kubernetes patterns...one shot action before pod starts needs to be idempotent has own resource...
TRANSCRIPT
"m " fo r menu , "? " fo r o the r sho r tcu ts
KUBERNETESPATTERNS
DevoxxMorocco, 2018-11-28,Marrakesh
RolandHuß,RedHat, @ro14nd
AGENDA
KubernetesPatternsCategories:
FoundationalPatternsStructuralPatternsConfigurationalPatternsAdvancedPatterns
KUBERNETESOpenSourcecontainerorchestrationsystem
SchedulingSelf-healingHorizontalscalingServicediscoveryRolloutandRollbacks
Declarativeresource-centricRESTAPI
DesignPatterns
M i c h a e l M a n d i b e rg , CC BY - SA 2 . 0 , h t t p s : / / fl i c . k r /p / 67Cb6 Jm
DESIGNPATTERN
ADesignPatterndescribesarepeatablesolutiontoasoftwareengineeringproblem.
https://leanpub.com/k8spatterns
STRUCTUREProblemPatterns:
NameSolution
http://www.martinfowler.com/articles/writingPatterns.html
FOUNDATIONALPATTERNS
AutomatableUnit
HowcanwecreateandmanageapplicationswithKubernetes?
Pods:AtomicunitofcontainersServices:EntrypointtopodsGroupingviaLabels,Annotations,Namespaces
rhuss/log-sidecar:2.3
10.1.29.2 name:pong
version:1
rhuss/pong:1
POD
KubernetesAtomOneormorecontainerssharing:
IPandportsVolumes
EphemeralIPaddress
PODDECLARATION apiVersion: v1 kind: Pod metadata: name: pong labels: name: pong version: "1" spec: containers: - image: "rhuss/pong:1" name: pong ports: - containerPort: 8080 - image: "rhuss/log-sidecar:2.3" name: log
REPLICASETResponsibleformanagingPodsreplicas:NumberofPodcopiestokeepLabelselectorchoosesPodsHoldsatemplateforcreatingnewPods
10.1.29.3
name:pong
version:1
10.1.29.4
name:pong
version:1
name:pong
version:1Selector:
ReplicaSet
10.1.29.2
name:pong
version:1
replicas: 3
SERVICEEntrypointforasetofPodsPodschosenbyLabelselectorPermanentIPaddress
10.1.29.3
name:pong
version:1
10.1.29.4
name:pong
version:1
name:pongSelector:
10.1.29.2
name:pong
version:1
10.200.100.251
CronJob
DaemonSet ReplicaSet StatefulSet JobReplication
Controller
Pod
ServiceHorizontalPod
Autoscaler
Container
(yourcode)
PodDisruption
BudgetIngress
Volume
ConfigMapPersistent
VolumeClaimSecret
Deployment
PredictableDemands
Howcanwehandleresourcerequirementsdeterministically?
Requirementsshouldbedeclaredtohelpin:
MatchinginfrastructureservicesSchedulingdecisionsCapacityplanning
RUNTIMEDEPENDENCIES
PersistentVolumesHostportsConfigurationviaConfigMapsandSecrets
RESOURCEPROFILESResources:
CPU,Network(compressible)Memory(incompressible)
App:DeclarationofresourcerequestsandlimitsPlatform:Resourcequotasandlimitranges
apiVersion: v1kind: Podmetadata: name: http-serverspec: containers: - image: nginx name: nginx resources: requests: cpu: 200m memory: 100Mi limits: cpu: 300m memory: 200Mi
QOSCLASSESBestEffort
Norequestsorlimits
Burstablerequests<limits
Guaranteedrequests==limits
DeclarativeDeployment
Howcanapplicationsbedeployedandupdated?
DeclarativeversusImperativedeploymentVariousupdatestrategies
DEPLOYMENTHoldstemplateforPodCreatesReplicaSetontheflyAllowsrollbackUpdatestrategiesdeclarableInspiredbyDeploymentConfigfromOpenShift
ROLLING
v1.0 v1.0 v1.0
Service
v1.1 v1.1
FIXED
v1.0 v1.0 v1.0
Service
v1.1 v1.1 v1.1
CANARY
v1.0 v1.0 v1.0
Service
v1.1
BLUE-GREEN
v1.0 v1.0 v1.0
Service
v1.1 v1.1 v1.1
SUMMARY
time
instances
time
instances
time
instances
time
instances
RollingDeployment RecreateDeployment
Blue-GreenRelease CanaryRelease
0…1capacity
2xcapacity
STRUCTURALPATTERNS
Initializer
HowcanIinitializemycontainerizedapplications?
Initcontainer:PartofaPodOneshotactionbeforePodstartsNeedstobeidempotentHasownresourcerequirements
Pod
app containers
init containers
Container Container Container
Container Container
Sidecar
HowcanIextendthefunctionalityofanexistingcontainer?
RuntimecollaborationofcontainersConnectedviasharedresources:
NetworkVolumes
Pod
Sidecar
git
Main Container
node.js
Disk
Ambassador
Howtodecoupleacontainer'saccesstotheoutsideworld?
AlsoknownasProxySpecializationofaSidecarE.g.infrastructureservices
CircuitbreakerTracing
Pod
localhost
Container
memcached
Container
python
Adapter
Howtodecoupleaccesstoacontainerfromtheoutsideworld?
