Container Types Sequence Containers Associative Containers Adapter Classes Stack Container
KUBERNETES PATTERNS...One shot action before Pod starts Needs to be idempotent Has own resource...
Transcript of KUBERNETES PATTERNS...One shot action before Pod starts Needs to be idempotent Has own resource...
"m " fo r menu , "? " fo r o the r sho r tcu ts
KUBERNETESPATTERNS
DevoxxMorocco, 2018-11-28,Marrakesh
RolandHuß,RedHat, @ro14nd
AGENDA
KubernetesPatternsCategories:
FoundationalPatternsStructuralPatternsConfigurationalPatternsAdvancedPatterns
KUBERNETESOpenSourcecontainerorchestrationsystem
SchedulingSelf-healingHorizontalscalingServicediscoveryRolloutandRollbacks
Declarativeresource-centricRESTAPI
DesignPatterns
M i c h a e l M a n d i b e rg , CC BY - SA 2 . 0 , h t t p s : / / fl i c . k r /p / 67Cb6 Jm
DESIGNPATTERN
ADesignPatterndescribesarepeatablesolutiontoasoftwareengineeringproblem.
https://leanpub.com/k8spatterns
STRUCTUREProblemPatterns:
NameSolution
http://www.martinfowler.com/articles/writingPatterns.html
FOUNDATIONALPATTERNS
AutomatableUnit
HowcanwecreateandmanageapplicationswithKubernetes?
Pods:AtomicunitofcontainersServices:EntrypointtopodsGroupingviaLabels,Annotations,Namespaces
rhuss/log-sidecar:2.3
10.1.29.2 name:pong
version:1
rhuss/pong:1
POD
KubernetesAtomOneormorecontainerssharing:
IPandportsVolumes
EphemeralIPaddress
PODDECLARATION apiVersion: v1 kind: Pod metadata: name: pong labels: name: pong version: "1" spec: containers: - image: "rhuss/pong:1" name: pong ports: - containerPort: 8080 - image: "rhuss/log-sidecar:2.3" name: log
REPLICASETResponsibleformanagingPodsreplicas:NumberofPodcopiestokeepLabelselectorchoosesPodsHoldsatemplateforcreatingnewPods
10.1.29.3
name:pong
version:1
10.1.29.4
name:pong
version:1
name:pong
version:1Selector:
ReplicaSet
10.1.29.2
name:pong
version:1
replicas: 3
SERVICEEntrypointforasetofPodsPodschosenbyLabelselectorPermanentIPaddress
10.1.29.3
name:pong
version:1
10.1.29.4
name:pong
version:1
name:pongSelector:
10.1.29.2
name:pong
version:1
10.200.100.251
CronJob
DaemonSet ReplicaSet StatefulSet JobReplication
Controller
Pod
ServiceHorizontalPod
Autoscaler
Container
(yourcode)
PodDisruption
BudgetIngress
Volume
ConfigMapPersistent
VolumeClaimSecret
Deployment
PredictableDemands
Howcanwehandleresourcerequirementsdeterministically?
Requirementsshouldbedeclaredtohelpin:
MatchinginfrastructureservicesSchedulingdecisionsCapacityplanning
RUNTIMEDEPENDENCIES
PersistentVolumesHostportsConfigurationviaConfigMapsandSecrets
RESOURCEPROFILESResources:
CPU,Network(compressible)Memory(incompressible)
App:DeclarationofresourcerequestsandlimitsPlatform:Resourcequotasandlimitranges
apiVersion: v1kind: Podmetadata: name: http-serverspec: containers: - image: nginx name: nginx resources: requests: cpu: 200m memory: 100Mi limits: cpu: 300m memory: 200Mi
QOSCLASSESBestEffort
Norequestsorlimits
Burstablerequests<limits
Guaranteedrequests==limits
DeclarativeDeployment
Howcanapplicationsbedeployedandupdated?
DeclarativeversusImperativedeploymentVariousupdatestrategies
DEPLOYMENTHoldstemplateforPodCreatesReplicaSetontheflyAllowsrollbackUpdatestrategiesdeclarableInspiredbyDeploymentConfigfromOpenShift
ROLLING
v1.0 v1.0 v1.0
Service
v1.1 v1.1
FIXED
v1.0 v1.0 v1.0
Service
v1.1 v1.1 v1.1
CANARY
v1.0 v1.0 v1.0
Service
v1.1
BLUE-GREEN
v1.0 v1.0 v1.0
Service
v1.1 v1.1 v1.1
SUMMARY
time
instances
time
instances
time
instances
time
instances
RollingDeployment RecreateDeployment
Blue-GreenRelease CanaryRelease
0…1capacity
2xcapacity
STRUCTURALPATTERNS
Initializer
HowcanIinitializemycontainerizedapplications?
Initcontainer:PartofaPodOneshotactionbeforePodstartsNeedstobeidempotentHasownresourcerequirements
Pod
app containers
init containers
Container Container Container
Container Container
Sidecar
HowcanIextendthefunctionalityofanexistingcontainer?
RuntimecollaborationofcontainersConnectedviasharedresources:
NetworkVolumes
Pod
Sidecar
git
Main Container
node.js
Disk
Ambassador
Howtodecoupleacontainer'saccesstotheoutsideworld?
AlsoknownasProxySpecializationofaSidecarE.g.infrastructureservices
CircuitbreakerTracing
Pod
localhost
Container
memcached
Container
python
Adapter
Howtodecoupleaccesstoacontainerfromtheoutsideworld?
