Resilient microservices with Kubernetes - Mete Atamel

Resilient Microservices with Kubernetes
Mete Atamel
Developer Advocate for Google Cloud
@meteatamel

Confidential & ProprietaryGoogle Cloud Platform 2
Mete Atamel
Developer Advocate for Google Cloud
@meteatamel
atamel@google.com
meteatamel.wordpress.com
Please send talk feedback: bit.ly/atamel

Google Cloud Platform
The .NET Revolution
@meteatamel

The world of 2014
ASP.NET
C#
Visual Studio
SQL Server
PowerShell
Java
Apache
MySQL
Eclipse
Bash
@meteatamel

Things are changing @meteatamel
ASP.NET Core
on Linux, Mac,
Windows
Microsoft joins
Linux foundation
Google joins
.NET foundation
2014
.NET Goes
Open Source
OpenSSH on
Windows
Ubuntu, Debian
on Azure
2015
SQL Server on
Linux
Bash on
Windows
PowerShell on
Linux
2016

The convergence
ASP.NET
C#
Visual Studio
SQL Server
Java
ApacheMySQL
PowerShell
Eclipse
Bash

Great time to be a .NET developer!

However, software development is HARD!
@meteatamel
And it is not getting any easier...

In the good old days @meteatamel
This is all I had to care...
Image Source: Wikipedia
Life was good :-)

A lot happened since then
Internet
App Servers
Web Servers
Databases
Microservices
The Monolith
Object Oriented
Programming
Version Control Caching
Cloud Computing
Firewalls
Virtual
Machines
Big Data
Machine
Learning
Mobile
DevOps IoT

Nowadays
ZONE A
Load Balancer
Health Endpoint Health Endpoint Health Endpoint
Health Checker
ZONE B
Load Balancer
Health Checker
REPLICATION
Task Queues
Autoscaler

Maintaining code in different languages on different types of machines
Rolling out the new version of your code reliably
Rolling back to the old version if something goes wrong
Managing configuration and secrets
Managing scripts that need to run on each machine
We haven’t even talked about

I just want to write some code to solve a real-world problem
@meteatamel

The reality
ZONE A
Load Balancer
Health Checker
ZONE B
Load Balancer
Health Checker
REPLICATION
Task Queues
Autoscaler
This is all I want to care This is all I have to care
What do we do?

In the good old days @meteatamel
Write your code, pass it to QA for testing, let operations team run it...

Nowadays, it is your problem
What do we do?

You can write your code in any language and run
anywhere exactly the same way
@meteatamel
Your app is optimally deployed somewhere and
managed by someone. It just works!
There are no machines. All resources are
automatically provisioned on demand

Write your code in any language and run it anywhere exactly the same way
⇒ Containers (eg. Docker, Rkt)
Your app is optimally deployed and managed
⇒ Container Management Platforms (eg. Kubernetes, Docker Swarm, Mesos)
All the resources needed for your app is automatically provisioned per demand
⇒ Cloud Providers (eg. Google Cloud, AWS, Azure)
Docker + Kubernetes + Cloud

Demo: Simple Microservice
@meteatamel

Containers
@meteatamel

✕ No isolation
✕ Common libs
✕ Highly coupled Apps
& OS
Why containers?
app
libs
kernel
libs
app app
kernel
app
libs
libs
kernel
kernel
libs
app
kernel
libs
app
libs
app
libs
app
✓ Isolation
✓ No Common Libs
✕ Expensive and
Inefficient
✕ Hard to manage
✓ Isolation
✓ No Common Libs
✓ Less overhead
✕ Less Dependency on
Host OS
kernel
libs
app
app app
app
Physical Machine Virtual Machines Containers
@meteatamel

What is a container?
Lightweight
Hermetically sealed
Isolated
Easily deployable
Introspectable
Composable
Linux (or Windows) processes
A lightweight way to virtualize applications
@meteatamel
Docker

Google has been developing
and using containers to
manage our applications for
over 12 years.
Images by Connie
Zhou
@meteatamel

