Kubernetes & GKE v1.3 Overview

Transcript

1. Google Cloud Platform Kubernetes v1.3 Kubernetes 1st Birthday meetup @

   Sharethis 21st July 2016 Vishnu Kannan <[email protected]>, @vishh (github, IRC, slack) Eric Tune <[email protected]>, @erictune (github, slack)

2. Google Cloud Platform v1.3 summary • Github stats relative to

   v1.2 - 54 contributors - 4700+ commits - 7950 files changed, 1,291,309 +/- • Distributed testing • Scalable build, testing and github automation • Cross-cluster federated services • Stateful applications • Ease of use for local development • Support for rkt and container standards OCI & CNI • Updated Kubernetes dashboard UI

3. Google Cloud Platform Minikube

4. Google Cloud Platform Minikube Goal: Develop & test k8s apps

   locally • Provide access to all portable k8s features Develop against a local Kubernetes cluster • Lightweight, single-command installation • Works across Linux & OS X. (Windows support soon) • Includes all dependencies • Local cluster can be managed via kubectl • Built-in Dashboard Status: GA since Kubernetes v1.3 Check out Minikube repo! @dlorenc @luxas @aaron-prindle @jimmidyson

5. Google Cloud Platform Init Containers

6. Google Cloud Platform Init Container Goal: initialize pods for applications

   • Setup volumes, configuration, etc., for applications. Initialize and customize application environment • Perform initialization of shared volumes ◦ Download binaries, inject configuration or extension capability, initialize a database • Reduce coupling: • Between application images • Inside of images • Between initialization steps Status: ALPHA in Kubernetes v1.3 Pod Init Containers App Containers @smarterclayton @bprashanth

7. Google Cloud Platform PetSets

8. Google Cloud Platform PetSets (working name) Goal: enable clustered software

   on Kubernetes • mysql, redis, zookeeper, ... Clustered apps need “identity” and sequencing guarantees • stable hostname, available in DNS • an ordinal index • stable storage: linked to the ordinal & hostname • discovery of peers for quorum • startup/teardown ordering Mysql, Postgres, Zookeeper, etcd, etc. Status: ALPHA in Kubernetes v1.3 @smarterclayton @bprashanth

9. Google Cloud Platform Cross Cluster Federated Services

10. Google Cloud Platform Cross-cluster Federated Services Goal: Load Balance across

    multiple clusters • High availability across regions & cloud providers - Geographically aware DNS gets clients to the "closest" healthy cluster. - DNS + Kubernetes cluster-local service discovery. - Can default to cluster-local with failover to remote clusters. - Is API-compatible with a vanilla Kubernetes service. - Has no clusterIP (as it is cluster-independent) - Has a federation-wide load balancer hostname Give it a try by following this guide. Status: Beta in Kubernetes v1.3 Cross-cluster Load Balancer/DNS End-user Cluster 1 Cluster 2 Cluster 3 @huangyuqi @jianhuiz @quinton-hoole @justinsb @nikhiljindal @madhusudancs @mml

11. Google Cloud Platform Node Pools (GKE only)

12. Google Cloud Platform Node Pools (GKE Only) Goal: Load balance

    across zones in a single cluster Supports heterogeneous nodes Pods can be placed on specific node pools Staged rollout of Kubernetes upgrades (A/B testing) Support for multiple zones Combine this with Cluster Autoscaling! Status: Available in GKE Load Balancer End-user us-central1-b us-central1-a us-central1-f @a-robinson

13. Google Cloud Platform Google IAM - GKE

14. Google Cloud Platform Google IAM (GKE Only) Goal: Manage GKE

    permissions the same as other Google Cloud Platform Permissions Invite anyone with a Google account to use your cluster. Give Writer or Reader permissions. Status: Available in GKE K8s API Server Kubectl Google Auth'n Gcloud Google Auth'z Token @cjcullen [email protected] [email protected] Can get pods? Yes. Get Pods

15. Google Cloud Platform Google IAM (GKE Only) Prereqs: • >=1.3

    kubectl • >= 1.3 cluster Cluster Owner Steps: • http://cloud.google.com/console • IAM&Admin → Add User → Project Editor or Viewer Guest Steps: • gcloud projects list → $P • gcloud config set container/use_client_certificate False • gcloud container clusters get-credentials --zone $Z --project $P • kubectl get pods @cjcullen

16. Google Cloud Platform Authz - OSS

17. Google Cloud Platform Authz - RBAC Goal: Manage Permissions, via

    the API RBAC: Role-Based Access Control Create any number of different roles. Assign any users or groups to roles. Similarities to AWS, GCP IAM. Applies to all future Kinds easily. Status: Available everywhere but GKE @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)

18. Google Cloud Platform Authz - RBAC kind: ClusterRole apiVersion: rbac.authorization.k8s.

    io/v1alpha1 metadata: name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] nonResourceURLs: [] @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)

19. Google Cloud Platform Authz - RBAC kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1alpha1

    metadata: name: read-pods subjects: - kind: User name: [email protected] roleRef: kind: ClusterRole name: pod-reader apiVersion: rbac.authorization.k8s.io/v1alpha1 @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)

20. Google Cloud Platform Namespace: Other Namespace: Default No Namespace Authz

    - RBAC @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) ClusterRole pod-reader ClusterRoleBinding eric Role whatever RoleBinding vish Role secret-deleter RoleBinding rohit 1 2 3 4 5 1: eric can read pods in the whole cluster 2: vish can read pods in namespace default 3: rohit can read pods in namespace other 4: rohit can delete secrets in namespace other 5: not allowed

21. Google Cloud Platform Scalability

22. Google Cloud Platform Scalability Goal: Support large clusters & meet

    SLO - Guaranteed SLO for <= 2000 nodes - > 2000 nodes possible! - 60,000 pods supported by default - < 1s pod-startup latency More information here. @wojtek-t

23. Google Cloud Platform Node Stability

24. Google Cloud Platform Node Stability Goal: Kubernetes nodes are robust

    & always online Work In Progress Protection against memory pressure - Evict pods under memory pressure - Configurable hard & soft limits - In-built support for overcommit - Beta in v1.3 Nodes scalable to 100+ pods @derekwaynecarr @vishh

25. Google Cloud Platform Rktnetes

26. Google Cloud Platform Rktnetes Goal: Modular & reliable container runtime

    for k8s No monolithic daemon Pod isolation levels - Chroot jail - Namespaces + cgroups - Virtual Machine Lightweight Known issues exist! Try out Rktnetes! @yifan-gu @euank

27. Google Cloud Platform Community Top 0.01% of all Github projects

    1200+ external projects based on k8s Companies Contributing Companies Using 800+ unique contributors

28. Google Cloud Platform 28 Kubernetes is Open https://kubernetes.io Special Interest

    Groups Code: github.com/kubernetes/kubernetes Chat: slack.k8s.io Twitter: @kubernetesio open community open design open source open to ideas

29. Google Cloud Platform Thank you!