OppositeofAmbassadorUniformaccesstoapplicationExamples:
MonitoringLogging
Pod
Sidecar
monitoring
Main Container
java
Disk
CONFIGURATIONALPATTERNS
Howcanapplicationsbeconfiguredfordifferentenvironments?
EnvVarConfigurationUniversalapplicableRecommendedbytheTwelveFactorAppmanifestoCanbeonlysetduringstartupofapplication
kind: Podspec: containers: - env: - name: DB_HOST value: "prod-database.prod.intranet" - name: DB_PASSWORD valueFrom: secretKeyRef: name: "db-passwords" key: "monogdb.password" - name: DB_USER valueFrom: configMapKeyRef: name: "db-users" key: "mongodb.user" image: acme/bookmark-service:1.0.4
ConfigurationResource
ConfigMapandSecret:IntrinisicK8sresourcesCanbeusedintwoways:
ReferenceforenvironmentvariablesFilesmappedtoavolume
kind: ConfigMapmetadata: name: spring-boot-configdata: JAVA_OPTIONS: "-Xmx512m" application.properties: | welcome.message=Hello !!! server.port=8080
kind: Podspec: containers: - name: web volumeMounts: - name: config-volume mountPath: /etc/config # ... volumes: - name: config-volume configMap: name: spring-boot-config
ConfigurationTemplate
ConfigMapnotsuitableforlargeconfigurationManagingsimilarconfigurationIngredients:
Init-containerwithtemplateprocessorandtemplatesParametersfromaConfigMapVolume
CONFIGURATIONTEMPLATE
Pod
app container
init-container
Template Processor
Application
emptyDir volume
config-map volume
Configuration Files
Template ParametersConfiguration
Templates
DISCUSSIONGoodforlarge,similarconfigurationsetsperenvironmentParameterisationviaConfigMapseasyMorecomplex
ImmutableConfiguration
ConfigurationisputintoacontaineritselfConfigurationcontainerislinkedtoapplicationcontainerduringruntime
CONTAINERVOLUMES
app container
Application
config container
Configuration Files
/config /configVolumemount
NotdirectlysupportedbyK8sdocker-flexvol:K8sFlexVolumedriverforDockervolumes
kind: Podmetadata: name: nginxspec: containers: - name: nginx image: nginx volumeMounts: - name: test mountPath: /data ports: - containerPort: 80 volumes: - name: test flexVolume: driver: "dims.io/docker-flexvol" options: image: "my-container-image" name: "/data-store"
INITIALIZER
Pod
app container init-container
Configuration ImageApplication
emptyDir volume
Configuration Files
/var/config /config
mount©mount&use
Dockerfileforinitcontainer:
Buildconfigimage:
FROM busybox
ADD dev.properties /config-src/demo.properties# ... add more to /config-src
# Using a shell here in order to resolve wildcardsENTRYPOINT [ "sh", "-c", \ "cp /config-src/* $1", "--" ]
docker build -t k8spatterns/config-dev:1 .
spec: initContainers: - image: k8spatterns/config-dev:1 name: init args: - "/config" volumeMounts: - mountPath: "/config" name: config-directory containers: - image: k8spatterns/demo:1 name: demo volumeMounts: - mountPath: "/config" name: config-directory volumes: - name: config-directory emptyDir: {}
DISCUSSIONImmutableConfiguration...
canbeversionedcanbedistributedviaaregistryisimmutablecanbearbitrarylarge
ParameterisationviaOpenShiftTemplates
ADVANCEDPATTERNS
Controller
HowcanIextendtheplatformitselfwithoutchangingit?
WatchingresourcesbyregisteringforKuberneteseventsReactingonchangesinresourcedeclarations
CONTROLLERManagedpodlisteningforKubernetesAPIeventsStateReconciliation:Makethecurrentstatelikethedeclareddesiredstate
CATEGORIESExtensionController:ExtendtheKubernetesplatformitselfApplicationController:CombineKuberneteswithanapplicationspecificdomain
Operator
HowcanIintroducedomainspecificresourcesandreactonthem?
CustomResourceDefinition(CRD)managedbyKubernetesAccessibleviatheKubernetesAPIWatchedbyControllers
EXAMPLECRDapiVersion: apiextensions.k8s.io/v1beta1kind: CustomResourceDefinitionmetadata: name: prometheuses.monitoring.coreos.comspec: group: monitoring.coreos.com names: kind: Prometheus plural: prometheuses scope: Namespaced version: v1 validation: ....
EXAMPLECRDapiVersion: monitoring.coreos.com/v1kind: Prometheusmetadata: name: prometheusspec: serviceMonitorSelector: matchLabels: team: frontend resources: requests: memory: 400Mi
OPERATORFRAMEWORK
OperatorSDKScaffoldingforaGolangOperatorProjectHighlevelabstractionforobservingeventsMarshallingofcustomresources
OperatorLifecycleManagerOperatorMetering
SPECTRUMOperator with CRD
ExtensionController ApplicationController
Expose Controller
ConfigMap Controller
etcd Operator
Prometheus Operator
EAI Operator
QUESTIONS?
Twitter ro14nd
Book https://leanpub.com/k8spatterns
Slides https://github.com/ro14nd-talks/kubernetes-patterns
https://leanpub.com/k8spatterns