Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Container Conf 2017: Rancher Kubernetes

Deploy, manage and scale Kubernetes with Rancher - a session given in ContainerConf 2017 (7th April) in Bangalore

  • Be the first to comment

  • Be the first to like this

Container Conf 2017: Rancher Kubernetes

  2. 2. VISHAL BIYANI CTO & Founder at infraCloud technologies ( ) 2004 Java, PLM, JSP, Servlets 2004-2009 eMatrix PLM, J2EE, Database, architecture, Shell and what not 2010 - 2013: Spring, Maven, Jenkins, ElasticSearch, CloudFoundry, Google App Engine, APIs, CI 2013: Puppet, Chef, Ansible, CD/CI, DevOps Coach, Docker, API Mgmt, Microservices, Infra as code Now: Containers, Kubernetes, Mesos, Salt, Scale, Distributed
  3. 3. infraCloud is a Rancher consulting partner Rancher has published a FREE eBook on “Scaling and deploying Kubernetes”
  4. 4. The average company QUINTUPLES its Docker usage within 9 MONTHS1 There are 460K Dockerized apps, a 3100% GROWTH over 2 years2 Docker containers have been downloaded more than 4 BILLION times3 THE MOMENTUM OF CONTAINER ADOPTION IS UNDENIABLE… 4 1 Datadog, June 2016 2 Coscale, July 2016 3 Docker, November 2016
  5. 5. …BUT RUNNING CONTAINERS IN PRODUCTION STILL ISN’T EASY 5 ⬆ number tools + ⬆ change = ⬆complexity App Catalog Helm, … Orchestration Compose, Kubernetes, Marathon, Scheduling Swarm, Kubernetes, Mesos, … Monitoring cAdvisor, Sysdig, Datadog, … Access Control LDAP, AD, GitHub, … Registry DockerHub,, … Engine Docker, Rkt, … Security Notary, Vault, … Network VXLAN, IPSEC, HAProxy, … Storage Ceph, Gluster, Swift, … Distributed DB Etcd, Consul, MongoDB, … ⬆ density + ⬇ lifespan = ⬆volatility
  6. 6. A COMPLETE CONTAINER MANAGEMENT PLATFORM THAT MAKES IT EASY TO… 6 INNOVATE WITH CONTAINERS by empowering developers with fast access to the latest tools SIMPLIFY APPLICATION DEVELOPMENT with a powerful, yet easy to use interface and application catalog RUN CONTAINERS with the most complete set of container and infrastructure management capabilities Enterprise ready ✔ Open platform for innovating ✔ Easy to use interface ✔ Multi-tenancy ✔ Role based access ✔ 24X7 support ✔ And more….
  7. 7. DO YOU WANT TO MANAGE ALL THIS? 8 App Catalog Orchestration Scheduling Monitoring Access Control Network Storage Distributed DB Registry Engine Security Helm, … Compose, Kubernetes, Marathon, Swarm, Kubernetes, Mesos, … cAdvisor, Prometheus, Datadog, … LDAP, AD, GitHub, … Nexus, Artifactory, DTR… Docker, runC, Rocket … Notary, Vault, … VXLAN, IPSEC, HAProxy, … Ceph, Gluster, Swift, … Etcd, Consul, MongoDB, … …or this?
  8. 8. CHALLENGES : KUBERNETES ONLY IMPLEMENTATIONS • Creating a Kubernetes environment that is customized to DevOps needs • Automating the deployment of multiple Kubernetes clusters • Managing the health of Kubernetes clusters • Automating the upgrade of Kubernetes clusters • Deploying multiple clusters on premises or across disparate cloud providers • Ensuring enterprise readiness, including access to 24×7 support • Customizing then repeatedly deploying multiple combinations of infrastructure services (e.g. storage, networking, DNS, load balancer) • Deploying and automating upgrades for Kubernetes add-ons such as Dashboard, Helm and Heapster
  9. 9. RUNNING CONTAINERS IN PRODUCTION IS HARD, RANCHER MAKES IT EASY 10 Develop Build Package Test Deploy/Upgrade Operate Docker Hub
  10. 10. GAINING SIGNIFICANT MOMENTUM GA March 2016 >20 million downloads 5,000 GitHub stars 100+ enterprise customers
  11. 11. WORKSHOP AGENDA • Infrastructure Side • How to modify and maintain multiple Kubernetes configurations easily • Configure separate data, cluster & worker nodes • Configure Kubernetes cloud providers • NFS & EBS configuration • Configuring Network types: IPSec & VXLan • Application Side • Deploy applications with Helm chart • Auto creation of disks and ELB in action • Custom Registry • Auto Scaling of hosts • Hosts upgrades
  12. 12. SETUP WITH DIGICAL OCEAN • Use the promo code DOBCC. It will give you $15 worth of credits on DigitalOcean platform. Please note the following: • a) You can sign up for an account @ The above promo code will add credits only to new DigitalOcean accounts. • b) Adding a payment option (credit/debit card or Paypal) is part of the sign up workflow. To verify the authenticity of the card, sometimes the payment gateway does an authorization charge of around $1 but this charge gets reversed immediately after the card has been verified. • c) Once the above promo code is applied, $15 in credits will be added to your account which can be used for anything on the
  13. 13. ENVIRONMENT TEMPLATES • Creating and customizing templates for different requirements in an organization • You can have different storage, networking and other requirements in different units/projects • You might want a true HA setup for Pre-prod/prod where as a simple setup for Development environment • Rancher enables this with template stacks - official as well as community supported. • You can create multiple environment templates and can launch environments based on template
  14. 14. DEMO
  15. 15. RESILIENCY PLANES • Objective: Achieve separation between data, Orchestration and compute nodes. • Data - Used by Etcd to store all data • Recommended minimum 3 • Orchestrate - for Kubernetes • Recommended minimum 2 (For HA) • Compute - for actual workload • 1 or more • You can not change a node type from one resiliency plane to other etcd=true orchestrate=true compute=true 1 2 3 1 2 1 N