Everything at Google runs in
containers
Gmail, Web Search, Maps, ...
MapReduce, batch, ...
GFS, Colossus, ...
Even Google’s Cloud Platform: our VMs
run in containers!
We launch over 2 billion
containers per week
@meteatamel

Demo: Containerised Microservice
@meteatamel

Containers not enough @meteatamel
Containers help to create a lightweight and consistent environment for apps
● Who takes care of redundancy?
● Who takes care of resiliency?
● Who scales up/down your app?
● Who and how a new version of your app gets deployed?
● Who rolls back to a previous version if something goes wrong?
● Etc. etc. etc.
But you still need to answer these questions:

Kubernetes
@meteatamel

Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”
• Manages container clusters
• Inspired and informed by Google’s
experiences and internal systems (borg)
• Supports multiple cloud and bare-metal
environments
• Supports multiple container runtimes
• 100% Open source, written in Go
Manage applications, not machines
Kubernetes @meteatamel

kubelet
UI
kubeletCLI
API
users master nodes
etcd
kubelet
scheduler
controllers
apiserver
The 10000 foot view @meteatamel

UI
API
Container
Cluster
All you really care about @meteatamel

1. Setting up the cluster
• Choose a cloud: GCE, AWS, Azure, Rackspace, on-premises, ...
• Choose a node OS: CoreOS, Atomic, RHEL, Debian, CentOS, Ubuntu, ...
• Provision machines: Boot VMs, install and run kube components, ...
• Configure networking: IP ranges for Pods, Services, SDN, ...
• Start cluster services: DNS, logging, monitoring, ...
• Manage nodes: kernel upgrades, OS updates, hardware failures...
Not the easy or fun part, but unavoidable
This is where things like Google Container Engine (GKE) really help
Container clusters: A story in two parts @meteatamel

Kubernetes cluster on GKE @meteatamel

Windows Server Node in Kubernetes

Demo: Create Kubernetes cluster
@meteatamel

2. Using the cluster
• Run Pods & Containers
• Replica Sets
• Services
• Volumes
This is the fun part!
A distinct set of problems from cluster setup and management
Don’t make developers deal with cluster administration!
Accelerate development by focusing on the applications, not the cluster
Container clusters: A story in two parts @meteatamel

Kubernetes Building Blocks
@meteatamel

Deployment
Pod
Volume
Label
Selector
Kubernetes Terminology
ReplicaSet
Liveness Probe
Readiness Probe
Service
DaemonSet
Job
StatefulSet
ConfigMap
Secret

Container cluster
Service
Pods
Each pod containers
one or more containers
Nodes
Role: frontend
Role: frontend Role: frontend Role: frontend
Replication
controller
Replicas: 3
Env: prod
microservice
labels
Service
communication
channel
Blueprint
“pod
template”
Env: prod Env: prod Env: prod registry
containers
@meteatamel

Deployments
@meteatamel

A Deployment provides declarative updates for
Pods and Replica Sets
Describe the desired state and the Deployment
controller will change the actual state to the
desired state at a controlled rate for you.
Deployment manages replica changes for you
• stable object name
• updates are configurable, done server-side
• kubectl edit or kubectl apply
...
Deployments @meteatamel

Demo: Create Deployment
@meteatamel

Pods and Volumes
@meteatamel

Small group of containers & volumes
Tightly coupled
The atom of scheduling & placement
Shared namespace
• share IP address & localhost
• share IPC, etc.
Managed lifecycle
• bound to a node, restart in place
• can die, cannot be reborn with same ID
Example: data puller & web server
Consumers
Content
Manager
File
Puller
Web
Server
Volume
Pod
Pods @meteatamel

Pod-scoped storage
Support many types of volume plugins
• Empty dir (and tmpfs)
• Host path
• Git repository
• GCE Persistent Disk
• AWS Elastic Block Store
• Azure File Storage
• iSCSI
• Flocker
• NFS
• vSphere
• GlusterFS
• Ceph File and RBD
• Cinder
• FibreChannel
• Secret, ConfigMap,
DownwardAPI
• Flex (exec a binary)
• ...
Volumes @meteatamel

