Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies

Ashley Roach, Principal Engineer [email protected]@aroach

Kuber-what?! Learn about Kubernetes

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

• Objectives• A brief primer on containers• The problems with running containers at scale• Orchestration systems• Kubernetes background• Pods, Deployments, Services, Ingress• Cisco tie-ins

Agenda


What are containers?


Virtual Machine vs. Container

Server

Hypervisor / Host OS

Guest OS

Bins/Libs

App 1

Guest OS

Bins/Libs

App 2

Server

Host OS

Docker Engine

Bins/Libs

App 1

Bins/Libs

App 2


“Container”

/Server One.

/usr /etc /bin

app1app2app3

app1app3

app2app3

ManualRPM DEB

Puppet

/

Server One.

/usr /etc /bin

app1 app 2 app2

/

/usr /etc /bin

app1

HypervisorVM one VM two

ManualRPM DEB

Puppet(Treat as servers)

OR Bake Images (AMI / Packer)

Container 1 /

Server One.

/usr /etc /bin

app1 app 2 app2

/usr /etc /bin

app1

Baked container images.

Container 2 /

Technical: Changing how we deploy code into reality.


FROM ubuntu:15.04COPY . /appRUN make /appCMD python /app/app.py

Goes away on restart


Why use an orchestrator


Application Anatomy

Application Server

Database

Web Server

Login Service Photo Upload

Like Service Comment Service

Profile Service Logging Service

Photo Processing Friend Requests


Pets vs Cattle


Redesign Image Sharing App

Microservice 1 Microservice 2 Microservicen

Team 1 Team 2 Team n

…

DB1 …DB2 DBn

Web front End iOS App Android App

API Service


• Autonomous• Microservice can be upgraded independent of other systems• Microservice can iterate as quickly as it needs

• Polyglot application stacks (Technology Heterogenity)• Other microservices are black boxes to other services

• Service can be used by other projects in the organization

Advantages of Microservices


Using docker CLI is all well and good as a developer..But you’re probably not going to manage production like this…

Host / VM 2Linux Kernel

Docker Engine

Container

$ssh host1host1# docker run container$ssh host2host2# docker run container$ssh host3host3# docker run container


Docker Engine

Container


Docker Engine

Container


Container ContainerContainer

Kubernetes

Load Balancing

Health Checks Log Aggregation / AccessDeveloper API

Container orchestration is a must.

$kubectl scale deployment <name> --replicas=3

Once you’ve built your containers and pushed them. Container Orchestrators manage running containers across a pool of resources for you


• Docker Swarm / EE

• Apache Marathon

• Rancher (seem to be moving towards k8s)

What are other orchestrators?


What is kubernetes?


• GIFE• 2015 paper from Google:

https://research.google.com/pubs/pub43438.html• Engineers who worked on Borg now work on Kubernetes:

http://blog.kubernetes.io/2015/04/borg-predecessor-to-kubernetes.html

• Lessons Learned:• Multi-Job services could not be managed as a single entity• One IP address per Machine

Borg

https://research.google.com/pubs/pub43438.html

http://blog.kubernetes.io/2015/04/borg-predecessor-to-kubernetes.html


• Container Orchestration• Keeping your containers up, scaling them, routing traffic to them• Kubernetes != Docker though K8S uses Docker (or CoreOS rkt)

What is Kubernetes?


• MiniKube (local workstation)

• Installers (on-prem, hybrid, custom)• Kops (part of core kubernetes.io github)• Kubespray (Ansible + Terraform)• Etc, etc…

• Cloud• Google Container Engine (GKE J)• Azure Container Service• Amazon EKS • Etc…

Installation options


• Step-by-step tutorial of how to assemble a kubernetes cluster

• https://github.com/kelseyhightower/kubernetes-the-hard-way

Sidebar: K8S the hard way

Source: http://x-team.com/2016/07/introduction-kubernetes-architecture/


• Kubectl & ~/.kube/config

• Minikube CLI

• The Real Way™: CI system

Deploying Containers


Simple Architecture

Persistence

CI/CD

Kubernetes Registry


Kubernetes Components


Kubernetes main Features

Pods Deployments Services Ingress


• Group of one or more containers, shared storage, and options for how to run the containers

• Share IP address and port space

• Atomic unit of management

Pods

Source: http://kubernetes.io/docs/user-guide/pods/


• Rolling upgrades• Declare intent: How many replicas should be running of a given

pod?• Namespace• Labels• Ports that should be exposed

Deployments


• Abstraction for the mortality of Pods

• Provide single stable name and address for a set of pods inside the cluster (aka service discovery).

Services

Source: http://kubernetes.io/docs/user-guide/services/


• Abstraction for services

• An Ingress is a set of rules for directing inbound traffic to a service.

• An Ingress Controller is a service that listens for the creation of new services and does reverse proxy (nginx, traefik, f5 loadbalancer)

Ingress

See: http://kubernetes.io/docs/user-guide/ingress/


K8S templates: deployment# k8s/dev/api-deployment.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:

name: rest-api-swaggerspec:

replicas: 2template:

metadata:labels:

app: rest-api-swaggerspec:

containers:- name: rest-api-swagger

image: ciscodevnet/rest-api-swagger:latestports:- containerPort: 10010


K8S templates: service# k8s/services/api-service-lb.yamlkind: ServiceapiVersion: v1metadata:

name: rest-api-swaggerspec:

type: LoadBalancer # or NodePort, etc.ports:- name: http

port: 8080targetPort: 10010protocol: TCP

selector:app: rest-api-swagger


Manual kubectl deployment

$ kubectl apply -f k8s/dev/api-deployment.yaml$ kubectl apply -f k8s/services/api-service-lb.yaml$ kubectl describe deployment$ kubectl describe service rest-api-swagger$ kubectl delete -f k8s/dev/api-deployment.yaml$ kubectl delete -f k8s/services/api-service-lb.yaml


Drone CI kubectl deploymentdeploy:k8s:image: containers.ex.com/devnet/drone-kubectlapiserver: https://your-gke-api-endpoint #kubectl cluster-infotoken: $$K8S_TOKENcommands:- 'kubectl apply -f k8s/services/*.yaml’- 'kubectl apply -f k8s/dev/*.yaml --record’- 'kubectl describe service ${SERVICE_NAME}’

when:branch: master

https://your-gke-api-endpoint/


• Google-Cisco Partnership• Soon to be released Cisco Container Platform allows simple management of

multiple kubernetes clusters aimed at enterprise hybrid cloud.• On-premises, Cisco’s hyper-converged platform, Cisco HyperFlex, will

provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.

• Developers will be able to create new applications in the cloud or on-premises consistently using the same tools, runtime and production environment.

• And more…• Contiv• Container Networking Interface plugin• Ties into ACI for policy-based controls

Cisco tie-ins

https://www.cisco.com/c/en/us/products/hyperconverged-infrastructure/index.html




Ashley Roach• [email protected]

• @aroach

• http://github.com/aroach

• http://linkedin.com/in/ashleyroach

Cisco DEVNET• @CiscoDevNet

• http://github.com/CiscoDevNet

Connect with me

http://twitter.com/aroach

http://linkedin.com/in/ashleyroach

http://twitter.com/CiscoDevNet

http://github.com/CiscoDevNet

Documents

Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies