using kubernetes to lose your fear of using containers
TRANSCRIPT
Using kubernetes to loseyour fear of using containers
Jose Fuentes - [email protected]
Toolchain Engineer
@_jsfuentes
Kubernetes
- Run containers on a cluster
- Automatic deployment
- Scaling
- Designed for failure
Health checking
And other cool features
Manage containerized application
Load balancing
Rolling updates
Replication
Kubernetes
- Run containers on a cluster
- Automatic deployment
- Scaling
- Designed for failure
Health checking
And other cool features
Manage containerized application
Load balancing
Rolling updates
Replication
Implies a contract with the applicationImplies a contract with the application
It sounds interesting. Tell me more.
- Must-know concepts for understanding kubernetes
- How my app should be to take advantage of all the features
- And some other interesting things for operating apps with k8s
log management debugging
health checking failure recovery
monitoring metering
updating
Must-know concepts
Architecturekubectl
Master
Controller Manager
Scheduler
etcd
Kubernetes APIMinion
docker engine
pod
kube-proxykubelet
pod
Minion
docker engine
pod
kube-proxykubelet
pod
firewall/loadbalancer/
proxy
Top view
Minion 1- Collection containers
- Unit of scheduling and replication
- Ephemeral, not durable
- They’re replaced, not resurrected
- Containers in the same pod share:- PIDs- Network- Hostname
Kubernetes Master
Pod Container A Container B
Minion 2
Minion 1
Pod PodContainer C Container D
ComponentsPods
-
-
-
-
Services Types
You can’t communicate with pods directly
ComponentsServices
services allows to route traffic to a set of pods
http://railsapp:3000
Minion 1
kube-proxy
pod
Minion 2
kube-proxy
pod
serviceCloud ProviderLoadBalancer
-
-
-
-
Services Types
You can’t communicate with pods directly
ComponentsServices
services allows to route traffic to a set of pods
Minion 1
kube-proxy
pod
Minion 2
kube-proxy
pod
http://minion1:3000 http://minion2:3000
-
-
-
-
Services Types
You can’t communicate with pods directly
ComponentsServices
services allows to route traffic to a set of pods
Minion 1
kube-proxy
pod
Minion 2
kube-proxy
pod
serviceCloud ProviderLoadBalancer
http://<public IP>
-
-
-
-
Services Types
You can’t communicate with pods directly
ComponentsServices
services allows to route traffic to a set of podsExternalName
external.service.com
internalname
- Arbitrary metadata attached to any object
- key-value pairs
- Relevant attributes for users
- Allows to organize objects in the cluster
Labels
Selectors
- Identify a set of objects based on labels values
app: myapprole: webbranch: prod
app: myapprole: dbbranch: prod
app: myapprole: webbranch: dev
app: myapprole: dbbranch: dev
branch == prod branch == dev
Labels and selectors
ExampleServiceLoadBalancer
Pod
:80
Containerweb
:3000
ServiceClusterIP
Pod
Containermongo
:27017
:27017
ExampleServiceLoadBalancer
Pod
:80
Containerweb
:3000
ServiceClusterIP
Pod
Containermongo
:27017
:27017
CLI and UI
- Manage several clusters and contexts
- Get cluster info: nodes, pods, services, deployments
- Deploy/delete stuff
- Scale up/down (replicas)
- Interact with containers
- See logs
- Create tunnels (port forwarding)
Kubectl CLI http://kubernetes.io/docs/user-guide/docker-cli-to-kubectl/
Kubectl UI (dashboard) http://kubernetes.io/docs/user-guide/ui/
It runs in a pod!
How an app should be to work well on k8s
Let me tell you a secret...
Kubernetes is not for everybody
WishlistRestart should not be a pain
Your app is gonna be restarted often, so… stay prepared for that
- Start fast
- Don't cook assets at boot time
- Don't lose data on reboots
WishlistData should be separated
Your app should be stateless.
The state should be stored apart.
uploaded files
sessions info
plugins
jobs
Oh man, that's easy. I mount a volume for my mariaDB and I am done.
It is not just the DB
WishlistData schema compatible across versions
- That's not possible...- Well… at least do changes in a clever way
- Temporary maintain datastore compatible with two versions
- B/C changes
- Intermediate migrations
- Make logic to adapt API requests to the new format
Example: Drupal blog
Database
Web server
Drupal php code v8.1 plugin
Web server
Drupal php code v8.2
Web server
Drupal php code v8.1 plugin
Example: Drupal blog
Database
Web server
Drupal php code v8.1
Web server
Drupal php code v8.2
External volume
Web server
Drupal php code v8.1
plugin
Underlying infrastructure
A pet server
-You instantiated it time ago
-Then you manually installed thing you needed there
-You ssh it often because you like to manually check things there
-Eventually you go there and do some manual work to install
something
-Now you have an adorable pet that you really worry about
because it's something unique
We want cattle servers
They are almost identicalEasily replaceable
DON'T SSH
Manos a la obra!
Our app
Containerweb
:3000
Containermongo
:27017
josefuentes/todolist docker build + docker push
bitnami/mongodb
Container images
Our appDeployment info for kubernetes Service
LoadBalancer
Pod
:80
Containerweb
:3000
ServiceClusterIP
Pod
Containermongo
:27017
:27017
- Be aware of your app limitations
tier=web
tier=db
- Be tidy, use labels
- Be precise, set probes
replicas high availability configs
info stored in host
- If you know very well your app, limit the resources
DebugGimme a shell!!!
List the pods
Use exec
kubectl get pods
kubectl exec -ti <mypod> -c <container> bash
DebugSee logs
Use logskubectl logs <mypod> -c <container>
TIP: use -fkubectl logs -f <mypod> -c <container>
DebugForward a port
Use logskubectl logs <mypod> -c <container>
TIP: use -fkubectl port-forward <mypod> [local_port:]remote_port
Metering resources
Failure recovery
Inside pods -> restart policies
In machines -> pods reallocation
PodContainer 1 Container 2
RestartPolicy: Always
PodContainer 2Container 1
PodContainer 2Container 1
PodContainer 1 Container 2
RestartPolicy: Never
PodContainer 2Container 1
PodContainer 2Container 1
Failed
Failure recovery
PodContainer 1 Container 2
PodContainer 2Container 1
PodContainer 2Container 1
PodContainer 2Container 1
Successful
RestartPolicy: OnFailure
Failure recovery
PodContainer 1 Container 2
PodContainer 2Container 1
PodContainer 2Container 1
Failed
PodContainer 2Container 1
Successful
RestartPolicy: Never
Failure recovery
Scalereplicas
Several instances of a pod
- Same configuration
- Normally on different machines
- LoadBalancing
- Better redundancy
Scalereplicas
There are many ways of scaling your app.
It is important how do you design your pods
Pod
Apache Express
Pod
mongoDBServiceDB
Scalereplicas
There are many ways of scaling your app.
It is important how do you design your pods
Pod
mongoDBServiceDB
Pod
Apache Express
Pod
Apache Express
Scalereplicas
There are many ways of scaling your app.
It is important how do you design your pods
Pod
mongoDBServiceDB
Pod
Express
Pod
Apache
Pod
Apache
Advanced log monitoring
http://kubernetes.io/docs/getting-started-guides/logging-elasticsearch/
Pods are ephemeral -> logs are not going to be there forever
Solution -> log live ingestion
Pod
Podversion=1
Podversion=1
Podversion=1
Podversion=1
ServiceLoadBalancer
Podversion=2
Podversion=2
$ kubectl set image deploy <your deploy> <container>=<image>
Rolling out new features
Thank You