Labels & Selectors
@meteatamel

Arbitrary metadata
Attached to any API object
Generally represent identity
Queryable by selectors
• think SQL ‘select ... where ...’
The only grouping mechanism
• pods under a ReplicationController
• pods in a Service
• capabilities of a node (constraints)
Labels @meteatamel

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
Selectors @meteatamel

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
App = MyApp

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
App = MyApp, Role = FE

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
App = MyApp, Role = BE

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
App = MyApp, Phase = prod

App: MyApp
Phase: prod
Role: FE
App: MyApp
Phase: test
Role: FE
App: MyApp
Phase: prod
Role: BE
App: MyApp
Phase: test
Role: BE
App = MyApp, Phase = test

Resiliency & Redundancy
@meteatamel

A simple control loop
Runs out-of-process wrt API server
One job: ensure N copies of a pod
• grouped by a selector
• too few? start some
• too many? kill some
Layered on top of the public Pod API
Replicated pods are fungible
• No implied order or identity
* The evolution of ReplicationControllers
ReplicaSet
- name = “my-rc”
- selector = {“App”: “MyApp”}
- template = { ... }
- replicas = 4
API Server
How
many?
3
Start 1
more
OK
How
many?
4
ReplicaSets* @meteatamel

ReplicaSets
Replication
Controller Pod
frontend
Pod
frontend
app = demo app = demo app = demo
ReplicaSet
#pods = 3
app = demo
color in (blue,grey)
show: version = v2
color = blue color = blue color = grey
Behavior Benefits
● Keeps Pods running
● Gives direct control of Pod #s
● Grouped by Label Selector
➔ Recreates Pods, maintains desired state
➔ Fine-grained control for scaling
➔ Standard grouping semantics
Pod Pod Pod
@meteatamel

Demo: ReplicaSets
@meteatamel

Kubernetes Health Checks
@meteatamel

It’s your responsibility to let Kubernetes know whether your app is healthy or not!
Health Check Philosophy

Liveness Probes make sure your application is running
livenessProbe:
# an http probe
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 15 # wait 15 seconds after pod is started to check for health
timeoutSeconds: 1 # wait 1 second for a response to health check
Liveness Probes

Readiness probes make sure your application is ready to serve traffic
readinessProbe:
# an http probe
httpGet:
path: /readiness
port: 8080
initialDelaySeconds: 20 # wait 20 seconds after pod is started to check for health
timeoutSeconds: 5 # wait 5 second for a response to health check
Readiness Probes

Services
@meteatamel

Services
Client
Pod
Container
Pod
Container
Pod
Container
A logical grouping of pods that perform the
same function (the Service’s endpoints)
• grouped by label selector
Load balances incoming requests across
constituent pods
Choice of pod is random but supports
session affinity (ClientIP)
Gets a stable virtual IP and port
• also a DNS nametype =
Service
Label selector:
type = FE
VIP
type = FE type = FE type = FE
@meteatamel

Demo: Services
@meteatamel

A general purpose, web-based UI to view/manage Kubernetes clusters
Kubernetes Dashboard

Demo: Kubernetes Dashboard

Scaling
@meteatamel

Scaling @meteatamel
Service
Label selectors:
version = 1.0
type = Frontend
Service
name = frontend
Label selector:
type = BE
Replication
Controller Pod
frontend
Pod
version= v1 version = v1
ReplicaSet
version = v1
#pods = 1
show: version = v2
type = FE type = FE
Pod
frontend
Pod
version = v1
type = FE
ReplicaSet
version = v1
#pods = 2
show: version = v2
Pod
ReplicaSet
version = v1
type = FE
#pods = 3
show: version = v2

Scaling @meteatamel
Service
Label selectors:
version = 1.0
type = Frontend
Service
name = frontend
Label selector:
type = BE
Replication
Controller Pod
frontend
Pod
version= v1 version = v1
ReplicaSet
version = v1
#pods = 1
show: version = v2
type = FE type = FE
Pod
frontend
Pod
version = v1
type = FE
ReplicaSet
version = v1
#pods = 2
show: version = v2
Pod Pod
ReplicaSet
version = v1
type = FE
#pods = 4
show: version = v2
version = v1
type = FE