OppositeofAmbassadorUniformaccesstoapplicationExamples:
MonitoringLogging
Pod
Sidecar
monitoring
Main Container
java
Disk
CONFIGURATIONALPATTERNS
Howcanapplicationsbeconfiguredfordifferentenvironments?
EnvVarConfigurationUniversalapplicableRecommendedbytheTwelveFactorAppmanifestoCanbeonlysetduringstartupofapplication
kind: Podspec: containers: - env: - name: DB_HOST value: "prod-database.prod.intranet" - name: DB_PASSWORD valueFrom: secretKeyRef: name: "db-passwords" key: "monogdb.password" - name: DB_USER valueFrom: configMapKeyRef: name: "db-users" key: "mongodb.user" image: acme/bookmark-service:1.0.4
ConfigurationResource
ConfigMapandSecret:IntrinisicK8sresourcesCanbeusedintwoways:
ReferenceforenvironmentvariablesFilesmappedtoavolume
kind: ConfigMapmetadata: name: spring-boot-configdata: JAVA_OPTIONS: "-Xmx512m" application.properties: | welcome.message=Hello !!! server.port=8080
kind: Podspec: containers: - name: web volumeMounts: - name: config-volume mountPath: /etc/config # ... volumes: - name: config-volume configMap: name: spring-boot-config
ConfigurationTemplate
ConfigMapnotsuitableforlargeconfigurationManagingsimilarconfigurationIngredients:
Init-containerwithtemplateprocessorandtemplatesParametersfromaConfigMapVolume
CONFIGURATIONTEMPLATE
Pod
app container
init-container
Template Processor
Application
emptyDir volume
config-map volume
Configuration Files
Template ParametersConfiguration
Templates
DISCUSSIONGoodforlarge,similarconfigurationsetsperenvironmentParameterisationviaConfigMapseasyMorecomplex
ImmutableConfiguration
ConfigurationisputintoacontaineritselfConfigurationcontainerislinkedtoapplicationcontainerduringruntime
CONTAINERVOLUMES
app container
Application
config container
Configuration Files
/config /configVolumemount
NotdirectlysupportedbyK8sdocker-flexvol:K8sFlexVolumedriverforDockervolumes
kind: Podmetadata: name: nginxspec: containers: - name: nginx image: nginx volumeMounts: - name: test mountPath: /data ports: - containerPort: 80 volumes: - name: test flexVolume: driver: "dims.io/docker-flexvol" options: image: "my-container-image" name: "/data-store"
INITIALIZER
Pod
app container init-container
Configuration ImageApplication
emptyDir volume
Configuration Files
/var/config /config
mount©mount&use
Dockerfileforinitcontainer:
Buildconfigimage:
FROM busybox
ADD dev.properties /config-src/demo.properties# ... add more to /config-src
# Using a shell here in order to resolve wildcardsENTRYPOINT [ "sh", "-c", \ "cp /config-src/* $1", "--" ]
docker build -t k8spatterns/config-dev:1 .
spec: initContainers: - image: k8spatterns/config-dev:1 name: init args: - "/config" volumeMounts: - mountPath: "/config" name: config-directory containers: - image: k8spatterns/demo:1 name: demo volumeMounts: - mountPath: "/config" name: config-directory volumes: - name: config-directory emptyDir: {}
DISCUSSIONImmutableConfiguration...
canbeversionedcanbedistributedviaaregistryisimmutablecanbearbitrarylarge
ParameterisationviaOpenShiftTemplates
ADVANCEDPATTERNS
Controller
HowcanIextendtheplatformitselfwithoutchangingit?
WatchingresourcesbyregisteringforKuberneteseventsReactingonchangesinresourcedeclarations
CONTROLLERManagedpodlisteningforKubernetesAPIeventsStateReconciliation:Makethecurrentstatelikethedeclareddesiredstate
CATEGORIESExtensionController:ExtendtheKubernetesplatformitselfApplicationController:CombineKuberneteswithanapplicationspecificdomain
Operator
HowcanIintroducedomainspecificresourcesandreactonthem?
CustomResourceDefinition(CRD)managedbyKubernetesAccessibleviatheKubernetesAPIWatchedbyControllers
EXAMPLECRDapiVersion: apiextensions.k8s.io/v1beta1kind: CustomResourceDefinitionmetadata: name: prometheuses.monitoring.coreos.comspec: group: monitoring.coreos.com names: kind: Prometheus plural: prometheuses scope: Namespaced version: v1 validation: ....
EXAMPLECRDapiVersion: monitoring.coreos.com/v1kind: Prometheusmetadata: name: prometheusspec: serviceMonitorSelector: matchLabels: team: frontend resources: requests: memory: 400Mi
OPERATORFRAMEWORK
OperatorSDKScaffoldingforaGolangOperatorProjectHighlevelabstractionforobservingeventsMarshallingofcustomresources
OperatorLifecycleManagerOperatorMetering
SPECTRUMOperator with CRD
ExtensionController ApplicationController
Expose Controller
ConfigMap Controller
etcd Operator
Prometheus Operator
EAI Operator
QUESTIONS?
Twitter ro14nd
Book https://leanpub.com/k8spatterns
Slides https://github.com/ro14nd-talks/kubernetes-patterns
https://leanpub.com/k8spatterns