SlideShare a Scribd company logo

Kubernetes: training micro-dragons for a serious battle

A
Amir Moghimi

My second version of how to use kubernetes effectively as a platform for developing microservice applications.

Software
1 of 26
Download to read offline
Amir Moghimi Lead Platform Engineer Deloitte Platform Engineering, Australia Kubernetes training micro-dragons for a serious battle
Traditional approach
Micro-services approach
Train microservices Microservices architecture magnifies the need for: ● Fairly homogenous build artifacts (VM image, AMI, Docker image) ● Standard running platform (Same OS distribution, Docker container) ● Configuration and secret management ● Service Discovery
Polyglot programming ● Pick right tool for the job ● Multiple teams with different expertise/perspectives ● Keep developers busy learning new language(s)
Homogenous build artifacts Build artifacts: ● Java Jar and War files ● Ruby Gems and Rails apps ● Node packages and apps ● Go binaries Containerise everything (Docker): ● Universally deployable artifact ● Relatively lightweight
Dockerfile FROM debian:jessie RUN apt-get update && apt-get install -y openjdk-8-jre-headless COPY my-app.jar /my-app.jar ENV MY_APP_CONF_VAR default-value CMD [“java”, “-jar”, “/my-app.jar”] docker build -t registry/image_name . docker push registry/image_name
Configure and run docker run -d -e REDIS_NAMESPACE='staging' -e POSTGRES_ENV_POSTGRES_PASSWORD='foo' -e POSTGRES_ENV_POSTGRES_USER='bar' -e POSTGRES_ENV_DB_NAME='mysite_staging' -e POSTGRES_ADDR='docker-db-1.us-east-1.rds.amazonaws.com' -e SITE_URL='staging.mysite.com' -p 80:80 --restart=on-failure:10 --name container_name registry/image_name image_command cmd_arg1 cmd_arg2
Configuration hell ● Application config ○ Env vars, config files, cmd line args ● Runtime environment config ○ Web server, JVM ● Runtime dependencies config ○ Volumes, logging, monitoring, stats
Configuration management ● Train your app: ○ 12-factor app ● Configuration in a containerised world: ○ Log to stdout ○ Port mappings (from host to container) ○ SaaS blob storage (mount volumes only if providing a storage service) ○ Service discovery (Consul, Eureka, DNS) ○ Secrets (ideally only in memory but how?) ○ Environment Variables for everything else
Configuration management tools ● Chef ● Puppet ● Ansible (classic host-based approach + docker) ● Docker Compose?! ● Shell + Kubernetes (container PaaS)
Taking Chef/Puppet for a ride?
Kubernetes key resources ● Namespace ● Pod (container) ● Replica Set / Replication Controller ● ConfigMap ● Secret ● Service ● Deployment
Kubernetes Master API Server Replica Set kubelet Node Pod Container Pod Container kubelet Node Pod Container Kubernetes Cluster = Label = Resource = ProcessScheduler Controller Manager docker docker
Replica Set (Replication Controller) apiVersion: v1 kind: ReplicationController metadata: name: my-nginx-replica-set spec: replicas: 3 selector: app: dragon-web template: metadata: name: nginx-pod labels: app: dragon-web spec: containers: - name: nginx-container image: nginx env: - name: LOG_LEVEL value: INFO ports: - containerPort: 80 apiVersion: v1 kind: Pod kubectl create -f my-nginx-replica-set.yml
ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: dragon-config labels: environment: non-prod data: dragon.how.much: very dragon.type: fast apiVersion: v1 kind: Pod metadata: name: dragon-pod spec: containers: - name: dragon-container image: dragon-image env: - name: DRAGON_LEVEL valueFrom: configMapKeyRef: name: dragon-config key: dragon.how.much - name: DRAGON_TYPE valueFrom: configMapKeyRef: name: dragon-config key: dragon.type
Secret apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: password: MWYyZDFlMmU2N2RmCg== username: my_admin apiVersion: v1 kind: Pod metadata: name: secret-user-pod Spec: volumes: name: secret-vol secret: secretName: my-secret containers: - name: nginx-container image: nginx volumeMounts: name: secret-vol mountPath: /etc/my-access-keys readOnly: true
Service { "apiVersion": "v1", "kind": "Service", "metadata": { "name": "my-service" }, "spec": { "selector": { "app": "dragon-web" }, "ports": [{ "protocol": "TCP", "port": 80, "targetPort": 80 }] } }
Service discovery ● Internal DNS ○ Take extra care when playing with fire ○ No control over client ○ Time sensitive protocol ○ Use only if you can have a reliable DNS add-on ● Provided environment variables ○ MY_DROGON_SERVICE_HOST=10.0.0.11 MY_DROGON_SERVICE_PORT=8080 ○ Create services before using them in pods ○ Only works per namespace ● Kubernetes REST API ○ GET /api/v1/namespaces/{namespace}/services/{service_name} DNS HAZARD
Deployment apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 Declarative Server-side Revision tracking Easy rollback
Project structure my-dragon-microservice/ src/ environments/ default/ configmap.yml secret.yml dev/ configmap.yml secret.yml test/ stage/ prod/ my-dragon-microservice/ ... cicd/ kube-resources/ service.yml deployment.yml scripts/ build.sh test.sh deploy.sh # kubectl apply -f ../kube-resources Jenkinsfile Dockerfile
Secure environments config test-1/ namespace.yml configmap.yml secret.yml test-2/… test-N/ stage-1/ namespace.yml configmap.yml secret.yml stage-2/… stage-N/ prod-1/ namespace.yml configmap.yml secret.yml prod-2/… prod-N/
Pipeline wisdom ● Use pipeline-as-code ● Script steps ○ Make scripts (almost) locally runnable ○ Avoid custom pipeline-as-code plugins (as much as possible) ● Shell scripting is counter-intuitive for developers ○ “Less is more” ○ Repeat yourself to achieve self documentation and copy/paste capability ● Make pipelines environment agnostic (as much as possible)
Kubernetes in production ● Bake AMIs or equivalent, at least for nodes (packer) ● Leverage cloud-init for bootstrapping ○ But strictly no package installations in cloud-init ● Use Auto-Scaling Groups or equivalent for nodes to self-heal ● Specify both readiness and liveness checks for all pods ○ Perform deep health check as readiness probe ○ Perform shallow health check as liveness probe
Kubernetes in production ● Use version 1.4 or above ○ Proper Pod eviction ● Specify a LimitRange with default limits per namespace ● Use lower requested cpu/mem values to oversubscribe nodes ● For High Availability, use monitoring tools to make sure there is always free capacity left in the cluster ● Specify --max-pods for kubelet on each node as a last resort ● Run at least 2 replicas for mission critical apps ● Specify explicit requested cpu/mem values equal to the limit for mission critical apps ○ To reduce chance of eviction under load
Q & A

