more tips and tricks for running containers like a pro - rancher online meetup - february 2017

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

More Tips and Tricks for Running Containers like a ProFebruary 28, 2017

#ranchermeetup

© 2017 Rancher Labs, Inc.2 © 2017 Rancher Labs, Inc .

Shannon WilliamsCo-Founder/VP Sales @smw355

Darren ShepherdCo-Founder/Chief Architect @ibuildthecloudFreenode: darren0

#ranchermeetup

© 2017 Rancher Labs, Inc.3 © 2017 Rancher Labs, Inc .

Rajashree MandaoganeSoftware EngineerRancher Labs @rajashree_28

#ranchermeetup

Bill MaxwellSr. Devops LeadRancher Labs @cloudnautique

© 2017 Rancher Labs, Inc.4 © 2017 Rancher Labs, Inc .

Sidhartha ManiSoftware EngineerRancher Labs @utter_babbage

#ranchermeetup

Raul SanchezSr. Field EngineerRancher Labs @rawmindNet

© 2017 Rancher Labs, Inc.5 © 2017 Rancher Labs, Inc .

First things first…

This is a not a !

#ranchermeetup

© 2017 Rancher Labs, Inc.6 © 2017 Rancher Labs, Inc .

There are rules for a meetup!• We won’t be done on time• Questions are always welcome• Demo, then demo some more• Things will break, be patient

#ranchermeetup

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .7

Join the conversation on Twitter #ranchermeetup

© 2017 Rancher Labs, Inc.8 © 2017 Rancher Labs, Inc .

Agenda• Integrated Secrets Management – Bill • Autoscaling with Rancher webhooks – Rajashree • Hand-on with Traefik – Raul • Using the Kubernetes Dashboard and Helm – Sidhartha• Latest Releases – Darren

#ranchermeetup

© 2017 Rancher Labs, Inc.9 © 2017 Rancher Labs, Inc .

Rancher Labs

#ranchermeetup

An open-source software platform for managing containers

A minimalist OS built explicitly to run Docker

© 2017 Rancher Labs, Inc.10

A complete container management platform that makes it easy to…

INNOVATE WITH CONTAINERSwithout compromising flexibility by empowering developers with fast access

to the latest tools

MANAGE APPLICATIONSby simplifying day to day application lifecycle management

RUN CONTAINERSwith the most complete set of container and infrastructure management capabilities

Production ready✔ 20 million+ downloads

✔ Open platform for innovating

✔ Easy to use interface

✔ Multi-tenant

✔ Role based access

✔ 24X7 support

✔ And more….

© 2017 Rancher Labs, Inc.11

Complete Container Management Platform

Application Catalog

Container Orchestration and SchedulingUser MgmtRBAC

AD/LDAPSAML

Ops MgmtCI/CD

RegistriesMonitoring

Networking

Multi-tenant Environments

Environment 1 Environment N

Infrastructure Services

Storage

……. ..Environment 2

Security DNS/LB

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

#ranchermeetup

Tips, Tricks and Tools for Running Containers Like a Pro

© 2017 Rancher Labs, Inc.13 © 2017 Rancher Labs, Inc .

https://youtu.be/ZovLwCvb2Is

© 2017 Rancher Labs, Inc.14 © 2017 Rancher Labs, Inc .

Integrated Secrets Management

© 2017 Rancher Labs, Inc.

New Components

© 2017 Rancher Labs, Inc.

Secrets Creation Flow

© 2017 Rancher Labs, Inc.

Secret Container Flow

© 2017 Rancher Labs, Inc.

Lock down the local key at rest. Vault:

Support storing secrets in Vault secrets backend.

Long Term improvements Signing Public Keys Create and deploy Vault tokens.

Road to GA

© 2017 Rancher Labs, Inc.

Docs: http://docs.rancher.com/rancher/v1.4/en/cattle/secrets/

Repos: Github.com/rancher/secrets-api Github.com/rancher/secrets-flexvol

Resources

© 2017 Rancher Labs, Inc.20 © 2017 Rancher Labs, Inc .

Demo

#ranchermeetup

© 2017 Rancher Labs, Inc.21 © 2017 Rancher Labs, Inc .

Scaling in Rancher with Webhooks

• Scaling of services• Scaling of hosts• Upgrading services

based on Docker Hub webhooks

© 2017 Rancher Labs, Inc.

Autoscaling using webhooks• Create webhooks for scaling up/down a service• Configure an external service to monitor it,

example Prometheus• Prometheus raises alerts and triggers

configured webhooks• Webhook-service handles scaling

© 2017 Rancher Labs, Inc.

Webhooks for service upgrade• Add receiver hook to use as a Docker Hub

webhook for an image• When any tag of the image is pushed, webhook

is triggered• Webhook-service upgrades all services based

on service selectors used while creating receiver hook

© 2017 Rancher Labs, Inc.24 © 2017 Rancher Labs, Inc .

