Upload
shannon-williams
View
59
Download
2
Embed Size (px)
Citation preview
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
More Tips and Tricks for Running Containers like a ProFebruary 28, 2017
#ranchermeetup
© 2017 Rancher Labs, Inc.2 © 2017 Rancher Labs, Inc .
Shannon WilliamsCo-Founder/VP Sales @smw355
Darren ShepherdCo-Founder/Chief Architect @ibuildthecloudFreenode: darren0
#ranchermeetup
© 2017 Rancher Labs, Inc.3 © 2017 Rancher Labs, Inc .
Rajashree MandaoganeSoftware EngineerRancher Labs @rajashree_28
#ranchermeetup
Bill MaxwellSr. Devops LeadRancher Labs @cloudnautique
© 2017 Rancher Labs, Inc.4 © 2017 Rancher Labs, Inc .
Sidhartha ManiSoftware EngineerRancher Labs @utter_babbage
#ranchermeetup
Raul SanchezSr. Field EngineerRancher Labs @rawmindNet
© 2017 Rancher Labs, Inc.5 © 2017 Rancher Labs, Inc .
First things first…
This is a not a !
#ranchermeetup
© 2017 Rancher Labs, Inc.6 © 2017 Rancher Labs, Inc .
There are rules for a meetup!• We won’t be done on time• Questions are always welcome• Demo, then demo some more• Things will break, be patient
#ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .7
Join the conversation on Twitter #ranchermeetup
© 2017 Rancher Labs, Inc.8 © 2017 Rancher Labs, Inc .
Agenda• Integrated Secrets Management – Bill • Autoscaling with Rancher webhooks – Rajashree • Hand-on with Traefik – Raul • Using the Kubernetes Dashboard and Helm – Sidhartha• Latest Releases – Darren
#ranchermeetup
© 2017 Rancher Labs, Inc.9 © 2017 Rancher Labs, Inc .
Rancher Labs
#ranchermeetup
An open-source software platform for managing containers
A minimalist OS built explicitly to run Docker
© 2017 Rancher Labs, Inc.10
A complete container management platform that makes it easy to…
INNOVATE WITH CONTAINERSwithout compromising flexibility by empowering developers with fast access
to the latest tools
MANAGE APPLICATIONSby simplifying day to day application lifecycle management
RUN CONTAINERSwith the most complete set of container and infrastructure management capabilities
Production ready✔ 20 million+ downloads
✔ Open platform for innovating
✔ Easy to use interface
✔ Multi-tenant
✔ Role based access
✔ 24X7 support
✔ And more….
© 2017 Rancher Labs, Inc.11
Complete Container Management Platform
Application Catalog
Container Orchestration and SchedulingUser MgmtRBAC
AD/LDAPSAML
Ops MgmtCI/CD
RegistriesMonitoring
Networking
Multi-tenant Environments
Environment 1 Environment N
Infrastructure Services
Storage
……. ..Environment 2
Security DNS/LB
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
#ranchermeetup
Tips, Tricks and Tools for Running Containers Like a Pro
© 2017 Rancher Labs, Inc.13 © 2017 Rancher Labs, Inc .
https://youtu.be/ZovLwCvb2Is
© 2017 Rancher Labs, Inc.14 © 2017 Rancher Labs, Inc .
Integrated Secrets Management
© 2017 Rancher Labs, Inc.
New Components
© 2017 Rancher Labs, Inc.
Secrets Creation Flow
© 2017 Rancher Labs, Inc.
Secret Container Flow
© 2017 Rancher Labs, Inc.
Lock down the local key at rest. Vault:
Support storing secrets in Vault secrets backend.
Long Term improvements Signing Public Keys Create and deploy Vault tokens.
Road to GA
© 2017 Rancher Labs, Inc.
Docs: http://docs.rancher.com/rancher/v1.4/en/cattle/secrets/
Repos: Github.com/rancher/secrets-api Github.com/rancher/secrets-flexvol
Resources
© 2017 Rancher Labs, Inc.20 © 2017 Rancher Labs, Inc .
Demo
#ranchermeetup
© 2017 Rancher Labs, Inc.21 © 2017 Rancher Labs, Inc .
Scaling in Rancher with Webhooks
• Scaling of services• Scaling of hosts• Upgrading services
based on Docker Hub webhooks
© 2017 Rancher Labs, Inc.
Autoscaling using webhooks• Create webhooks for scaling up/down a service• Configure an external service to monitor it,
example Prometheus• Prometheus raises alerts and triggers
configured webhooks• Webhook-service handles scaling
© 2017 Rancher Labs, Inc.
Webhooks for service upgrade• Add receiver hook to use as a Docker Hub
webhook for an image• When any tag of the image is pushed, webhook
is triggered• Webhook-service upgrades all services based
on service selectors used while creating receiver hook
© 2017 Rancher Labs, Inc.24 © 2017 Rancher Labs, Inc .
