Docker managed properly: Introducing Kubernetes for ITPro’sDocker managed properly: Introducing...
Transcript of Docker managed properly: Introducing Kubernetes for ITPro’sDocker managed properly: Introducing...
Think ahead. Act now.
Docker managed properly:Introducing Kubernetes
for ITPro’sCornell Knulst@cornellknulst
Pascal Naber@pascalnaber
SERVERLESS Docker managed properly:Introducing Kubernetes for ITPro’s
Cornell Knulst & Pascal Naber
Think ahead. Act now.
Pascal
Naber
Cornell
Knulst
WebApp
WebAPI
SQL
WebApp
Development
WebApp
Production
Frontend
Backend
Database
Once upon a time…
SQL
WebApp
Development
WebApp
Production
But times are changing…
Think ahead. Act now.
ContainersSolves Portable
Fast Isolated
But Running Containers
in production
Is another cup of tea
WasteWaste
SERVERLESS
Think ahead. Act now.
Frontend
Backend
SERVERLESS
SERVERLESS
SERVERLESS
Container orchestration
SERVERLESS
Container orchestration
SERVERLESS
Container orchestrators
ClusterHigh Availability
Hyper-ScaleHybrid Operations
High Density
Rolling UpgradesStateful services
Low Latency
Fast startup &
shutdown
Container Orchestration &
lifecycle management
Replication &
FailoverLoad balancing
Self-healing
Automated Rollback
Health
MonitoringPlacement
Constraints
Microservices
Service Fabric
Orchestrators
cluster
Node(Worker)
Node(Worker)
Master
Kubernetes
Kubernetes cluster
Node(Minion)
Node(Minion)
Master
Kubernetes
K8s
OOS
Extensible
Facilitates declarative configuration and automation
Large, rapidly growing ecosystem
Κυβερνήτης -- Greek:
meaning helmsman or pilot
1 2 3 4 5 6 7 8
Hosting of Kubernetes
LocalMinikube
Docker for Windows (Edge)
Docker for Mac (Edge)
Raspberry Pi
Private datacenter
Public Cloud
GKE
EKS
AKS
Think ahead. Act now.
Partly managed Kubernetes
Only pay for worker nodes
Upgrades managed by Azure
Workers are Managed IaaS
Azure Kubernetes Service (AKS)
Azure
Kubernetes
Kubernetes architecture
Master
API Server Scheduler
Controller Manager
Node(Minion)
etcd
kubeletKube-Proxy
cAdvisor
Pod Pod Pod
Kubectl
(CLI)
Dashboard
(UI)
REST client
(Code)
Think ahead. Act now.
Missing pieces?
Deploy to Production
Think ahead. Act now.
Install AKS with ARM or the Portal
Install AKS using CLI## Create resourcegroup
az group create --name clouddemo --location eastus
## Create Kubernetes cluster
az aks create -g clouddemo -n gamingcluster --generate-ssh-keys## Create Kubernetes cluster
az aks create --resource-group clouddemo
--name gamingcluster
--kubernetes-version 1.9.6
--node-vm-size Standard_DS2_v2
--node-count 3
--max-pods 1000
--enable-rbac
--enable-addons http_application_routing
--ssh-key-value "C:\repos\pascal\ssh\public.pub"
--service-principal d6e55af7-17fc-4cf5-b140-8b37729da10e
--client-secret 94bCIHcSuniCvjq9
Azure resources for AKSclouddemo
Azure resources for AKS
MC_clouddemo_gamingcluster_eastus
clouddemo
Think ahead. Act now.
## download & install kubectl
az aks install-cli
## download credentials
az aks get-credentials --resource-group clouddemo --name gamingcluster
Post Install steps
Deployment flow
Create Docker Images
Apply K8s deployments
Push Docker Images to registry
1
2
3
Kubernetes
concepts
Pod
Group of 1 or more containers
Shared Storage
Shared Network Same IP-address and port
Pod
10.0.0.1
Storage
Pod
10.0.0.2
Storage
Port 80
Port 8080
Port 80
leaderboard-api.yaml
PodPod Pod
Replica Set
Deployment
Label: backend
Selector
Label: backend
Label: backend Label: backend
Label: backend
Selector
Label: backend
C:> kubectl apply –f leaderboard-api.yaml
C:> kubectl apply –f update.yaml
Zero-downtime deployment
Can be rolled back
Rolling updates
Think ahead. Act now.
C:> kubectl apply –f secret.yaml
Secrets:
Base64 encoded values
Environment variables& Secrets
C:> kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
## Create Secret to access Azure Container Registry
kubectl create secret docker-registry clouddemoimages--docker-server=https://clouddemo.azurecr.io --docker-username=clouddemo --docker-password=kD98ddl$= [email protected]
Health checkslivenessProbeIndicates whether the Container is running
Restart in case of failureContainer:
https://www.app-metrics.io/
HealthChecks libraryhttps://github.com/dotnet-architecture/HealthChecks
readinessProbeIndicates whether the Container is ready to service requests
No traffic is routed to the Pod
C:> kubectl apply –f leaderboard-api.yaml
Resource Managementrequests: Minimum required resources
limits: Capped resource usage
100m = 0.1 cpu500m = 0.5 cpu
64Mi = 64 MB memory128Mi = 128 MB memory
C:> kubectl apply –f leaderboard-api.yaml
Horizontal Pod AutoscalerRequired:
Resource requests & limitHeapster
Scaling based on
1 or multiple items
CPU
Memory
Custom Metrics
C:> kubectl apply –f leaderboard-api.yaml
Horizontal Pod AutoscalerRequired: Resource requests & limit
Heapster
C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 0% / 50% 1 10 1 9m
C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 218% / 50% 1 10 1 10m
C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 218% / 50% 1 10 4 10m
C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 44% / 50% 1 10 7 13m
C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 51% / 50% 1 10 6 21m
How to access
the Pods?From inside and outside the cluster
Think ahead. Act now.
