Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes...
Transcript of Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes...
![Page 1: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/1.jpg)
![Page 3: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/3.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Objectives• A brief primer on containers• The problems with running containers at scale• Orchestration systems• Kubernetes background• Pods, Deployments, Services, Ingress• Cisco tie-ins
Agenda
![Page 4: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/4.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What are containers?
![Page 5: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/5.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Machine vs. Container
Server
Hypervisor / Host OS
Guest OS
Bins/Libs
App 1
Guest OS
Bins/Libs
App 2
Server
Host OS
Docker Engine
Bins/Libs
App 1
Bins/Libs
App 2
![Page 6: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/6.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Container”
/Server One.
/usr /etc /bin
app1app2app3
app1app3
app2app3
ManualRPM DEB
Puppet
/
Server One.
/usr /etc /bin
app1 app 2 app2
/
/usr /etc /bin
app1
HypervisorVM one VM two
ManualRPM DEB
Puppet(Treat as servers)
OR Bake Images (AMI / Packer)
Container 1 /
Server One.
/usr /etc /bin
app1 app 2 app2
/usr /etc /bin
app1
Baked container images.
Container 2 /
Technical: Changing how we deploy code into reality.
![Page 7: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/7.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FROM ubuntu:15.04COPY . /appRUN make /appCMD python /app/app.py
Goes away on restart
![Page 8: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/8.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why use an orchestrator
![Page 9: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/9.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Anatomy
Application Server
Database
Web Server
Login Service Photo Upload
Like Service Comment Service
Profile Service Logging Service
Photo Processing Friend Requests
![Page 10: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/10.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Pets vs Cattle
![Page 11: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/11.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Redesign Image Sharing App
Microservice 1 Microservice 2 Microservicen
Team 1 Team 2 Team n
…
DB1 …DB2 DBn
Web front End iOS App Android App
API Service
![Page 12: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/12.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Autonomous• Microservice can be upgraded independent of other systems• Microservice can iterate as quickly as it needs
• Polyglot application stacks (Technology Heterogenity)• Other microservices are black boxes to other services
• Service can be used by other projects in the organization
Advantages of Microservices
![Page 13: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/13.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using docker CLI is all well and good as a developer..But you’re probably not going to manage production like this…
Host / VM 2Linux Kernel
Docker Engine
Container
$ssh host1host1# docker run container$ssh host2host2# docker run container$ssh host3host3# docker run container
Host / VM 3Linux Kernel
Docker Engine
Container
Host / VM 1Linux Kernel
Docker Engine
Container
![Page 14: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/14.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Container ContainerContainer
Kubernetes
Load Balancing
Health Checks Log Aggregation / AccessDeveloper API
Container orchestration is a must.
$kubectl scale deployment <name> --replicas=3
Once you’ve built your containers and pushed them. Container Orchestrators manage running containers across a pool of resources for you
![Page 15: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/15.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Docker Swarm / EE
• Apache Marathon
• Rancher (seem to be moving towards k8s)
What are other orchestrators?
![Page 16: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/16.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is kubernetes?
![Page 17: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/17.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• GIFE• 2015 paper from Google:
https://research.google.com/pubs/pub43438.html• Engineers who worked on Borg now work on Kubernetes:
http://blog.kubernetes.io/2015/04/borg-predecessor-to-kubernetes.html
• Lessons Learned:• Multi-Job services could not be managed as a single entity• One IP address per Machine
Borg
![Page 18: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/18.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Container Orchestration• Keeping your containers up, scaling them, routing traffic to them• Kubernetes != Docker though K8S uses Docker (or CoreOS rkt)
What is Kubernetes?
