This presentation about Kubernetes, targeted for Java Developers was given for the first time (in French) at the Montreal Java User Group on May 2nd, 2018
2. LET ME INTRODUCE MYSELF
„Anthony Dahanne, Software Engineer @ Terracotta, a Software AG
company
„Working on the Management and Monitoring in Terracotta products
(Ehcache, Terracotta Store)
„Also working on Terracotta products integration with cloud (Docker,
Kubernetes, AWS, etc.)
Go and try our latest images and instructions at :
https://store.docker.com/publishers/softwareag
https://github.com/SoftwareAG/terracotta-db-cloud
All this presentation’s examples are on Github:
https://github.com/anthonydahanne/kubernetes-for-java-developers
3. AGENDA
Docker & Java refresher in 2 slides
Kubernetes concepts and examples
Tools to become a productive developer with
Kubernetes
Coding Java applications leveraging Kubernetes
4. CONTAINERS IN 1 SLIDE
• Containers all use host OS kernel
• Host OS can be running in a VM or barebone
• Host OS Linux distribution does not matter
• - only the kernel does !
• Isolation performed with namespaces and cgroups
• namespaces : limits what you can see
• pid, net, mnt, uts, ipc, user
• cgroups : limits what you can use
• memory, CPU, block IO, network (with iptables)
THAT’S JUST AN ISOLATED PROCESS !
https://www.enterprisetech.com/2014/08/18/ibm-techies-pit-docker-kvm-bare-metal/
https://www.slideshare.net/jpetazzo/anatomy-of-a-container-namespaces-cgroups-some-filesystem-magic-linuxcon
5. JAVA AND LINUX CONTAINERS
• The JVM “guesses” available CPU and Memory resources available on the host
• Although it can be set manually
• -XX:ParallelGCThreads,
• -XX:CICompilerCount
• -Xmx
• Since Java SE 8u131, the JVM
• is “Docker aware with respect to Docker CPU limits transparently”
• has new options for detecting memory limits (not transparent, yet)
• -XX:+UnlockExperimentalVMOptions
• -XX:+UseCGroupMemoryLimitForHeap
BEWARE WHAT THE JVM CAN SEE ! (AND USE !)
Demo : Memory Eater
7. KUBERNETES INTRODUCTION
• Initial release June 7th 2014
• Apache 2 License, written in Go
• heavily inspired by Borg, internal system from Google
• Currently 1.10 (a new release every 3 months on average)
• Under the umbrella of the Cloud Native Computing Foundation
• that includes Oracle, Intel, IBM, Pivotal, Redhat, etc.
• along with Prometheus, OpenTracing, containerd, CNI, FluentD, etc.
FROM BORG TO CNCF
https://github.com/cncf/landscape
8. KUBERNETES LOCAL COMMUNITY
• Kubernetes / CNCF Montreal Meetup every quarter
• Almost 1000 members
• Slack channel sync’ing all other Canadians K8s communities
k8scanada.slack.com
• Led by Archy, CNCF Ambassador
YOU ARE NOT ALONE !
9. KUBERNETES ARCHITECTURE
MASTER NODES, WORKER NODES, SOME NETWORKING…
By Khtan66 - CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=53571935
10. Deployment (Declarative Updates)
> kubectl set image deployment/tmc-deployment tmc=tmc:10.3
> kubectl rollout status deployment/tmc-deployment
Replica Set (Match and Scale definitions)
spec:
replicas: 3
selector:
matchLabels:
tier: tmc
KUBERNETES WORKLOADS (PODS AND CONTROLLERS)
DEPLOYMENT > REPLICA SET > POD > CONTAINER
Pod
spec:
containers:
- name: tmc
image: store/softwareag/tmc:10.2
command: [‘start.sh’]
- name: helper-container
image: busybox
command: ['sh', '-c', 'sleep 3600’]
volumes: (secrets, configmaps, etc.)
hostname: terracotta
+ Jobs, StatefulSets, Daemon sets, etc.
