Post on 03-Aug-2015
Container Deployment andManagementwith kubernetes1 July 2015
Loh Siu YinTechnology Consultant, Beyond Broadcast LLP
1 of 27
Kubernetes
A system to manage docker containers across a cluster of hosts.
See: kubernetes.io (http://kubernetes.io)
and github.com/GoogleCloudPlatform/kubernetes (https://github.com/GoogleCloudPlatform/kubernetes)
2 of 27
Prerequisites
Docker (boot2docker, coreos, static binary)
Images (from hub.docker.com or build your own)
kubernetes
3 of 27
Docker Essentials
4 of 27
Docker Overview
5 of 27
Build a base image
Dockerfile for gozmq: A standardized environment my golang and ZeroMQ programsto run in.
# Dockerfile for gozmqFROM ubuntu:14.04ADD libzmq.so.1 /usr/lib/CMD ["/bin/bash"]
Building the image:
#!/bin/sh# image_build.shPGM='gozmq'MAIN_VER=20150525#MAIN_VER=`date +%Y%m%d`SUB_VER=VER=${MAIN_VER}${SUB_VER}
docker build -t siuyin/${PGM}:${VER} .
Check with: docker images | grep gozmq
6 of 27
Build application image: master-publisher
The publisher in a pub-sub system.
# Dockerfile for publisherFROM siuyin/gozmq:20150525ENV PULL_BIND_PORT='tcp://*:5123'ENV PUB_BIND_PORT='tcp://*:5124'ADD publisher /usr/bin/CMD ["/usr/bin/publisher"]
#!/bin/sh# image_build for publisherPGM='publisher'#MAIN_VER=`date +%Y%m%d`MAIN_VER=20150525SUB_VER=VER=${MAIN_VER}${SUB_VER}
docker build -t siuyin/${PGM}:${VER} .
Check with: docker images | grep publisher
7 of 27
Publisher
Demo:
cd ~/prog/go_workspace/src/siuyin/zmqcomp/publisher (vim start.sh)
test_pusher, publisher then test_subscriber
8 of 27
Nice: Fully functional but limited to running on the docker host
Note: localhost and port configuration via environment variables.
#!/bin/sh# test_pusher# local docker host#PUSH_CONNECT_HOST=localhost PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes cluster network 1#PUSH_CONNECT_HOST=172.17.0.17 PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes cluster network 2PUSH_CONNECT_HOST=10.0.0.50 PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes node local#PUSH_CONNECT_HOST=localhost PUSH_CONNECT_PORT=30516 go run main.go
Enter kubernetes
Brendan Burns of Google: "kubernetes -- ancient greek for pilot"
I am thinking: The Borg Cube: "resistance is futile ... you will be assimilated"
9 of 27
Kubernetes
10 of 27
Kubernetes Overview
11 of 27
Kubernetes Survival Guide
12 of 27
Resources
pod:
One or more closely coupled docker containers
replication controller (or rc):
Actively manages pods
service (or svc):
A stable end-point to connect to running pods
node (previously minion):
A host that runs pods.
13 of 27
(Re)starting kubernetes
After a reboot, kubernetes containers from gcr.io/google ... will not be running.Restart them with this script:
docker ps -a| grep gcr.io/google | awk '{print $1}'|xargs docker start
14 of 27
Kubernetes operations
get: retrieve summary status on a resource (pod, rc, svc, node)
describe: get more details on a resource (eg. describe svc master-publisher)
delete: deletes a resource
create: creates a resource
Demo: kubectl get nodes
kubernetes cluster api-controller runs on localhost:8080 (http://localhost:8080)
Possible to curl to localhost:8080 with the api:
curl -L http://localhost:8080/api/v1beta3/nodes
or with GET requests on your browser localhost:8080/api/v1beta3/nodes (http://localhost:8080
/api/v1beta3/nodes)
15 of 27
Creating a ReplicationController which creates pods
Defined in a .json or .yaml file:
"containers": [{ "name": "publisher", "image": "siuyin/publisher:20150525", "imagePullPolicy": "IfNotPresent", "env": [{ "name": "PULL_BIND_PORT", "value": "5123" },{ "name": "PUB_BIND_PORT", "value": "5124" }], "ports": [{ "containerPort": 5123, "protocol": "TCP" }, { "containerPort": 5124, "protocol": "TCP" } ] }], "restartPolicy": "Always", "volumes": []
16 of 27
publisher-controller.json
view ~/prog/go_workspace/src/siuyin/zmqcomp/publisher/publisher-controller.json
17 of 27
Demo: Create a replication controller
Note: kubectl delete rc -l name=master-publisher before re-creating replicationcontroller.
