SlideShare a Scribd company logo

Kubernetes: training micro-dragons for a serious battle

A
Amir Moghimi

My second version of how to use kubernetes effectively as a platform for developing microservice applications.

1 of 26
Download to read offline
Amir Moghimi Lead Platform Engineer Deloitte Platform Engineering, Australia Kubernetes training micro-dragons for a serious battle
Traditional approach
Micro-services approach
Train microservices Microservices architecture magnifies the need for: ● Fairly homogenous build artifacts (VM image, AMI, Docker image) ● Standard running platform (Same OS distribution, Docker container) ● Configuration and secret management ● Service Discovery
Polyglot programming ● Pick right tool for the job ● Multiple teams with different expertise/perspectives ● Keep developers busy learning new language(s)
Homogenous build artifacts Build artifacts: ● Java Jar and War files ● Ruby Gems and Rails apps ● Node packages and apps ● Go binaries Containerise everything (Docker): ● Universally deployable artifact ● Relatively lightweight
Dockerfile FROM debian:jessie RUN apt-get update && apt-get install -y openjdk-8-jre-headless COPY my-app.jar /my-app.jar ENV MY_APP_CONF_VAR default-value CMD [“java”, “-jar”, “/my-app.jar”] docker build -t registry/image_name . docker push registry/image_name
Configure and run docker run -d -e REDIS_NAMESPACE='staging' -e POSTGRES_ENV_POSTGRES_PASSWORD='foo' -e POSTGRES_ENV_POSTGRES_USER='bar' -e POSTGRES_ENV_DB_NAME='mysite_staging' -e POSTGRES_ADDR='docker-db-1.us-east-1.rds.amazonaws.com' -e SITE_URL='staging.mysite.com' -p 80:80 --restart=on-failure:10 --name container_name registry/image_name image_command cmd_arg1 cmd_arg2
Configuration hell ● Application config ○ Env vars, config files, cmd line args ● Runtime environment config ○ Web server, JVM ● Runtime dependencies config ○ Volumes, logging, monitoring, stats
Configuration management ● Train your app: ○ 12-factor app ● Configuration in a containerised world: ○ Log to stdout ○ Port mappings (from host to container) ○ SaaS blob storage (mount volumes only if providing a storage service) ○ Service discovery (Consul, Eureka, DNS) ○ Secrets (ideally only in memory but how?) ○ Environment Variables for everything else
Configuration management tools ● Chef ● Puppet ● Ansible (classic host-based approach + docker) ● Docker Compose?! ● Shell + Kubernetes (container PaaS)
Taking Chef/Puppet for a ride?
Kubernetes key resources ● Namespace ● Pod (container) ● Replica Set / Replication Controller ● ConfigMap ● Secret ● Service ● Deployment
Kubernetes Master API Server Replica Set kubelet Node Pod Container Pod Container kubelet Node Pod Container Kubernetes Cluster = Label = Resource = ProcessScheduler Controller Manager docker docker
Replica Set (Replication Controller) apiVersion: v1 kind: ReplicationController metadata: name: my-nginx-replica-set spec: replicas: 3 selector: app: dragon-web template: metadata: name: nginx-pod labels: app: dragon-web spec: containers: - name: nginx-container image: nginx env: - name: LOG_LEVEL value: INFO ports: - containerPort: 80 apiVersion: v1 kind: Pod kubectl create -f my-nginx-replica-set.yml
ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: dragon-config labels: environment: non-prod data: dragon.how.much: very dragon.type: fast apiVersion: v1 kind: Pod metadata: name: dragon-pod spec: containers: - name: dragon-container image: dragon-image env: - name: DRAGON_LEVEL valueFrom: configMapKeyRef: name: dragon-config key: dragon.how.much - name: DRAGON_TYPE valueFrom: configMapKeyRef: name: dragon-config key: dragon.type
Secret apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: password: MWYyZDFlMmU2N2RmCg== username: my_admin apiVersion: v1 kind: Pod metadata: name: secret-user-pod Spec: volumes: name: secret-vol secret: secretName: my-secret containers: - name: nginx-container image: nginx volumeMounts: name: secret-vol mountPath: /etc/my-access-keys readOnly: true
Service { "apiVersion": "v1", "kind": "Service", "metadata": { "name": "my-service" }, "spec": { "selector": { "app": "dragon-web" }, "ports": [{ "protocol": "TCP", "port": 80, "targetPort": 80 }] } }
Service discovery ● Internal DNS ○ Take extra care when playing with fire ○ No control over client ○ Time sensitive protocol ○ Use only if you can have a reliable DNS add-on ● Provided environment variables ○ MY_DROGON_SERVICE_HOST=10.0.0.11 MY_DROGON_SERVICE_PORT=8080 ○ Create services before using them in pods ○ Only works per namespace ● Kubernetes REST API ○ GET /api/v1/namespaces/{namespace}/services/{service_name} DNS HAZARD
Deployment apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 Declarative Server-side Revision tracking Easy rollback
Project structure my-dragon-microservice/ src/ environments/ default/ configmap.yml secret.yml dev/ configmap.yml secret.yml test/ stage/ prod/ my-dragon-microservice/ ... cicd/ kube-resources/ service.yml deployment.yml scripts/ build.sh test.sh deploy.sh # kubectl apply -f ../kube-resources Jenkinsfile Dockerfile
Secure environments config test-1/ namespace.yml configmap.yml secret.yml test-2/… test-N/ stage-1/ namespace.yml configmap.yml secret.yml stage-2/… stage-N/ prod-1/ namespace.yml configmap.yml secret.yml prod-2/… prod-N/
Pipeline wisdom ● Use pipeline-as-code ● Script steps ○ Make scripts (almost) locally runnable ○ Avoid custom pipeline-as-code plugins (as much as possible) ● Shell scripting is counter-intuitive for developers ○ “Less is more” ○ Repeat yourself to achieve self documentation and copy/paste capability ● Make pipelines environment agnostic (as much as possible)
Kubernetes in production ● Bake AMIs or equivalent, at least for nodes (packer) ● Leverage cloud-init for bootstrapping ○ But strictly no package installations in cloud-init ● Use Auto-Scaling Groups or equivalent for nodes to self-heal ● Specify both readiness and liveness checks for all pods ○ Perform deep health check as readiness probe ○ Perform shallow health check as liveness probe
Kubernetes in production ● Use version 1.4 or above ○ Proper Pod eviction ● Specify a LimitRange with default limits per namespace ● Use lower requested cpu/mem values to oversubscribe nodes ● For High Availability, use monitoring tools to make sure there is always free capacity left in the cluster ● Specify --max-pods for kubelet on each node as a last resort ● Run at least 2 replicas for mission critical apps ● Specify explicit requested cpu/mem values equal to the limit for mission critical apps ○ To reduce chance of eviction under load
Q & A

