Container Conf 2017: Rancher Kubernetes

Container Conf 2017: Rancher Kubernetes

• 1.
  DEPLOY, MANAGE &SCALE KUBERNETES WITH RANCHER BANGALORE CONTAINER CONFERENCE 7TH APRIL 2017 VISHAL BIYANI RANCHER & INFRACLOUD
• 2.
  VISHAL BIYANI CTO &Founder at infraCloud technologies (www.infracloud.io ) 2004 Java, PLM, JSP, Servlets 2004-2009 eMatrix PLM, J2EE, Database, architecture, Shell and what not 2010 - 2013: Spring, Maven, Jenkins, ElasticSearch, CloudFoundry, Google App Engine, APIs, CI 2013: Puppet, Chef, Ansible, CD/CI, DevOps Coach, Docker, API Mgmt, Microservices, Infra as code Now: Containers, Kubernetes, Mesos, Salt, Scale, Distributed https://twitter.com/vishal_biyani https://www.vishalbiyani.com
• 3.
  infraCloud is aRancher consulting partner http://rancher.com/partners-index/ Rancher has published a FREE eBook on “Scaling and deploying Kubernetes” http://info.rancher.com/deploying-scaling-kubernetes-ebook
• 4.
  The average company QUINTUPLES its Dockerusage within 9 MONTHS1 There are 460K Dockerized apps, a 3100% GROWTH over 2 years2 Docker containers have been downloaded more than 4 BILLION times3 THE MOMENTUM OF CONTAINER ADOPTION IS UNDENIABLE… 4 1 Datadog, June 2016 2 Coscale, July 2016 3 Docker, November 2016
• 5.
  …BUT RUNNING CONTAINERSIN PRODUCTION STILL ISN’T EASY 5 ⬆ number tools + ⬆ change = ⬆complexity App Catalog Helm, … Orchestration Compose, Kubernetes, Marathon, Scheduling Swarm, Kubernetes, Mesos, … Monitoring cAdvisor, Sysdig, Datadog, … Access Control LDAP, AD, GitHub, … Registry DockerHub, Quay.io, … Engine Docker, Rkt, … Security Notary, Vault, … Network VXLAN, IPSEC, HAProxy, … Storage Ceph, Gluster, Swift, … Distributed DB Etcd, Consul, MongoDB, … ⬆ density + ⬇ lifespan = ⬆volatility
• 6.
  A COMPLETE CONTAINERMANAGEMENT PLATFORM THAT MAKES IT EASY TO… 6 INNOVATE WITH CONTAINERS by empowering developers with fast access to the latest tools SIMPLIFY APPLICATION DEVELOPMENT with a powerful, yet easy to use interface and application catalog RUN CONTAINERS with the most complete set of container and infrastructure management capabilities Enterprise ready ✔ Open platform for innovating ✔ Easy to use interface ✔ Multi-tenancy ✔ Role based access ✔ 24X7 support ✔ And more….
• 8.
  DO YOU WANTTO MANAGE ALL THIS? 8 App Catalog Orchestration Scheduling Monitoring Access Control Network Storage Distributed DB Registry Engine Security Helm, … Compose, Kubernetes, Marathon, Swarm, Kubernetes, Mesos, … cAdvisor, Prometheus, Datadog, … LDAP, AD, GitHub, … Nexus, Artifactory, DTR… Docker, runC, Rocket … Notary, Vault, … VXLAN, IPSEC, HAProxy, … Ceph, Gluster, Swift, … Etcd, Consul, MongoDB, … …or this?
• 9.
  CHALLENGES : KUBERNETESONLY IMPLEMENTATIONS • Creating a Kubernetes environment that is customized to DevOps needs • Automating the deployment of multiple Kubernetes clusters • Managing the health of Kubernetes clusters • Automating the upgrade of Kubernetes clusters • Deploying multiple clusters on premises or across disparate cloud providers • Ensuring enterprise readiness, including access to 24×7 support • Customizing then repeatedly deploying multiple combinations of infrastructure services (e.g. storage, networking, DNS, load balancer) • Deploying and automating upgrades for Kubernetes add-ons such as Dashboard, Helm and Heapster
• 10.