Demo
#ranchermeetup
© 2017 Rancher Labs, Inc.25 © 2017 Rancher Labs, Inc .
Hands on with Træfik
• Træfik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Architecture
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Internal Logic
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Static config# traefik.tomllogLevel = "INFO"traefikLogsFile = "/opt/traefik/log/traefik.log"accessLogsFile = "/opt/traefik/log/access.log"defaultEntryPoints = ["http", "https"][entryPoints] [entryPoints.http] address = ":8080" [entryPoints.https] address = ":8443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/opt/traefik/certs/traefik.crt" keyFile = "/opt/traefik/certs/traefik.key"[web]address = ":8000"[file]filename = "/opt/traefik/etc/rules.toml"watch = true
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Dynamic config
[backends] [backends.web-test__webtest] [backends.web-test__webtest.circuitbreaker] expression = "NetworkErrorRatio() > 0.5" [backends.web-test__webtest.LoadBalancer] method = "drr" [backends.web-test__webtest.servers.webtest-web-test-1] url = "http://10.42.115.5:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-2] url = "http://10.42.90.235:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-3] url = "http://10.42.251.194:8080" weight = 0[frontends] [frontends.web-test__webtest] backend = "web-test__webtest" passHostHeader = true priority = 5 [frontends.web-test__webtest.routes.service] rule = "Host:webtest.local,test2.local,test3.local;"
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Catalog
- Admin ui- http and https ports- Deploy by host label- https and sticky bit support- Letsencrypt (ACME) support- Autoconfig by services labels
TODO- Rancher internal certs and sni- Real time backend update and traefik built in supporthttps://github.com/containous/traefik/pull/1173Will be included in traefik release v1.2.0-rc2
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Catalog
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Service labels- traefik.enable = <true | stack | false> - true: the service will be published as *service_name.stack_name.traefik_domain* - stack: the service will be published as *stack_name.domain*. WARNING of collisions - false: the service will not be published- traefik.priority = <priority> # Override for frontend priority. 5 by default- traefik.protocol = <http | https> # Override the default http protocol- traefik.sticky = <true | false> # Enable/disable sticky sessions to the backend- traefik.alias = <alias> # Alternate names to route rule. traefik.domain is appended- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. traefik.domain is not appended.- traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by ","- traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by ","- traefik.port = <port> # port to expose throught traefik- traefik.acme = < true | false > # Enable/disable ACME traefik feature- traefik.path = < path > # Path rule. Multiple values separated by ","- traefik.path.strip = < path > # Path strip rule. Multiple values separated by ","- traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by ","- traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by ","
WARNING: Only services with healthy state are added to traefik, so health checks are mandatory.
© 2017 Rancher Labs, Inc.33 © 2017 Rancher Labs, Inc .
Demo
#ranchermeetup
© 2017 Rancher Labs, Inc.34 © 2017 Rancher Labs, Inc .
Using the Kubernetes Dashboard and Helm
© 2017 Rancher Labs, Inc.35 © 2017 Rancher Labs, Inc .
Kubernetes Dashboard• Web based Kubernetes control UI• Deploy applications• Provides overview of various Kubernetes resources• Provides a log viewer for easy debugging
#ranchermeetup
© 2017 Rancher Labs, Inc.36 © 2017 Rancher Labs, Inc .
Kubernetes Helm• Package manager for Kubernetes• Supports private repositories• Search for packages• Configure and Install packages• Delete packages
#ranchermeetup
© 2017 Rancher Labs, Inc.37 © 2017 Rancher Labs, Inc .
Demo
#ranchermeetup
© 2017 Rancher Labs, Inc.38 © 2017 Rancher Labs, Inc .
Latest Release
Rancher 1.4 – February 4, 2017
Key Features:- Kubernetes Dashboard & Helm- Webhooks- Network Policies- Multi-IP Host Scheduling- Secrets Management (Experimental)
© 2017 Rancher Labs, Inc.39 © 2017 Rancher Labs, Inc .
Next ReleasesRancher 1.5 – Early March
Key features:- Catalog Enhancements – Ability to add catalogs per environment- Additional Webhooks – Host scaling, service redeploy- Additional Network Policies – Enhances network policies to support services that are linked- API Interceptor – Admins can now configure pre and post filter hooks into Rancher API requests- Metadata Refactoring – Improvements to allow increased environment scaling
© 2017 Rancher Labs, Inc.40 © 2017 Rancher Labs, Inc .
Getting StartedRancher and RancherOS are in GitHub – Get Involved!
#ranchermeetup
http://github.com/rancher
© 2017 Rancher Labs, Inc.41 © 2017 Rancher Labs, Inc .
Even better - try.rancher.com…
© 2017 Rancher Labs, Inc.42 © 2017 Rancher Labs, Inc .
Then join a free training class…
http://rancher.com/training
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .
Thank yourancher.com
#ranchermeetup