Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Kubernetes - State of the Union (Q1-2016)Vadim Solovey - CTO, DoIT InternationalGoogle Cloud Developer Expert | Authorized Trainervadim@doit-intl.com

Google confidential │ Do not distribute

Agenda

Introduction to Containers & Kubernetes

What’s new and coming soon

Q&A

1

2

3

• Usage of micro-services

• Declarative management

• Highly flexible and scalable

• Automation-friendly

• Good for complex

architectures

• Development for “Google

scale”

KubernetesPackaging containersApps in ContainersContainers

‘Physical’ Node

Portable, isolated, static app environments

Hello Container!

Hypervisor

node kernel

app code

libraries

app code

libraries

app code

libraries

container 1 container 2 container 3

Copyright 2016 Google Inc

How Can We Scale Out Container Workloads?

Node Node

Cluster

Node

???

• Placement?• Scale?• Node failure?• Container failure?• Application upgrades?

How to handle...Containers

Managed Base OS

Node Container Manager

Scheduled Containers

Cluster Scheduler Schedule containers across machines

Replication and resizing

Service naming and discovery

Cluster schedulingKubernetesContainers

A datacenter is not a group of computers,

a datacenter is a computer.

The promise

Copyright 2015 Google Inc

Replication controllers create new pod "replicas" from a template and ensures that a configurable number of those pods are running.

A Service offers low overhead way to route requests to a logical set of pod backends in the cluster based on a label selector.

Replication Controllers ServicesLabels

Labels are metadata that are attached to objects, such as pods.

They enable organization and selection of subsets of objects with a cluster.

Pods

Pods are ephemeral units that are used to manage one or more tightly coupled containers.

They enable data sharing and communication among their constituent components.

Moving partsKubernetes

Copyright 2015 Google Inc

Namespaces AnnotationsSecretsVolumes

More moving partsKubernetes

Persistent VolumesSelectors Load

Balancers

Copyright 2015 Google Inc

Autoscalers

Ingress

JobsDaemon Sets

New kids in the townKubernetes

Deployments

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Daemon Sets

Daemon SetsA Daemon Set ensures that all (or some) nodes run a copy of a pod.

Node 1 Node 2 Node 3pod pod pod

Popular use-cases:

● running a cluster storage daemon, such as glusterd or ceph● running a logs collection daemon on every node, such as fluentd or logstash● running a node monitoring daemon on every node collectd, new relic, ganglia

Alternatives:

● init script of your religion, - init, upstartd, systemd● bare pods

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Deployments

DeploymentsA Deployment provides declarative update for Pods and ReplicationControllers.

apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: nginx-deploymentspec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80

A typical use case is:● Create a deployment to bring up a replication controller and pods.● Later, update that deployment to recreate the pods (for ex: to use a

new image).

$ kubectl create -f app.yaml deployment "app" created..

$ kubectl get deployments NAME UPDATEDREPLICAS AGE app 3/3 1m

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Horizontal Pod Autoscaling

Pod AutoscalingHorizontal pod autoscaling allows the number of pods in a replication controller or deployment to scale automatically based on observed CPU utilization

Pod 1

Details:

● Control loop (targetNumOfPods = ceil(sum(currentPodsCPUUtilization) / target)● --horizontal-pod-autoscaler-sync-period● Autoscaling during rolling update

Pod 2 Pod .. Pod N

RC / Deployment Autoscaler

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Ingress

Copyright 2016 Google Inc

The Ingress

Services

Internet

Services

Internet

Ingress

is collection of rules that allow inbound connections to reach the cluster services

Copyright 2016 Google Inc

The Ingress Resource

Services

Internet

Ingress

Few potential use-cases include:

● Externally reachable urls for services

● Traffic Load Balancing

● Terminate SSL

● Name based virtual hosting

● More more as it evolves..

Available Controllers:

● GCE L7 LB

● nginx

● Write your own

Copyright 2016 Google Inc

The Ingress Resource

Services

Internet

Ingress

Minimal Ingress Resource may look like this:

01. apiVersion: extensions/v1beta102. kind: Ingress03. metadata:04. name: test-ingress05. spec:06. rules:07. - http:08. paths:09. - path: /testpath10. backend:11. serviceName: test12. servicePort: 80

Copyright 2016 Google Inc

Creating Ingress Resource

Services

Internet

Ingress

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: test-ingressspec: backend: serviceName: testsvc servicePort: 80

$ kubectl get ingNAME RULE BACKEND ADDRESStest-ingress - testsvc:80 107.178.254.228

Copyright 2016 Google Inc

Creating Ingress Controller

Services

Internet

Ingress

apiVersion: v1kind: ReplicationControllermetadata: name: nginx-ingress labels: app: nginx-ingressspec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: gcr.io/google_containers/nginx-ingress:0.1 imagePullPolicy: Always name: nginx ports: - containerPort: 80 hostPort: 80

Copyright 2016 Google Inc

Simple Fan OutSimple edge accepting ingress traffic and proxying it to the right endpoints

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: testspec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80

$ kubectl get ingNAME RULE BACKEND ADDRESStest - foo.bar.com /foo s1:80 /bar s2:80

foo.bar.com

178.91.123.132

/foos1:80

/bars2:80

Copyright 2016 Google Inc

Name based virtual hostingName-based virtual hosts use multiple host names for the same IP address

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: testspec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80

foo.bar.com

178.91.123.132

foo.bar.coms1:80

bar.foo.com

s2:80

bar.foo.com

Copyright 2016 Google Inc

AlternativesYou can expose a Service in multiple ways that don't directly involve the Ingress resource:

● Use Service.Type=LoadBalancer

● Use Service.Type=NodePort (30K-32K ports)

● Use a Port Proxy

● Deploy the Service Loadbalancer. This allows you to share a single IP among multiple

services and achieve more advanced load balancing through service annotations.

Copyright 2016 Google Inc

Gotchas● The Ingress resource is not available in Kubernetes < 1.1

● You need an Ingress Controller to satisfy an Ingress.

○ Simply creating the resource will have no effect.

● On GCE/GKE there is a L7 LB controller, on other platforms you either need to write

your own or deploy an existing controller as a pod.

● The resource currently does not support HTTPS, but will do so before it leaves beta

(March/April 2016)

Copyright 2016 Google Inc

Future Work● Various modes of HTTPS/TLS support (edge termination, sni etc)

● Requesting an IP or Hostname via claims

● Combining L4 and L7 Ingress

● More Ingress controllers (haproxy, vulcan, zuul, etc)

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Jobs

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Going forward

JobsA job creates one or more pods and ensures that a specified number of them successfully terminate.

Details:

● .restartPolicy, .parallelism & .completions● replication controller vs jobs● cron

apiVersion: extensions/v1beta1kind: Jobmetadata: name: pispec: selector: matchLabels: app: pi template: metadata: name: pi labels: app: pi spec: containers: - name: pi image: perl command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] restartPolicy: Never

$ kubectl create -f ./job.yaml jobs/pi

$ kubectl logs pi-aiw0a3.14159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823371

Copyright 2016 Google Inc

Going forward in 2016● version 1.2 would also enable multi-zone

● version 1.4 will allow multi-clustering (Ubernetes)

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.

Q & AVadim Solovey - CTO, DoIT InternationalGoogle Cloud Developer Expert | Authorized Trainervadim@doit-intl.com

Section Slide Template Option 2

Put your subtitle here. Feel free to pick from the handful of pretty Google colors available to you.Make the subtitle something clever. People will think it’s neat.meetup.com/googlecloud