4. Train microservices
Microservices architecture magnifies the need for:
● Fairly homogenous build artifacts (VM image, AMI, Docker image)
● Standard running platform (Same OS distribution, Docker container)
● Configuration and secret management
● Service Discovery
5. Polyglot programming
● Pick right tool for the job
● Multiple teams with different expertise/perspectives
● Keep developers busy learning new language(s)
6. Homogenous build artifacts
Build artifacts:
● Java Jar and War files
● Ruby Gems and Rails apps
● Node packages and apps
● Go binaries
Containerise everything (Docker):
● Universally deployable artifact
● Relatively lightweight
10. Configuration management
● Train your app:
○ 12-factor app
● Configuration in a containerised world:
○ Log to stdout
○ Port mappings (from host to container)
○ SaaS blob storage (mount volumes only if providing a storage service)
○ Service discovery (Consul, Eureka, DNS)
○ Secrets (ideally only in memory but how?)
○ Environment Variables for everything else
13. Kubernetes key resources
● Namespace
● Pod (container)
● Replica Set / Replication Controller
● ConfigMap
● Secret
● Service
● Deployment
14. Kubernetes Master
API Server
Replica Set
kubelet
Node
Pod
Container
Pod
Container
kubelet
Node
Pod
Container
Kubernetes Cluster
= Label
= Resource
= ProcessScheduler
Controller Manager
docker docker
19. Service discovery
● Internal DNS
○ Take extra care when playing with fire
○ No control over client
○ Time sensitive protocol
○ Use only if you can have a reliable DNS add-on
● Provided environment variables
○ MY_DROGON_SERVICE_HOST=10.0.0.11
MY_DROGON_SERVICE_PORT=8080
○ Create services before using them in pods
○ Only works per namespace
● Kubernetes REST API
○ GET /api/v1/namespaces/{namespace}/services/{service_name}
DNS
HAZARD
23. Pipeline wisdom
● Use pipeline-as-code
● Script steps
○ Make scripts (almost) locally runnable
○ Avoid custom pipeline-as-code plugins (as much as possible)
● Shell scripting is counter-intuitive for developers
○ “Less is more”
○ Repeat yourself to achieve self documentation and copy/paste capability
● Make pipelines environment agnostic (as much as possible)
24. Kubernetes in production
● Bake AMIs or equivalent, at least for nodes (packer)
● Leverage cloud-init for bootstrapping
○ But strictly no package installations in cloud-init
● Use Auto-Scaling Groups or equivalent for nodes to self-heal
● Specify both readiness and liveness checks for all pods
○ Perform deep health check as readiness probe
○ Perform shallow health check as liveness probe
25. Kubernetes in production
● Use version 1.4 or above
○ Proper Pod eviction
● Specify a LimitRange with default limits per namespace
● Use lower requested cpu/mem values to oversubscribe nodes
● For High Availability, use monitoring tools to make sure there is always free
capacity left in the cluster
● Specify --max-pods for kubelet on each node as a last resort
● Run at least 2 replicas for mission critical apps
● Specify explicit requested cpu/mem values equal to the limit for mission
critical apps
○ To reduce chance of eviction under load