gluecon kubernetes & container engine
TRANSCRIPT
KubernetesDecoupling, DevOps and Composite Containers
Brendan BurnsSenior Staff Software Engineer
https://www.flickr.com/photos/greeblie/2224507899
Decoupling SRE
Application SRE
Hardware SRE
Cluster SRE
Kernel/OS SRE
Homogenous Machine Fleet (Virtual or Physical)
Kubernetes API: Unified Compute Substrate
Application containers
Modular Container Design“Good fences make good neighbors” - Robert Frost
Kubernetes Concepts: Pods
Container Foo
Namespaces- Net- IPC- ..
Container Bar
Pod Sidecars
node.jsGit Synchronizer
Sidecars extend and enhance
Pod Sidecars
nginxGit Synchronizer
Sidecars extend and enhance
Pod Ambassadors
web app twemproxy
Ambassadors represent and present
localhost
Pod Adapters
redis redis exporter
Adapters normalize and abstract
localhost
Pod Demo
A Quick Look @ Your Code
& Your Code Community
Contribute
Share Use Keep
Quick Look @ Your Cluster
Your Next Cluster
● Only update the part that needs updating
● Clean boundaries enable agile teams
● Advantages of reuse:○ Faster to build systems
○ Leverage expert knowledge everywhere
○ Consistent interface and experience
Modular Container Design● Separate concerns (e.g. “webserver”, “git syncher”)
● Design for reuse○ Parameterize○ Document
● Build consistent experiences
● Avoid NIH
From Legos to Starships
Kubernetes Concepts: Labels
Container Foo
Container Bar
Namespaces- Net- IPC- ..
Kubernetes Concepts: Labelsfrontend
production
production
backend
production
backend
bburns
testing
Kubernetes Concepts: Labelsfrontend
production
production
backend
production
backend
bburns
testing
stage: production
Kubernetes Concepts: Labelsfrontend
production
production
backend
production
backend
bburns
testing
stage: productionrole: backend
Kubernetes Concepts: Replication Controller
production
backend
production
backendproduction
backend
#N
Kubernetes Concepts: Services
production
backend
production
backendproduction
backend
port(s)
name1.2.3.4“name”
Using labels in ops
frontend
production
frontend
production
frontend
production
Using labels in ops
frontend
production
frontend
production
frontend
production
Using labels in ops
frontend
production
frontend frontend
production
Using labels in ops
frontend
production
frontend
frontend
production
Using labels in ops
frontend
production
frontend
frontend
production
frontend
production
Using labels in ops
frontend
production
frontend
production
frontend
production
v1 v1 v1
Using labels in ops
frontend
production
frontend
production
frontend
production
v1 v1 v1
frontend
production
v2
Size: 0
Using labels in ops
frontend
production
frontend
production
v1 v1
frontend
production
v2
Using labels in ops
frontend
production
v1
frontend
production
frontend
production
v2 v2
Using labels in ops
frontend
production
v1
frontend
production
frontend
production
frontend
production
v2 v2 v2
Size: 0
Demo Time!
https://www.flickr.com/photos/greeblie/2224507899
Decoupling the network
10.0.0.2
10.0.0.1
10.0.0.3 10.1.0.1
10.1.0.2
10.1.0.3
Decoupling the network
10.0.0.2
10.0.0.1
10.0.0.3 10.1.0.1
10.1.0.2
10.1.0.3
10.2.0.110.2.0.210.2.0.3
10.3.0.110.3.0.210.3.0.3
10.4.0.110.4.0.210.4.0.3
10.2.0.110.5.0.210.5.0.3
10.8.0.110.2.0.210.8.0.3
10.2.0.110.7.0.210.7.0.3
Decoupling the network
10.0.0.2
10.0.0.1
10.0.0.3 10.1.0.1
10.1.0.2
10.1.0.3
10.2.0.110.2.0.210.2.0.3
10.3.0.110.3.0.210.3.0.3
10.4.0.110.4.0.210.4.0.3
10.2.0.110.5.0.210.5.0.3
10.8.0.110.2.0.210.8.0.3
10.2.0.110.7.0.210.7.0.3
10.5.0.310.2.0.3
Decoupling the network
10.3.0.1
10.5.0.1
10.2.0.1
10.4.0.2
connect(ip1, ip2, qos)
10.5.0.310.2.0.3
Decoupling the network
10.3.0.1
10.4.0.1
10.2.0.1
10.4.0.2
connect(ip2, ip2, qos)
Encryption, Identity and Authorization in the SDN/API layer
Centralized auditing, compliance and enforcement
No certificate distribution
Questions?
github.com/GoogleCloudPlatform/kubernetescloud.google.com/container-engine/