  RUNNING CONTAINERS INPRODUCTION IS HARD, RANCHER MAKES IT EASY 10 Develop Build Package Test Deploy/Upgrade Operate Docker Hub
• 11.
  GAINING SIGNIFICANT MOMENTUM GAMarch 2016 >20 million downloads 5,000 GitHub stars 100+ enterprise customers
• 12.
  WORKSHOP AGENDA • InfrastructureSide • How to modify and maintain multiple Kubernetes configurations easily • Configure separate data, cluster & worker nodes • Configure Kubernetes cloud providers • NFS & EBS configuration • Configuring Network types: IPSec & VXLan • Application Side • Deploy applications with Helm chart • Auto creation of disks and ELB in action • Custom Registry • Auto Scaling of hosts • Hosts upgrades
• 13.
  SETUP WITH DIGICALOCEAN • Use the promo code DOBCC. It will give you $15 worth of credits on DigitalOcean platform. Please note the following: • a) You can sign up for an account @ https://cloud.digitalocean.com/registrations/new. The above promo code will add credits only to new DigitalOcean accounts. • b) Adding a payment option (credit/debit card or Paypal) is part of the sign up workflow. To verify the authenticity of the card, sometimes the payment gateway does an authorization charge of around $1 but this charge gets reversed immediately after the card has been verified. • c) Once the above promo code is applied, $15 in credits will be added to your account which can be used for anything on the
• 14.
  ENVIRONMENT TEMPLATES • Creatingand customizing templates for different requirements in an organization • You can have different storage, networking and other requirements in different units/projects • You might want a true HA setup for Pre-prod/prod where as a simple setup for Development environment • Rancher enables this with template stacks - official as well as community supported. • You can create multiple environment templates and can launch environments based on template
• 15.
  DEMO
• 16.
  RESILIENCY PLANES • Objective:Achieve separation between data, Orchestration and compute nodes. • Data - Used by Etcd to store all data • Recommended minimum 3 • Orchestrate - for Kubernetes • Recommended minimum 2 (For HA) • Compute - for actual workload • 1 or more • You can not change a node type from one resiliency plane to other etcd=true orchestrate=true compute=true 1 2 3 1 2 1 N
• 17.
  CLOUD PROVIDER CONFIGURATION •Kubernetes cloud providers: interface to underlying cloud provider • Useful for things such as: Load balancer, Node management, Networks etc. • Rancher comes built with two cloud providers: Rancher & AWS • AWS provider can be used for ELB, EBS and Node management • Rancher provider is useful for Nodes & HAProxy based load balancers
• 18.
  DNS - USINGDIGITAL OCEAN • Enables quick and easy integration with DNS (AWS Route53, Digital Ocean DNS etc.) • Each service of type Load Balancer - gets the load balancer auto provisioned and DNS record created. • DNS record is customizable
• 19.
  RANCHER NETWORK SERVICES VXLan(Overlay) • Unencrypted traffic between hosts • Good if underlying network is secure • Faster Configurable MTU IPSec (Overlay) • Encrypted traffic between hosts, MTU configurable • Good for public clouds • Relatively slow due to encryption overhead More plugins coming for • Calico • Weave etc. Network Manager • Interface to CNI plugin & responds to add/remove container events • Takes care of part mapping (Initial CNI did not have it) Rancher DNS • DNS Service within cluster, communicates with upstream DNS • Provides service discovery in cluster Rancher - Metadata • Metadata agent runs on all hosts • Provides Service Discovery locally Networking Under the hood All three components are open source
• 20.
  RANCHER HEALTH CHECK •Health check stack is one of infrastructure stacks • Launched as a set of containers and utilized HAProxy internally to validate health of containers • Containers are checked for health from multiple health check containers • If even one of health check containers respond positive on a service - then it is good • If all of health check containers respond negative on a service, then it is assumed down
• 21.
