Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

My slides from SECR'2018

Alex Chistyakov
Alex Chistyakov

This document discusses declarative configuration management using Kubernetes and Helm. It begins with an overview of DevOps and configuration management processes. It then provides background on tools like Puppet, Chef, and Ansible before introducing Kubernetes as an operating system for microservices and Helm as a package management system. Key points covered include how Helm works by generating Kubernetes YAML configurations and using Tiller to apply them in the cluster. The document also notes that the Helm chart repository is large and actively maintained on GitHub. It concludes by acknowledging issues with Golang and configuration tools while also noting the presenter does not really care to criticize them.

Related slideshows

ReactJS Code Impact
ReactJS Code ImpactReactJS Code Impact
ReactJS Code Impact
 
Reason React
Reason ReactReason React
Reason React
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterous
 
1 of 37
Download to read offline
On declarative configuration management using Kubernetes and Helm Alexander Chistyakov ITMO University Software Engineering Conference Russia 2018 October 12-13 Moscow
First things first, what is DevOps? ● I will make a short break for you so you can ship a release ● And if your process is solid enough, you can ship while I talk ● Or even better, a release can ship itself when it’s ready without even bothering you ● Do you need a couple of minutes just to check if something is shipping right now?
BTW, who are you? ● Are you a human being? ● Maybe a DevOps engineer? ● Maybe a cyborg? ● Maybe even a Jenkins node? ● If so, how many jobs you can run in parallel?
What does a CM process look like? ● We define a desired state declaratively
What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently
What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins
What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes
What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes ● Infrastructure gets to the desired state!
What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes ● Infrastructure gets to the desired state! ● Sounds not too difficult, should be quite easy to implement
A bit of history ● Are you familiar with Puppet CM system? ● Raise your hands if you like it! (But how on Earth is it possible?)
A bit of history ● Are you familiar with Chef CM system? ● Raise your hands if you like it! (Please don’t cry, SECR is a safe place and I’m your friend)
A bit of history ● Are you familiar with Ansible CM system? ● Raise your hands if you like it!
If you know Ansible, pls help me a bit ● I need to configure a cluster of something ● No, not a cluster yet, just a monitoring tool for a cluster
Okay let’s try ● I need to configure a cluster of something ● Raise your hands if you like it!
What’s inside ● I need to configure a cluster of something ● Raise your hands if you like it!
What’s wrong with it? ● Nothing, this module was just awesome ● Except that it was poorly written, not documented at all, hard to use, not supported and finally abandoned ● Still 7 stars on GitHub!
Let’s try again ● I need to configure a cluster of something ● Raise your hands if you like it!
What’s inside ● I need to configure a cluster of something ● Raise your hands if you like it!
What’s wrong with it?
What’s terribly wrong with it? ● Can you tell for sure what is a status of the Carbon systemd service? ● And if you can, imagine a situation where you provide a service unit file and then use Ansible “notify” mechanism to call a handler which in turn enables the service
What’s terribly wrong with it? ● It’s hard to explain (not so hard to implement though), but people tend to be extremely proud implementing solutions like this ● Why on Earth does Ansible allow this? ● Please note that Ansible handlers run at the end of script execution
Back to the CM process for a moment ● We want to run a set of microservices on top of a monolithic Linux kernel ● If this still makes sense, we can consider services as building blocks
A dictionary for people from late 90s ● A microservice = a process ● A Docker image = a package ● Kubernetes = an operating system for microservices ● Helm = a package managing system (think apt in Debian or yum in RHEL) for Kubernetes
Let’s try ● A microservice = a process
What’s inside a lab ● A Vagrant-based Ansible-provisioned K8s setup ● 3 Vagrant boxes ● Using Kubespray (https://github.com/kubernetes-incubator/kubespray) to set up Kubernetes (Kubespray is where Ansible meets K8s) ● Using Helm to provision Kubernetes apps
What’s inside a playbook
Ansible calls Helm
Tired of dictionaries (the roads must roll!) ● Ansible = Helm ● Ansible role = Helm chart ● Python = Golang (this goes far beyond the scope of this session) ● Jinja templates = some custom templating engine ● ___ = tiller
How Helm works ● Helm generated K8s YAML configs ● Helm transfers generated config files to the K8s cluster ● Tiller is an agent which runs in the cluster, effectively a cluster-side Helm service ● Tiller applies configuration files and labels a release ● Just like a Chef client 7 years ago but without a memory leak :)
Helm charts repository ● It’s centralised ● It’s on GitHub (https://github.com/helm/charts) ● It grows very fast ● If you submit a patch it will be landed in about a month, which I consider quite fast
Helm charts repository ● https://hub.kubeapps.com (a nice landing page for non-kinesthetic people)
What’s inside a chart
Templates are just declarative configs
What’s wrong with Helm? ● Unfamiliar templating syntax (if you are not a Lisper)
What’s wrong with K8s and Helm? ● They are written in Golang ● Really, seriously, please stop using Golang for everything! ● We are humans not rodents, we already invented nuclear bombing, Haskell and even soccer, why Golang after all???
Conclusions ● Classical CM systems were never good ● Kubernetes and Helm are not good too, but we are just not fully aware yet ● And, frankly speaking, I don’t care
Contacts • Alex Chistyakov • alexclear@gmail.com • +7-921-643-93-27 (Please don’t call me, I am a sociophobe) • @demeliorator (in Telegram and Skype)

