billion containers per
week.

9. But what IS Docker?
An implementation of the container idea
A package format
An ecosystem
A company
An open-source juggernaut
A phenomenon
Hoorah! The world is starting to adopt containers!

10. Now that we have containers...
Isolation: Keep jobs from interfering with each other
Scheduling: Where should my job be run?
Lifecycle: Keep my job running
Discovery: Where is my job now?
Constituency: Who is part of my job?
Scale-up: Making my jobs bigger or smaller
Auth{n,z}: Who can do things to my job?
Monitoring: What’s happening with my job?
Health: How is my job feeling?

11. Enter Kubernetes
Greek for “Helmsman”; also the root of
the word “Governor”
• Container orchestrator
• Runs Docker containers
• Supports multiple cloud and bare-metal
environments
• Inspired and informed by Google’s
experiences and internal systems
• Open source, written in Go
Manage applications, not machines

12. Primary concepts
Container: A sealed application package (Docker)
Pod: A small group of tightly coupled Containers
example: content syncer & web server
Controller: A loop that drives current state towards desired state
example: replication controller
Service: A set of running pods that work together
example: load-balanced backends
Labels: Identifying metadata attached to other objects
example: phase=canary vs. phase=prod
Selector: A query against labels, producing a set result
example: all pods where label phase == prod

13. Pods
Small group of containers & volumes
Tightly coupled
• same node
The atom of cluster scheduling &
placement
Shared namespace
• share IP address & localhost
Ephemeral
• can die and be replaced
Example: data puller & web server
Pod
File Puller Web Server
Volume
Consumers
Content
Manager

14. Labels
Arbitrary metadata
Attached to any API object
Generally represent identity
Queryable by selectors
• think SQL ‘select ... where ...’
The only grouping mechanism
• pods under a ReplicationController
• pods in a Service
• capabilities of a node (constraints)
Example: “phase: canary”
App: Nifty
Phase: Dev
Role: FE
App: Nifty
Phase: Dev
Role: BE
App: Nifty
Phase: Test
Role: FE
App: Nifty
Phase: Test
Role: BE

15. Replication Controllers
node 1
f0118
node 3
node 4node 2
d9376
b0111
a1209
Replication Controller
- Desired = 4
- Current = 4

16. Replication Controllers
node 1
f0118
node 3
node 4node 2
Replication Controller
- Desired = 4
- Current = 4
d9376
b0111
a1209

17. Replication Controllers
node 1
f0118
node 3
node 4
Replication Controller
- Desired = 4
- Current = 3
b0111
a1209

18. Replication Controllers
node 1
f0118
node 3
node 4
Replication Controller
- Desired = 4
- Current = 4
b0111
a1209
c9bad

19. Services
A group of pods that act as one == Service
• group == selector
Defines access policy
• only “load balanced” for now
Gets a stable virtual IP and port
• called the service portal
• also a DNS name
VIP is captured by kube-proxy
• watches the service constituency
• updates when backends change
Hide complexity - ideal for non-native apps
Portal (VIP)
Client

20. Some very quick summary of Google container Engine.
Gioi thieu qua ve Google Cloud Platform
Google Container Engine

21. Container Cluster Orchestration
Package & run your app as
containers
Find existing container
images from others
Deploy your container on
your laptop, server, or
cloud
Container Cluster
Orchestration Engine
Declarative management hides
complexity
Open Source, Runs Anywhere
Cluster-Oriented Container
Service
Full Google Cloud Platform
Infrastructure
Powered by Kubernetes
Kubernetes Container Engine

22. Demo Time

23. Questions?
Images by Connie Zhou
http://kubernetes.io