Demo:
cd ~/prog/go_workspace/src/siuyin/zmqcomp/publisher
kubectl create -f publisher-controller.json
kubectl get rc
Same effect with: kubectl get replicationcontrollers
Online scaling:
kubectl scale --replicas=3 rc master-publisher
18 of 27
Where is the pod?
Demo:
kubectl get pods
or better
kubectl get pods -l 'name=master-publisher'
Same as: kubectl get pods --selector='name=master-publisher'
Note the IP Address of this pod.
19 of 27
Pod IP address
Double-check: docker ps | grep master-publisher
Also: docker inspect <container UUID> | grep IPAddress
But where is the IP address in the docker container?
The network configuration is held in the "pause" container.
Demo: master-publisher pod running in dedicated sub-net
cd ~/prog/go_workspace/src/siuyin/zmqcomp/publisher
copy pod IP address to clipboard
configure and start test_pusher
configure and start test_subscriber
20 of 27
Scenario: Container or Pod failure
Suppose bad code or hardware causes the docker container or pod to fail.
Can kubernetes heal the system?
Demo: kill the docker container
docker ps | grep master-publisher
docker kill <container UUID>
Demo: delete the pod
kubectl get pod -l name=master-publisher
kubectl delete pod <pod-name>
or similarly:
kubectl delete pod -l name=master-publisher
21 of 27
How to survive a pod failure
The failed pod was re-created by the replication controller:
kubectl get pod -l name=master-publisher
note the pod's IP address
cat ~/prog/go_workspace/src/siuyin/zmqcomp/publisher/test_pusher/start.sh
The IP address changed!
Kubernetes made no attempt to revive the failed pod. Instead it created a new one andgave it a new IP address.
22 of 27
We need a stable IP address!
Enter: kubernetes service
"kind":"Service", "apiVersion":"v1beta3", "metadata":{ "name":"master-publisher", "labels":{ "name":"master-publisher" } }, "spec":{
view ~/prog/go_workspace/src/siuyin/zmqcomp/publisher/publisher-service.json
Note the NodePort type and port declarations.
23 of 27
Inspecting the service
I've already created the service with (don't create it again):
kubectl create -f publisher-service.json
Check it with:
kubectl get service -l name=master-publisher
kubectl describe svc master-publisher
Demo: reconfigure to use service IP address:
reconfigure test_pusher
reconfigure test_subscriber
Demo: fail the pod again
kubectl delete pod -l name=master-publisher
24 of 27
Making the service accessible from outside the cluster
Specify a publicIP in the service declaration and use it:
#!/bin/sh# test_pusher# local docker host#PUSH_CONNECT_HOST=localhost PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes cluster network 1#PUSH_CONNECT_HOST=172.17.0.17 PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes cluster network 2PUSH_CONNECT_HOST=10.0.0.50 PUSH_CONNECT_PORT=5123 go run main.go
# kubernetes node local#PUSH_CONNECT_HOST=localhost PUSH_CONNECT_PORT=30516 go run main.go
To define your own port map, refer to NODEPORT entries in:
iptables -t nat -S
25 of 27
Slides Download
http://www.slideshare.net/siuyin/siuyin-dockerkubernetes
26 of 27
Thank you
Loh Siu YinTechnology Consultant, Beyond Broadcast LLPsiuyin@beyondbroadcast.com (mailto:siuyin@beyondbroadcast.com)
27 of 27