Docker Summit 2016 - Kubernetes: Sweets and Bitters

Kubernetes :
Sweets and Bitters
Come On Docker ❤ 吉你

Hello!
I am Tom Tsai
I am here because I want to give life to
the servers
▷ Startup (DevOps)
▷ Trend Micro (QA, DevOps)
▷ DevOps Lecturer

“Have You Organization Adopted Any
Container Orchestration ?

Outline
▷ Kubernetes Introduction
▷ Access Kubernetes API
▷ Kubernetes CI/CD Pipeline
▷ Container High Availability
▷ Kubernetes Misc
▷ Q & A

Kubernetes Terminology
Pod
A group of one or
more containers
Replica Set
Ensures that a
specified number of
pod “replicas” are
running
Deployment
Provides declarative
updates for Pods and
Replica Sets
Service
a logical set of Pods
and a policy by
which to access
them

Deployment
Replica Set
Pod
Container 1
Container 2
Replica Set
Pod
Container 1
Container 2
Service

User Account V.S. Service Account
Service Account
User Account

Authorization Mode
▷ AlwaysDeny, AlwaysAllow, ABAC
▷ ABAC Mode
○ user, readonly, resource, namespace
○ {"user":"bob", "resource": "pods",
"readonly": true, "ns": "projectCaribou"}

Real Practice
Alpha
(readonly)
Staging
(readonly)
Prod
(readonly)
Jenkins False False False
Human False True True

Kubectl V.S. Restful API
~$ kubectl delete deployment nginx
DELETE
/apis/extensions/v1beta1/namespaces/default/deployments/nginx

Kubectl V.S. Restful API
~$ kubectl delete deployment nginx
DELETE
/apis/extensions/v1beta1/namespaces/default/deployments/nginx
deployment, replica set,
pod are deleted from K8S
only deployment is
deleted from K8S

Jenkins Integrate With Kubernetes
1. Create Deployment
2. Update Image ver.
3. Create Service
4. Of course, Testing
K8S Restful API

Actually Happened… (1/3)
Using Template Language to
create Deployment, Service
YAML File
- Chef: ERB
- Ansible: Jinja2
...
containers:
- name: nginx
image: "10.1.1.1:500/web/nginx:{{ image_tag }}"
...

Actually Happened…(2/3)
HTTP POST (Reference)
/api/v1/namespaces/{namespace}/services/{name}
/apis/extensions/v1beta1/namespaces/{namespace}/deploy
ments/{name}

Actually Happened…(3/3)
HTTP PATCH (Reference)
/api/v1/namespaces/{namespace}/services/{name}
/apis/extensions/v1beta1/namespaces/{namespace}/deploy
ments/{name}

4.
Container High Availability

Container Alive V.S. Service Alive
▷ Container Alive != Service Alive
▷ When Container Dead, Restarting
Pod Automatically
▷ When Service Dead ?

Liveness Probes
▷ Check Whether Service Alive Or Not
▷ Restart Pod If Service Unavailable
▷ Exec Liveness
▷ Http Liveness

Readiness Probes
▷ Check Whether Service Alive Or Not
▷ Bind Pod If Service Ready
▷ Unbind Pod If Service Unavailable
▷ Exec Liveness
▷ Http Liveness

Termination Notice
▷ Grace Terminate Container
▷ Send SIGTERM to applications
▷ pre-stop lifecycle hook

Daemon Set
▷ Daemon Set ensures that all (or
some) nodes run a copy of a pod
▷ Rolling Update Issue

Deploy Daemon Set Workaround
▷ Replace Instead Of Rolling Update
▷ Deployment + hostPort Instead Of
Daemon Set
ports:
- containerPort: 9999
name: for-deployment
hostPort: {{ 2000 |random(start=1000, step=10) }}

Troubleshooting
▷ Official Support Document
○ ~$ kubectl get {resource_type} | grep {name}
○ ~$ kubectl logs {pod_name}
○ ~$ kubectl describe {resource_type} {name}
○ ~$ kubectl edit {resource_type} {name}
○ ~$ kubectl exec -it {pod_name} bash

Update V.S. Replace
▷ Rolling Update K8S Resource First, Reduce
Service Downtime
▷ Increase terminationGracePeriodSeconds
if needed
▷ But It’s Necessary To Replace Resource
Sometimes...

Capability
Unfortunately, I annot
disclose these details. 你 Pod 數有多高 ?
Pod Number Container Per Pod
100 10
10 100
Which Loading Is
Higher?

Access K8S From External
NodePort
Where Pod?

Access K8S From External
Service IP
Pod IP
Directly

Thanks!
Any questions?
You can find me at:
smalltown20110306
smalltown0110
smalltown0110

Docker Summit 2016 - Kubernetes: Sweets and Bitters

More Related Content

Docker Summit 2016 - Kubernetes: Sweets and Bitters