Recommended

Microservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple wayMicroservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple way
Suraj Deshmukh
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
Suraj Deshmukh
 
Docker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmDocker Compose to Production with Docker Swarm
Docker Compose to Production with Docker Swarm
Mario IC
 
Kompose
KomposeKompose
Kompose
Suraj Narwade
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeAcademy
 
GDG Lima - Docker Compose
GDG Lima - Docker ComposeGDG Lima - Docker Compose
GDG Lima - Docker Compose
Mario IC
 
Making cloud native platform by kubernetes
Making cloud native platform by kubernetesMaking cloud native platform by kubernetes
Making cloud native platform by kubernetes
어형 이
 
How to make cloud native platform by kubernetes
How to make cloud native platform by kubernetesHow to make cloud native platform by kubernetes
How to make cloud native platform by kubernetes
어형 이
 

Recommended

Microservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple wayMicroservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple way
Suraj Deshmukh
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
Suraj Deshmukh
 
Docker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmDocker Compose to Production with Docker Swarm
Docker Compose to Production with Docker Swarm
Mario IC
 
Kompose
KomposeKompose
Kompose
Suraj Narwade
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeAcademy
 
GDG Lima - Docker Compose
GDG Lima - Docker ComposeGDG Lima - Docker Compose
GDG Lima - Docker Compose
Mario IC
 
Making cloud native platform by kubernetes
Making cloud native platform by kubernetesMaking cloud native platform by kubernetes
Making cloud native platform by kubernetes
어형 이
 
How to make cloud native platform by kubernetes
How to make cloud native platform by kubernetesHow to make cloud native platform by kubernetes
How to make cloud native platform by kubernetes
어형 이
 