  16. 16. CLOUD PROVIDER CONFIGURATION • Kubernetes cloud providers: interface to underlying cloud provider • Useful for things such as: Load balancer, Node management, Networks etc. • Rancher comes built with two cloud providers: Rancher & AWS • AWS provider can be used for ELB, EBS and Node management • Rancher provider is useful for Nodes & HAProxy based load balancers
  17. 17. DNS - USING DIGITAL OCEAN • Enables quick and easy integration with DNS (AWS Route53, Digital Ocean DNS etc.) • Each service of type Load Balancer - gets the load balancer auto provisioned and DNS record created. • DNS record is customizable
  18. 18. RANCHER NETWORK SERVICES VXLan (Overlay) • Unencrypted traffic between hosts • Good if underlying network is secure • Faster Configurable MTU IPSec (Overlay) • Encrypted traffic between hosts, MTU configurable • Good for public clouds • Relatively slow due to encryption overhead More plugins coming for • Calico • Weave etc. Network Manager • Interface to CNI plugin & responds to add/remove container events • Takes care of part mapping (Initial CNI did not have it) Rancher DNS • DNS Service within cluster, communicates with upstream DNS • Provides service discovery in cluster Rancher - Metadata • Metadata agent runs on all hosts • Provides Service Discovery locally Networking Under the hood All three components are open source
  19. 19. RANCHER HEALTH CHECK • Health check stack is one of infrastructure stacks • Launched as a set of containers and utilized HAProxy internally to validate health of containers • Containers are checked for health from multiple health check containers • If even one of health check containers respond positive on a service - then it is good • If all of health check containers respond negative on a service, then it is assumed down
  20. 20. PORTAINER • We deployed Portainer as part of the stack, which is a simple UI for containers. • The Dashboard is reachable at http://rancher- server:8080/r/projects/1a5/portainer/ (Just open the Kubernetes dashboard UI and change the URL) • Portainer is simple utility and shows containers on a host • This shows how easy it can be to deploy custom utilities stacks on top of Rancher
  21. 21. POWERFUL COMPOSITION • Every stack is a rancher-compose + docker-compose • You can custom create complete stack, upload and have a new environment template
  22. 22. AWS CLOUD PROVIDER BASED ENVIRONMENT • Create a AWS cloud provider based Kubernetes environment template and an environment • Create Roles for instance profiles for the Kubernetes master & agent - this enables the instances to attach disks or create ELB and so on • Create 4 hosts - one master & 3 nodes and install docker on them • Add the hosts manually to the Rancher environment • See the environment build up
  23. 23. WALKTHROUGH OF INFRA STACKS • Health check stack for health checks • IPSec networking for encrypted overlay traffic • Ingress controller for LB and Ingress management • Supporting Network services - NW manager and metadata • Portainer as a utility • Scheduler framework for additionally scheduling
  24. 24. WALKTHROUGH OF INFRA STACKS • Kubernetes stack for all core components • Controller manager control nodes, endpoints etc. • Kubernetes - API Server • Ingress controller for ingress & LB management • Core Scheduler
  25. 25. SAMPLE APPLICATION DEPLOYMENT • We will use a Helm chart to deploy WordPress stack - which contains the WordPress app & MySQL DB • MySQL DB needs a persistent disk - which be auto provisioned for us. • We also need a LoadBalancer - which will be auto created. • We won’t use DNS like we did in last example, but that is possible too.
  26. 26. HELM ON MY MACHINE • Configure ~/.kube/config file - verify with kubectl • ‘helm init’ - initializes all directories and standard repo • helm search WordPress • helm install --name bcc-release stable/wordpress
  27. 27. OH, WAIT, WHAT IS HELM? • Helm is a package manager for Kubernetes • Tiller - Repo Server • Chart - a package • Helm is the client for Tiller • Charts are in a repo (Typically some Git repo) • A chart - is set of manifests • The values can be defaulted to or overridden as input from user • A chart is released as a release so that it can be tracked.
  28. 28. IS WORDPRESS DEPLOYED? • Deployments for WordPress created • Services created • Volumes auto created • ELB auto created
  29. 29. MORE VALIDATIONS • PV & PVC created using the default storage class • And we can reach our blog:
  30. 30. WordPress helm chart - code walkthrough
  31. 31. HOST EVACUATION • You want to upgrade a host for some security patches or some change • But without disrupting normal operations • Evacuation helps you reschedule pods to other hosts, gracefully!
  32. 32. CUSTOM REGISTRY ADDITION • You can use Docker hub or any private registry • Host dockercfg is auto populated - so images can be pulled from those registries
  33. 33. RECEIVER HOOKS • Like webhooks - can be used to invoke actions in Rancher • Can be tied to let’s say monitoring system • Possible to achieve auto - host scaling & service upgrade as of today. • More actions & “Kind” of hooks coming soon
  34. 34. AND IT COMES WITH AN API • Rancher has a comprehensive API - and all actions can be done via API • API is well documented, has in browser accessibility and is exhaustive • Rancher also comes with a CLI
  36. 36. INGRESS: LOAD BALANCERS • For an ingress you need a load balancer. • Rancher creates/updates/manages Rancher load balancers based on ingress lifecycle, using rancher ingress controller. • This also makes usage of ingress easier outside a cloud provider. • Rancher load balancers support • Host/path based routing • TLS • Advanced targeting and scheduling of load balancers.