More Related Content

My slides from SECR'2018

  • 1. On declarative configuration management using Kubernetes and Helm Alexander Chistyakov ITMO University Software Engineering Conference Russia 2018 October 12-13 Moscow
  • 2. First things first, what is DevOps? ● I will make a short break for you so you can ship a release ● And if your process is solid enough, you can ship while I talk ● Or even better, a release can ship itself when it’s ready without even bothering you ● Do you need a couple of minutes just to check if something is shipping right now?
  • 3. BTW, who are you? ● Are you a human being? ● Maybe a DevOps engineer? ● Maybe a cyborg? ● Maybe even a Jenkins node? ● If so, how many jobs you can run in parallel?
  • 4. What does a CM process look like? ● We define a desired state declaratively
  • 5. What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently
  • 6. What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins
  • 7. What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes
  • 8. What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes ● Infrastructure gets to the desired state!
  • 9. What does a CM process look like? ● We define a desired state declaratively ● We instruct a CM master tool to get a system to that state idempotently ● Some CM magic begins ● Midnight suddenly comes ● Infrastructure gets to the desired state! ● Sounds not too difficult, should be quite easy to implement
  • 10. A bit of history ● Are you familiar with Puppet CM system? ● Raise your hands if you like it! (But how on Earth is it possible?)
  • 11. A bit of history ● Are you familiar with Chef CM system? ● Raise your hands if you like it! (Please don’t cry, SECR is a safe place and I’m your friend)
  • 12. A bit of history ● Are you familiar with Ansible CM system? ● Raise your hands if you like it!
  • 13. If you know Ansible, pls help me a bit ● I need to configure a cluster of something ● No, not a cluster yet, just a monitoring tool for a cluster
  • 14. Okay let’s try ● I need to configure a cluster of something ● Raise your hands if you like it!
  • 15. What’s inside ● I need to configure a cluster of something ● Raise your hands if you like it!
  • 16. What’s wrong with it? ● Nothing, this module was just awesome ● Except that it was poorly written, not documented at all, hard to use, not supported and finally abandoned ● Still 7 stars on GitHub!
  • 17. Let’s try again ● I need to configure a cluster of something ● Raise your hands if you like it!
  • 18. What’s inside ● I need to configure a cluster of something ● Raise your hands if you like it!
  • 20. What’s terribly wrong with it? ● Can you tell for sure what is a status of the Carbon systemd service? ● And if you can, imagine a situation where you provide a service unit file and then use Ansible “notify” mechanism to call a handler which in turn enables the service
  • 21. What’s terribly wrong with it? ● It’s hard to explain (not so hard to implement though), but people tend to be extremely proud implementing solutions like this ● Why on Earth does Ansible allow this? ● Please note that Ansible handlers run at the end of script execution
  • 22. Back to the CM process for a moment ● We want to run a set of microservices on top of a monolithic Linux kernel ● If this still makes sense, we can consider services as building blocks
  • 23. A dictionary for people from late 90s ● A microservice = a process ● A Docker image = a package ● Kubernetes = an operating system for microservices ● Helm = a package managing system (think apt in Debian or yum in RHEL) for Kubernetes
  • 24. Let’s try ● A microservice = a process
  • 25. What’s inside a lab ● A Vagrant-based Ansible-provisioned K8s setup ● 3 Vagrant boxes ● Using Kubespray (https://github.com/kubernetes-incubator/kubespray) to set up Kubernetes (Kubespray is where Ansible meets K8s) ● Using Helm to provision Kubernetes apps
  • 26. What’s inside a playbook
  • 28. Tired of dictionaries (the roads must roll!) ● Ansible = Helm ● Ansible role = Helm chart ● Python = Golang (this goes far beyond the scope of this session) ● Jinja templates = some custom templating engine ● ___ = tiller
  • 29. How Helm works ● Helm generated K8s YAML configs ● Helm transfers generated config files to the K8s cluster ● Tiller is an agent which runs in the cluster, effectively a cluster-side Helm service ● Tiller applies configuration files and labels a release ● Just like a Chef client 7 years ago but without a memory leak :)
  • 30. Helm charts repository ● It’s centralised ● It’s on GitHub (https://github.com/helm/charts) ● It grows very fast ● If you submit a patch it will be landed in about a month, which I consider quite fast
  • 31. Helm charts repository ● https://hub.kubeapps.com (a nice landing page for non-kinesthetic people)
  • 33. Templates are just declarative configs
  • 34. What’s wrong with Helm? ● Unfamiliar templating syntax (if you are not a Lisper)
  • 35. What’s wrong with K8s and Helm? ● They are written in Golang ● Really, seriously, please stop using Golang for everything! ● We are humans not rodents, we already invented nuclear bombing, Haskell and even soccer, why Golang after all???
  • 36. Conclusions ● Classical CM systems were never good ● Kubernetes and Helm are not good too, but we are just not fully aware yet ● And, frankly speaking, I don’t care
  • 37. Contacts • Alex Chistyakov • alexclear@gmail.com • +7-921-643-93-27 (Please don’t call me, I am a sociophobe) • @demeliorator (in Telegram and Skype)