Docker managed properly: Introducing Kubernetes for ITPro’sDocker managed properly: Introducing...

Think ahead. Act now.

Docker managed properly:Introducing Kubernetes

for ITPro’sCornell Knulst@cornellknulst

Pascal Naber@pascalnaber

SERVERLESS Docker managed properly:Introducing Kubernetes for ITPro’s

Cornell Knulst & Pascal Naber

Pascal

Naber

Cornell

Knulst

WebApp

WebAPI

SQL

WebApp

Development

WebApp

Production

Frontend

Backend

Database

Once upon a time…

SQL

WebApp

Development

WebApp

Production

But times are changing…


ContainersSolves Portable

Fast Isolated

But Running Containers

in production

Is another cup of tea

WasteWaste

SERVERLESS


Frontend

Backend

SERVERLESS

SERVERLESS

Container orchestration

SERVERLESS

Container orchestrators

ClusterHigh Availability

Hyper-ScaleHybrid Operations

High Density

Rolling UpgradesStateful services

Low Latency

Fast startup &

shutdown

Container Orchestration &

lifecycle management

Replication &

FailoverLoad balancing

Self-healing

Automated Rollback

Health

MonitoringPlacement

Constraints

Microservices

Service Fabric

Orchestrators

cluster

Node(Worker)

Node(Worker)

Master

Kubernetes

Kubernetes cluster

Node(Minion)

Node(Minion)

Master

Kubernetes

K8s

OOS

Extensible

Facilitates declarative configuration and automation

Large, rapidly growing ecosystem

Κυβερνήτης -- Greek:

meaning helmsman or pilot

1 2 3 4 5 6 7 8

Hosting of Kubernetes

LocalMinikube

Docker for Windows (Edge)

Docker for Mac (Edge)

Raspberry Pi

Private datacenter

Public Cloud

GKE

EKS

AKS


Partly managed Kubernetes

Only pay for worker nodes

Upgrades managed by Azure

Workers are Managed IaaS

Azure Kubernetes Service (AKS)

Azure

Kubernetes

Kubernetes architecture

Master

API Server Scheduler

Controller Manager

Node(Minion)

etcd

kubeletKube-Proxy

cAdvisor

Pod Pod Pod

Kubectl

(CLI)

Dashboard

(UI)

REST client

(Code)


Missing pieces?

Deploy to Production


Install AKS with ARM or the Portal

Install AKS using CLI## Create resourcegroup

az group create --name clouddemo --location eastus

## Create Kubernetes cluster

az aks create -g clouddemo -n gamingcluster --generate-ssh-keys## Create Kubernetes cluster

az aks create --resource-group clouddemo

--name gamingcluster

--kubernetes-version 1.9.6

--node-vm-size Standard_DS2_v2

--node-count 3

--max-pods 1000

--enable-rbac

--enable-addons http_application_routing

--ssh-key-value "C:\repos\pascal\ssh\public.pub"

--service-principal d6e55af7-17fc-4cf5-b140-8b37729da10e

--client-secret 94bCIHcSuniCvjq9

Azure resources for AKSclouddemo

Azure resources for AKS

MC_clouddemo_gamingcluster_eastus

clouddemo


## download & install kubectl

az aks install-cli

## download credentials

az aks get-credentials --resource-group clouddemo --name gamingcluster

Post Install steps

Deployment flow

Create Docker Images

Apply K8s deployments

Push Docker Images to registry

1

2

3

Kubernetes

concepts

Pod

Group of 1 or more containers

Shared Storage

Shared Network Same IP-address and port

Pod

10.0.0.1

Storage

Pod

10.0.0.2

Storage

Port 80

Port 8080

Port 80

leaderboard-api.yaml

PodPod Pod

Replica Set

Deployment

Label: backend

Selector

Label: backend

Label: backend Label: backend

Label: backend

Selector

Label: backend

C:> kubectl apply –f leaderboard-api.yaml

C:> kubectl apply –f update.yaml

Zero-downtime deployment

Can be rolled back

Rolling updates


C:> kubectl apply –f secret.yaml

Secrets:

Base64 encoded values

Environment variables& Secrets

C:> kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt

## Create Secret to access Azure Container Registry

kubectl create secret docker-registry clouddemoimages--docker-server=https://clouddemo.azurecr.io --docker-username=clouddemo --docker-password=kD98ddl$= [email protected]

Health checkslivenessProbeIndicates whether the Container is running

Restart in case of failureContainer:

https://www.app-metrics.io/

HealthChecks libraryhttps://github.com/dotnet-architecture/HealthChecks

readinessProbeIndicates whether the Container is ready to service requests

No traffic is routed to the Pod


https://github.com/dotnet-architecture/HealthChecks

Resource Managementrequests: Minimum required resources

limits: Capped resource usage

100m = 0.1 cpu500m = 0.5 cpu

64Mi = 64 MB memory128Mi = 128 MB memory


Horizontal Pod AutoscalerRequired:

Resource requests & limitHeapster

Scaling based on

1 or multiple items

CPU

Memory

Custom Metrics


Horizontal Pod AutoscalerRequired: Resource requests & limit

Heapster

C:\kubectl get hpaNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGEautoscaler leaderboard-api 0% / 50% 1 10 1 9m