  PORTAINER • We deployedPortainer as part of the stack, which is a simple UI for containers. • The Dashboard is reachable at http://rancher- server:8080/r/projects/1a5/portainer/ (Just open the Kubernetes dashboard UI and change the URL) • Portainer is simple utility and shows containers on a host • This shows how easy it can be to deploy custom utilities stacks on top of Rancher
• 22.
  POWERFUL COMPOSITION • Everystack is a rancher-compose + docker-compose • You can custom create complete stack, upload and have a new environment template
• 23.
  AWS CLOUD PROVIDERBASED ENVIRONMENT • Create a AWS cloud provider based Kubernetes environment template and an environment • Create Roles for instance profiles for the Kubernetes master & agent - this enables the instances to attach disks or create ELB and so on • Create 4 hosts - one master & 3 nodes and install docker on them • Add the hosts manually to the Rancher environment • See the environment build up
• 25.
  WALKTHROUGH OF INFRASTACKS • Health check stack for health checks • IPSec networking for encrypted overlay traffic • Ingress controller for LB and Ingress management • Supporting Network services - NW manager and metadata • Portainer as a utility • Scheduler framework for additionally scheduling
• 26.
  WALKTHROUGH OF INFRASTACKS • Kubernetes stack for all core components • Controller manager control nodes, endpoints etc. • Kubernetes - API Server • Ingress controller for ingress & LB management • Core Scheduler
• 27.
  SAMPLE APPLICATION DEPLOYMENT •We will use a Helm chart to deploy WordPress stack - which contains the WordPress app & MySQL DB • MySQL DB needs a persistent disk - which be auto provisioned for us. • We also need a LoadBalancer - which will be auto created. • We won’t use DNS like we did in last example, but that is possible too.
• 28.
  HELM ON MYMACHINE • Configure ~/.kube/config file - verify with kubectl • ‘helm init’ - initializes all directories and standard repo • helm search WordPress • helm install --name bcc-release stable/wordpress
• 29.
  OH, WAIT, WHATIS HELM? • Helm is a package manager for Kubernetes • Tiller - Repo Server • Chart - a package • Helm is the client for Tiller • Charts are in a repo (Typically some Git repo) • A chart - is set of manifests • The values can be defaulted to or overridden as input from user • A chart is released as a release so that it can be tracked.
• 30.
  IS WORDPRESS DEPLOYED? •Deployments for WordPress created • Services created • Volumes auto created • ELB auto created
• 31.
  MORE VALIDATIONS • PV& PVC created using the default storage class • And we can reach our blog:
• 32.
  WordPress helm chart- code walkthrough
• 33.
  HOST EVACUATION • Youwant to upgrade a host for some security patches or some change • But without disrupting normal operations • Evacuation helps you reschedule pods to other hosts, gracefully!
• 34.
  CUSTOM REGISTRY ADDITION •You can use Docker hub or any private registry • Host dockercfg is auto populated - so images can be pulled from those registries
• 35.
  RECEIVER HOOKS • Likewebhooks - can be used to invoke actions in Rancher • Can be tied to let’s say monitoring system • Possible to achieve auto - host scaling & service upgrade as of today. • More actions & “Kind” of hooks coming soon
• 36.
  AND IT COMESWITH AN API • Rancher has a comprehensive API - and all actions can be done via API • API is well documented, has in browser accessibility and is exhaustive • Rancher also comes with a CLI
• 37.
  REFERENCE/EXTRA
• 38.
  INGRESS: LOAD BALANCERS •For an ingress you need a load balancer. • Rancher creates/updates/manages Rancher load balancers based on ingress lifecycle, using rancher ingress controller. • This also makes usage of ingress easier outside a cloud provider. • Rancher load balancers support • Host/path based routing • TLS • Advanced targeting and scheduling of load balancers.