metadata:
labels:
tier: tmc
11. KUBERNETES SERVICES
• ClusterIP (default)
• Exposes the service on a cluster-
internal IP
• NodePort
• Exposes the service on each node’s IP
address, on a defined port
• LoadBalancer
• Exposes the service externally, using
the cluster provided load balancer
• no default LoadBalancer on premise …
HOW DO YOU EXPOSE YOUR WORKLOADS
“A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by
which to access them”
https://kubernetes.io/docs/concepts/services-networking/service/
Node A
Pod-1
labels
tier:frontend
Service
spec:
type: LoadBalancer
ports:
-port:80
selector:
tier:frontend
in | outside
NodeB
Pod-2
labels
tier:frontend
12. KUBERNETES VOLUMES, CONFIG MAPS AND SECRETS
• ConfigMaps and Secrets are stored on the etcd key/value store
• Often times, volumes are abstracted away with PersistentVolumes and
PersistentVolumeClaims
• Many types of volumes are available : hostPath, nfs, cloud specific, etc.
YOU CAN MOUNT THEM ALL !
Pod
apiVersion: v1
kind: Pod
spec:
containers:
- name: terracotta-server
image: store/softwareag/terracotta-server:10.2
volumeMounts:
- name: config-volume
mountPath: /config
- name: data
mountPath: /data
volumes:
- name: config-volume
configMap:
name: tc-config
- name: data
hostPath:
path: /usr
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: tc-config
data:
tc-config.xml: |
<xml></xml>
13. KUBERNETES DEPLOYMENTS
• Cloud providers
• Google Cloud with GKE
• Microsoft Azure with AKS
• Amazon with Kops (although EKS is around the corner)
• Playgrounds : Katacoda and Play with Kubernetes
• On-premise
• Hard way
• Kubeadm
• Local
• Minikube
• Minishift
• Docker for Mac (more on this one later)
CLOUD, ON-PREMISE, LOCAL
Demo : Fullstack app deployment
15. • IDE plugins
• auto completion for Dockerfile
• To build and deploy images from the IDE
• Build tooling Docker integration (Maven / Gradle)
• To build Docker (and push) images during the build
• Maven Docker plugin
DOCKER TOOLING
• Docker for Mac / Win 10
• As of today, only the edge
version comes with
Kubernetes support
16. KUBERNETES OWN TOOLING
• IDE plugins
• auto completion for Dockerfile
• To build and deploy images from the IDE
• Build tooling Docker integration (Maven / Gradle)
• To build Docker (and push) images during the build
• Kubectl (obviously !)
• and its bash / zsh auto completion !
• Kubernetic UI
• and more !
17. KUBERNETES TOOLING : HELM
• Helm is installed on the client, Tiller is the server side
• With Helm you deploy / create Charts that are run as Releases
• In a Chart, you package your Kubernetes manifests, and your dependencies
• A very notable feature is the “templatization“ of your Kubernetes manifests
APT / YUM FOR KUBERNETES
apiVersion: apps/v1beta2
kind: Deployment
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "terracotta-server.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "terracotta-server.name" . }}
release: {{ .Release.Name }}
spec:
hostname: {{ template "terracotta-server.fullname" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: terracotta-port
containerPort: 9410
protocol: TCP
Demo : helm for fullstack app
18. KUBERNETES TOOLING : SKAFFOLD
• Skaffold goal is to auto re deploy on save
• Download the binary and you can start “skaffolding”
• It’s not even necessary to provide k8s manifest files
MAGICALLY AUTO REDEPLOY
apiVersion: skaffold/v1alpha2
kind: Config
build:
artifacts:
- imageName: gcr.io/k8s-skaffold/skaffold-no-manifest-example
deploy:
kubectl:
manifests:
Demo : skaffold for Java hello world
19. KUBERNETES BASED TOOLING : JENKINS X
JENKINS, NEXUS, HELM AND FRIENDS IN THE CLOUD
Very new !!!(public sinceMarch 2018)
Available at https://jenkins-x.io/
Demo : JenkinsX on AWS
21. SIMPLE JAVA WEB APP TO LIST AND DELETE PODS
THERE’S ALREADY A JAVA CLIENT API !
ApiClient client = Config.defaultClient();
Configuration.setDefaultApiClient(client);
CoreV1Api api = new CoreV1Api();
//list the pods
V1PodList list = api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null);
pods = list.getItems();
//delete a pod
V1DeleteOptions v1DeleteOptions = new V1DeleteOptions();
api.deleteNamespacedPod(name, "default", v1DeleteOptions, null, null, false, null);
Demo : simple webapp to list and delete pods