![Page 19: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/19.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• MiniKube (local workstation)
• Installers (on-prem, hybrid, custom)• Kops (part of core kubernetes.io github)• Kubespray (Ansible + Terraform)• Etc, etc…
• Cloud• Google Container Engine (GKE J)• Azure Container Service• Amazon EKS • Etc…
Installation options
![Page 20: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/20.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Step-by-step tutorial of how to assemble a kubernetes cluster
• https://github.com/kelseyhightower/kubernetes-the-hard-way
Sidebar: K8S the hard way
![Page 21: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/21.jpg)
Source: http://x-team.com/2016/07/introduction-kubernetes-architecture/
![Page 22: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/22.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Kubectl & ~/.kube/config
• Minikube CLI
• The Real Way™: CI system
Deploying Containers
![Page 23: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/23.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simple Architecture
Persistence
CI/CD
Kubernetes Registry
![Page 24: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/24.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Kubernetes Components
![Page 25: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/25.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Kubernetes main Features
Pods Deployments Services Ingress
![Page 26: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/26.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Group of one or more containers, shared storage, and options for how to run the containers
• Share IP address and port space
• Atomic unit of management
Pods
Source: http://kubernetes.io/docs/user-guide/pods/
![Page 27: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/27.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Rolling upgrades• Declare intent: How many replicas should be running of a given
pod?• Namespace• Labels• Ports that should be exposed
Deployments
![Page 28: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/28.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Abstraction for the mortality of Pods
• Provide single stable name and address for a set of pods inside the cluster (aka service discovery).
Services
Source: http://kubernetes.io/docs/user-guide/services/
![Page 29: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/29.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Abstraction for services
• An Ingress is a set of rules for directing inbound traffic to a service.
• An Ingress Controller is a service that listens for the creation of new services and does reverse proxy (nginx, traefik, f5 loadbalancer)
Ingress
See: http://kubernetes.io/docs/user-guide/ingress/
![Page 30: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/30.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
K8S templates: deployment# k8s/dev/api-deployment.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:
name: rest-api-swaggerspec:
replicas: 2template:
metadata:labels:
app: rest-api-swaggerspec:
containers:- name: rest-api-swagger
image: ciscodevnet/rest-api-swagger:latestports:- containerPort: 10010
![Page 31: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/31.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
K8S templates: service# k8s/services/api-service-lb.yamlkind: ServiceapiVersion: v1metadata:
name: rest-api-swaggerspec:
type: LoadBalancer # or NodePort, etc.ports:- name: http
port: 8080targetPort: 10010protocol: TCP
selector:app: rest-api-swagger
![Page 32: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/32.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Manual kubectl deployment
$ kubectl apply -f k8s/dev/api-deployment.yaml$ kubectl apply -f k8s/services/api-service-lb.yaml$ kubectl describe deployment$ kubectl describe service rest-api-swagger$ kubectl delete -f k8s/dev/api-deployment.yaml$ kubectl delete -f k8s/services/api-service-lb.yaml
![Page 33: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/33.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Drone CI kubectl deploymentdeploy:k8s:image: containers.ex.com/devnet/drone-kubectlapiserver: https://your-gke-api-endpoint #kubectl cluster-infotoken: $$K8S_TOKENcommands:- 'kubectl apply -f k8s/services/*.yaml’- 'kubectl apply -f k8s/dev/*.yaml --record’- 'kubectl describe service ${SERVICE_NAME}’
when:branch: master
![Page 34: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/34.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Google-Cisco Partnership• Soon to be released Cisco Container Platform allows simple management of
multiple kubernetes clusters aimed at enterprise hybrid cloud.• On-premises, Cisco’s hyper-converged platform, Cisco HyperFlex, will
provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.
• Developers will be able to create new applications in the cloud or on-premises consistently using the same tools, runtime and production environment.
• And more…• Contiv• Container Networking Interface plugin• Ties into ACI for policy-based controls
Cisco tie-ins
![Page 35: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/35.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
![Page 36: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/36.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
![Page 37: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/37.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ashley Roach• [email protected]
• @aroach
• http://github.com/aroach
• http://linkedin.com/in/ashleyroach
Cisco DEVNET• @CiscoDevNet
• http://github.com/CiscoDevNet
Connect with me
![Page 38: Kuber-what?! Learn about Kubernetes Webinar Slides · provide a cloud-ready solution for Kubernetes and containers, and management tools to enforce security and consumption policies.](https://reader034.fdocuments.in/reader034/viewer/2022042303/5ece405ed9590e4d3f3274fe/html5/thumbnails/38.jpg)