Demo: Scaling
@meteatamel

Rolling Update
@meteatamel

ReplicaSet
- name: my-app-v1
- replicas: 3
- selector:
- app: MyApp
- version: v1
Service
- app: MyApp
Rolling Update @meteatamel

ReplicaSet
- name: my-app-v1
- replicas: 3
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 0
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 3
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 1
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 2
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 1
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 2
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 2
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 1
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 2
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 1
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 3
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v1
- replicas: 0
- selector:
- app: MyApp
- version: v1
ReplicaSet
- name: my-app-v2
- replicas: 3
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

ReplicaSet
- name: my-app-v2
- replicas: 3
- selector:
- app: MyApp
- version: v2
Service
- app: MyApp

Demo: Rolling Update
@meteatamel

Canary Deployments
Replication
Controller
ReplicaSet
version = v2
type = BE
#pods = 1
show: version = v2
Pod
frontend
Pod
version = v2
type = BE
@meteatamel
Pod
frontend
Service
Label selectors:
version = 1.0
type = Frontend
Service
name = backend
Label selector:
type = BE
Replication
Controller
Pod
version= v1
ReplicaSet
version = v1
type = BE
#pods = 2
show: version = v2
type = BE type = BE
Pod
version = v1

Autoscaling
Replication
Controller Pod
frontend
Pod
name=locust name=locust
ReplicaSet
name=locust
role=worker
#pods = 1
show: version = v2
Pod
frontend
Pod
name=locust
ReplicaSet
name=locust
role=worker
#pods = 2
show: version = v2
Pod Pod
name=locust
role=worker role=worker role=worker role=worker
ReplicaSet
name=locust
role=worker
#pods = 4
Heapster
70% CPU
40% CPU
Scale
CPU Target% = 50
> 50% CPU
@meteatamel

DaemonSets
@meteatamel

Problem: how to run a Pod on every node?
• or a subset of nodes
Similar to ReplicaSet
• principle: do one thing, don’t overload
“Which nodes?” is a selector
Use familiar tools and patterns
Pod
DaemonSets @meteatamel

Jobs
@meteatamel

Run-to-completion, as opposed to run-forever
• Express parallelism vs. required completions
• Workflow: restart on failure
• Build/test: don’t restart on failure
Aggregates success/failure counts
Built for batch and big-data work
...
Jobs @meteatamel

StatefulSets
@meteatamel

Goal: enable clustered software on Kubernetes
• mysql, redis, zookeeper, ...
Clustered apps need “identity” and sequencing
guarantees
• stable hostname, available in DNS
• an ordinal index
• stable storage: linked to the ordinal & hostname
• discovery of peers for quorum
• startup/teardown ordering
StatefulSets @meteatamel

ConfigMaps
@meteatamel

Goal: manage app configuration
• ...without making overly-brittle container images
12-factor says config comes from the
environment
• Kubernetes is the environment
Manage config via the Kubernetes API
Inject config as a virtual volume into your Pods
• late-binding, live-updated (atomic)
• also available as env vars
node
API
Pod Config
Map
ConfigMaps @meteatamel

Secrets
@meteatamel

Goal: grant a pod access to a secured something
• don’t put secrets in the container image!
12-factor says config comes from the
environment
• Kubernetes is the environment
Manage secrets via the Kubernetes API
Inject secrets as virtual volumes into your Pods
• late-binding, tmpfs - never touches disk
• also available as env vars
node
API
Pod Secret
Secrets @meteatamel

There is more!
@meteatamel

kubernetes.io
cloud.google.com/container-engine
Mete Atamel
@meteatamel
atamel@google.com
meteatamel.wordpress.com
Thank You
@meteatamel
Send talk feedback
bit.ly/atamel

Resilient microservices with Kubernetes - Mete Atamel

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Resilient microservices with Kubernetes - Mete Atamel (20)

More from ITCamp (20)

Recently uploaded (20)

Resilient microservices with Kubernetes - Mete Atamel