Node 1
PodLabel: backend
10.0.0.2
PodLabel: backend
10.0.0.3
Node 0
PodLabel: backend
10.0.0.1
Node 2
PodLabel: backend
10.0.0.4
PodLabel: backend
10.0.0.5
Pods are mortal
Service
Service
Type: ClusterIPSelector
Label: backend
Node 1
PodLabel: backend
10.0.0.2
Node 0
PodLabel: backend
10.0.0.1
Node 2
PodLabel: backend
10.0.0.4
PodLabel: backend
10.0.0.5
192.168.0.1
Service
Service
Type: LoadBalancerSelector
Label: backend
Node 1
PodLabel: backend
10.0.0.2
Node 0
PodLabel: backend
10.0.0.1
Node 2
PodLabel: backend
10.0.0.4
PodLabel: backend
10.0.0.5
Public ip address:
192.168.0.1
192.168.0.2
Frontend
Backend
Pod Pod Pod Pod Pod
Pod Pod Pod
Service
Type: ClusterIP
Service
Type: LoadBalancer
Public ip address:
192.168.0.1
C:> kubectl apply –f leaderboard-service.yaml
C:> kubectl apply –f gamingwebapp.yaml
192.168.0.2
192.168.0.1
Too many ip-addresses.
Now what?Or: I want to access all my services through the
same ip-address
Ingress
Pod10.0.0.1
Pod10.0.0.2
Pod10.0.0.3
Service
Type: ClusterIP
Pod10.0.0.4
Pod10.0.0.5
Pod10.0.0.6
Service
Type: ClusterIP
Pod10.0.0.7
Pod10.0.0.8
Pod10.0.0.9
Service
Type: ClusterIP
Service
Type: LoadBalancer
Public ip address:
192.168.0.1
Podquay.io/kubernetes-ingress-controller/
nginx-ingress-controller:0.15.0
Selector
Label: ingresscontroller
Label: ingresscontroller
Ingresshost: gaming.expertslive.cf
serviceName: gamingwebapp
Ingresshost: erp.expertslive.cf
serviceName: erpsvc
Ingresshost: www. expertslive.cf/crm
serviceName: crmsvc
nginx.confgaming.mydomain.com
10.0.0.1
10.0.0.2
10.0.0.3
erp.mydomain.com
10.0.0.4
10.0.0.5
10.0.0.6
/crm
10.0.0.7
10.0.0.8
10.0.0.9
Automatically generated
Label: erpLabel: frontend Label: crm
+ = Kubeflow
Azure Dev Spacesecosystem
Cert manager
Helm
Helm is a tool for managing packages of pre-configured Kubernetes resources
https://github.com/kubernetes/helm
Linkerd
Logstash
Magento
Mariadb
Mongodb
Mssql-linux
Mysql
Neo4j
Newrelic
Openvpn
Postgresql
Presto
Prometheus
Rabbitmq
Redis
Selenium
Sonarqube
Spinnaker
Sysdig
Tensorflow
Traefik
Wordpress
ArtifactoryCert-manager
Consul
Cassandra
Couchdb
Datadog
Docker-registry
Drupal
Elasticsearch
Ethereum
fluentd
Gitlab
Grafana
Hadoop
Heapster
Jenkins
Joomla
Kafka
Kibana
Kong
Kubeless
Lamp
Helm
# Download Helmhttps://github.com/kubernetes/helm/releases
# To install Tiller on the cluster run
helm init
# Get latest version of the stable charts
helm repo update
# Install a chart
helm install --name monitor stable/Prometheus
helm install --name dashboard stable/grafana -f "C:\Demos\monitoring\values.yaml"
Think ahead. Act now.
Starts in seconds
No VM Management
Billed per second
Linux and Windows containers
Azure Container Instances (ACI)
Azure
Azure Container Instances (ACI)
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod
Pod Pod Pod
Pod Pod Pod
Kubernetes
Kubernetes cluster
Node(Minion)
Node(Minion)
Master
Kubernetes on Azure
Kubernetes cluster
Master Azure Container Instances (ACI)
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod
Pod Pod
Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod
Pod Pod
Pod Pod
The future of
infrastructure is
happening now
Deployment
Replica set
Pod
Label
Rolling update
Health check
Environment variables
Secret
Resource management
Horizontal Pod Autoscaler
Namespace
Service
Ingress
Annotation
Affinity
Persistent Volume
Cron Job
Deamon Set
Job
Stateful Set
Config Map
Think ahead. Act now.
Wrap up
KubernetesDeployment, Pods, Services, Ingress, Namespaces, SecretsRepeatable, Secure, Self healing, scalable, rolling updates, rollback
Azure offeringsAKS: Managed Master + Managed IaaS for workers
AKS+ACI: Managed Kubernetes
Faster Time to Market
Wrap up
KubernetesDeployment, Pods, Services, Ingress, Namespaces, SecretsRepeatable, Secure, Self healing, scalable, rolling updates
Azure offeringsAKS: Managed Master + IaaS++ for workersAKS+ACI: Managed Kubernetes
Faster Time to Market
C5l KnulstCloud Architect
DevOps Consultant@CornellKnulst – [email protected]
http://www.solidalm.com
P4l NaberCoding Azure Architect
Microsoft Azure MVP@pascalnaber – [email protected]
http://pascalnaber.wordpress.com
https://pages.xpirit.com/magazine2018
https://github.com/pascalnaber/expertslivenl2018
16:15 – 17:15
Next generation cloud: Serverless and event driven applicationsAnders Eide