Kubernetes: від знайомства до використання у CI/CD

Kubernetes: from
introduction to usage
in CI/CD
Oleksandr Zanichkovskyi

Oleksandr Zanichkovskyi
PHP Technical Lead with 14+ years of experience.
Interested in clean code, good architecture, cloud
computing, development processes automation and
playing the guitar of course 
Email: eternity.lviv@gmail.com
Skype: olexandr.zanichkovsky
FB: https://www.facebook.com/ozanichkovskyi

 Why should containers be used?
 What is Kubernetes
 Kubernetes Architecture
 Kubernetes Primitives
 Installing Kubernetes
 Additional Tools
 Automating DevOps with Kubernetes
GitLab and Kubernetes integration
Agenda

Why should containers be
used?

What is container?
“A container image is a lightweight, stand-alone, executable package
of a piece of software that includes everything needed to run it: code,
runtime, system tools, system libraries, settings. … containerized
software will always run the same, regardless of the environment.
Containers isolate software from its surroundings, for example
differences between development and staging environments and help
reduce conflicts between teams running different software on the
same infrastructure.”
https://docker.com/what-container

Container advantages
• Pre-Made Runtime Environment

• Version-Controlled Infrastructure

Version-Controlled Infrastructure
FROM multicloud/jre-8-oracle
ENV version 4.1.1-linux-x64
ENV elasticsearch_server_url elasticsearch
ENV elasticsearch_server_port 9200
RUN wget --no-check-certificate --progress=bar:force --retry-connrefused -t 5 https://download.elasticsearch.org/kibana/kibana/kibana-${version}.tar.gz
-O /tmp/kibana.tar.gz &&
(cd /tmp && tar zxf kibana.tar.gz && mv kibana-* /opt/kibana &&
rm kibana.tar.gz)
ADD entrypoint.sh /entrypoint.sh
RUN chmod a+x /entrypoint.sh
EXPOSE 5601
ENTRYPOINT ["/entrypoint.sh"]

• Runtime Consistency

Runtime Consistency
VM Laptop Cloud

• Isolation

Isolation
Namespaces
Control
groups
Union file
system
Container
format

• Isolation
• Lighter than VMS

• Securable
• Continuous Integration/Continuous Delivery

Continuous Integration/Continuous Delivery

• Securable
• Continuous Integration/Continuous Delivery
• Scalability

Scalability
Nginx reverse
proxy
web

Scalability – ”docker-compose scale web=3”
Nginx reverse
proxy
web web web

Docker challenges
• Service discovery
• Load balancing
• Multi-host Docker containers deployment
• Secrets/configuration/storage management
• Auto-[scaling/restart/healing] of containers and nodes
• Zero-downtime deploys

Meaning
The name Kubernetes originates from
Greek, meaning helmsman or pilot.

Origins
• First announced by Google in mid-2014
• Kubernetes v1.0 was released in mid-2015
• Written in Go/Golang
• https://github.com/kubernetes/kubernetes
• Often shortened to k8s

What is Kubernetes?
• We treat cluster of number of servers as single computer
• We do not want to decide what server to put each app part on
• We just want to let the cluster know the desired state in simple
unified format
• Up to:
• 5000 nodes
• 150000 total pods
• 300000 total containers
• 100 pods per node

Benefits
• Agile application creation and deployment: Increased ease and efficiency of container image creation compared to VM image use.
• Continuous development, integration, and deployment: Provides for reliable and frequent container image build and deployment with quick
and easy rollbacks (due to image immutability).
• Dev and Ops separation of concerns: Create application container images at build/release time rather than deployment time, thereby decoupling
applications from infrastructure.
• Environmental consistency across development, testing, and production: Runs the same on a laptop as it does in the cloud.
• Cloud and OS distribution portability: Runs on Ubuntu, RHEL, CoreOS, on-prem, Google Kubernetes Engine, and anywhere else.
• Application-centric management: Raises the level of abstraction from running an OS on virtual hardware to run an application on an OS using
logical resources.
• Loosely coupled, distributed, elastic, liberated micro-services: Applications are broken into smaller, independent pieces and can be deployed
and managed dynamically – not a fat monolithic stack running on one big single-purpose machine.
• Resource isolation: Predictable application performance.
• Resource utilization: High efficiency and density.