Recommended

Microservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple wayMicroservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple waySuraj Deshmukh
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
Docker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmDocker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmMario IC
 
Kompose
KomposeKompose
KomposeSuraj Narwade
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeAcademy
 
GDG Lima - Docker Compose
GDG Lima - Docker ComposeGDG Lima - Docker Compose
GDG Lima - Docker ComposeMario IC
 
Making cloud native platform by kubernetes
Making cloud native platform by kubernetesMaking cloud native platform by kubernetes
Making cloud native platform by kubernetes어형 이
 
How to make cloud native platform by kubernetes
How to make cloud native platform by kubernetesHow to make cloud native platform by kubernetes
How to make cloud native platform by kubernetes어형 이
 

Recommended

Microservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple wayMicroservices on Kubernetes - The simple way
Microservices on Kubernetes - The simple waySuraj Deshmukh
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
Docker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmDocker Compose to Production with Docker Swarm
Docker Compose to Production with Docker SwarmMario IC
 
Kompose
KomposeKompose
KomposeSuraj Narwade
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeAcademy
 
GDG Lima - Docker Compose
GDG Lima - Docker ComposeGDG Lima - Docker Compose
GDG Lima - Docker ComposeMario IC
 
Making cloud native platform by kubernetes
Making cloud native platform by kubernetesMaking cloud native platform by kubernetes
Making cloud native platform by kubernetes어형 이
 
How to make cloud native platform by kubernetes
How to make cloud native platform by kubernetesHow to make cloud native platform by kubernetes
How to make cloud native platform by kubernetes어형 이
 
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてLINE Corporation
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git labGianluca Padovani
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CDIzzet Mustafaiev
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesTobias Schneck
 