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
LINE Corporation
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
Izzet Mustafaiev
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for Kubernetes
Tobias Schneck
 
Rails in docker
Rails in dockerRails in docker
Rails in docker
Andrew Klotz
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government
KubeAcademy
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2
Gluster.org
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
Sam Zheng
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6
Gluster.org
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
Junpei Nomura
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and future
Gluster.org
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Marcelo Cenerino
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)
충섭 김
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Janakiram MSV
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
Simon Su
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
어형 이
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetes
inwin stack
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?
Izzet Mustafaiev
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
Wong Hoi Sing Edison
 

More Related Content

What's hot

Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
LINE Corporation
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
Izzet Mustafaiev
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for Kubernetes
Tobias Schneck
 
Rails in docker
Rails in dockerRails in docker
Rails in docker
Andrew Klotz
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government
KubeAcademy
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2
Gluster.org
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
Sam Zheng
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6
Gluster.org
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
Junpei Nomura
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and future
Gluster.org
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Marcelo Cenerino
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)
충섭 김
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Janakiram MSV
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
Simon Su
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
어형 이
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetes
inwin stack
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?
Izzet Mustafaiev
 

What's hot (20)

Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for Kubernetes
 
Rails in docker
Rails in dockerRails in docker
Rails in docker
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and future
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetes
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?
 

Similar to Kubernetes: training micro-dragons for a serious battle

Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
Wong Hoi Sing Edison
 
Dockerized maven
Dockerized mavenDockerized maven
Dockerized maven
Matthias Bertschy
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
Haggai Philip Zagury
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
Karl Isenberg
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
Piotr Perzyna
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
Peter Mein
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECS
Amazon Web Services
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
Dmytro Patkovskyi
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
Anthony Dahanne
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
Roman Rodomansky
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
corehard_by
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camou
J On The Beach
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 

Similar to Kubernetes: training micro-dragons for a serious battle (20)

Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
 
Dockerized maven
Dockerized mavenDockerized maven
Dockerized maven
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECS
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camou
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 

Recently uploaded

A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
abdulrafaychaudhry
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
QuickwayInfoSystems3
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 

Recently uploaded (20)