Do I need Kubernetes?
• Health checks
• Replicating instances
• Rolling updates
• Accessing container logs
• Service discovery
• Load balancing

Is it difficult to use?
• Different kinds of
resources
• Descriptive YAML
• Easy to use API
• Custom resources
• Helm as package
installer

Master
API Server
Component on the master that exposes the
Kubernetes API. It is the front-end for the Kubernetes
control plane.
etcd Consistent and highly-available key value store used
as Kubernetes’ backing store for all cluster data.
kube-scheduler
Component on the master that watches newly created
pods that have no node assigned, and selects a node
for them to run on.
kube-controller-manager Component on the master that runs controllers.

Node
Kubelet
An agent that runs on each node in the cluster. It
ensures that the containers on particular Node are
running and healthy.
Container Engine
The container runtime is the software that is
responsible for running containers. Kubernetes
supports several runtimes: Docker, rkt, runc
kube-proxy
Enables the Kubernetes service abstraction by
maintaining network rules on the host and performing
connection forwarding.

Kubernetes Resources
• Pod
• Replica Set
• Deployment
• Service
• …

Pod
Container 1 Container 2
Volume
10.0.0.2app: name
version: 1.0

Pod Template
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox
command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']

ReplicaSet
POD PODPOD
ReplicaSet
replicas: 3

ReplicaSet
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx-rs
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata: …
spec: …

Deployment
POD
nginx:1.7.9
POD
nginx:1.7.9
POD
nginx:1.7.9
Deployment
replicas: 3
image: nginx:1.7.9

Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata: …
spec: …

Service
POD
app: nginx
POD
app: nginx
POD
app: nginx
Service
app: nginx

Service
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx-svc
spec:
ports:
- nodePort: 30001
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: NodePort

Ingress
Ingress
host: myserver.com
Service
app: nginx

Ingress
• Collection of rules that allow
inbound connections to reach
cluster services

Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
annotations:
kubernetes.io/tls-acme: “true”
spec:
rules:
- host: nginx.review.zophiatech.com
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80

Kube Lego? Cert-manager?
Automate the management
and issuance of TLS
certificates from various
issuing sources.

Persistent Storage? Rook!
• Stateful containers
• Managed by Kubernetes
• Few minutes to install

Why bother with installing?
• Try locally
• Minikube
• Kubeadm
• Kubespray vagrant
• Create your private cloud
• Kubeadm
• Kubespray

Minikube way
• It is as easy as:
• Install minikube and kubectl
• Run ‘minikube up’

Kubespray way
• It is as easy as:
• Create ansible inventory file
• Run ‘ansible-playbook -b -u sudouser -i
inventory/inventory.cfg cluster.yml’

Human factor
• My code style seemed
perfect
• I expected that tests would
pass
• Copy pasting allowed to
implement this quickly
• …

Kubernetes: від знайомства до використання у CI/CD

Environment
• Agnostic
• Show something to your
colleagues even remotely
• Dev test your code
• QA test
• Get it as quickly as possible
• …

What if it is not what you expected?

Is it expensive?
• Unlimited private repositories 10Gb each
• 2000 CI minutes for free
• Install CE if you want
• Install separate runner

GitLab and
Kubernetes
Integration

gitlab-ci.yml
Dockerfile
.helm
image
registry
tests
helm install helm install

Resources
• GitLab
• Kubernetes
• Rook
• Install instructions (without Persistent Storage)
• Kube Lego

USA HQ
Toll Free: 866-687-3588
Tel: +1-512-516-8880
Ukraine HQ
Tel: +380-32-240-9090
Bulgaria
Tel: +359-2-902-3760
Germany
Tel: +49-69-2602-5857
Netherlands
Tel: +31-20-262-33-23
Poland
Tel: +48-71-382-2800
UK
Tel: +44-207-544-8414
EMAIL
info@softserveinc.com
WEBSITE:
www.softserveinc.com
Thank you!

USA HQ
Toll Free: 866-687-3588
Tel: +1-512-516-8880
Ukraine HQ
Tel: +380-32-240-9090
Bulgaria
Tel: +359-2-902-3760
Germany
Tel: +49-69-2602-5857
Netherlands
Tel: +31-20-262-33-23
Poland
Tel: +48-71-382-2800
UK
Tel: +44-207-544-8414
EMAIL
info@softserveinc.com
WEBSITE:
www.softserveinc.com
Questions?

Kubernetes: від знайомства до використання у CI/CD

Related slideshows

More Related Content

Kubernetes: від знайомства до використання у CI/CD