Rails in docker
Rails in dockerRails in docker
Rails in dockerAndrew Klotz
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeAcademy
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Gluster.org
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Sam Zheng
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Gluster.org
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシJunpei Nomura
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster.org
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerMarcelo Cenerino
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)충섭 김
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsJanakiram MSV
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic OperationSimon Su
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetesinwin stack
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?Izzet Mustafaiev
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntAmir Moghimi
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 

More Related Content

What's hot

Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてLINE Corporation
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesTobias Schneck
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeAcademy
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Gluster.org
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Sam Zheng
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Gluster.org
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシJunpei Nomura
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster.org
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)충섭 김
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsJanakiram MSV
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic OperationSimon Su
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetesinwin stack
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?Izzet Mustafaiev
 

What's hot (20)

Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd についてKubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
 
KubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for KubernetesKubeCI - Cloud Native Continuous Delivery for Kubernetes
KubeCI - Cloud Native Continuous Delivery for Kubernetes
 
Rails in docker
Rails in dockerRails in docker
Rails in docker
 
KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government KubeCon EU 2016: Transforming the Government
KubeCon EU 2016: Transforming the Government
 
Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2Heketi Functionality into Glusterd2
Heketi Functionality into Glusterd2
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
 
Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6Scalability and Performance of CNS 3.6
Scalability and Performance of CNS 3.6
 
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
高レイテンシwebサーバのGKE構築と beta機能アレコレのハナシ
 
Gluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and futureGluster as Native Storage for Containers - past, present and future
Gluster as Native Storage for Containers - past, present and future
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
 
Virtualization inside kubernetes
Virtualization inside kubernetesVirtualization inside kubernetes
Virtualization inside kubernetes
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?
 

Similar to Kubernetes: training micro-dragons for a serious battle

Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntAmir Moghimi
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3sHaggai Philip Zagury
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsKarl Isenberg
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetesPeter Mein
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSAmazon Web Services
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerDmytro Patkovskyi
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline Docker, Inc.
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Anthony Dahanne
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouJ On The Beach
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
 

Similar to Kubernetes: training micro-dragons for a serious battle (20)

Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
 
Dockerized maven
Dockerized mavenDockerized maven
Dockerized maven
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECS
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camou
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 

Recently uploaded

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 

Recently uploaded (20)

