using kubernetes to lose your fear of using containers

Using kubernetes to loseyour fear of using containers

Jose Fuentes - jfuentes@bitnami.com

Toolchain Engineer

@_jsfuentes

Kubernetes

- Run containers on a cluster

- Automatic deployment

- Scaling

- Designed for failure

Health checking

And other cool features

Manage containerized application

Load balancing

Rolling updates

Replication

Kubernetes

- Run containers on a cluster

- Automatic deployment

- Scaling

- Designed for failure

Health checking

And other cool features

Manage containerized application

Load balancing

Rolling updates

Replication

Implies a contract with the applicationImplies a contract with the application

It sounds interesting. Tell me more.

- Must-know concepts for understanding kubernetes

- How my app should be to take advantage of all the features

- And some other interesting things for operating apps with k8s

log management debugging

health checking failure recovery

monitoring metering

updating

Must-know concepts

Architecturekubectl

Master

Controller Manager

Scheduler

etcd

Kubernetes APIMinion

docker engine

pod

kube-proxykubelet

pod

Minion

docker engine

pod

kube-proxykubelet

pod

firewall/loadbalancer/

proxy

Top view

Minion 1- Collection containers

- Unit of scheduling and replication

- Ephemeral, not durable

- They’re replaced, not resurrected

- Containers in the same pod share:- PIDs- Network- Hostname

Kubernetes Master

Pod Container A Container B

Minion 2

Minion 1

Pod PodContainer C Container D

ComponentsPods

-

-

-

-

Services Types

You can’t communicate with pods directly

ComponentsServices

services allows to route traffic to a set of pods

http://railsapp:3000

Minion 1

kube-proxy

pod

Minion 2

kube-proxy

pod

serviceCloud ProviderLoadBalancer

-

-

-

-

Services Types

You can’t communicate with pods directly

ComponentsServices

services allows to route traffic to a set of pods

Minion 1

kube-proxy

pod

Minion 2

kube-proxy

pod

http://minion1:3000 http://minion2:3000

-

-

-

-

Services Types

You can’t communicate with pods directly

ComponentsServices

services allows to route traffic to a set of pods

Minion 1

kube-proxy

pod

Minion 2

kube-proxy

pod

serviceCloud ProviderLoadBalancer

http://<public IP>

-

-

-

-

Services Types

You can’t communicate with pods directly

ComponentsServices

services allows to route traffic to a set of podsExternalName

external.service.com

internalname

- Arbitrary metadata attached to any object

- key-value pairs

- Relevant attributes for users

- Allows to organize objects in the cluster

Labels

Selectors

- Identify a set of objects based on labels values

app: myapprole: webbranch: prod

app: myapprole: dbbranch: prod

app: myapprole: webbranch: dev

app: myapprole: dbbranch: dev

branch == prod branch == dev

Labels and selectors

ExampleServiceLoadBalancer

Pod

:80

Containerweb

:3000

ServiceClusterIP

Pod

Containermongo

:27017

:27017

ExampleServiceLoadBalancer

Pod

:80

Containerweb

:3000

ServiceClusterIP

Pod

Containermongo

:27017

:27017

CLI and UI

- Manage several clusters and contexts

- Get cluster info: nodes, pods, services, deployments

- Deploy/delete stuff

- Scale up/down (replicas)

- Interact with containers

- See logs

- Create tunnels (port forwarding)

Kubectl CLI http://kubernetes.io/docs/user-guide/docker-cli-to-kubectl/

Kubectl UI (dashboard) http://kubernetes.io/docs/user-guide/ui/

It runs in a pod!

How an app should be to work well on k8s

Let me tell you a secret...

Kubernetes is not for everybody

WishlistRestart should not be a pain

Your app is gonna be restarted often, so… stay prepared for that

- Start fast

- Don't cook assets at boot time

- Don't lose data on reboots

WishlistData should be separated

Your app should be stateless.

The state should be stored apart.

uploaded files

sessions info

plugins

jobs

Oh man, that's easy. I mount a volume for my mariaDB and I am done.

It is not just the DB

WishlistData schema compatible across versions

- That's not possible...- Well… at least do changes in a clever way

- Temporary maintain datastore compatible with two versions

- B/C changes

- Intermediate migrations

- Make logic to adapt API requests to the new format

Example: Drupal blog

Database

Web server

Drupal php code v8.1 plugin

Web server

Drupal php code v8.2

Web server

Drupal php code v8.1 plugin

Example: Drupal blog

Database

Web server

Drupal php code v8.1

Web server

Drupal php code v8.2

External volume

Web server

Drupal php code v8.1

plugin

Underlying infrastructure

A pet server

-You instantiated it time ago

-Then you manually installed thing you needed there

-You ssh it often because you like to manually check things there

-Eventually you go there and do some manual work to install

something

-Now you have an adorable pet that you really worry about

because it's something unique

We want cattle servers

They are almost identicalEasily replaceable

DON'T SSH

Manos a la obra!

Our app

Containerweb

:3000

Containermongo

:27017

josefuentes/todolist docker build + docker push

bitnami/mongodb

Container images

Our appDeployment info for kubernetes Service

LoadBalancer

Pod

:80

Containerweb

:3000

ServiceClusterIP

Pod

Containermongo

:27017

:27017

- Be aware of your app limitations

tier=web

tier=db

- Be tidy, use labels

- Be precise, set probes

replicas high availability configs

info stored in host

- If you know very well your app, limit the resources

DebugGimme a shell!!!

List the pods

Use exec

kubectl get pods

kubectl exec -ti <mypod> -c <container> bash

DebugSee logs

Use logskubectl logs <mypod> -c <container>

TIP: use -fkubectl logs -f <mypod> -c <container>

DebugForward a port

Use logskubectl logs <mypod> -c <container>

TIP: use -fkubectl port-forward <mypod> [local_port:]remote_port

Metering resources

Failure recovery

Inside pods -> restart policies

In machines -> pods reallocation

PodContainer 1 Container 2

RestartPolicy: Always

PodContainer 2Container 1

PodContainer 2Container 1

PodContainer 1 Container 2

RestartPolicy: Never

PodContainer 2Container 1

PodContainer 2Container 1

Failed

Failure recovery

PodContainer 1 Container 2

PodContainer 2Container 1

PodContainer 2Container 1

PodContainer 2Container 1

Successful

RestartPolicy: OnFailure

Failure recovery

PodContainer 1 Container 2

PodContainer 2Container 1

PodContainer 2Container 1

Failed

PodContainer 2Container 1

Successful

RestartPolicy: Never

Failure recovery

Scalereplicas

Several instances of a pod

- Same configuration

- Normally on different machines

- LoadBalancing

- Better redundancy

Scalereplicas

There are many ways of scaling your app.

It is important how do you design your pods

Pod

Apache Express

Pod

mongoDBServiceDB

Scalereplicas

There are many ways of scaling your app.

It is important how do you design your pods

Pod

mongoDBServiceDB

Pod

Apache Express

Pod

Apache Express

Scalereplicas

There are many ways of scaling your app.

It is important how do you design your pods

Pod

mongoDBServiceDB

Pod

Express

Pod

Apache

Pod

Apache

Advanced log monitoring

http://kubernetes.io/docs/getting-started-guides/logging-elasticsearch/

Pods are ephemeral -> logs are not going to be there forever

Solution -> log live ingestion

Pod

Podversion=1

Podversion=1

Podversion=1

Podversion=1

ServiceLoadBalancer

Podversion=2

Podversion=2

$ kubectl set image deploy <your deploy> <container>=<image>

Rolling out new features

Thank You