How to access

the Pods?From inside and outside the cluster


Node 1

PodLabel: backend

10.0.0.2

PodLabel: backend

10.0.0.3

Node 0

PodLabel: backend

10.0.0.1

Node 2

PodLabel: backend

10.0.0.4

PodLabel: backend

10.0.0.5

Pods are mortal

Service

Service

Type: ClusterIPSelector

Label: backend

Node 1

PodLabel: backend

10.0.0.2

Node 0

PodLabel: backend

10.0.0.1

Node 2

PodLabel: backend

10.0.0.4

PodLabel: backend

10.0.0.5

192.168.0.1

Service

Service

Type: LoadBalancerSelector

Label: backend

Node 1

PodLabel: backend

10.0.0.2

Node 0

PodLabel: backend

10.0.0.1

Node 2

PodLabel: backend

10.0.0.4

PodLabel: backend

10.0.0.5

Public ip address:

192.168.0.1

192.168.0.2

Frontend

Backend

Pod Pod Pod Pod Pod

Pod Pod Pod

Service

Type: ClusterIP

Service

Type: LoadBalancer

Public ip address:

192.168.0.1

C:> kubectl apply –f leaderboard-service.yaml

C:> kubectl apply –f gamingwebapp.yaml

192.168.0.2

192.168.0.1

Too many ip-addresses.

Now what?Or: I want to access all my services through the

same ip-address

Ingress

Pod10.0.0.1

Pod10.0.0.2

Pod10.0.0.3

Service

Type: ClusterIP

Pod10.0.0.4

Pod10.0.0.5

Pod10.0.0.6

Service

Type: ClusterIP

Pod10.0.0.7

Pod10.0.0.8

Pod10.0.0.9

Service

Type: ClusterIP

Service

Type: LoadBalancer

Public ip address:

192.168.0.1

Podquay.io/kubernetes-ingress-controller/

nginx-ingress-controller:0.15.0

Selector

Label: ingresscontroller

Label: ingresscontroller

Ingresshost: gaming.expertslive.cf

serviceName: gamingwebapp

Ingresshost: erp.expertslive.cf

serviceName: erpsvc

Ingresshost: www. expertslive.cf/crm

serviceName: crmsvc

nginx.confgaming.mydomain.com

10.0.0.1

10.0.0.2

10.0.0.3

erp.mydomain.com

10.0.0.4

10.0.0.5

10.0.0.6

/crm

10.0.0.7

10.0.0.8

10.0.0.9

Automatically generated

Label: erpLabel: frontend Label: crm

+ = Kubeflow

Azure Dev Spacesecosystem

Cert manager

Helm

Helm is a tool for managing packages of pre-configured Kubernetes resources

https://github.com/kubernetes/helm

Linkerd

Logstash

Magento

Mariadb

Mongodb

Mssql-linux

Mysql

Neo4j

Newrelic

Openvpn

Postgresql

Presto

Prometheus

Rabbitmq

Redis

Selenium

Sonarqube

Spinnaker

Sysdig

Tensorflow

Traefik

Wordpress

ArtifactoryCert-manager

Consul

Cassandra

Couchdb

Datadog

Docker-registry

Drupal

Elasticsearch

Ethereum

fluentd

Gitlab

Grafana

Hadoop

Heapster

Jenkins

Joomla

Kafka

Kibana

Kong

Kubeless

Lamp

Helm

# Download Helmhttps://github.com/kubernetes/helm/releases

# To install Tiller on the cluster run

helm init

# Get latest version of the stable charts

helm repo update

# Install a chart

helm install --name monitor stable/Prometheus

helm install --name dashboard stable/grafana -f "C:\Demos\monitoring\values.yaml"


Starts in seconds

No VM Management

Billed per second

Linux and Windows containers

Azure Container Instances (ACI)

Azure

Azure Container Instances (ACI)

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod

Pod Pod Pod

Pod Pod Pod

Kubernetes

Kubernetes cluster

Node(Minion)

Node(Minion)

Master

Kubernetes on Azure

Kubernetes cluster

Master Azure Container Instances (ACI)

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod

Pod Pod

Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod

Pod Pod

Pod Pod

The future of

infrastructure is

happening now

Deployment

Replica set

Pod

Label

Rolling update

Health check

Environment variables

Secret

Resource management

Horizontal Pod Autoscaler

Namespace

Service

Ingress

Annotation

Affinity

Persistent Volume

Cron Job

Deamon Set

Job

Stateful Set

Config Map


Wrap up

KubernetesDeployment, Pods, Services, Ingress, Namespaces, SecretsRepeatable, Secure, Self healing, scalable, rolling updates, rollback

Azure offeringsAKS: Managed Master + Managed IaaS for workers

AKS+ACI: Managed Kubernetes

Faster Time to Market

Wrap up

KubernetesDeployment, Pods, Services, Ingress, Namespaces, SecretsRepeatable, Secure, Self healing, scalable, rolling updates

Azure offeringsAKS: Managed Master + IaaS++ for workersAKS+ACI: Managed Kubernetes

Faster Time to Market

C5l KnulstCloud Architect

DevOps Consultant@CornellKnulst – [email protected]

http://www.solidalm.com

P4l NaberCoding Azure Architect

Microsoft Azure MVP@pascalnaber – [email protected]

http://pascalnaber.wordpress.com

https://pages.xpirit.com/magazine2018

https://github.com/pascalnaber/expertslivenl2018

16:15 – 17:15

Next generation cloud: Serverless and event driven applicationsAnders Eide

Docker managed properly: Introducing Kubernetes for ITPro’sDocker managed properly: Introducing...

Documents

Transcript of Docker managed properly: Introducing Kubernetes for ITPro’sDocker managed properly: Introducing...