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 

Kubernetes: training micro-dragons for a serious battle

  • 1. Amir Moghimi Lead Platform Engineer Deloitte Platform Engineering, Australia Kubernetes training micro-dragons for a serious battle
  • 4. Train microservices Microservices architecture magnifies the need for: ● Fairly homogenous build artifacts (VM image, AMI, Docker image) ● Standard running platform (Same OS distribution, Docker container) ● Configuration and secret management ● Service Discovery
  • 5. Polyglot programming ● Pick right tool for the job ● Multiple teams with different expertise/perspectives ● Keep developers busy learning new language(s)
  • 6. Homogenous build artifacts Build artifacts: ● Java Jar and War files ● Ruby Gems and Rails apps ● Node packages and apps ● Go binaries Containerise everything (Docker): ● Universally deployable artifact ● Relatively lightweight
  • 7. Dockerfile FROM debian:jessie RUN apt-get update && apt-get install -y openjdk-8-jre-headless COPY my-app.jar /my-app.jar ENV MY_APP_CONF_VAR default-value CMD [“java”, “-jar”, “/my-app.jar”] docker build -t registry/image_name . docker push registry/image_name
  • 8. Configure and run docker run -d -e REDIS_NAMESPACE='staging' -e POSTGRES_ENV_POSTGRES_PASSWORD='foo' -e POSTGRES_ENV_POSTGRES_USER='bar' -e POSTGRES_ENV_DB_NAME='mysite_staging' -e POSTGRES_ADDR='docker-db-1.us-east-1.rds.amazonaws.com' -e SITE_URL='staging.mysite.com' -p 80:80 --restart=on-failure:10 --name container_name registry/image_name image_command cmd_arg1 cmd_arg2
  • 9. Configuration hell ● Application config ○ Env vars, config files, cmd line args ● Runtime environment config ○ Web server, JVM ● Runtime dependencies config ○ Volumes, logging, monitoring, stats
  • 10. Configuration management ● Train your app: ○ 12-factor app ● Configuration in a containerised world: ○ Log to stdout ○ Port mappings (from host to container) ○ SaaS blob storage (mount volumes only if providing a storage service) ○ Service discovery (Consul, Eureka, DNS) ○ Secrets (ideally only in memory but how?) ○ Environment Variables for everything else
  • 11. Configuration management tools ● Chef ● Puppet ● Ansible (classic host-based approach + docker) ● Docker Compose?! ● Shell + Kubernetes (container PaaS)
  • 13. Kubernetes key resources ● Namespace ● Pod (container) ● Replica Set / Replication Controller ● ConfigMap ● Secret ● Service ● Deployment
  • 14. Kubernetes Master API Server Replica Set kubelet Node Pod Container Pod Container kubelet Node Pod Container Kubernetes Cluster = Label = Resource = ProcessScheduler Controller Manager docker docker
  • 15. Replica Set (Replication Controller) apiVersion: v1 kind: ReplicationController metadata: name: my-nginx-replica-set spec: replicas: 3 selector: app: dragon-web template: metadata: name: nginx-pod labels: app: dragon-web spec: containers: - name: nginx-container image: nginx env: - name: LOG_LEVEL value: INFO ports: - containerPort: 80 apiVersion: v1 kind: Pod kubectl create -f my-nginx-replica-set.yml
  • 16. ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: dragon-config labels: environment: non-prod data: dragon.how.much: very dragon.type: fast apiVersion: v1 kind: Pod metadata: name: dragon-pod spec: containers: - name: dragon-container image: dragon-image env: - name: DRAGON_LEVEL valueFrom: configMapKeyRef: name: dragon-config key: dragon.how.much - name: DRAGON_TYPE valueFrom: configMapKeyRef: name: dragon-config key: dragon.type
  • 17. Secret apiVersion: v1 kind: Secret metadata: name: my-secret type: Opaque data: password: MWYyZDFlMmU2N2RmCg== username: my_admin apiVersion: v1 kind: Pod metadata: name: secret-user-pod Spec: volumes: name: secret-vol secret: secretName: my-secret containers: - name: nginx-container image: nginx volumeMounts: name: secret-vol mountPath: /etc/my-access-keys readOnly: true
  • 18. Service { "apiVersion": "v1", "kind": "Service", "metadata": { "name": "my-service" }, "spec": { "selector": { "app": "dragon-web" }, "ports": [{ "protocol": "TCP", "port": 80, "targetPort": 80 }] } }
  • 19. Service discovery ● Internal DNS ○ Take extra care when playing with fire ○ No control over client ○ Time sensitive protocol ○ Use only if you can have a reliable DNS add-on ● Provided environment variables ○ MY_DROGON_SERVICE_HOST=10.0.0.11 MY_DROGON_SERVICE_PORT=8080 ○ Create services before using them in pods ○ Only works per namespace ● Kubernetes REST API ○ GET /api/v1/namespaces/{namespace}/services/{service_name} DNS HAZARD
  • 20. Deployment apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 Declarative Server-side Revision tracking Easy rollback
  • 22. Secure environments config test-1/ namespace.yml configmap.yml secret.yml test-2/… test-N/ stage-1/ namespace.yml configmap.yml secret.yml stage-2/… stage-N/ prod-1/ namespace.yml configmap.yml secret.yml prod-2/… prod-N/
  • 23. Pipeline wisdom ● Use pipeline-as-code ● Script steps ○ Make scripts (almost) locally runnable ○ Avoid custom pipeline-as-code plugins (as much as possible) ● Shell scripting is counter-intuitive for developers ○ “Less is more” ○ Repeat yourself to achieve self documentation and copy/paste capability ● Make pipelines environment agnostic (as much as possible)
  • 24. Kubernetes in production ● Bake AMIs or equivalent, at least for nodes (packer) ● Leverage cloud-init for bootstrapping ○ But strictly no package installations in cloud-init ● Use Auto-Scaling Groups or equivalent for nodes to self-heal ● Specify both readiness and liveness checks for all pods ○ Perform deep health check as readiness probe ○ Perform shallow health check as liveness probe
  • 25. Kubernetes in production ● Use version 1.4 or above ○ Proper Pod eviction ● Specify a LimitRange with default limits per namespace ● Use lower requested cpu/mem values to oversubscribe nodes ● For High Availability, use monitoring tools to make sure there is always free capacity left in the cluster ● Specify --max-pods for kubelet on each node as a last resort ● Run at least 2 replicas for mission critical apps ● Specify explicit requested cpu/mem values equal to the limit for mission critical apps ○ To reduce chance of eviction under load
  • 26. Q & A