Demo

#ranchermeetup

© 2017 Rancher Labs, Inc.25 © 2017 Rancher Labs, Inc .

Hands on with Træfik

• Træfik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Architecture

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Internal Logic

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Static config# traefik.tomllogLevel = "INFO"traefikLogsFile = "/opt/traefik/log/traefik.log"accessLogsFile = "/opt/traefik/log/access.log"defaultEntryPoints = ["http", "https"][entryPoints] [entryPoints.http] address = ":8080" [entryPoints.https] address = ":8443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/opt/traefik/certs/traefik.crt" keyFile = "/opt/traefik/certs/traefik.key"[web]address = ":8000"[file]filename = "/opt/traefik/etc/rules.toml"watch = true

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Dynamic config

[backends] [backends.web-test__webtest] [backends.web-test__webtest.circuitbreaker] expression = "NetworkErrorRatio() > 0.5" [backends.web-test__webtest.LoadBalancer] method = "drr" [backends.web-test__webtest.servers.webtest-web-test-1] url = "http://10.42.115.5:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-2] url = "http://10.42.90.235:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-3] url = "http://10.42.251.194:8080" weight = 0[frontends] [frontends.web-test__webtest] backend = "web-test__webtest" passHostHeader = true priority = 5 [frontends.web-test__webtest.routes.service] rule = "Host:webtest.local,test2.local,test3.local;"

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Catalog

- Admin ui- http and https ports- Deploy by host label- https and sticky bit support- Letsencrypt (ACME) support- Autoconfig by services labels

TODO- Rancher internal certs and sni- Real time backend update and traefik built in supporthttps://github.com/containous/traefik/pull/1173Will be included in traefik release v1.2.0-rc2

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Catalog

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Service labels- traefik.enable = <true | stack | false> - true: the service will be published as *service_name.stack_name.traefik_domain* - stack: the service will be published as *stack_name.domain*. WARNING of collisions - false: the service will not be published- traefik.priority = <priority> # Override for frontend priority. 5 by default- traefik.protocol = <http | https> # Override the default http protocol- traefik.sticky = <true | false> # Enable/disable sticky sessions to the backend- traefik.alias = <alias> # Alternate names to route rule. traefik.domain is appended- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. traefik.domain is not appended.- traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by ","- traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by ","- traefik.port = <port> # port to expose throught traefik- traefik.acme = < true | false > # Enable/disable ACME traefik feature- traefik.path = < path > # Path rule. Multiple values separated by ","- traefik.path.strip = < path > # Path strip rule. Multiple values separated by ","- traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by ","- traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by ","

WARNING: Only services with healthy state are added to traefik, so health checks are mandatory.

© 2017 Rancher Labs, Inc.33 © 2017 Rancher Labs, Inc .

Demo

#ranchermeetup

© 2017 Rancher Labs, Inc.34 © 2017 Rancher Labs, Inc .

Using the Kubernetes Dashboard and Helm

© 2017 Rancher Labs, Inc.35 © 2017 Rancher Labs, Inc .

Kubernetes Dashboard• Web based Kubernetes control UI• Deploy applications• Provides overview of various Kubernetes resources• Provides a log viewer for easy debugging

#ranchermeetup

© 2017 Rancher Labs, Inc.36 © 2017 Rancher Labs, Inc .

Kubernetes Helm• Package manager for Kubernetes• Supports private repositories• Search for packages• Configure and Install packages• Delete packages

#ranchermeetup

© 2017 Rancher Labs, Inc.37 © 2017 Rancher Labs, Inc .

Demo

#ranchermeetup

© 2017 Rancher Labs, Inc.38 © 2017 Rancher Labs, Inc .

Latest Release

Rancher 1.4 – February 4, 2017

Key Features:- Kubernetes Dashboard & Helm- Webhooks- Network Policies- Multi-IP Host Scheduling- Secrets Management (Experimental)

© 2017 Rancher Labs, Inc.39 © 2017 Rancher Labs, Inc .

Next ReleasesRancher 1.5 – Early March

Key features:- Catalog Enhancements – Ability to add catalogs per environment- Additional Webhooks – Host scaling, service redeploy- Additional Network Policies – Enhances network policies to support services that are linked- API Interceptor – Admins can now configure pre and post filter hooks into Rancher API requests- Metadata Refactoring – Improvements to allow increased environment scaling

© 2017 Rancher Labs, Inc.40 © 2017 Rancher Labs, Inc .

Getting StartedRancher and RancherOS are in GitHub – Get Involved!

#ranchermeetup

http://github.com/rancher

© 2017 Rancher Labs, Inc.41 © 2017 Rancher Labs, Inc .

Even better - try.rancher.com…

© 2017 Rancher Labs, Inc.42 © 2017 Rancher Labs, Inc .

Then join a free training class…

http://rancher.com/training

© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .

Thank yourancher.com

#ranchermeetup