A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 

Kubernetes: training micro-dragons for a serious battle

  • 1. Amir Moghimi Lead Platform Engineer Deloitte Platform Engineering, Australia Kubernetes training micro-dragons for a serious battle
  • 4. Train microservices Microservices architecture magnifies the need for: ● Fairly homogenous build artifacts (VM image, AMI, Docker image) ● Standard running platform (Same OS distribution, Docker container) ● Configuration and secret management ● Service Discovery
  • 5. Polyglot programming ● Pick right tool for the job ● Multiple teams with different expertise/perspectives ● Keep developers busy learning new language(s)
  • 6. Homogenous build artifacts Build artifacts: ● Java Jar and War files ● Ruby Gems and Rails apps ● Node packages and apps ● Go binaries Containerise everything (Docker): ● Universally deployable artifact ● Relatively lightweight
  • 7. Dockerfile FROM debian:jessie RUN apt-get update && apt-get install -y openjdk-8-jre-headless COPY my-app.jar /my-app.jar ENV MY_APP_CONF_VAR default-value CMD [“java”, “-jar”, “/my-app.jar”] docker build -t registry/image_name . docker push registry/image_name
  • 8. Configure and run docker run -d -e REDIS_NAMESPACE='staging' -e POSTGRES_ENV_POSTGRES_PASSWORD='foo' -e POSTGRES_ENV_POSTGRES_USER='bar' -e POSTGRES_ENV_DB_NAME='mysite_staging' -e POSTGRES_ADDR='docker-db-1.us-east-1.rds.amazonaws.com' -e SITE_URL='staging.mysite.com' -p 80:80 --restart=on-failure:10 --name container_name registry/image_name image_command cmd_arg1 cmd_arg2
  • 9. Configuration hell ● Application config ○ Env vars, config files, cmd line args ● Runtime environment config ○ Web server, JVM ● Runtime dependencies config ○ Volumes, logging, monitoring, stats
  • 10. Configuration management ● Train your app: ○ 12-factor app ● Configuration in a containerised world: ○ Log to stdout ○ Port mappings (from host to container) ○ SaaS blob storage (mount volumes only if providing a storage service) ○ Service discovery (Consul, Eureka, DNS) ○ Secrets (ideally only in memory but how?) ○ Environment Variables for everything else
  • 11. Configuration management tools ● Chef ● Puppet ● Ansible (classic host-based approach + docker) ● Docker Compose?! ● Shell + Kubernetes (container PaaS)
  • 13. Kubernetes key resources ● Namespace ● Pod (container) ● Replica Set / Replication Controller ● ConfigMap ● Secret ● Service ● Deployment
  • 14. Kubernetes Master API Server Replica Set kubelet Node Pod Container Pod Container kubelet Node Pod Container Kubernetes Cluster = Label = Resource = ProcessScheduler Controller Manager docker docker
  • 15. Replica Set (Replication Controller) apiVersion: v1 kind: ReplicationController metadata: name: my-nginx-replica-set spec: replicas: 3 selector: app: dragon-web template: metadata: name: nginx-pod labels: app: dragon-web spec: containers: - name: nginx-container image: nginx env: - name: LOG_LEVEL value: INFO ports: - containerPort: 80 apiVersion: v1 kind: Pod kubectl create -f my-nginx-replica-set.yml
  • 16. ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: dragon-config labels: environment: non-prod data: dragon.how.much: very dragon.type: fast apiVersion: v1 kind: Pod metadata: name: dragon-pod spec: containers: - name: dragon-container image: dragon-image env: - name: DRAGON_LEVEL valueFrom: configMapKeyRef: name: dragon-config key: dragon.how.much - name: DRAGON_TYPE valueFrom: configMapKeyRef: name: dragon-config key: dragon.type
  • 17. Secret apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: password: MWYyZDFlMmU2N2RmCg== username: my_admin apiVersion: v1 kind: Pod metadata: name: secret-user-pod Spec: volumes: name: secret-vol secret: secretName: my-secret containers: - name: nginx-container image: nginx volumeMounts: name: secret-vol mountPath: /etc/my-access-keys readOnly: true
  • 18. Service { "apiVersion": "v1", "kind": "Service", "metadata": { "name": "my-service" }, "spec": { "selector": { "app": "dragon-web" }, "ports": [{ "protocol": "TCP", "port": 80, "targetPort": 80 }] } }
  • 19. Service discovery ● Internal DNS ○ Take extra care when playing with fire ○ No control over client ○ Time sensitive protocol ○ Use only if you can have a reliable DNS add-on ● Provided environment variables ○ MY_DROGON_SERVICE_HOST=10.0.0.11 MY_DROGON_SERVICE_PORT=8080 ○ Create services before using them in pods ○ Only works per namespace ● Kubernetes REST API ○ GET /api/v1/namespaces/{namespace}/services/{service_name} DNS HAZARD
  • 20. Deployment apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 Declarative Server-side Revision tracking Easy rollback
  • 22. Secure environments config test-1/ namespace.yml configmap.yml secret.yml test-2/… test-N/ stage-1/ namespace.yml configmap.yml secret.yml stage-2/… stage-N/ prod-1/ namespace.yml configmap.yml secret.yml prod-2/… prod-N/
  • 23. Pipeline wisdom ● Use pipeline-as-code ● Script steps ○ Make scripts (almost) locally runnable ○ Avoid custom pipeline-as-code plugins (as much as possible) ● Shell scripting is counter-intuitive for developers ○ “Less is more” ○ Repeat yourself to achieve self documentation and copy/paste capability ● Make pipelines environment agnostic (as much as possible)
  • 24. Kubernetes in production ● Bake AMIs or equivalent, at least for nodes (packer) ● Leverage cloud-init for bootstrapping ○ But strictly no package installations in cloud-init ● Use Auto-Scaling Groups or equivalent for nodes to self-heal ● Specify both readiness and liveness checks for all pods ○ Perform deep health check as readiness probe ○ Perform shallow health check as liveness probe
  • 25. Kubernetes in production ● Use version 1.4 or above ○ Proper Pod eviction ● Specify a LimitRange with default limits per namespace ● Use lower requested cpu/mem values to oversubscribe nodes ● For High Availability, use monitoring tools to make sure there is always free capacity left in the cluster ● Specify --max-pods for kubelet on each node as a last resort ● Run at least 2 replicas for mission critical apps ● Specify explicit requested cpu/mem values equal to the limit for mission critical apps ○ To reduce chance of eviction under load
  • 26. Q & A